Hi @fabrice,
Yes the encryption is done in the Java layer.
I am not a DBus expert, especially regarding security issues.
That said, there are two security elements that seem reasonable to me:
- The bus used by the daemon will be session bus, and not system bus
- The policy regarding the signals and methods will be deny-by-default and allowed only for the user who needs to access such information. In the context of an integration with the Librem 5, I can’t say yet which user will be used by the Features frontend. See dbus doc, policy section for more information
If you think of anything that would help harden the application, please speak 