<!--
  Copyright 2019 The Chromium OS Authors. All rights reserved.
  Use of this source code is governed by a BSD-style license that can be
  found in the LICENSE file.
-->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="root">
    <allow own="org.chromium.UserDataAuth" />
    <allow send_destination="org.chromium.UserDataAuth" />
  </policy>

  <policy user="cryptohome">
    <!-- allows forwarding by cryptohome-proxy -->
    <allow send_destination="org.chromium.UserDataAuth" />
  </policy>

  <policy user="chronos">
    <!-- introspection is denied -->
    <deny send_destination="org.chromium.UserDataAuth"
          send_interface="org.freedesktop.DBus.Introspectable" />
    <!-- properties denied -->
    <deny send_destination="org.chromium.UserDataAuth"
          send_interface="org.freedesktop.DBus.Properties" />
    <!-- allow explicit methods -->
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="IsMounted"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="Unmount"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="Mount"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="Remove"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="Rename"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="ListKeys"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="GetKeyData"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="CheckKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="AddKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="AddDataRestoreKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="UpdateKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="RemoveKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="MassRemoveKeys"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="MigrateKey"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="StartMigrateToDircrypto"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="NeedsDircryptoMigration"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="GetSupportedKeyPolicies"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.UserDataAuthInterface"
           send_member="GetAccountDiskUsage"/>

    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.ArcQuota"
           send_member="GetArcDiskFeatures"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.ArcQuota"
           send_member="GetCurrentSpaceForArcUid"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.ArcQuota"
           send_member="GetCurrentSpaceForArcGid"/>

    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomePkcs11Interface"
           send_member="Pkcs11IsTpmTokenReady"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomePkcs11Interface"
           send_member="Pkcs11GetTpmTokenInfo"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomePkcs11Interface"
           send_member="Pkcs11Terminate"/>

    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="InstallAttributesGet"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="InstallAttributesSet"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="InstallAttributesFinalize"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="InstallAttributesGetStatus"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="GetFirmwareManagementParameters"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="RemoveFirmwareManagementParameters"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.InstallAttributesInterface"
           send_member="SetFirmwareManagementParameters"/>

    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="GetSystemSalt"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="UpdateCurrentUserActivityTimestamp"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="GetSanitizedUsername"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="GetLoginStatus"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="GetStatusString"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="LockToSingleUserMountUntilReboot"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="GetRsuDeviceId"/>
    <allow send_destination="org.chromium.UserDataAuth"
           send_interface="org.chromium.CryptohomeMiscInterface"
           send_member="CheckHealth"/>
  </policy>

  <policy context="default">
    <deny send_destination="org.chromium.UserDataAuth" />
  </policy>
</busconfig>