vm_tools/dbus/org.chromium.Seneschal.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 <!DOCTYPE busconfig PUBLIC
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <!--
   Copyright 2018 The Chromium Authors. All rights reserved.
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.

   This file will be installed at /etc/dbus-1/system.d on Chromium OS.
 -->
 <busconfig>
   <policy user="seneschal-dbus">
     <allow own="org.chromium.Seneschal" />
   </policy>

   <policy context="default">
     <!--
         By default, processes are only allowed to start and stop servers.
         Sharing paths is explicitly not allowed because if we did, a
         compromised service could gain access to the user's home directory
         just by asking seneschal to share paths with a server and then talking
         to that server via 9p.
     -->
     <allow send_destination="org.chromium.Seneschal"
            send_interface="org.chromium.Seneschal"
            send_member="StartServer" />
     <allow send_destination="org.chromium.Seneschal"
            send_interface="org.chromium.Seneschal"
            send_member="StopServer" />
   </policy>

   <!-- root and chronos can call all the methods -->
   <policy user="chronos">
     <allow send_destination="org.chromium.Seneschal"/>
     <allow receive_sender="org.chromium.Seneschal"/>
   </policy>
   <policy user="root">
     <allow send_destination="org.chromium.Seneschal"/>
     <allow receive_sender="org.chromium.Seneschal"/>
   </policy>
 </busconfig>
	<!DOCTYPE busconfig PUBLIC
	"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<!--
	Copyright 2018 The Chromium Authors. All rights reserved.
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.

	This file will be installed at /etc/dbus-1/system.d on Chromium OS.
	-->
	<busconfig>
	<policy user="seneschal-dbus">
	<allow own="org.chromium.Seneschal" />
	</policy>

	<policy context="default">
	<!--
	By default, processes are only allowed to start and stop servers.
	Sharing paths is explicitly not allowed because if we did, a
	compromised service could gain access to the user's home directory
	just by asking seneschal to share paths with a server and then talking
	to that server via 9p.
	-->
	<allow send_destination="org.chromium.Seneschal"
	send_interface="org.chromium.Seneschal"
	send_member="StartServer" />
	<allow send_destination="org.chromium.Seneschal"
	send_interface="org.chromium.Seneschal"
	send_member="StopServer" />
	</policy>

	<!-- root and chronos can call all the methods -->
	<policy user="chronos">
	<allow send_destination="org.chromium.Seneschal"/>
	<allow receive_sender="org.chromium.Seneschal"/>
	</policy>
	<policy user="root">
	<allow send_destination="org.chromium.Seneschal"/>
	<allow receive_sender="org.chromium.Seneschal"/>
	</policy>
	</busconfig>