Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / HEAD / . / cryptohome / etc / Cryptohome.conf
blob: ea7ffdb64b1179d39ae64af9cdc2d491de017a6f [file] [log] [blame]
<!--
Copyright 2017 The Chromium OS Authors. All rights reserved.
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.chromium.Cryptohome" />
<allow send_destination="org.chromium.Cryptohome" />
</policy>
<policy user="cryptohome">
<!-- cryptohome-proxy requires this -->
<allow own="org.chromium.Cryptohome" />
<allow send_destination="org.chromium.Cryptohome" />
</policy>
<policy user="authpolicyd">
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetSanitizedUsername"/>
</policy>
<policy user="chronos">
<!-- introspection is denied -->
<deny send_destination="org.chromium.Cryptohome"
send_interface="org.freedesktop.DBus.Introspectable" />
<!-- properties denied -->
<deny send_destination="org.chromium.Cryptohome"
send_interface="org.freedesktop.DBus.Properties" />
<!-- allow explicit methods -->
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="CheckKey"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="ListKeysEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="CheckKeyEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="RemoveKeyEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="MassRemoveKeys"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetKeyDataEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="MigrateKeyEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AddKeyEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AddDataRestoreKey"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="RemoveEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="RenameCryptohome"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetAccountDiskUsage"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetSystemSalt"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetSanitizedUsername"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="IsMounted"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="IsMountedForUser"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="MountEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="MountGuestEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="UnmountEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="DoAutomaticFreeDiskSpaceControl"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncDoAutomaticFreeDiskSpaceControl"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="UpdateCurrentUserActivityTimestamp"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsReady"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsEnabled"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmGetPassword"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsOwned"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsBeingOwned"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmCanAttemptOwnership"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmClearStoredPassword"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsAttestationPrepared"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetEnrollmentPreparationsEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmVerifyAttestationData"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmVerifyEK"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsAttestationEnrolled"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationCreateEnrollRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationCreateEnrollRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationEnroll"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationEnroll"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationEnrollEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationEnrollEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationCreateCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationCreateCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationFinishCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationFinishCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetCertificateEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="AsyncTpmAttestationGetCertificateEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationDoesKeyExist"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetCertificate"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetPublicKey"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationRegisterKey"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationSignEnterpriseChallenge"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationSignEnterpriseVaChallenge"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationSignEnterpriseVaChallengeV2"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationSignSimpleChallenge"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetKeyPayload"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationSetKeyPayload"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationDeleteKeys"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationDeleteKey"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationResetIdentity"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmGetVersionStructured"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="Pkcs11GetTpmTokenInfo"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="Pkcs11GetTpmTokenInfoForUser"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="Pkcs11IsTpmTokenReady"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetStatusString"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="IsQuotaSupported"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetCurrentSpaceForUid"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetCurrentSpaceForGid"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetCurrentSpaceForProjectId"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="SetProjectId"/>
<!-- remove these if only session_manager uses them. -->
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesGet"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesSet"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesFinalize"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesCount"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesIsFirstInstall"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesIsReady"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesIsSecure"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="InstallAttributesIsInvalid"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetLoginStatus"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetTpmStatus"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="StoreEnrollmentState"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="LoadEnrollmentState"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="SignBootLockbox"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="VerifyBootLockbox"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="FinalizeBootLockbox"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetBootAttribute"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="SetBootAttribute"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="FlushAndSignBootAttributes"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="StartFingerprintAuthSession"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="EndFingerprintAuthSession"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="RemoveFirmwareManagementParameters"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="SetFirmwareManagementParameters"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="MigrateToDircrypto"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="NeedsDircryptoMigration"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetSupportedKeyPolicies"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="RespondKeyChallenge"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetEnrollmentId"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="LockToSingleUserMountUntilReboot"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetRsuDeviceId"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="CheckHealth"/>
</policy>
<policy user="power">
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetTpmStatus"/>
</policy>
<policy user="arc-keymasterd">
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="Pkcs11GetTpmTokenInfoForUser"/>
</policy>
<policy user="cdm-oemcrypto">
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsOwned"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsAttestationPrepared"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetEnrollmentPreparationsEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmIsAttestationEnrolled"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationCreateEnrollRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationEnroll"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationEnrollEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationCreateCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationFinishCertRequest"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetCertificateEx"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationGetCertificate"/>
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="TpmAttestationRegisterKey"/>
</policy>
<policy user="u2f">
<allow send_destination="org.chromium.Cryptohome"
send_interface="org.chromium.CryptohomeInterface"
send_member="GetWebAuthnSecret"/>
</policy>
<policy context="default">
<deny send_destination="org.chromium.Cryptohome" />
</policy>
</busconfig>