login_manager/SessionManager.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <!--
   Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.
 -->
 <busconfig>
   <policy user="root">
     <allow own="org.chromium.SessionManager" />
     <allow send_destination="org.chromium.SessionManager" />

     <!-- Only root should be allowed to call InitMachineInfo. -->
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="InitMachineInfo"/>
   </policy>

   <policy user="arc-keymasterd">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="crosvm">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="authpolicyd">
     <!--
       To prevent the use of unsigned policy for persisting a browser exploit,
       writing unsigned policy is restricted to the authpolicy daemon.
     -->
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StoreUnsignedPolicyEx"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="ListStoredComponentPolicies"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveSessionState"/>
   </policy>

   <policy user="chronos">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="EmitLoginPromptVisible"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="EmitAshInitialized"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="SaveLoginPassword"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LoginScreenStorageStore"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LoginScreenStorageRetrieve"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LoginScreenStorageListKeys"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LoginScreenStorageDelete"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartSession"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StopSession"/>
    <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StopSessionWithReason"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LoadShillProfile"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LockScreen"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="HandleLockScreenShown"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartBrowserDataMigration"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="HandleLockScreenDismissed"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RestartJob"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StorePolicyEx"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePolicyEx"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveDeviceLocalAccountPolicy"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveSessionState"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveActiveSessions"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="IsGuestSessionActive"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartDeviceWipe"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartRemoteDeviceWipe"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="ClearForcedReEnrollmentVpd"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartTPMFirmwareUpdate"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="SetFlagsForUser"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="SetFeatureFlagsForUser"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="GetServerBackedStateKeys"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="HandleSupervisedUserCreationStarting"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="HandleSupervisedUserCreationFinished"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StartArcMiniContainer"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="UpgradeArcContainer"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StopArcInstance"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="SetArcCpuRestriction"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="EmitArcBooted"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="GetArcStartTimeTicks"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="EnableAdbSideload"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="QueryAdbSideload"/>
   </policy>

   <policy user="patchpaneld">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="QueryAdbSideload"/>
   </policy>

   <policy user="crash">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveActiveSessions"/>
   </policy>

   <policy user="vm_cicerone">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveActiveSessions"/>
   </policy>

   <policy user="kerberosd">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="dlcservice">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="power">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="LockScreen"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveSessionState"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="StopSession"/>
   </policy>

   <policy user="biod">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveActiveSessions"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="u2f">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="cdm-oemcrypto">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveSessionState"/>
   </policy>

   <policy user="pciguard">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="IsGuestSessionActive"/>
   </policy>

   <policy user="dlp">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
   </policy>

   <policy user="federated-service">
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrievePrimarySession"/>
     <allow send_destination="org.chromium.SessionManager"
            send_interface="org.chromium.SessionManagerInterface"
            send_member="RetrieveSessionState"/>
   </policy>
 </busconfig>
	<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<!--
	Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.
	-->
	<busconfig>
	<policy user="root">
	<allow own="org.chromium.SessionManager" />
	<allow send_destination="org.chromium.SessionManager" />

	<!-- Only root should be allowed to call InitMachineInfo. -->
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="InitMachineInfo"/>
	</policy>

	<policy user="arc-keymasterd">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="crosvm">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="authpolicyd">
	<!--
	To prevent the use of unsigned policy for persisting a browser exploit,
	writing unsigned policy is restricted to the authpolicy daemon.
	-->
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StoreUnsignedPolicyEx"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="ListStoredComponentPolicies"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveSessionState"/>
	</policy>

	<policy user="chronos">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="EmitLoginPromptVisible"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="EmitAshInitialized"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="SaveLoginPassword"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LoginScreenStorageStore"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LoginScreenStorageRetrieve"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LoginScreenStorageListKeys"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LoginScreenStorageDelete"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartSession"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StopSession"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StopSessionWithReason"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LoadShillProfile"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LockScreen"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="HandleLockScreenShown"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartBrowserDataMigration"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="HandleLockScreenDismissed"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RestartJob"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StorePolicyEx"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePolicyEx"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveDeviceLocalAccountPolicy"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveSessionState"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveActiveSessions"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="IsGuestSessionActive"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartDeviceWipe"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartRemoteDeviceWipe"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="ClearForcedReEnrollmentVpd"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartTPMFirmwareUpdate"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="SetFlagsForUser"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="SetFeatureFlagsForUser"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="GetServerBackedStateKeys"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="HandleSupervisedUserCreationStarting"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="HandleSupervisedUserCreationFinished"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StartArcMiniContainer"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="UpgradeArcContainer"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StopArcInstance"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="SetArcCpuRestriction"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="EmitArcBooted"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="GetArcStartTimeTicks"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="EnableAdbSideload"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="QueryAdbSideload"/>
	</policy>

	<policy user="patchpaneld">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="QueryAdbSideload"/>
	</policy>

	<policy user="crash">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveActiveSessions"/>
	</policy>

	<policy user="vm_cicerone">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveActiveSessions"/>
	</policy>

	<policy user="kerberosd">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="dlcservice">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="power">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="LockScreen"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveSessionState"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="StopSession"/>
	</policy>

	<policy user="biod">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveActiveSessions"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="u2f">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="cdm-oemcrypto">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveSessionState"/>
	</policy>

	<policy user="pciguard">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="IsGuestSessionActive"/>
	</policy>

	<policy user="dlp">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	</policy>

	<policy user="federated-service">
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrievePrimarySession"/>
	<allow send_destination="org.chromium.SessionManager"
	send_interface="org.chromium.SessionManagerInterface"
	send_member="RetrieveSessionState"/>
	</policy>
	</busconfig>