cryptohome/etc/org.chromium.UserDataAuth.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 <!--
   Copyright 2019 The Chromium OS Authors. All rights reserved.
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.
 -->

 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
   <policy user="root">
     <allow own="org.chromium.UserDataAuth" />
     <allow send_destination="org.chromium.UserDataAuth" />
   </policy>

   <policy user="cryptohome">
     <!-- allows forwarding by cryptohome-proxy -->
     <allow send_destination="org.chromium.UserDataAuth" />
   </policy>

   <policy user="chronos">
     <!-- introspection is denied -->
     <deny send_destination="org.chromium.UserDataAuth"
           send_interface="org.freedesktop.DBus.Introspectable" />
     <!-- properties denied -->
     <deny send_destination="org.chromium.UserDataAuth"
           send_interface="org.freedesktop.DBus.Properties" />
     <!-- allow explicit methods -->
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="IsMounted"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Unmount"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Mount"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Remove"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Rename"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="ListKeys"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetKeyData"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="CheckKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AddKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AddDataRestoreKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="RemoveKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="MassRemoveKeys"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="MigrateKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="StartFingerprintAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="EndFingerprintAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecret"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="StartMigrateToDircrypto"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="NeedsDircryptoMigration"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetSupportedKeyPolicies"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetAccountDiskUsage"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="StartAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AddCredentials"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AuthenticateAuthSession"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="GetArcDiskFeatures"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="GetCurrentSpaceForArcUid"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="GetCurrentSpaceForArcGid"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="GetCurrentSpaceForArcProjectId"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="SetProjectId"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11IsTpmTokenReady"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11GetTpmTokenInfo"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11Terminate"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11RestoreTpmTokens"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="InstallAttributesGet"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="InstallAttributesSet"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="InstallAttributesFinalize"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="InstallAttributesGetStatus"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="GetFirmwareManagementParameters"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="RemoveFirmwareManagementParameters"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="SetFirmwareManagementParameters"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSystemSalt"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="UpdateCurrentUserActivityTimestamp"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSanitizedUsername"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetLoginStatus"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetStatusString"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="LockToSingleUserMountUntilReboot"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetRsuDeviceId"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="CheckHealth"/>
   </policy>

   <policy user="arc-keymasterd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11GetTpmTokenInfo"/>
   </policy>

   <policy user="authpolicyd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSanitizedUsername"/>
   </policy>

   <policy user="crosvm">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.ArcQuota"
            send_member="SetMediaRWDataFileProjectId"/>
   </policy>

   <policy user="debugd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetLoginStatus"/>
   </policy>

   <policy user="rmad">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.InstallAttributesInterface"
            send_member="GetFirmwareManagementParameters"/>
   </policy>

   <policy user="u2f">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecret"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetKeyData"/>
   </policy>

   <policy context="default">
     <deny send_destination="org.chromium.UserDataAuth" />
   </policy>
 </busconfig>
	<!--
	Copyright 2019 The Chromium OS Authors. All rights reserved.
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.
	-->

	<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<busconfig>
	<policy user="root">
	<allow own="org.chromium.UserDataAuth" />
	<allow send_destination="org.chromium.UserDataAuth" />
	</policy>

	<policy user="cryptohome">
	<!-- allows forwarding by cryptohome-proxy -->
	<allow send_destination="org.chromium.UserDataAuth" />
	</policy>

	<policy user="chronos">
	<!-- introspection is denied -->
	<deny send_destination="org.chromium.UserDataAuth"
	send_interface="org.freedesktop.DBus.Introspectable" />
	<!-- properties denied -->
	<deny send_destination="org.chromium.UserDataAuth"
	send_interface="org.freedesktop.DBus.Properties" />
	<!-- allow explicit methods -->
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="IsMounted"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Unmount"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Mount"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Remove"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Rename"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="ListKeys"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetKeyData"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="CheckKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AddKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AddDataRestoreKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="RemoveKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="MassRemoveKeys"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="MigrateKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="StartFingerprintAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="EndFingerprintAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecret"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="StartMigrateToDircrypto"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="NeedsDircryptoMigration"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetSupportedKeyPolicies"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetAccountDiskUsage"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="StartAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AddCredentials"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AuthenticateAuthSession"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="GetArcDiskFeatures"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="GetCurrentSpaceForArcUid"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="GetCurrentSpaceForArcGid"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="GetCurrentSpaceForArcProjectId"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="SetProjectId"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11IsTpmTokenReady"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11GetTpmTokenInfo"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11Terminate"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11RestoreTpmTokens"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="InstallAttributesGet"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="InstallAttributesSet"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="InstallAttributesFinalize"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="InstallAttributesGetStatus"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="GetFirmwareManagementParameters"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="RemoveFirmwareManagementParameters"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="SetFirmwareManagementParameters"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSystemSalt"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="UpdateCurrentUserActivityTimestamp"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSanitizedUsername"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetLoginStatus"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetStatusString"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="LockToSingleUserMountUntilReboot"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetRsuDeviceId"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="CheckHealth"/>
	</policy>

	<policy user="arc-keymasterd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11GetTpmTokenInfo"/>
	</policy>

	<policy user="authpolicyd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSanitizedUsername"/>
	</policy>

	<policy user="crosvm">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.ArcQuota"
	send_member="SetMediaRWDataFileProjectId"/>
	</policy>

	<policy user="debugd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetLoginStatus"/>
	</policy>

	<policy user="rmad">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.InstallAttributesInterface"
	send_member="GetFirmwareManagementParameters"/>
	</policy>

	<policy user="u2f">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecret"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetKeyData"/>
	</policy>

	<policy context="default">
	<deny send_destination="org.chromium.UserDataAuth" />
	</policy>
	</busconfig>