| <!DOCTYPE busconfig PUBLIC |
| "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" |
| "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
| <!-- |
| Copyright 2019 The Chromium OS Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style license that can be |
| found in the LICENSE file. |
| |
| This file will be installed at /etc/dbus-1/system.d on Chromium OS. |
| --> |
| <busconfig> |
| <!-- Patchpanel DBus API is suggested to be used through the thin wrapper |
| defined at platform2/patchpanel/client.h. --> |
| <policy user="root"> |
| <allow own="org.chromium.PatchPanel" /> |
| <allow send_destination="org.chromium.PatchPanel"/> |
| <allow receive_sender="org.chromium.PatchPanel"/> |
| </policy> |
| <policy user="crosvm"> |
| <!-- Methods used by crosvm to notify patchpanel of a VM (ARCVM, Termina, |
| PluginVM) starting or stopping. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="ArcVmStartup" /> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="ArcVmShutdown" /> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="TerminaVmStartup" /> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="TerminaVmShutdown" /> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="PluginVmStartup" /> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="PluginVmShutdown" /> |
| </policy> |
| <policy user="tlsdate"> |
| <!-- Method to let tlsdate elect syncing time over a VPN connection or over |
| the physical network. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="SetVpnIntent" /> |
| </policy> |
| <policy user="system-proxy"> |
| <!-- Method used by system-proxy to set up isolated networks where web |
| traffic from proxy aware clients (host services, guest VMs and |
| containers) can be routed to. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="ConnectNamespace" /> |
| </policy> |
| <policy user="shill"> |
| <!-- Method used by shill to collect and persist traffic statistics for |
| connected Services. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="GetTrafficCounters" /> |
| <!-- Method used by shill to start or stop VPN lockdown when always-on-VPN |
| has been configured in lockdown mode. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="SetVpnLockdown" /> |
| </policy> |
| <policy user="devbroker"> |
| <!-- Single iptables control method used by permission_broker as a backend |
| to all Port Access rules and Port Forwarding rules. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="ModifyPortRule" /> |
| </policy> |
| <policy user="dns-proxy"> |
| <!-- Method used by dns-proxy to set up isolated networks where web |
| traffic from proxy aware clients (host services, guest VMs and |
| containers) can be routed to. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="ConnectNamespace" /> |
| <!-- Method used by dns-proxy to query patchpanel devices. --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="GetDevices" /> |
| <!-- Method used dns-proxy to modify redirection rule for DNS proxy --> |
| <allow send_destination="org.chromium.PatchPanel" |
| send_interface="org.chromium.PatchPanel" |
| send_member="SetDnsRedirectionRule" /> |
| </policy> |
| </busconfig> |
| |