blob: 16dbe33d112c588ef84dc8ffc11775f339eba361 [file] [log] [blame] [edit]
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
Copyright 2019 The Chromium OS Authors. All rights reserved.
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
This file will be installed at /etc/dbus-1/system.d on Chromium OS.
-->
<busconfig>
<!-- Patchpanel DBus API is suggested to be used through the thin wrapper
defined at platform2/patchpanel/client.h. -->
<policy user="root">
<allow own="org.chromium.PatchPanel" />
<allow send_destination="org.chromium.PatchPanel"/>
<allow receive_sender="org.chromium.PatchPanel"/>
</policy>
<policy user="crosvm">
<!-- Methods used by crosvm to notify patchpanel of a VM (ARCVM, Termina,
PluginVM) starting or stopping. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="ArcVmStartup" />
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="ArcVmShutdown" />
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="TerminaVmStartup" />
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="TerminaVmShutdown" />
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="PluginVmStartup" />
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="PluginVmShutdown" />
</policy>
<policy user="tlsdate">
<!-- Method to let tlsdate elect syncing time over a VPN connection or over
the physical network. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="SetVpnIntent" />
</policy>
<policy user="system-proxy">
<!-- Method used by system-proxy to set up isolated networks where web
traffic from proxy aware clients (host services, guest VMs and
containers) can be routed to. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="ConnectNamespace" />
</policy>
<policy user="shill">
<!-- Method used by shill to collect and persist traffic statistics for
connected Services. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="GetTrafficCounters" />
<!-- Method used by shill to start or stop VPN lockdown when always-on-VPN
has been configured in lockdown mode. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="SetVpnLockdown" />
</policy>
<policy user="devbroker">
<!-- Single iptables control method used by permission_broker as a backend
to all Port Access rules and Port Forwarding rules. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="ModifyPortRule" />
</policy>
<policy user="dns-proxy">
<!-- Method used by dns-proxy to set up isolated networks where web
traffic from proxy aware clients (host services, guest VMs and
containers) can be routed to. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="ConnectNamespace" />
<!-- Method used by dns-proxy to query patchpanel devices. -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="GetDevices" />
<!-- Method used dns-proxy to modify redirection rule for DNS proxy -->
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
send_member="SetDnsRedirectionRule" />
</policy>
</busconfig>