| <!DOCTYPE busconfig PUBLIC |
| "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" |
| "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
| <!-- |
| Copyright 2018 The Chromium Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style license that can be |
| found in the LICENSE file. |
| |
| This file will be installed at /etc/dbus-1/system.d on Chromium OS. |
| --> |
| <busconfig> |
| <policy user="seneschal-dbus"> |
| <allow own="org.chromium.Seneschal" /> |
| </policy> |
| |
| <policy context="default"> |
| <!-- |
| By default, processes are only allowed to start and stop servers. |
| Sharing paths is explicitly not allowed because if we did, a |
| compromised service could gain access to the user's home directory |
| just by asking seneschal to share paths with a server and then talking |
| to that server via 9p. |
| --> |
| <allow send_destination="org.chromium.Seneschal" |
| send_interface="org.chromium.Seneschal" |
| send_member="StartServer" /> |
| <allow send_destination="org.chromium.Seneschal" |
| send_interface="org.chromium.Seneschal" |
| send_member="StopServer" /> |
| </policy> |
| |
| <!-- root and chronos can call all the methods --> |
| <policy user="chronos"> |
| <allow send_destination="org.chromium.Seneschal"/> |
| <allow receive_sender="org.chromium.Seneschal"/> |
| </policy> |
| <policy user="root"> |
| <allow send_destination="org.chromium.Seneschal"/> |
| <allow receive_sender="org.chromium.Seneschal"/> |
| </policy> |
| </busconfig> |