patchpanel: Restrict DBUS API
Only allow crosvm to call {ArcVm|Termina}{Startup|Shutdown}
BUG=chromium:1102361
BUG=chromium:1099390
TEST=flashed device, verified termina still launches
Change-Id: Id4ff03d6f229207f58eb9fe9300ddded3ba497d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2284323
Tested-by: Garrick Evans <garrick@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Garrick Evans <garrick@chromium.org>
(cherry picked from commit 42698961db1cb205cd9ed6641aba759b16a38f29)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2341263
diff --git a/patchpanel/dbus/org.chromium.Patchpanel.conf b/patchpanel/dbus/org.chromium.Patchpanel.conf
index d7dcc3a..14adb06 100644
--- a/patchpanel/dbus/org.chromium.Patchpanel.conf
+++ b/patchpanel/dbus/org.chromium.Patchpanel.conf
@@ -15,9 +15,25 @@
<allow receive_sender="org.chromium.PatchPanel"/>
</policy>
<policy user="crosvm">
- <allow send_destination="org.chromium.PatchPanel"/>
- <allow receive_sender="org.chromium.PatchPanel"/>
- </policy>
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="ArcVmStartup" />
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="ArcVmShutdown" />
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="TerminaVmStartup" />
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="TerminaVmShutdown" />
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="PluginVmStartup" />
+ <allow send_destination="org.chromium.PatchPanel"
+ send_interface="org.chromium.PatchPanel"
+ send_member="PluginVmShutdown" />
+ </policy>
<policy user="tlsdate">
<allow send_destination="org.chromium.PatchPanel"
send_interface="org.chromium.PatchPanel"
