patchpanel/dbus/org.chromium.Patchpanel.conf - third_party/platform2 - Git at Google

 <!DOCTYPE busconfig PUBLIC
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <!--
   Copyright 2019 The ChromiumOS Authors
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.

   This file will be installed at /etc/dbus-1/system.d on Chromium OS.
 -->
 <busconfig>
   <!-- Patchpanel DBus API is suggested to be used through the thin wrapper
        defined at platform2/patchpanel/client.h. -->
   <policy user="patchpaneld">
     <allow own="org.chromium.PatchPanel" />
   </policy>
   <policy user="root">
     <allow send_destination="org.chromium.PatchPanel"/>
     <allow receive_sender="org.chromium.PatchPanel"/>
    </policy>
   <policy user="chronos">
     <!-- Method used by chronos to query ARC virtual datapath configuration. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="GetDevices" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="NotifyAndroidWifiMulticastLockChange" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="NotifyAndroidInteractiveState" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="NotifySocketConnectionEvent" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="NotifyARCVPNSocketConnectionEvent" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="SetFeatureFlag" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="TagSocket" />
   </policy>
   <policy user="crosvm">
     <!-- Methods used by crosvm to notify patchpanel of a VM (ARCVM, Termina,
          Parallels VM) starting or stopping. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ArcVmStartup" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ArcVmShutdown" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="TerminaVmStartup" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="TerminaVmShutdown" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ParallelsVmStartup" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ParallelsVmShutdown" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="BruschettaVmStartup" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="BruschettaVmShutdown" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="BorealisVmStartup" />
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="BorealisVmShutdown" />
     </policy>
   <policy user="system-proxy">
     <!-- Method used by system-proxy to set up isolated networks where web
          traffic from proxy aware clients (host services, guest VMs and
          containers) can be routed to. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ConnectNamespace" />
   </policy>
   <policy user="shill">
     <!-- Method used by shill to configure an IP network on a physical or VPN
          network interface corresponding to a shill Service. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ConfigureNetwork" />
     <!-- Method used by shill to collect and persist traffic statistics for
          connected Services. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="GetTrafficCounters" />
     <!-- Method used by shill to start or stop VPN lockdown when always-on-VPN
          has been configured in lockdown mode. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="SetVpnLockdown" />
     <!-- Method used by shill to create an IP network on a WiFi network
          interface set in AP mode or in peer-to-peer mode (WiFi Direct). -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="CreateLocalOnlyNetwork" />
     <!-- Method used by shill to create an IP network on a network interface
          and give it Internet access through another existing network. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="CreateTetheredNetwork" />
     <!-- Method used by shill to query Layer 3 information of all clients
          connected to a network created with CreateLocalOnlyNetwork or
          CreateTetheredNetwork. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="GetDownstreamNetworkInfo" />
     <!-- Method used by shill to add a traffic annotation to its HTTP(s)
          requests. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="TagSocket" />
   </policy>
   <policy user="devbroker">
     <!-- Single iptables control method used by permission_broker as a backend
          to all Port Access rules and Port Forwarding rules. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ModifyPortRule" />
   </policy>
   <policy user="dns-proxy">
     <!-- Method used by dns-proxy to set up isolated networks where web
          traffic from proxy aware clients (host services, guest VMs and
          containers) can be routed to. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="ConnectNamespace" />
     <!-- Method used by dns-proxy to query patchpanel devices. -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="GetDevices" />
     <!-- Method used dns-proxy to modify redirection rule for DNS proxy -->
     <allow send_destination="org.chromium.PatchPanel"
            send_interface="org.chromium.PatchPanel"
            send_member="SetDnsRedirectionRule" />
   </policy>
  </busconfig>
	<!DOCTYPE busconfig PUBLIC
	"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<!--
	Copyright 2019 The ChromiumOS Authors
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.

	This file will be installed at /etc/dbus-1/system.d on Chromium OS.
	-->
	<busconfig>
	<!-- Patchpanel DBus API is suggested to be used through the thin wrapper
	defined at platform2/patchpanel/client.h. -->
	<policy user="patchpaneld">
	<allow own="org.chromium.PatchPanel" />
	</policy>
	<policy user="root">
	<allow send_destination="org.chromium.PatchPanel"/>
	<allow receive_sender="org.chromium.PatchPanel"/>
	</policy>
	<policy user="chronos">
	<!-- Method used by chronos to query ARC virtual datapath configuration. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="GetDevices" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="NotifyAndroidWifiMulticastLockChange" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="NotifyAndroidInteractiveState" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="NotifySocketConnectionEvent" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="NotifyARCVPNSocketConnectionEvent" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="SetFeatureFlag" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="TagSocket" />
	</policy>
	<policy user="crosvm">
	<!-- Methods used by crosvm to notify patchpanel of a VM (ARCVM, Termina,
	Parallels VM) starting or stopping. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ArcVmStartup" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ArcVmShutdown" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="TerminaVmStartup" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="TerminaVmShutdown" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ParallelsVmStartup" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ParallelsVmShutdown" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="BruschettaVmStartup" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="BruschettaVmShutdown" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="BorealisVmStartup" />
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="BorealisVmShutdown" />
	</policy>
	<policy user="system-proxy">
	<!-- Method used by system-proxy to set up isolated networks where web
	traffic from proxy aware clients (host services, guest VMs and
	containers) can be routed to. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ConnectNamespace" />
	</policy>
	<policy user="shill">
	<!-- Method used by shill to configure an IP network on a physical or VPN
	network interface corresponding to a shill Service. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ConfigureNetwork" />
	<!-- Method used by shill to collect and persist traffic statistics for
	connected Services. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="GetTrafficCounters" />
	<!-- Method used by shill to start or stop VPN lockdown when always-on-VPN
	has been configured in lockdown mode. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="SetVpnLockdown" />
	<!-- Method used by shill to create an IP network on a WiFi network
	interface set in AP mode or in peer-to-peer mode (WiFi Direct). -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="CreateLocalOnlyNetwork" />
	<!-- Method used by shill to create an IP network on a network interface
	and give it Internet access through another existing network. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="CreateTetheredNetwork" />
	<!-- Method used by shill to query Layer 3 information of all clients
	connected to a network created with CreateLocalOnlyNetwork or
	CreateTetheredNetwork. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="GetDownstreamNetworkInfo" />
	<!-- Method used by shill to add a traffic annotation to its HTTP(s)
	requests. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="TagSocket" />
	</policy>
	<policy user="devbroker">
	<!-- Single iptables control method used by permission_broker as a backend
	to all Port Access rules and Port Forwarding rules. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ModifyPortRule" />
	</policy>
	<policy user="dns-proxy">
	<!-- Method used by dns-proxy to set up isolated networks where web
	traffic from proxy aware clients (host services, guest VMs and
	containers) can be routed to. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="ConnectNamespace" />
	<!-- Method used by dns-proxy to query patchpanel devices. -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="GetDevices" />
	<!-- Method used dns-proxy to modify redirection rule for DNS proxy -->
	<allow send_destination="org.chromium.PatchPanel"
	send_interface="org.chromium.PatchPanel"
	send_member="SetDnsRedirectionRule" />
	</policy>
	</busconfig>