cryptohome/etc/org.chromium.UserDataAuth.conf - third_party/platform2 - Git at Google

 <!--
   Copyright 2019 The ChromiumOS Authors
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.
 -->

 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
   <policy user="root">
     <allow own="org.chromium.UserDataAuth" />
     <allow send_destination="org.chromium.UserDataAuth" />
   </policy>

   <policy user="chronos">
     <!-- introspection is denied -->
     <deny send_destination="org.chromium.UserDataAuth"
           send_interface="org.freedesktop.DBus.Introspectable" />
     <!-- properties denied -->
     <deny send_destination="org.chromium.UserDataAuth"
           send_interface="org.freedesktop.DBus.Properties" />
     <!-- allow explicit methods -->
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="IsMounted"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetVaultProperties"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Unmount"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="Remove"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecret"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecretHash"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="StartMigrateToDircrypto"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="NeedsDircryptoMigration"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetSupportedKeyPolicies"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetAccountDiskUsage"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="StartAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="InvalidateAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="ExtendAuthSession"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="CreatePersistentUser"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="PrepareGuestVault"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="PrepareEphemeralVault"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="PreparePersistentVault"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="PrepareVaultForMigration"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="PrepareAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="TerminateAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AddAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="AuthenticateAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="UpdateAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="UpdateAuthFactorMetadata"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="RelabelAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="ReplaceAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="RemoveAuthFactor"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="ListAuthFactors"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetAuthFactorExtendedInfo"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetArcDiskFeatures"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="RestoreDeviceKey"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetRecoverableKeyStores"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="LockFactorUntilReboot"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="MigrateLegacyFingerprints"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11IsTpmTokenReady"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11GetTpmTokenInfo"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11Terminate"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11RestoreTpmTokens"/>

     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSystemSalt"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="UpdateCurrentUserActivityTimestamp"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSanitizedUsername"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetLoginStatus"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetStatusString"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="LockToSingleUserMountUntilReboot"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetRsuDeviceId"/>
   </policy>

   <policy user="arc-keymasterd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11GetTpmTokenInfo"/>
   </policy>

   <policy user="arc-keymintd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11GetTpmTokenInfo"/>
   </policy>

   <policy user="authpolicyd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetSanitizedUsername"/>
   </policy>

   <policy user="debugd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetLoginStatus"/>
   </policy>

   <policy user="u2f">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecret"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="GetWebAuthnSecretHash"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="ListAuthFactors"/>
   </policy>

   <policy user="power">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="EvictDeviceKey"/>
   </policy>

   <policy user="debugd">
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomePkcs11Interface"
            send_member="Pkcs11IsTpmTokenReady"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.CryptohomeMiscInterface"
            send_member="GetLoginStatus"/>
     <allow send_destination="org.chromium.UserDataAuth"
            send_interface="org.chromium.UserDataAuthInterface"
            send_member="IsMounted"/>
   </policy>

   <policy user="secagentd">
     <allow receive_sender="org.chromium.UserDataAuth"
            receive_interface="org.chromium.UserDataAuthInterface"
            receive_member="AuthenticateAuthFactorCompleted"/>
     <allow receive_sender="org.chromium.UserDataAuth"
            receive_interface="org.chromium.UserDataAuthInterface"
            receive_member="RemoveCompleted"/>
   </policy>

   <policy context="default">
     <deny send_destination="org.chromium.UserDataAuth" />
     <deny receive_sender="org.chromium.UserDataAuth"
           receive_interface="org.chromium.UserDataAuthInterface"
           receive_member="AuthenticateAuthFactorCompleted"/>
     <deny receive_sender="org.chromium.UserDataAuth"
           receive_interface="org.chromium.UserDataAuthInterface"
           receive_member="AuthenticateStarted"/>
     <deny receive_sender="org.chromium.UserDataAuth"
           receive_interface="org.chromium.UserDataAuthInterface"
           receive_member="RemoveCompleted"/>
   </policy>
 </busconfig>
	<!--
	Copyright 2019 The ChromiumOS Authors
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.
	-->

	<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<busconfig>
	<policy user="root">
	<allow own="org.chromium.UserDataAuth" />
	<allow send_destination="org.chromium.UserDataAuth" />
	</policy>

	<policy user="chronos">
	<!-- introspection is denied -->
	<deny send_destination="org.chromium.UserDataAuth"
	send_interface="org.freedesktop.DBus.Introspectable" />
	<!-- properties denied -->
	<deny send_destination="org.chromium.UserDataAuth"
	send_interface="org.freedesktop.DBus.Properties" />
	<!-- allow explicit methods -->
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="IsMounted"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetVaultProperties"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Unmount"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="Remove"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecret"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecretHash"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="StartMigrateToDircrypto"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="NeedsDircryptoMigration"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetSupportedKeyPolicies"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetAccountDiskUsage"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="StartAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="InvalidateAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="ExtendAuthSession"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="CreatePersistentUser"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="PrepareGuestVault"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="PrepareEphemeralVault"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="PreparePersistentVault"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="PrepareVaultForMigration"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="PrepareAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="TerminateAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AddAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="AuthenticateAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="UpdateAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="UpdateAuthFactorMetadata"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="RelabelAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="ReplaceAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="RemoveAuthFactor"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="ListAuthFactors"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetAuthFactorExtendedInfo"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetArcDiskFeatures"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="RestoreDeviceKey"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetRecoverableKeyStores"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="LockFactorUntilReboot"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="MigrateLegacyFingerprints"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11IsTpmTokenReady"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11GetTpmTokenInfo"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11Terminate"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11RestoreTpmTokens"/>

	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSystemSalt"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="UpdateCurrentUserActivityTimestamp"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSanitizedUsername"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetLoginStatus"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetStatusString"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="LockToSingleUserMountUntilReboot"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetRsuDeviceId"/>
	</policy>

	<policy user="arc-keymasterd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11GetTpmTokenInfo"/>
	</policy>

	<policy user="arc-keymintd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11GetTpmTokenInfo"/>
	</policy>

	<policy user="authpolicyd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetSanitizedUsername"/>
	</policy>

	<policy user="debugd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetLoginStatus"/>
	</policy>

	<policy user="u2f">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecret"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="GetWebAuthnSecretHash"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="ListAuthFactors"/>
	</policy>

	<policy user="power">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="EvictDeviceKey"/>
	</policy>

	<policy user="debugd">
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomePkcs11Interface"
	send_member="Pkcs11IsTpmTokenReady"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.CryptohomeMiscInterface"
	send_member="GetLoginStatus"/>
	<allow send_destination="org.chromium.UserDataAuth"
	send_interface="org.chromium.UserDataAuthInterface"
	send_member="IsMounted"/>
	</policy>

	<policy user="secagentd">
	<allow receive_sender="org.chromium.UserDataAuth"
	receive_interface="org.chromium.UserDataAuthInterface"
	receive_member="AuthenticateAuthFactorCompleted"/>
	<allow receive_sender="org.chromium.UserDataAuth"
	receive_interface="org.chromium.UserDataAuthInterface"
	receive_member="RemoveCompleted"/>
	</policy>

	<policy context="default">
	<deny send_destination="org.chromium.UserDataAuth" />
	<deny receive_sender="org.chromium.UserDataAuth"
	receive_interface="org.chromium.UserDataAuthInterface"
	receive_member="AuthenticateAuthFactorCompleted"/>
	<deny receive_sender="org.chromium.UserDataAuth"
	receive_interface="org.chromium.UserDataAuthInterface"
	receive_member="AuthenticateStarted"/>
	<deny receive_sender="org.chromium.UserDataAuth"
	receive_interface="org.chromium.UserDataAuthInterface"
	receive_member="RemoveCompleted"/>
	</policy>
	</busconfig>