cros-disks/org.chromium.CrosDisks.conf - chromiumos/platform2 - Git at Google

 <!DOCTYPE busconfig PUBLIC
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <!--
   Copyright 2017 The ChromiumOS Authors
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.
 -->
 <busconfig>
   <policy user="cros-disks">
     <allow own="org.chromium.CrosDisks" />
     <allow send_destination="org.chromium.CrosDisks" />
   </policy>
   <!--
     For testing. This doesn't really add attack surface: if you're root,
     you don't really need to use cros-disks to mount stuff, or to gain code
     exec.
   -->
   <policy user="root">
     <allow send_destination="org.chromium.CrosDisks" />
   </policy>
   <policy user="chronos">
     <!-- introspection denied -->
     <deny send_destination="org.chromium.CrosDisks"
           send_interface="org.freedesktop.DBus.Introspectable" />
     <!-- properties allowed -->
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.freedesktop.DBus.Properties"
            send_member="Get" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.freedesktop.DBus.Properties"
            send_member="Set" />
     <!-- methods allowed -->
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="EnumerateDevices" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="EnumerateMountEntries" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="Format" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="SinglePartitionFormat" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="GetDeviceProperties" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="Mount" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="Rename" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="Unmount" />
     <allow send_destination="org.chromium.CrosDisks"
            send_interface="org.chromium.CrosDisks"
            send_member="UnmountAll" />
   </policy>
   <limit name="max_replies_per_connection">512</limit>
 </busconfig>
	<!DOCTYPE busconfig PUBLIC
	"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
	<!--
	Copyright 2017 The ChromiumOS Authors
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.
	-->
	<busconfig>
	<policy user="cros-disks">
	<allow own="org.chromium.CrosDisks" />
	<allow send_destination="org.chromium.CrosDisks" />
	</policy>
	<!--
	For testing. This doesn't really add attack surface: if you're root,
	you don't really need to use cros-disks to mount stuff, or to gain code
	exec.
	-->
	<policy user="root">
	<allow send_destination="org.chromium.CrosDisks" />
	</policy>
	<policy user="chronos">
	<!-- introspection denied -->
	<deny send_destination="org.chromium.CrosDisks"
	send_interface="org.freedesktop.DBus.Introspectable" />
	<!-- properties allowed -->
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.freedesktop.DBus.Properties"
	send_member="Get" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.freedesktop.DBus.Properties"
	send_member="Set" />
	<!-- methods allowed -->
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="EnumerateDevices" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="EnumerateMountEntries" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="Format" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="SinglePartitionFormat" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="GetDeviceProperties" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="Mount" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="Rename" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="Unmount" />
	<allow send_destination="org.chromium.CrosDisks"
	send_interface="org.chromium.CrosDisks"
	send_member="UnmountAll" />
	</policy>
	<limit name="max_replies_per_connection">512</limit>
	</busconfig>