src/org.freedesktop.NetworkManager.conf

   1 <!DOCTYPE busconfig PUBLIC
   2  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   3  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
   4 <busconfig>
   5         <policy user="root">
   6                 <allow own="org.freedesktop.NetworkManager"/>
   7                 <allow send_destination="org.freedesktop.NetworkManager"/>
   8
   9                 <allow send_destination="org.freedesktop.NetworkManager"
  10                        send_interface="org.freedesktop.NetworkManager.PPP"/>
  11
  12                 <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
  13                 <!-- These are there because some broken policies do
  14                      <deny send_interface="..." /> (see dbus-daemon(8) for details).
  15                      This seems to override that for the known VPN plugins.
  16                   -->
  17                 <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
  18                 <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
  19                 <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
  20                 <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
  21                 <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
  22                 <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
  23                 <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
  24                 <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
  25                 <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
  26                 <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
  27                 <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
  28                 <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
  29         </policy>
  30         <policy context="default">
  31                 <deny own="org.freedesktop.NetworkManager"/>
  32
  33                 <deny send_destination="org.freedesktop.NetworkManager"/>
  34
  35                 <!-- Basic D-Bus API stuff -->
  36                 <allow send_destination="org.freedesktop.NetworkManager"
  37                        send_interface="org.freedesktop.DBus.Introspectable"/>
  38                 <allow send_destination="org.freedesktop.NetworkManager"
  39                        send_interface="org.freedesktop.DBus.Properties"/>
  40                 <allow send_destination="org.freedesktop.NetworkManager"
  41                        send_interface="org.freedesktop.DBus.ObjectManager"/>
  42
  43                 <!-- Devices (read-only properties, no methods) -->
  44                 <allow send_destination="org.freedesktop.NetworkManager"
  45                        send_interface="org.freedesktop.NetworkManager.Device.Adsl"/>
  46                 <allow send_destination="org.freedesktop.NetworkManager"
  47                        send_interface="org.freedesktop.NetworkManager.Device.Bond"/>
  48                 <allow send_destination="org.freedesktop.NetworkManager"
  49                        send_interface="org.freedesktop.NetworkManager.Device.Bridge"/>
  50                 <allow send_destination="org.freedesktop.NetworkManager"
  51                        send_interface="org.freedesktop.NetworkManager.Device.Bluetooth"/>
  52                 <allow send_destination="org.freedesktop.NetworkManager"
  53                        send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
  54                 <allow send_destination="org.freedesktop.NetworkManager"
  55                        send_interface="org.freedesktop.NetworkManager.Device.Generic"/>
  56                 <allow send_destination="org.freedesktop.NetworkManager"
  57                        send_interface="org.freedesktop.NetworkManager.Device.Gre"/>
  58                 <allow send_destination="org.freedesktop.NetworkManager"
  59                        send_interface="org.freedesktop.NetworkManager.Device.Infiniband"/>
  60                 <allow send_destination="org.freedesktop.NetworkManager"
  61                        send_interface="org.freedesktop.NetworkManager.Device.Macvlan"/>
  62                 <allow send_destination="org.freedesktop.NetworkManager"
  63                        send_interface="org.freedesktop.NetworkManager.Device.Modem"/>
  64                 <allow send_destination="org.freedesktop.NetworkManager"
  65                        send_interface="org.freedesktop.NetworkManager.Device.OlpcMesh"/>
  66                 <allow send_destination="org.freedesktop.NetworkManager"
  67                        send_interface="org.freedesktop.NetworkManager.Device.Team"/>
  68                 <allow send_destination="org.freedesktop.NetworkManager"
  69                        send_interface="org.freedesktop.NetworkManager.Device.Tun"/>
  70                 <allow send_destination="org.freedesktop.NetworkManager"
  71                        send_interface="org.freedesktop.NetworkManager.Device.Veth"/>
  72                 <allow send_destination="org.freedesktop.NetworkManager"
  73                        send_interface="org.freedesktop.NetworkManager.Device.Vlan"/>
  74                 <allow send_destination="org.freedesktop.NetworkManager"
  75                        send_interface="org.freedesktop.NetworkManager.WiMax.Nsp"/>
  76                 <allow send_destination="org.freedesktop.NetworkManager"
  77                        send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
  78
  79                 <!-- Devices (read-only, no security required) -->
  80                 <allow send_destination="org.freedesktop.NetworkManager"
  81                        send_interface="org.freedesktop.NetworkManager.Device.WiMax"/>
  82
  83                 <!-- Devices (read/write, secured with PolicyKit) -->
  84                 <allow send_destination="org.freedesktop.NetworkManager"
  85                        send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
  86                 <allow send_destination="org.freedesktop.NetworkManager"
  87                        send_interface="org.freedesktop.NetworkManager.Device"/>
  88
  89                 <!-- Core stuff (read-only properties, no methods) -->
  90                 <allow send_destination="org.freedesktop.NetworkManager"
  91                        send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
  92                 <allow send_destination="org.freedesktop.NetworkManager"
  93                        send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
  94                 <allow send_destination="org.freedesktop.NetworkManager"
  95                        send_interface="org.freedesktop.NetworkManager.DHCP6Config"/>
  96                 <allow send_destination="org.freedesktop.NetworkManager"
  97                        send_interface="org.freedesktop.NetworkManager.IP4Config"/>
  98                 <allow send_destination="org.freedesktop.NetworkManager"
  99                        send_interface="org.freedesktop.NetworkManager.IP6Config"/>
 100                 <allow send_destination="org.freedesktop.NetworkManager"
 101                        send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
 102
 103                 <!-- Core stuff (read/write, secured with PolicyKit) -->
 104                 <allow send_destination="org.freedesktop.NetworkManager"
 105                        send_interface="org.freedesktop.NetworkManager"/>
 106                 <allow send_destination="org.freedesktop.NetworkManager"
 107                        send_interface="org.freedesktop.NetworkManager.Settings"/>
 108                 <allow send_destination="org.freedesktop.NetworkManager"
 109                        send_interface="org.freedesktop.NetworkManager.Settings.Connection"/>
 110
 111                 <!-- Agents; secured with PolicyKit.  Any process can talk to
 112                      the AgentManager API, but only NetworkManager can talk
 113                      to the agents themselves. -->
 114                 <allow send_destination="org.freedesktop.NetworkManager"
 115                        send_interface="org.freedesktop.NetworkManager.AgentManager"/>
 116
 117                 <!-- Root-only functions -->
 118                 <deny send_destination="org.freedesktop.NetworkManager"
 119                       send_interface="org.freedesktop.NetworkManager"
 120                       send_member="SetLogging"/>
 121                 <deny send_destination="org.freedesktop.NetworkManager"
 122                       send_interface="org.freedesktop.NetworkManager"
 123                       send_member="Sleep"/>
 124                 <deny send_destination="org.freedesktop.NetworkManager"
 125                       send_interface="org.freedesktop.NetworkManager.Settings"
 126                       send_member="LoadConnections"/>
 127                 <deny send_destination="org.freedesktop.NetworkManager"
 128                       send_interface="org.freedesktop.NetworkManager.Settings"
 129                       send_member="ReloadConnections"/>
 130         </policy>
 131
 132         <limit name="max_replies_per_connection">1024</limit>
 133         <limit name="max_match_rules_per_connection">2048</limit>
 134 </busconfig>
 135