responder/ifp/org.freedesktop.sssd.infopipe.conf

	org.freedesktop.sssd.infopipe.conf revision 9e9ad4cb181c6c0ec70caacfb31319753f889e98
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke<?xml version="1.0"?> <!--*-nxml-*-->
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke<!DOCTYPE busconfig PUBLIC
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke<busconfig>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke  <!-- This configuration file specifies the required security policies
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke       for the SSSD InfoPipe to work. -->
c4efa79099f55bed1ff94db4a368632c5520b694Lukas Slebodnik
c4efa79099f55bed1ff94db4a368632c5520b694Lukas Slebodnik  <!-- Only root can own (provide) the SSSD service -->
c4efa79099f55bed1ff94db4a368632c5520b694Lukas Slebodnik  <policy user="root">
c4efa79099f55bed1ff94db4a368632c5520b694Lukas Slebodnik    <allow own="org.freedesktop.sssd.infopipe"/>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke  </policy>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke  <!-- Allow all methods on the interface -->
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke  <!-- Right now, this will be handled by a limited ACL
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke       within the InfoPipe Daemon. -->
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke  <policy context="default">
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    <allow send_destination="org.freedesktop.sssd.infopipe"
           send_interface="org.freedesktop.DBus.Introspectable"/>

    <allow send_destination="org.freedesktop.sssd.infopipe"
           send_interface="org.freedesktop.DBus.Properties"
           send_member="GetAll"/>
    <allow send_destination="org.freedesktop.sssd.infopipe"
           send_interface="org.freedesktop.DBus.Properties"
           send_member="Get"/>
    <allow send_destination="org.freedesktop.sssd.infopipe"
           send_interface="org.freedesktop.DBus.Properties"
           send_member="Set"/>

    <allow send_interface="org.freedesktop.sssd.infopipe"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
    <allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
  </policy>

  <policy user="root">
    <allow send_interface="org.freedesktop.sssd.infopipe.Components"/>
  </policy>

</busconfig>