100 lines
3.5 KiB
XML
100 lines
3.5 KiB
XML
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
|
|
|
|
<!DOCTYPE busconfig PUBLIC
|
|
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
<busconfig>
|
|
<policy user="root">
|
|
<allow own="com.redhat.RHSM1"/>
|
|
|
|
<!--
|
|
Lock down the objects to root access only
|
|
-->
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Attach"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Products"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Config"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.RegisterServer"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Unregister"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Entitlement"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Consumer"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Syspurpose"/>
|
|
|
|
<!-- Basic D-Bus API stuff -->
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.Properties"/>
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.ObjectManager"/>
|
|
</policy>
|
|
|
|
|
|
<policy context="default">
|
|
|
|
<!--
|
|
Non-root users can execute only methods providing
|
|
information from files readable by non-root users.
|
|
-->
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Entitlement"
|
|
send_member="GetStatus"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Products"
|
|
send_member="ListInstalledProducts"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Syspurpose"
|
|
send_member="GetSyspurpose"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Syspurpose"
|
|
send_member="GetSyspurposeStatus"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Config"
|
|
send_member="GetAll"/>
|
|
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Config"
|
|
send_member="Get"/>
|
|
|
|
<!--
|
|
The UUID returned by following method is read
|
|
from consumer cert. Only this file is not
|
|
readable by non-root users.
|
|
-->
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="com.redhat.RHSM1.Consumer"
|
|
send_member="GetUuid"/>
|
|
|
|
<!-- Basic D-Bus API stuff -->
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.Properties"/>
|
|
<allow send_destination="com.redhat.RHSM1"
|
|
send_interface="org.freedesktop.DBus.ObjectManager"/>
|
|
</policy>
|
|
</busconfig>
|