<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy context="default">
    <allow send_destination="net.openvpn.v3.log"
           send_path="/net/openvpn/v3/log"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>

    <allow send_destination="net.openvpn.v3.log"
           send_path="/net/openvpn/v3/log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>

    <allow send_destination="net.openvpn.v3.log"
           send_path="/net/openvpn/v3/log"
           send_interface="org.freedesktop.DBus.Peer"
           send_type="method_call"
           send_member="Ping"/>
  </policy>

  <policy context="mandatory">
    <!--
          Needed to allow log forwarding which are
          requested via net.openvpn.v3.sessions but
          delivered by net.openvpn.v3.log to another
          log listener, typically without a well-known
          busname
    -->
    <allow receive_sender="net.openvpn.v3.log"
           receive_interface="net.openvpn.v3.backends"
           receive_type="signal"
           receive_member="Log"/>
    <allow receive_sender="net.openvpn.v3.log"
           receive_interface="net.openvpn.v3.backends"
           receive_type="signal"
           receive_member="StatusChange"/>
  </policy>

  <policy user="@OPENVPN_USERNAME@">
    <!--                                -->
    <!--  net.openvpn.v3.log            -->
    <!--                                -->
    <allow own="net.openvpn.v3.log"/>

    <allow send_destination="net.openvpn.v3.log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="Attach"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="AssignSession"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="Detach"/>

    <allow send_destination="net.openvpn.v3.log"
           send_path="/net/openvpn/v3/log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="ProxyLogEvents"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="Remove"/>

    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Peer"
           send_type="method_call"
           send_member="Ping"/>

    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Set"/>
  </policy>

  <policy user="root">
    <!--                                -->
    <!--  net.openvpn.v3.log            -->
    <!--                                -->

    <!--
        Property access is restricted to the main log object
        at: /net/openvpn/v3/log
     -->
    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"
           send_path="/net/openvpn/v3/log"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="GetAll"
           send_path="/net/openvpn/v3/log"/>
    <allow send_destination="net.openvpn.v3.log"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Set"
           send_path="/net/openvpn/v3/log"/>

    <allow send_destination="net.openvpn.v3.log"
           send_interface="net.openvpn.v3.log"
           send_type="method_call"
           send_member="GetSubscriberList"
           send_path="/net/openvpn/v3/log"/>

  </policy>
</busconfig>