<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy context="default">
    <!--                                -->
    <!--  net.openvpn.v3.netcfg         -->
    <!--                                -->
    <allow send_destination="net.openvpn.v3.netcfg"
           send_path="/net/openvpn/v3/netcfg"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_path="/net/openvpn/v3/netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Peer"
           send_type="method_call"
           send_member="Ping"/>
  </policy>

  <policy user="@OPENVPN_USERNAME@">
    <!--                                -->
    <!--  net.openvpn.v3.netcfg         -->
    <!--                                -->
    <allow own="net.openvpn.v3.netcfg"/>

    <!--  In main netcfg object: /net/openvpn/v3/netcfg -->
    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="CreateVirtualInterface"/>

    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="ProtectSocket"/>

    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="DcoAvailable"/>

    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="Cleanup"/>

    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NotificationSubscribe"/>

    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NotificationUnsubscribe"/>

    <!--  In netcfg managed device object: /net/openvpn/v3/netcfg/$DEVICE -->
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="AddBypassRoute"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="AddIPAddress"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="SetRemoteAddress"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="AddNetworks"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="AddDNS"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="AddDNSSearch"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="RemoveDNSSearch"/>
    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="EnableDCO"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="Establish"/>
    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="Disable"/>
    <allow send_interface="net.openvpn.v3.netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="Destroy"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="GetAll"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Set" />

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Peer"
           send_type="method_call"
           send_member="Ping"/>

    <!--  In netcfg managed device object: /net/openvpn/v3/netcfg/$DEVICE/dco -->
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NewPeer"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="GetPipeFD"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NewKey"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="SwapKeys"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="SetPeer"/>
  </policy>

  <policy user="root">
    <!--                                -->
    <!--  net.openvpn.v3.netcfg         -->
    <!--                                -->
    <allow send_interface="net.openvpn.v3.netcfg"
           send_path="/net/openvpn/v3/netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NotificationSubscribe"/>
    <allow send_interface="net.openvpn.v3.netcfg"
           send_path="/net/openvpn/v3/netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NotificationUnsubscribe"/>
    <allow send_interface="net.openvpn.v3.netcfg"
           send_path="/net/openvpn/v3/netcfg"
           send_destination="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="NotificationSubscriberList"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="net.openvpn.v3.netcfg"
           send_type="method_call"
           send_member="FetchInterfaceList"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>

    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="GetAll"/>
    <allow send_destination="net.openvpn.v3.netcfg"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Set" />
  </policy>
</busconfig>
