<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy context="default">
    <!--
        All users on the system has access to the methods in the
        configuration and session manager services by default.  These
        methods are to allow users to manage their own configuration
        profiles and running sessions.

        Remember that in addition to this D-Bus policy, both the
        configuration and session manager services has their own set
        of of ACL management on top of this policy.  The default ACL
        in these manager services is that a user can only manage
        configurations and sessions created by that user.
    -->

    <!--                                -->
    <!--  net.openvpn.v3.sessions       -->
    <!--                                -->
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="NewTunnel"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="FetchAvailableSessions"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="FetchManagedInterfaces"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="LookupConfigName"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="LookupInterface"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Connect"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Pause"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Resume"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Restart"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Disconnect"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="Ready"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="UserInputQueueGetTypeGroup"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="UserInputQueueFetch"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="UserInputQueueCheck"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="UserInputProvide"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="AccessGrant"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="AccessRevoke"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="LogForward"/>

    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="GetAll"/>
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Set"/>

    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="org.freedesktop.DBus.Introspectable"
           send_type="method_call"
           send_member="Introspect"/>

    <allow send_path="/net/openvpn/v3/sessions"
           send_interface="org.freedesktop.DBus.Properties"
           send_type="method_call"
           send_member="Get"/>

    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="org.freedesktop.DBus.Peer"
           send_type="method_call"
           send_member="Ping"/>
  </policy>

  <policy user="@OPENVPN_USERNAME@">
    <!--                                -->
    <!--  net.openvpn.v3.sessions       -->
    <!--                                -->
    <allow own="net.openvpn.v3.sessions"/>
  </policy>

  <policy user="root">
    <!--                                -->
    <!--  net.openvpn.v3.sessions       -->
    <!--                                -->
    <allow send_destination="net.openvpn.v3.sessions"
           send_interface="net.openvpn.v3.sessions"
           send_type="method_call"
           send_member="TransferOwnership"/>
  </policy>
</busconfig>