1 files changed, 40 insertions, 0 deletions

diff --git a/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
new file mode 100644
index 000000000..2e4c1367b
--- /dev/null
+++ b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
@@ -0,0 +1,40 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+ <!-- Only root can own (provide) the com.redhat.idm.trust service
+       on the system bus. -->
+  <policy user="root">
+    <allow own="com.redhat.idm.trust"/>
+    <allow send_destination="com.redhat.idm.trust"
+           send_path="/"
+           send_interface="com.redhat.idm.trust"
+           send_member="fetch_domains"/>
+  </policy>
+
+  <!-- Allow anyone to call the introspection methods of the "/" object
+       provided by the com.redhat.idm.trust service. -->
+  <policy context="default">
+    <allow send_destination="com.redhat.idm.trust"
+           send_path="/"
+           send_interface="org.freedesktop.DBus.Introspectable"
+           send_member="Introspect"/>
+    <allow send_destination="com.redhat.idm.trust"
+           send_path="/"
+           send_interface="org.freedesktop.DBus.Properties"
+           send_member="GetAll"/>
+    <allow send_destination="com.redhat.idm.trust"
+           send_path="/"
+           send_interface="org.freedesktop.DBus.Properties"
+           send_member="Get"/>
+  </policy>
+
+  <policy user="apache">
+    <allow send_destination="com.redhat.idm.trust"
+           send_path="/"
+           send_interface="com.redhat.idm.trust"
+           send_member="fetch_domains"/>
+  </policy>
+
+</busconfig>