NetworkManager/src/org.freedesktop.NetworkManager.conf

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="root">
                <allow own="org.freedesktop.NetworkManager"/>
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.PPP"/>

                <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
                <!-- These are there because some broken policies do
                     <deny send_interface="..." /> (see dbus-daemon(8) for details).
                     This seems to override that for the known VPN plugins.
                  -->
                <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
                <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
                <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
                <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
                <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
                <allow send_destination="org.freedesktop.NetworkManager.ssh"/>
                <allow send_destination="org.freedesktop.NetworkManager.iodine"/>
                <allow send_destination="org.freedesktop.NetworkManager.l2tp"/>
                <allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
                <allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
                <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
                <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>

                <allow send_destination="org.fedoraproject.FirewallD1"/>

                <!-- Allow the custom name for the dnsmasq instance spawned by NM
                     from the dns dnsmasq plugin to own its dbus name, and for
                     messages to be sent to it.
                 -->
                <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
                <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
        </policy>
        <policy context="default">
                <deny own="org.freedesktop.NetworkManager"/>

                <deny send_destination="org.freedesktop.NetworkManager"/>

                <!-- Basic D-Bus API stuff -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.ObjectManager"/>

                <!-- Devices (read-only properties, no methods) -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Adsl"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Bond"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Bridge"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Bluetooth"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Generic"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Gre"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Infiniband"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Macvlan"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Modem"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.OlpcMesh"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Team"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Tun"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Veth"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Vlan"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.WiMax.Nsp"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.WifiP2PPeer"/>

                <!-- Devices (read-only, no security required) -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.WiMax"/>

                <!-- Devices (read/write, secured with PolicyKit) -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.WifiP2P"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>

                <!-- Core stuff (read-only properties, no methods) -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP6Config"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP6Config"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>

                <!-- Core stuff (read/write, secured with PolicyKit) -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Settings"/>
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Settings.Connection"/>

                <!-- Agents; secured with PolicyKit.  Any process can talk to
                     the AgentManager API, but only NetworkManager can talk
                     to the agents themselves. -->
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>

                <!-- Root-only functions -->
                <deny send_destination="org.freedesktop.NetworkManager"
                      send_interface="org.freedesktop.NetworkManager"
                      send_member="SetLogging"/>
                <deny send_destination="org.freedesktop.NetworkManager"
                      send_interface="org.freedesktop.NetworkManager"
                      send_member="Sleep"/>
                <deny send_destination="org.freedesktop.NetworkManager"
                      send_interface="org.freedesktop.NetworkManager.Settings"
                      send_member="LoadConnections"/>
                <deny send_destination="org.freedesktop.NetworkManager"
                      send_interface="org.freedesktop.NetworkManager.Settings"
                      send_member="ReloadConnections"/>

                <deny own="org.freedesktop.NetworkManager.dnsmasq"/>
                <deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
        </policy>

        <limit name="max_replies_per_connection">1024</limit>
        <limit name="max_match_rules_per_connection">2048</limit>
</busconfig>