dbus: final dbus policy fixes (bgo #563730)

Keep explicit denials, consolidate stuff, ensure that when denying
send_interface it's almost always matched with send_destination.

callouts/nm-avahi-autoipd.conf

@@ -4,11 +4,10 @@
 <busconfig>
         <policy user="root">
                 <allow own="org.freedesktop.nm_avahi_autoipd"/>
-                <allow send_interface="org.freedesktop.nm_avahi_autoipd"/>
         </policy>
         <policy context="default">
                 <deny own="org.freedesktop.nm_avahi_autoipd"/>
-                <deny send_interface="org.freedesktop.nm_avahi_autoipd"/>
+                <deny send_destination="org.freedesktop.nm_avahi_autoipd"/>
         </policy>
 </busconfig>
 

callouts/nm-dhcp-client.conf

@@ -4,11 +4,10 @@
 <busconfig>
         <policy user="root">
                 <allow own="org.freedesktop.nm_dhcp_client"/>
-		<allow send_interface="org.freedesktop.nm_dhcp_client"/>
         </policy>
         <policy context="default">
                 <deny own="org.freedesktop.nm_dhcp_client"/>
-		<deny send_interface="org.freedesktop.nm_dhcp_client"/>
+		<deny send_destination="org.freedesktop.nm_dhcp_client"/>
         </policy>
 </busconfig>
 

callouts/nm-dispatcher.conf

@@ -4,11 +4,11 @@
 <busconfig>
 	<policy user="root">
 		<allow own="org.freedesktop.nm_dispatcher"/>
-		<allow send_interface="org.freedesktop.nm_dispatcher"/>
+		<allow send_destination="org.freedesktop.nm_dispatcher"/>
     </policy>
     <policy context="default">
 		<deny own="org.freedesktop.nm_dispatcher"/>
-		<deny send_interface="org.freedesktop.nm_dispatcher"/>
+		<deny send_destination="org.freedesktop.nm_dispatcher"/>
     </policy>
 </busconfig>
 

src/NetworkManager.conf

@@ -5,19 +5,19 @@
         <policy user="root">
                 <allow own="org.freedesktop.NetworkManager"/>
                 <allow send_destination="org.freedesktop.NetworkManager"/>
-                <allow send_interface="org.freedesktop.NetworkManager"/>
 
                 <allow send_destination="org.freedesktop.NetworkManager"
                        send_interface="org.freedesktop.NetworkManager.PPP"/>
         </policy>
         <policy at_console="true">
                 <allow send_destination="org.freedesktop.NetworkManager"/>
-                <allow send_interface="org.freedesktop.NetworkManager"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                      send_interface="org.freedesktop.NetworkManager.PPP"/>
         </policy>
         <policy context="default">
                 <deny own="org.freedesktop.NetworkManager"/>
                 <deny send_destination="org.freedesktop.NetworkManager"/>
-                <deny send_interface="org.freedesktop.NetworkManager"/>
 
                 <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.PPP"/>

system-settings/src/nm-system-settings.conf

@@ -6,17 +6,15 @@
 		<allow own="org.freedesktop.NetworkManagerSystemSettings"/>
 
 		<allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
-		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
-		<allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
 	</policy>
 	<policy context="default">
 		<deny own="org.freedesktop.NetworkManagerSystemSettings"/>
 
 		<allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
-		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
 
 		<!-- Only root can get secrets -->
-		<deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
+		<deny send_destination="org.freedesktop.NetworkManagerSystemSettings"
+		      send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
 	</policy>
 
         <limit name="max_replies_per_connection">512</limit>