<aegis>
	<provide>
		<credential name="CallStateControl" />
		<credential name="DeviceModeControl" />
		<credential name="LEDControl" />
		<credential name="TKLockControl" />
		<credential name="SensorControl" />

		<dbus name="com.nokia.mce" own="SELF" bus="system">
			<node name="/">
				<interface name="com.nokia.mce.request">
					<!-- Default to being permissive -->
				        <annotation name="com.maemo.Aegis" value=""/>
					<!-- Now tighten things up -->
					<method name="req_radio_states_change">
						<annotation name="com.maemo.Aegis" value="DeviceModeControl"/>
					</method>
					<method name="req_trigger_powerkey_event">
						<annotation name="com.maemo.Aegis" value="DeviceModeControl"/>
					</method>

					<method name="req_als_enable">
						<annotation name="com.maemo.Aegis" value="SensorControl"/>
					</method>
					<method name="req_als_disable">
						<annotation name="com.maemo.Aegis" value="SensorControl"/>
					</method>
					<method name="req_proximity_sensor_enable">
						<annotation name="com.maemo.Aegis" value="SensorControl"/>
					</method>
					<method name="req_proximity_sensor_disable">
						<annotation name="com.maemo.Aegis" value="SensorControl"/>
					</method>

					<method name="req_call_state_change">
						<annotation name="com.maemo.Aegis" value="CallStateControl"/>
					</method>

					<method name="req_tklock_mode_change">
						<annotation name="com.maemo.Aegis" value="TKLockControl"/>
					</method>

					<method name="req_led_pattern_activate">
						<annotation name="com.maemo.Aegis" value="LEDControl"/>
					</method>
					<method name="req_led_pattern_deactivate">
						<annotation name="com.maemo.Aegis" value="LEDControl"/>
					</method>
					<method name="req_led_enable">
						<annotation name="com.maemo.Aegis" value="LEDControl"/>
					</method>
					<method name="req_led_disable">
						<annotation name="com.maemo.Aegis" value="LEDControl"/>
					</method>
				</interface>
			</node>
		</dbus>
	</provide>
	<request>
		<credential name="CAP::sys_admin" />
		<credential name="CAP::sys_rawio" />
		<credential name="GRP::i2c" />
		<credential name="GRP::cal" />
		<credential name="dsme::DeviceStateControl" />
		<for path="/sbin/mce" />
	</request>
	<request>
		<credential name="UID::root" />
		<credential name="GID::root" />
		<for path="/usr/share/mce/mce-restore" />
	</request>
	<request>
		<credential name="UID::root" />
		<credential name="GID::root" />
		<for path="/usr/share/mce/mce-device-clear" />
	</request>
</aegis>
