{
	"unauthenticated": {
		"description": "Allow system feature probing",
		"read": {
			"ubus": {
				"luci": [ "getFeatures" ]
			}
		}
	},

	"uci-access": {
		"description": "Grant uci write access to all configurations",
		"read": {
			"uci": [ "*" ]
		},
		"write": {
			"uci": [ "*" ]
		}
	},
	"luci-access": {
		"description": "Grant access to basic LuCI procedures",
		"read": {
			"cgi-io": [ "backup", "download", "exec" ],
			"file": {
				"/": [ "list" ],
				"/*": [ "list" ],
				"/dev/mtdblock*": [ "read" ],
				"/etc/crontabs/root": [ "read" ],
				"/etc/dropbear/authorized_keys": [ "read" ],
				"/etc/filesystems": [ "read" ],
				"/etc/rc.local": [ "read" ],
				"/etc/sysupgrade.conf": [ "read" ],
				"/etc/passwd": [ "read" ],
				"/etc/group": [ "read" ],
				"/proc/filesystems": [ "read" ],
				"/proc/mtd": [ "read" ],
				"/proc/partitions": [ "read" ],
				"/proc/sys/kernel/hostname": [ "read" ],
				"/proc/sys/net/netfilter/nf_conntrack_*": [ "read" ],
				"/proc/mounts": [ "read" ],
				"/usr/lib/lua/luci/version.lua": [ "read" ],
				"/bin/dmesg -r": [ "exec" ],
				"/bin/ping *": [ "exec" ],
				"/bin/ping6 *": [ "exec" ],
				"/bin/traceroute *": [ "exec" ],
				"/bin/traceroute6 *": [ "exec" ],
				"/sbin/ip -4 neigh show": [ "exec" ],
				"/sbin/ip -4 route show table all": [ "exec" ],
				"/sbin/ip -6 neigh show": [ "exec" ],
				"/sbin/ip -6 route show table all": [ "exec" ],
				"/sbin/logread -e ^": [ "exec" ],
				"/usr/bin/ping *": [ "exec" ],
				"/usr/bin/ping6 *": [ "exec" ],
				"/usr/bin/traceroute *": [ "exec" ],
				"/usr/bin/traceroute6 *": [ "exec" ],
				"/usr/bin/nslookup *": [ "exec" ],
				"/usr/libexec/luci-peeraddr": [ "exec" ],
				"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
				"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ]
			},
			"ubus": {
				"file": [ "list", "read", "stat" ],
				"iwinfo": [ "assoclist", "freqlist", "txpowerlist", "countrylist" ],
				"luci": [ "getConntrackList", "getInitList", "getLocaltime", "getProcessList", "getRealtimeStats", "getTimezones", "getLEDs", "getUSBDevices", "getSwconfigFeatures", "getSwconfigPortState", "getBlockDevices", "getMountPoints" ],
				"luci-rpc": [ "getBoardJSON", "getDHCPLeases", "getDSLStatus", "getDUIDHints", "getHostHints", "getNetworkDevices", "getWirelessDevices" ],
				"network.interface": [ "dump" ],
				"network.rrdns": [ "lookup" ],
				"network": [ "get_proto_handlers" ],
				"system": [ "board", "info", "validate_firmware_image" ],
				"uci": [ "changes", "get" ]
			},
			"uci": [ "*" ]
		},
		"write": {
			"cgi-io": [ "upload" ],
			"file": {
				"/etc/crontabs/root": [ "write" ],
				"/etc/dropbear/authorized_keys": [ "write" ],
				"/etc/init.d/firewall restart": [ "exec" ],
				"/etc/luci-uploads/*": [ "write" ],
				"/etc/rc.local": [ "write" ],
				"/etc/sysupgrade.conf": [ "write" ],
				"/sbin/block": [ "exec" ],
				"/sbin/firstboot": [ "exec" ],
				"/sbin/ifdown": [ "exec" ],
				"/sbin/ifup": [ "exec" ],
				"/sbin/reboot": [ "exec" ],
				"/sbin/sysupgrade": [ "exec" ],
				"/sbin/wifi": [ "exec" ],
				"/bin/kill": [ "exec" ],
				"/bin/tar": [ "exec" ],
				"/bin/umount": [ "exec" ],
				"/tmp/backup.tar.gz": [ "write" ],
				"/tmp/firmware.bin": [ "write" ],
				"/tmp/upload.ipk": [ "write" ],
				"/usr/sbin/iptables -Z": [ "exec" ],
				"/usr/sbin/ip6tables -Z": [ "exec" ]
			},
			"ubus": {
				"file": [ "write", "remove", "exec" ],
				"hostapd.*": [ "del_client" ],
				"iwinfo": [ "scan" ],
				"luci": [ "setInitAction", "setLocaltime", "setPassword", "setBlockDetect" ],
				"uci": [ "add", "apply", "confirm", "delete", "order", "set", "rename" ]
			},
			"uci": [ "*" ]
		}
	},
	"luci-app-firewall": {
		"description": "Grant access to firewall procedures",
		"read": {
			"file": {
				"/etc/firewall.user": [ "read" ]
			},
			"ubus": {
				"luci": [ "getConntrackHelpers" ]
			},
			"uci": [ "firewall" ]
		},
		"write": {
			"file": {
				"/etc/firewall.user": [ "write" ],
				"/etc/init.d/firewall": [ "exec" ]
			},
			"uci": [ "firewall" ]
		}
	}
}