DBus Policy that Allows Group to Access System Service

I wrote a dbus service and have it listening on the system bus, under the bus name "org.jfhbrook.plusdeck" and the path "/". That seems to be working fine. I have a corresponding dbus client that I'd like to use to interact with that system bus service, either if I'm the root user (called with sudo) or if I'm in a particular group (in this case, the "plusdeck" group). I currently have this policy file, based on [the dbus-daemon docs](https://dbus.freedesktop.org/doc/dbus-daemon.1.html) and cribbing from whatever examples I could find:

This works when I use sudo. However, when I use the same client with my user, which is a member of the plusdeck group, I get an error:

ERROR:plusdeck.dbus.client:org.freedesktop.DBus.Error.AccessDenied: Access to org.jfhbrook.plusdeck.Eject() not permitted.

Note that this is a different error than I'd get if I didn't have access to the bus - that would be ERROR:plusdeck.dbus.client:org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message. It seems I'm authorized to send messages, but not to call that method. I've tried combinations of everything I can think of, including setting send_member="*" in the allow tag, as well as ``. I'm at my wit's end. Any help or guidance would be appreciated. For what it's worth, I'm using Fedora 41. I mention this because I'm aware that my issue could be outside this configuration, for instance with SELinux. Though, I believe seeing nothing in /var/log/audit/audit.log rules that out.