hal: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Apr 22 18:14:56 PDT 2007
hald/hald_runner.c | 2
policy/Makefile.am | 1
policy/hal-device-file.policy | 208 ++++++++++++++++++++---------------
policy/hal-killswitch.policy | 78 ++++++++-----
policy/hal-power.policy | 249 ++++++++++++++++++++++++++----------------
policy/hal-storage.policy | 149 ++++++++++++++-----------
6 files changed, 418 insertions(+), 269 deletions(-)
New commits:
diff-tree 9e37dd339cba8e16587fa666c58906bf3bc1ef35 (from b2ee178b46b40d6f5e1ff77d7ec36424f859e5c3)
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Apr 22 21:14:56 2007 -0400
policy definitions are now XML files in PolicKit master
diff --git a/hald/hald_runner.c b/hald/hald_runner.c
index 36ae7ad..cec735d 100644
--- a/hald/hald_runner.c
+++ b/hald/hald_runner.c
@@ -374,7 +374,7 @@ add_basic_env (DBusMessageIter * iter, c
add_env (iter, "LD_LIBRARY_PATH", getenv ("LD_LIBRARY_PATH"));
#ifdef HAVE_POLKIT
add_env (iter, "HAVE_POLKIT", "1");
- add_env (iter, "POLKIT_PRIVILEGE_DIR", getenv ("POLKIT_PRIVILEGE_DIR"));
+ add_env (iter, "POLKIT_POLICY_DIR", getenv ("POLKIT_POLICY_DIR"));
add_env (iter, "POLKIT_DEBUG", getenv ("POLKIT_DEBUG"));
#endif
diff --git a/policy/Makefile.am b/policy/Makefile.am
index f72c6af..71e1bf2 100644
--- a/policy/Makefile.am
+++ b/policy/Makefile.am
@@ -3,6 +3,7 @@ if HAVE_POLKIT
polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
dist_polkit_privilege_DATA = \
+ hal-lock.policy \
hal-storage.policy \
hal-power.policy \
hal-killswitch.policy
diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy
index 16e91b3..4eccbfb 100644
--- a/policy/hal-device-file.policy
+++ b/policy/hal-device-file.policy
@@ -1,86 +1,122 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's ACL management mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Directly access sound devices
-#
-# device-file: special device file
-[Action hal-device-file-sound]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access video4linux devices
-#
-# device-file: special device file
-[Action hal-device-file-video4linux]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access optical drives
-#
-# device-file: special device file
-[Action hal-device-file-cdrom]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=yes
-AllowLocalActive=yes
-
-# Directly access DVB devices
-#
-# device-file: special device file
-[Action hal-device-file-dvb]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access digital cameras
-#
-# device-file: special device file
-[Action hal-device-file-camera]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access scanners
-#
-# device-file: special device file
-[Action hal-device-file-scanner]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access Firewire IIDC devices
-#
-# device-file: special device file
-[Action hal-device-file-ieee1394-iidc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access Firewire AVC devices
-#
-# device-file: special device file
-[Action hal-device-file-ieee1394-avc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for HAL's ACL Management mechanism
+
+Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+ <group id="hal-device-file">
+ <description>Raw device access</description>
+ <description_short>Raw device access</description_short>
+
+ <policy id="hal-device-file-sound">
+ <description>Directly access sound devices</description>
+ <missing>System policy prevents direct access to the sound device '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all sound devices</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-video4linux">
+ <description>Directly access video capture devices</description>
+ <missing>System policy prevents direct access to the video capture device '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all video capture devices</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-cdrom">
+ <description>Directly access optical drives</description>
+ <missing>System policy prevents direct access to the optical drive '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all video optical drives</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-dvb">
+ <description>Directly access DVB devices</description>
+ <missing>System policy prevents direct access to the DVB device '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all DVB devices</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-camera">
+ <description>Directly access digital cameras</description>
+ <missing>System policy prevents direct access to the digital camera '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all digital cameras</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-scanner">
+ <description>Directly access scanners</description>
+ <missing>System policy prevents direct access to the scanner '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all scanners</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-ieee1394-iidc">
+ <description>Directly access Firewire IIDC devices</description>
+ <missing>System policy prevents direct access to the Firewire IIDC device '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all Firewire IIDC devices</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-device-file-ieee1394-avc">
+ <description>Directly access Firewire AVC devices</description>
+ <missing>System policy prevents direct access to the Firewire AVC device '%s'.</missing>
+ <apply_to_all_mnemonic>Apply to all Firewire AVC devices</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>yes</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ </group>
+</policyconfig>
diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy
index d514bf4..0fb82c4 100644
--- a/policy/hal-killswitch.policy
+++ b/policy/hal-killswitch.policy
@@ -1,28 +1,50 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's RF kill switching mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Turn Bluetooth radio on/off
-[Action hal-killswitch-bluetooth]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Turn Wireless 802.11 radio on/off
-[Action hal-killswitch-wlan]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for HAL's RF kill switch mechanism
+
+Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+ <group id="hal-killswitch">
+ <description>Radio Killswitches</description>
+ <description_short>RF Killswitch</description_short>
+
+ <policy id="hal-killswitch-bluetooth">
+ <description>Turn Bluetooth radio On/Off</description>
+ <missing>Turning the Bluetooth radio On or Off is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all Bluetooth radios.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-killswitch-wlan">
+ <description>Turn WLAN radio On/Off</description>
+ <missing>Turning the WLAN radio On or Off is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all WLAN radios.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ </group>
+</policyconfig>
diff --git a/policy/hal-power.policy b/policy/hal-power.policy
index 0376a0f..fcb4517 100644
--- a/policy/hal-power.policy
+++ b/policy/hal-power.policy
@@ -1,91 +1,158 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's power management mechanisms.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Shutdown the computer
-[Action hal-power-shutdown]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Shutdown computer when multiple users are logged in
-[Action hal-power-shutdown-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Reboot the computer
-[Action hal-power-reboot]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Reboot the computer when multiple users are logged in
-[Action hal-power-reboot-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Configure the system to prefer power savings
-[Action hal-power-set-powersave]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Suspend the system
-[Action hal-power-suspend]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Hibernate the system
-[Action hal-power-hibernate]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Configure CPU frequency scaling
-[Action hal-power-cpufreq]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set laptop panel brightness
-[Action hal-power-lcd-panel]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Read values from ambient light sensor
-[Action hal-power-light-sensor]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set the keyboard backlight
-[Action hal-power-keyboard-backlight]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for HAL's ACL Management mechanism
+
+Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+ <group id="hal-power">
+ <description>Power Management</description>
+ <description_short>Power Management</description_short>
+
+ <policy id="hal-power-shutdown">
+ <description>Shut down the system</description>
+ <missing>System policy prevents shutting down the system.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-shutdown-multiple-sessions">
+ <description>Shut down the system when multiple users are logged in</description>
+ <missing>System policy prevents shutting down the system when multiple users are logged in.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>auth_root</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-reboot">
+ <description>Reboot the system</description>
+ <missing>System policy prevents rebooting the system.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-reboot-multiple-sessions">
+ <description>Reboot the system when multiple users are logged in</description>
+ <missing>System policy prevents rebooting the system when multiple users are logged in.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>auth_root</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-set-powersave">
+ <description>Configure to system to prefer power savings</description>
+ <missing>System policy prevents configuring power savings on the system.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-suspend">
+ <description>Suspend the system</description>
+ <missing>System policy prevents suspending the system.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-hibernate">
+ <description>Hibernate the system</description>
+ <missing>System policy prevents hibernating the system.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-cpufreq">
+ <description>Configure CPU frequency scaling</description>
+ <missing>System policy prevents configuration of CPU frequency scaling.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-lcd-panel">
+ <description>Set laptop panel brightness</description>
+ <missing>System policy prevents setting laptop panel brightness.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-light-sensor">
+ <description>Detect ambient light using light sensor</description>
+ <missing>System policy prevents detecting ambient light using the light sensor.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-power-keyboard-backlight">
+ <description>Set keyboard backlight</description>
+ <missing>System policy prevents setting keyboard backlight.</missing>
+ <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ </group>
+</policyconfig>
diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy
index a61d0c6..1bd8083 100644
--- a/policy/hal-storage.policy
+++ b/policy/hal-storage.policy
@@ -1,63 +1,86 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's drives/media mechanims.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are instantly applied.
-
-# Mount file systems from internal drives
-[Action hal-storage-mount-fixed]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from internal drives using options not explicitly granted
-[Action hal-storage-mount-fixed-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from removable/hotpluggable drives
-[Action hal-storage-mount-removable]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Mount file systems from internal drives using options not explicitly granted
-[Action hal-storage-mount-removable-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Unmount file systems mounted by other users
-[Action hal-storage-unmount-others]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Eject media from drives
-[Action hal-storage-eject]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set up decryption for encrypted storage devices
-[Action hal-storage-crypto-setup]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!--
+Policy definitions for HAL's drives/media mechanims.
+
+Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+ <group id="hal-storage">
+ <description>Storage Drives and Media</description>
+ <description_short>Storage</description_short>
+
+ <policy id="hal-storage-mount-fixed">
+ <description>Mount file systems from internal drives.</description>
+ <missing>Mounting the volume '%s' is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all volumes from _fixed drives.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>auth_root_keep_always</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-storage-mount-removable">
+ <description>Mount file systems from removable drives.</description>
+ <missing>Mounting the volume '%s' is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all volumes from _removable drives.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-storage-unmount-others">
+ <description>Unmount file systems mounted by other users.</description>
+ <missing>The volume '%s' is mounting by another user.</missing>
+ <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>auth_root_keep_always</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-storage-eject">
+ <description>Eject removable media.</description>
+ <missing>Ejecting the volume '%s' is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ <policy id="hal-storage-crypto-setup">
+ <description>Set up decryption for encrypted storage devices.</description>
+ <missing>Decrypting the volume '%s' is restricted by system policy.</missing>
+ <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+ <defaults>
+ <allow_remote_inactive>no</allow_remote_inactive>
+ <allow_remote_active>no</allow_remote_active>
+ <allow_local_inactive>no</allow_local_inactive>
+ <allow_local_active>yes</allow_local_active>
+ </defaults>
+ </policy>
+
+ </group>
+</policyconfig>
More information about the hal-commit
mailing list