hal/tools hal-system-power-hibernate, 1.6,
1.7 hal-system-power-reboot, 1.2,
1.3 hal-system-power-shutdown, 1.2,
1.3 hal-system-power-suspend, 1.6,
1.7 hal-system-storage-eject, 1.6,
1.7 hal-system-storage-mount, 1.24,
1.25 hal-system-storage-unmount, 1.7, 1.8
David Zeuthen
david at kemper.freedesktop.org
Sun Feb 26 17:12:19 PST 2006
Update of /cvs/hal/hal/tools
In directory kemper:/tmp/cvs-serv19123/tools
Modified Files:
hal-system-power-hibernate hal-system-power-reboot
hal-system-power-shutdown hal-system-power-suspend
hal-system-storage-eject hal-system-storage-mount
hal-system-storage-unmount
Log Message:
2006-02-26 David Zeuthen <davidz at redhat.com>
Use new policy framework to enforce policy. Always throw the same
exception org.freedesktop.Hal.Device.PermissionDeniedByPolicy as
callers can use that to identify that policy prevented the user
from invoking this method.
* tools/hal-system-storage-mount:
* tools/hal-system-storage-umount:
* tools/hal-system-storage-eject:
* tools/hal-system-power-suspend:
* tools/hal-system-power-hibernate:
* tools/hal-system-power-reboot:
* tools/hal-system-power-poweroff:
Index: hal-system-power-hibernate
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-hibernate,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- hal-system-power-hibernate 16 Jan 2006 12:47:40 -0000 1.6
+++ hal-system-power-hibernate 27 Feb 2006 01:12:17 -0000 1.7
@@ -10,6 +10,17 @@
exit 1
}
+POLICY=power-hibernate
+if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+ hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+ IS_PRIVILEGED=$?
+ if [ "$IS_PRIVILEGED" != "0" ] ; then
+ echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+ echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+ exit 1
+ fi
+fi
+
#SuSE and ALTLinux only support powersave
if [ -f /etc/altlinux-release ] || [ -f "/etc/SuSE-release" ] ; then
if [ -x /usr/bin/powersave ] ; then
Index: hal-system-power-reboot
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-reboot,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- hal-system-power-reboot 12 Dec 2005 23:20:03 -0000 1.2
+++ hal-system-power-reboot 27 Feb 2006 01:12:17 -0000 1.3
@@ -6,6 +6,17 @@
exit 1
}
+POLICY=power-reboot
+if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+ hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+ IS_PRIVILEGED=$?
+ if [ "$IS_PRIVILEGED" != "0" ] ; then
+ echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+ echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+ exit 1
+ fi
+fi
+
#Try for common tools
if [ -x "/sbin/shutdown" ] ; then
/sbin/shutdown -r now
Index: hal-system-power-shutdown
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-shutdown,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- hal-system-power-shutdown 12 Dec 2005 23:20:03 -0000 1.2
+++ hal-system-power-shutdown 27 Feb 2006 01:12:17 -0000 1.3
@@ -6,6 +6,17 @@
exit 1
}
+POLICY=power-poweroff
+if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+ hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+ IS_PRIVILEGED=$?
+ if [ "$IS_PRIVILEGED" != "0" ] ; then
+ echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+ echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+ exit 1
+ fi
+fi
+
#Try for common tools
if [ -x "/sbin/shutdown" ] ; then
/sbin/shutdown -h now
Index: hal-system-power-suspend
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-suspend,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- hal-system-power-suspend 18 Feb 2006 23:00:55 -0000 1.6
+++ hal-system-power-suspend 27 Feb 2006 01:12:17 -0000 1.7
@@ -16,6 +16,17 @@
exit 1
}
+POLICY=power-suspend
+if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+ hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+ IS_PRIVILEGED=$?
+ if [ "$IS_PRIVILEGED" != "0" ] ; then
+ echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+ echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+ exit 1
+ fi
+fi
+
read seconds_to_sleep
#PMU systems cannot use /sys/power/state yet, so use a helper to issue an ioctl
Index: hal-system-storage-eject
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-eject,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- hal-system-storage-eject 10 Feb 2006 03:41:54 -0000 1.6
+++ hal-system-storage-eject 27 Feb 2006 01:12:17 -0000 1.7
@@ -23,6 +23,18 @@
fi
fi
+# TODO: need to select storage-[fixed|removable][-change-uid]
+#POLICY=storage-fixed-mount
+#if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+# hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+# IS_PRIVILEGED=$?
+# if [ "$IS_PRIVILEGED" != "0" ] ; then
+# echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+# echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+# exit 1
+# fi
+#fi
+
# read parameters
# "<option1>\t<option2>\n"
# Only allow ^a-zA-Z0-9_= in the string because otherwise someone may
Index: hal-system-storage-mount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-mount,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- hal-system-storage-mount 14 Feb 2006 18:49:55 -0000 1.24
+++ hal-system-storage-mount 27 Feb 2006 01:12:17 -0000 1.25
@@ -29,6 +29,17 @@
exit 1
fi
+# TODO: need to select storage-[fixed|removable][-change-uid]
+#POLICY=storage-fixed-mount
+#if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+# hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+# IS_PRIVILEGED=$?
+# if [ "$IS_PRIVILEGED" != "0" ] ; then
+# echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+# echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+# exit 1
+# fi
+#fi
check_fstab()
{
Index: hal-system-storage-unmount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-unmount,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- hal-system-storage-unmount 13 Feb 2006 07:29:44 -0000 1.7
+++ hal-system-storage-unmount 27 Feb 2006 01:12:17 -0000 1.8
@@ -43,6 +43,18 @@
fi
fi
+# TODO: need to select storage-[fixed|removable][-change-uid]
+#POLICY=storage-fixed-mount
+#if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
+# hal-policy-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
+# IS_PRIVILEGED=$?
+# if [ "$IS_PRIVILEGED" != "0" ] ; then
+# echo org.freedesktop.Hal.Device.PermissionDeniedByPolicy >&2
+# echo uid $HAL_METHOD_INVOKED_BY_UID refused by policy "$POLICY" >&2
+# exit 1
+# fi
+#fi
+
# read parameters
# "lazy\tforce\n"
# Only allow ^a-zA-Z0-9_= in the string because otherwise someone may
More information about the hal-commit
mailing list