hal: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Apr 8 16:09:18 PDT 2007
Makefile.am | 2 +-
configure.in | 8 ++++----
hald/access-check.c | 12 ++++++------
hald/debug-hald.sh | 2 +-
hald/run-hald.sh | 2 +-
hald/valgrind-hald.sh | 2 +-
policy/Makefile.am | 20 ++++++++++++++++++++
policy/hal-device-file.policy | 18 +++++++++---------
policy/hal-killswitch.policy | 6 +++---
policy/hal-power.policy | 24 ++++++++++++------------
policy/hal-storage.policy | 16 ++++++++--------
privileges/Makefile.am | 20 --------------------
tools/hal-acl-tool.c | 10 +++++-----
13 files changed, 71 insertions(+), 71 deletions(-)
New commits:
diff-tree c994c40ad21a3a956690757eb0193e73fdc8bf72 (from 2cefd63578435f4f2a1be7dc612489131947f65f)
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Apr 8 19:09:13 2007 -0400
changes to cope with PolicyKit mass renaming
diff --git a/Makefile.am b/Makefile.am
index 14d0716..9dd69ec 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = libhal libhal-storage partutil hald hald-runner tools \
- fdi doc privileges
+ fdi doc policy
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = hal.pc hal-storage.pc
diff --git a/configure.in b/configure.in
index aaf95c7..2786b5a 100644
--- a/configure.in
+++ b/configure.in
@@ -437,9 +437,9 @@ if test "x$enable_policy_kit" != "xno";
AC_MSG_ERROR([PolicyKit not explicitly disabled and no PolicyKit found])
fi
- AC_CHECK_PROG(POLKIT_PRIVILEGE_FILE_VALIDATE, polkit-privilege-file-validate, polkit-privilege-file-validate)
- if test -z "$POLKIT_PRIVILEGE_FILE_VALIDATE"; then
- AC_MSG_ERROR([polkit-privilege-file-validate not found])
+ AC_CHECK_PROG(POLKIT_POLICY_FILE_VALIDATE, polkit-policy-file-validate, polkit-policy-file-validate)
+ if test -z "$POLKIT_POLICY_FILE_VALIDATE"; then
+ AC_MSG_ERROR([polkit-policy-file-validate not found])
fi
fi
@@ -837,7 +837,7 @@ tools/Makefile
tools/freebsd/Makefile
tools/linux/Makefile
partutil/Makefile
-privileges/Makefile
+policy/Makefile
fdi/Makefile
fdi/information/Makefile
fdi/information/10freedesktop/Makefile
diff --git a/hald/access-check.c b/hald/access-check.c
index 4b1564e..7a97845 100644
--- a/hald/access-check.c
+++ b/hald/access-check.c
@@ -256,7 +256,7 @@ access_check_caller_have_access_to_devic
#ifdef HAVE_POLKIT
PolKitCaller *pk_caller = NULL;
PolKitResource *pk_resource = NULL;
- PolKitPrivilege *pk_privilege = NULL;
+ PolKitAction *pk_action = NULL;
PolKitResult pk_result;
#endif
@@ -304,11 +304,11 @@ access_check_caller_have_access_to_devic
libpolkit_resource_set_resource_type (pk_resource, "hal");
libpolkit_resource_set_resource_id (pk_resource, hal_device_get_udi (device));
- pk_privilege = libpolkit_privilege_new ();
- libpolkit_privilege_set_privilege_id (pk_privilege, privilege);
+ pk_action = libpolkit_action_new ();
+ libpolkit_action_set_action_id (pk_action, privilege);
pk_result = libpolkit_context_can_caller_access_resource (pk_context,
- pk_privilege,
+ pk_action,
pk_resource,
pk_caller);
@@ -339,8 +339,8 @@ out:
libpolkit_caller_unref (pk_caller);
if (pk_resource != NULL)
libpolkit_resource_unref (pk_resource);
- if (pk_privilege != NULL)
- libpolkit_privilege_unref (pk_privilege);
+ if (pk_action != NULL)
+ libpolkit_action_unref (pk_action);
#endif
return ret;
}
diff --git a/hald/debug-hald.sh b/hald/debug-hald.sh
index d974c9a..6a378ba 100755
--- a/hald/debug-hald.sh
+++ b/hald/debug-hald.sh
@@ -31,7 +31,7 @@ export HAL_FDI_SOURCE_PREPROBE=$HALD_TMP
export HAL_FDI_SOURCE_INFORMATION=$HALD_TMPDIR/share/hal/fdi/information
export HAL_FDI_SOURCE_POLICY=$HALD_TMPDIR/share/hal/fdi/policy
export HAL_FDI_CACHE_NAME=$HALD_TMPDIR/hald-local-fdi-cache
-export POLKIT_PRIVILEGE_DIR=$HALD_TMPDIR/etc/PolicyKit/privileges
+export POLKIT_POLICY_DIR=$HALD_TMPDIR/etc/PolicyKit/policy
echo ========================================
echo Just type \'run\' to start debugging hald
diff --git a/hald/run-hald.sh b/hald/run-hald.sh
index a7e2832..ca57424 100755
--- a/hald/run-hald.sh
+++ b/hald/run-hald.sh
@@ -31,7 +31,7 @@ export HAL_FDI_SOURCE_PREPROBE=$HALD_TMP
export HAL_FDI_SOURCE_INFORMATION=$HALD_TMPDIR/share/hal/fdi/information
export HAL_FDI_SOURCE_POLICY=$HALD_TMPDIR/share/hal/fdi/policy
export HAL_FDI_CACHE_NAME=$HALD_TMPDIR/hald-local-fdi-cache
-export POLKIT_PRIVILEGE_DIR=$HALD_TMPDIR/etc/PolicyKit/privileges
+export POLKIT_POLICY_DIR=$HALD_TMPDIR/etc/PolicyKit/policy
./hald --daemon=no --verbose=yes $@
#./hald --daemon=no
diff --git a/hald/valgrind-hald.sh b/hald/valgrind-hald.sh
index ddca37c..0246702 100755
--- a/hald/valgrind-hald.sh
+++ b/hald/valgrind-hald.sh
@@ -28,7 +28,7 @@ export HAL_FDI_SOURCE_PREPROBE=$HALD_TMP
export HAL_FDI_SOURCE_INFORMATION=$HALD_TMPDIR/share/hal/fdi/information
export HAL_FDI_SOURCE_POLICY=$HALD_TMPDIR/share/hal/fdi/policy
export HAL_FDI_CACHE_NAME=$HALD_TMPDIR/hald-local-fdi-cache
-export POLKIT_PRIVILEGE_DIR=$HALD_TMPDIR/etc/PolicyKit/privileges
+export POLKIT_POLICY_DIR=$HALD_TMPDIR/etc/PolicyKit/policy
#valgrind --num-callers=20 --show-reachable=yes --leak-check=yes --tool=memcheck ./hald --daemon=no --verbose=yes $@
valgrind --show-reachable=yes --tool=memcheck --leak-check=full ./hald --daemon=no --verbose=yes $@
diff --git a/policy/.gitignore b/policy/.gitignore
new file mode 100644
index 0000000..355a9b8
--- /dev/null
+++ b/policy/.gitignore
@@ -0,0 +1,6 @@
+.deps
+.libs
+Makefile
+Makefile.in
+*.o
+*~
diff --git a/policy/Makefile.am b/policy/Makefile.am
new file mode 100644
index 0000000..30497d8
--- /dev/null
+++ b/policy/Makefile.am
@@ -0,0 +1,20 @@
+
+if HAVE_POLKIT
+polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
+
+dist_polkit_privilege_DATA = \
+ hal-storage.policy \
+ hal-power.policy \
+ hal-killswitch.policy
+
+if HAVE_ACLMGMT
+dist_polkit_privilege_DATA += hal-device-file.policy
+endif
+
+check:
+ $(POLKIT_POLICY_FILE_VALIDATE) $(dist_polkit_privilege_DATA)
+
+endif
+
+clean-local :
+ rm -f *~
diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy
new file mode 100644
index 0000000..800ef2f
--- /dev/null
+++ b/policy/hal-device-file.policy
@@ -0,0 +1,70 @@
+# -*- Conf -*-
+#
+# Policy definitions for HAL's ACL management mechanism.
+#
+# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+#
+# HAL is licensed to you under your choice of the the Academic Free
+# License Version 2.1, or the GNU General Public License version
+# 2. Some individual source files may be under the GPL only. See
+# COPYING for details.
+#
+# NOTE: If you make changes to this file, make sure to validate the
+# file using the polkit-privilege-file-validate(1) tool. Changes made
+# to this file are applied instantly.
+
+# Directly access sound devices
+[Action hal-device-file-sound]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access video4linux devices
+[Action hal-device-file-video4linux]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access optical drives
+[Action hal-device-file-cdrom]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=yes
+AllowLocalActive=yes
+
+# Directly access DVB devices
+[Action hal-device-file-dvb]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access digital cameras
+[Action hal-device-file-camera]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access scanners
+[Action hal-device-file-scanner]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access Firewire IIDC devices
+[Action hal-device-file-ieee1394-iidc]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Directly access Firewire AVC devices
+[Action hal-device-file-ieee1394-avc]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy
new file mode 100644
index 0000000..d514bf4
--- /dev/null
+++ b/policy/hal-killswitch.policy
@@ -0,0 +1,28 @@
+# -*- Conf -*-
+#
+# Policy definitions for HAL's RF kill switching mechanism.
+#
+# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+#
+# HAL is licensed to you under your choice of the the Academic Free
+# License Version 2.1, or the GNU General Public License version
+# 2. Some individual source files may be under the GPL only. See
+# COPYING for details.
+#
+# NOTE: If you make changes to this file, make sure to validate the
+# file using the polkit-privilege-file-validate(1) tool. Changes made
+# to this file are applied instantly.
+
+# Turn Bluetooth radio on/off
+[Action hal-killswitch-bluetooth]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Turn Wireless 802.11 radio on/off
+[Action hal-killswitch-wlan]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
diff --git a/policy/hal-power.policy b/policy/hal-power.policy
new file mode 100644
index 0000000..0376a0f
--- /dev/null
+++ b/policy/hal-power.policy
@@ -0,0 +1,91 @@
+# -*- Conf -*-
+#
+# Policy definitions for HAL's power management mechanisms.
+#
+# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+#
+# HAL is licensed to you under your choice of the the Academic Free
+# License Version 2.1, or the GNU General Public License version
+# 2. Some individual source files may be under the GPL only. See
+# COPYING for details.
+#
+# NOTE: If you make changes to this file, make sure to validate the
+# file using the polkit-privilege-file-validate(1) tool. Changes made
+# to this file are applied instantly.
+
+# Shutdown the computer
+[Action hal-power-shutdown]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Shutdown computer when multiple users are logged in
+[Action hal-power-shutdown-multiple-sessions]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_root
+
+# Reboot the computer
+[Action hal-power-reboot]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Reboot the computer when multiple users are logged in
+[Action hal-power-reboot-multiple-sessions]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_root
+
+# Configure the system to prefer power savings
+[Action hal-power-set-powersave]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Suspend the system
+[Action hal-power-suspend]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Hibernate the system
+[Action hal-power-hibernate]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Configure CPU frequency scaling
+[Action hal-power-cpufreq]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Set laptop panel brightness
+[Action hal-power-lcd-panel]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Read values from ambient light sensor
+[Action hal-power-light-sensor]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Set the keyboard backlight
+[Action hal-power-keyboard-backlight]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy
new file mode 100644
index 0000000..a61d0c6
--- /dev/null
+++ b/policy/hal-storage.policy
@@ -0,0 +1,63 @@
+# -*- Conf -*-
+#
+# Policy definitions for HAL's drives/media mechanims.
+#
+# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
+#
+# HAL is licensed to you under your choice of the the Academic Free
+# License Version 2.1, or the GNU General Public License version
+# 2. Some individual source files may be under the GPL only. See
+# COPYING for details.
+#
+# NOTE: If you make changes to this file, make sure to validate the
+# file using the polkit-privilege-file-validate(1) tool. Changes made
+# to this file are instantly applied.
+
+# Mount file systems from internal drives
+[Action hal-storage-mount-fixed]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_self_keep_always
+
+# Mount file systems from internal drives using options not explicitly granted
+[Action hal-storage-mount-fixed-extra-options]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_self_keep_always
+
+# Mount file systems from removable/hotpluggable drives
+[Action hal-storage-mount-removable]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Mount file systems from internal drives using options not explicitly granted
+[Action hal-storage-mount-removable-extra-options]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_self_keep_always
+
+# Unmount file systems mounted by other users
+[Action hal-storage-unmount-others]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=auth_self_keep_always
+
+# Eject media from drives
+[Action hal-storage-eject]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
+
+# Set up decryption for encrypted storage devices
+[Action hal-storage-crypto-setup]
+AllowRemoteInactive=no
+AllowRemoteActive=no
+AllowLocalInactive=no
+AllowLocalActive=yes
diff --git a/privileges/.gitignore b/privileges/.gitignore
deleted file mode 100644
index 355a9b8..0000000
--- a/privileges/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-.deps
-.libs
-Makefile
-Makefile.in
-*.o
-*~
diff --git a/privileges/Makefile.am b/privileges/Makefile.am
deleted file mode 100644
index 3287f14..0000000
--- a/privileges/Makefile.am
+++ /dev/null
@@ -1,20 +0,0 @@
-
-if HAVE_POLKIT
-polkit_privilegedir = $(sysconfdir)/PolicyKit/privileges
-
-dist_polkit_privilege_DATA = \
- hal-storage.priv \
- hal-power.priv \
- hal-killswitch.priv
-
-if HAVE_ACLMGMT
-dist_polkit_privilege_DATA += hal-device-file.priv
-endif
-
-check:
- $(POLKIT_PRIVILEGE_FILE_VALIDATE) $(dist_polkit_privilege_DATA)
-
-endif
-
-clean-local :
- rm -f *~
diff --git a/privileges/hal-device-file.priv b/privileges/hal-device-file.priv
deleted file mode 100644
index 0888f50..0000000
--- a/privileges/hal-device-file.priv
+++ /dev/null
@@ -1,70 +0,0 @@
-# -*- Conf -*-
-#
-# Privilege definitions for HAL's ACL management mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Directly access sound devices
-[Privilege hal-device-file-sound]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access video4linux devices
-[Privilege hal-device-file-video4linux]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access optical drives
-[Privilege hal-device-file-cdrom]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=yes
-AllowLocalActive=yes
-
-# Directly access DVB devices
-[Privilege hal-device-file-dvb]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access digital cameras
-[Privilege hal-device-file-camera]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access scanners
-[Privilege hal-device-file-scanner]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access Firewire IIDC devices
-[Privilege hal-device-file-ieee1394-iidc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Directly access Firewire AVC devices
-[Privilege hal-device-file-ieee1394-avc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
diff --git a/privileges/hal-killswitch.priv b/privileges/hal-killswitch.priv
deleted file mode 100644
index 413aa4b..0000000
--- a/privileges/hal-killswitch.priv
+++ /dev/null
@@ -1,28 +0,0 @@
-# -*- Conf -*-
-#
-# Privilege definitions for HAL's RF kill switching mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Turn Bluetooth radio on/off
-[Privilege hal-killswitch-bluetooth]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Turn Wireless 802.11 radio on/off
-[Privilege hal-killswitch-wlan]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
diff --git a/privileges/hal-power.priv b/privileges/hal-power.priv
deleted file mode 100644
index da5d8e0..0000000
--- a/privileges/hal-power.priv
+++ /dev/null
@@ -1,91 +0,0 @@
-# -*- Conf -*-
-#
-# Privilege definitions for HAL's power management mechanisms.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Shutdown the computer
-[Privilege hal-power-shutdown]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Shutdown computer when multiple users are logged in
-[Privilege hal-power-shutdown-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Reboot the computer
-[Privilege hal-power-reboot]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Reboot the computer when multiple users are logged in
-[Privilege hal-power-reboot-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Configure the system to prefer power savings
-[Privilege hal-power-set-powersave]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Suspend the system
-[Privilege hal-power-suspend]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Hibernate the system
-[Privilege hal-power-hibernate]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Configure CPU frequency scaling
-[Privilege hal-power-cpufreq]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set laptop panel brightness
-[Privilege hal-power-lcd-panel]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Read values from ambient light sensor
-[Privilege hal-power-light-sensor]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set the keyboard backlight
-[Privilege hal-power-keyboard-backlight]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
diff --git a/privileges/hal-storage.priv b/privileges/hal-storage.priv
deleted file mode 100644
index 3c67964..0000000
--- a/privileges/hal-storage.priv
+++ /dev/null
@@ -1,63 +0,0 @@
-# -*- Conf -*-
-#
-# Privilege definitions for HAL's drives/media mechanims.
-#
-# Copyright (c) 2007 David Zeuthen <david at fubar.dk>
-#
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are instantly applied.
-
-# Mount file systems from internal drives
-[Privilege hal-storage-mount-fixed]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from internal drives using options not explicitly granted
-[Privilege hal-storage-mount-fixed-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from removable/hotpluggable drives
-[Privilege hal-storage-mount-removable]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Mount file systems from internal drives using options not explicitly granted
-[Privilege hal-storage-mount-removable-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Unmount file systems mounted by other users
-[Privilege hal-storage-unmount-others]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Eject media from drives
-[Privilege hal-storage-eject]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set up decryption for encrypted storage devices
-[Privilege hal-storage-crypto-setup]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
diff --git a/tools/hal-acl-tool.c b/tools/hal-acl-tool.c
index b19d283..d940426 100644
--- a/tools/hal-acl-tool.c
+++ b/tools/hal-acl-tool.c
@@ -621,7 +621,7 @@ acl_device_added_visitor (const char *se
PolKitSeat *pk_seat;
PolKitSession *pk_session;
PolKitResource *pk_resource;
- PolKitPrivilege *pk_privilege;
+ PolKitAction *pk_action;
char *priv_name;
if (session_id == NULL) {
@@ -651,21 +651,21 @@ acl_device_added_visitor (const char *se
libpolkit_resource_set_resource_type (pk_resource, "hal");
libpolkit_resource_set_resource_id (pk_resource, afd->udi);
- pk_privilege = libpolkit_privilege_new();
+ pk_action = libpolkit_action_new();
priv_name = g_strdup_printf ("hal-device-file-%s", afd->type);
- libpolkit_privilege_set_privilege_id (pk_privilege, priv_name);
+ libpolkit_action_set_action_id (pk_action, priv_name);
g_free (priv_name);
/* Now ask PolicyKit if the given session should have access */
pk_result = libpolkit_context_can_session_access_resource (pk_context,
- pk_privilege,
+ pk_action,
pk_resource,
pk_session);
if (pk_result == LIBPOLKIT_RESULT_YES) {
afd_grant_to_uid (afd, session_uid);
}
- libpolkit_privilege_unref (pk_privilege);
+ libpolkit_action_unref (pk_action);
libpolkit_resource_unref (pk_resource);
libpolkit_session_unref (pk_session);
}
More information about the hal-commit
mailing list