hal: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Fri Aug 31 12:31:54 PDT 2007
policy/hal-storage.policy | 13 +++++++++++--
tools/hal-luks-setup | 16 ++++++++++++++--
tools/hal-luks-teardown | 13 +++++++++++--
3 files changed, 36 insertions(+), 6 deletions(-)
New commits:
diff-tree 13dea3cefe32bfa400804775527788399ff08fd3 (from 5c93ba91b1b744b8d0c63c9e3486f5c3dacedc1e)
Author: David Zeuthen <davidz at redhat.com>
Date: Fri Aug 31 15:25:56 2007 -0400
split the "can setup LUKS?" action into two actions (removable/fixed)
This should fix https://bugzilla.novell.com/show_bug.cgi?id=306694
diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy
index ff729c8..656b955 100644
--- a/policy/hal-storage.policy
+++ b/policy/hal-storage.policy
@@ -52,9 +52,18 @@ details.
</defaults>
</action>
- <action id="org.freedesktop.hal.storage.crypto-setup">
+ <action id="org.freedesktop.hal.storage.crypto-setup-fixed">
<description>Set up decryption for encrypted storage devices.</description>
- <message>System policy prevents accessing encrypted storage devices</message>
+ <message>System policy prevents accessing encrypted fixed media</message>
+ <defaults>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep_always</allow_active>
+ </defaults>
+ </action>
+
+ <action id="org.freedesktop.hal.storage.crypto-setup-removable">
+ <description>Set up decryption for encrypted storage devices.</description>
+ <message>System policy prevents accessing encrypted removable media</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
diff --git a/tools/hal-luks-setup b/tools/hal-luks-setup
index 96112ec..83bd92c 100755
--- a/tools/hal-luks-setup
+++ b/tools/hal-luks-setup
@@ -14,11 +14,15 @@ locked_out() {
exit 1
}
-if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
+unknown_error() {
echo "org.freedesktop.Hal.Device.UnknownError" >&2
echo "Missing or empty environment variable(s)." >&2
echo "This script should be started by hald." >&2
exit 1
+}
+
+if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
+ unknown_error
fi
# Respect the same locks as Mount()/Unmount() etc.
@@ -39,6 +43,14 @@ if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBU
fi
fi
-hal_check_priv org.freedesktop.hal.storage.crypto-setup
+IS_HOTPLUGGABLE=`hal-get-property --udi $HAL_PROP_BLOCK_STORAGE_DEVICE --key storage.hotpluggable`
+if [ "$IS_HOTPLUGGABLE" == "true" ] ; then
+ ACTION="org.freedesktop.hal.storage.crypto-setup-removable"
+elif [ "$IS_HOTPLUGGABLE" == "false" ] ; then
+ ACTION="org.freedesktop.hal.storage.crypto-setup-fixed"
+else
+ unknown_error
+fi
+hal_check_priv $ACTION
hal_exec_backend
diff --git a/tools/hal-luks-teardown b/tools/hal-luks-teardown
index 2b82503..5f002c9 100755
--- a/tools/hal-luks-teardown
+++ b/tools/hal-luks-teardown
@@ -40,7 +40,16 @@ if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBU
fi
fi
-# TODO: this is a little sketchy; we should check for hal-storage-crypto-teardown-others
-hal_check_priv org.freedesktop.hal.storage.crypto-setup
+# TODO: this is a little sketchy; we should check for hal-storage-crypto-teardown-others?
+#
+IS_HOTPLUGGABLE=`hal-get-property --udi $HAL_PROP_BLOCK_STORAGE_DEVICE --key storage.hotpluggable`
+if [ "$IS_HOTPLUGGABLE" == "true" ] ; then
+ ACTION="org.freedesktop.hal.storage.crypto-setup-removable"
+elif [ "$IS_HOTPLUGGABLE" == "false" ] ; then
+ ACTION="org.freedesktop.hal.storage.crypto-setup-fixed"
+else
+ unknown_error
+fi
+hal_check_priv $ACTION
hal_exec_backend
More information about the hal-commit
mailing list