hal: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Tue Jun 19 23:23:11 PDT 2007
configure.in | 2
hald/access-check.c | 14 +-----
policy/Makefile.am | 8 +--
policy/hal-device-file.policy | 65 +++++++-----------------------
policy/hal-killswitch.policy | 17 +-------
policy/hal-lock.policy | 9 ----
policy/hal-power.policy | 89 ++++++++++--------------------------------
policy/hal-storage.policy | 41 ++++---------------
tools/hal-acl-tool.c | 13 +-----
9 files changed, 65 insertions(+), 193 deletions(-)
New commits:
diff-tree 1d38172d34d8bfbb728b9f1cc5fe386f711c1a05 (from d63d3029ef7447dcaea6329c95edf1565569b43a)
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Jun 20 02:23:04 2007 -0400
update to new API in PolicyKit 0.3
diff --git a/configure.in b/configure.in
index 0b6734c..bc1eb8a 100644
--- a/configure.in
+++ b/configure.in
@@ -14,7 +14,7 @@ AM_MAINTAINER_MODE
glib_module="glib-2.0 >= 2.6.0 gobject-2.0 > 2.6.0 dbus-glib-1 >= 0.61"
dbus_module="dbus-1 >= 0.61"
volume_id_module="libvolume_id >= 0.61"
-polkit_module="polkit >= 0.2"
+polkit_module="polkit >= 0.3"
# libtool versioning - this applies to libhal and libhal-storage
#
diff --git a/hald/access-check.c b/hald/access-check.c
index 8ff95b7..a9f7bb4 100644
--- a/hald/access-check.c
+++ b/hald/access-check.c
@@ -255,7 +255,6 @@ access_check_caller_have_access_to_devic
CICallerInfo *ci;
#ifdef HAVE_POLKIT
PolKitCaller *pk_caller = NULL;
- PolKitResource *pk_resource = NULL;
PolKitAction *pk_action = NULL;
PolKitResult pk_result;
#endif
@@ -303,14 +302,9 @@ access_check_caller_have_access_to_devic
if (pk_caller == NULL)
goto out;
- pk_resource = polkit_resource_new ();
- polkit_resource_set_resource_type (pk_resource, "hal");
- polkit_resource_set_resource_id (pk_resource, hal_device_get_udi (device));
-
- pk_result = polkit_context_can_caller_access_resource (pk_context,
- pk_action,
- pk_resource,
- pk_caller);
+ pk_result = polkit_context_can_caller_do_action (pk_context,
+ pk_action,
+ pk_caller);
if (polkit_result_out != NULL)
*polkit_result_out = pk_result;
@@ -337,8 +331,6 @@ out:
#ifdef HAVE_POLKIT
if (pk_caller != NULL)
polkit_caller_unref (pk_caller);
- if (pk_resource != NULL)
- polkit_resource_unref (pk_resource);
if (pk_action != NULL)
polkit_action_unref (pk_action);
#endif
diff --git a/policy/Makefile.am b/policy/Makefile.am
index 71e1bf2..a75808a 100644
--- a/policy/Makefile.am
+++ b/policy/Makefile.am
@@ -1,19 +1,19 @@
if HAVE_POLKIT
-polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
+polkit_policydir = $(datadir)/PolicyKit/policy
-dist_polkit_privilege_DATA = \
+dist_polkit_policy_DATA = \
hal-lock.policy \
hal-storage.policy \
hal-power.policy \
hal-killswitch.policy
if HAVE_ACLMGMT
-dist_polkit_privilege_DATA += hal-device-file.policy
+dist_polkit_policy_DATA += hal-device-file.policy
endif
check:
- $(POLKIT_POLICY_FILE_VALIDATE) $(dist_polkit_privilege_DATA)
+ $(POLKIT_POLICY_FILE_VALIDATE) $(dist_polkit_policy_DATA)
endif
diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy
index 4660792..7a36152 100644
--- a/policy/hal-device-file.policy
+++ b/policy/hal-device-file.policy
@@ -20,101 +20,68 @@ file are instantly applied.
<policyconfig>
<group id="hal-device-file">
<description>Raw device access</description>
- <description_short>Raw device access</description_short>
<policy id="hal-device-file-sound">
<description>Directly access sound devices</description>
- <missing>System policy prevents direct access to the sound device '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all sound devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-video4linux">
<description>Directly access video capture devices</description>
- <missing>System policy prevents direct access to the video capture device '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all video capture devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-cdrom">
<description>Directly access optical drives</description>
- <missing>System policy prevents direct access to the optical drive '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all video optical drives</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>yes</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>yes</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-dvb">
<description>Directly access DVB devices</description>
- <missing>System policy prevents direct access to the DVB device '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all DVB devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-camera">
<description>Directly access digital cameras</description>
- <missing>System policy prevents direct access to the digital camera '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all digital cameras</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-scanner">
<description>Directly access scanners</description>
- <missing>System policy prevents direct access to the scanner '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all scanners</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-ieee1394-iidc">
<description>Directly access Firewire IIDC devices</description>
- <missing>System policy prevents direct access to the Firewire IIDC device '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all Firewire IIDC devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-device-file-ieee1394-avc">
<description>Directly access Firewire AVC devices</description>
- <missing>System policy prevents direct access to the Firewire AVC device '%s'.</missing>
- <apply_to_all_mnemonic>Apply to all Firewire AVC devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy
index 0fb82c4..cae6241 100644
--- a/policy/hal-killswitch.policy
+++ b/policy/hal-killswitch.policy
@@ -20,29 +20,20 @@ file are instantly applied.
<policyconfig>
<group id="hal-killswitch">
<description>Radio Killswitches</description>
- <description_short>RF Killswitch</description_short>
<policy id="hal-killswitch-bluetooth">
<description>Turn Bluetooth radio On/Off</description>
- <missing>Turning the Bluetooth radio On or Off is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all Bluetooth radios.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-killswitch-wlan">
<description>Turn WLAN radio On/Off</description>
- <missing>Turning the WLAN radio On or Off is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all WLAN radios.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
diff --git a/policy/hal-lock.policy b/policy/hal-lock.policy
index dc181b2..d3aeb92 100644
--- a/policy/hal-lock.policy
+++ b/policy/hal-lock.policy
@@ -20,17 +20,12 @@ file are instantly applied.
<policyconfig>
<group id="hal-lock">
<description>Locking of devices</description>
- <description_short>Locking</description_short>
<policy id="hal-lock">
<description>Acquire locks on devices</description>
- <missing>System policy prevents locking a device.</missing>
- <apply_to_all_mnemonic>Apply to all devices</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
diff --git a/policy/hal-power.policy b/policy/hal-power.policy
index fcb4517..2eefa98 100644
--- a/policy/hal-power.policy
+++ b/policy/hal-power.policy
@@ -20,137 +20,92 @@ file are instantly applied.
<policyconfig>
<group id="hal-power">
<description>Power Management</description>
- <description_short>Power Management</description_short>
<policy id="hal-power-shutdown">
<description>Shut down the system</description>
- <missing>System policy prevents shutting down the system.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-shutdown-multiple-sessions">
<description>Shut down the system when multiple users are logged in</description>
- <missing>System policy prevents shutting down the system when multiple users are logged in.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>auth_root</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_root</allow_active>
</defaults>
</policy>
<policy id="hal-power-reboot">
<description>Reboot the system</description>
- <missing>System policy prevents rebooting the system.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-reboot-multiple-sessions">
<description>Reboot the system when multiple users are logged in</description>
- <missing>System policy prevents rebooting the system when multiple users are logged in.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>auth_root</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_root</allow_active>
</defaults>
</policy>
<policy id="hal-power-set-powersave">
<description>Configure to system to prefer power savings</description>
- <missing>System policy prevents configuring power savings on the system.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-suspend">
<description>Suspend the system</description>
- <missing>System policy prevents suspending the system.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-hibernate">
<description>Hibernate the system</description>
- <missing>System policy prevents hibernating the system.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-cpufreq">
<description>Configure CPU frequency scaling</description>
- <missing>System policy prevents configuration of CPU frequency scaling.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-lcd-panel">
<description>Set laptop panel brightness</description>
- <missing>System policy prevents setting laptop panel brightness.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-light-sensor">
<description>Detect ambient light using light sensor</description>
- <missing>System policy prevents detecting ambient light using the light sensor.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-power-keyboard-backlight">
<description>Set keyboard backlight</description>
- <missing>System policy prevents setting keyboard backlight.</missing>
- <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy
index 1bd8083..4d06d37 100644
--- a/policy/hal-storage.policy
+++ b/policy/hal-storage.policy
@@ -20,65 +20,44 @@ file are instantly applied.
<policyconfig>
<group id="hal-storage">
<description>Storage Drives and Media</description>
- <description_short>Storage</description_short>
<policy id="hal-storage-mount-fixed">
<description>Mount file systems from internal drives.</description>
- <missing>Mounting the volume '%s' is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all volumes from _fixed drives.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>auth_root_keep_always</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_root_keep_always</allow_active>
</defaults>
</policy>
<policy id="hal-storage-mount-removable">
<description>Mount file systems from removable drives.</description>
- <missing>Mounting the volume '%s' is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all volumes from _removable drives.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-storage-unmount-others">
<description>Unmount file systems mounted by other users.</description>
- <missing>The volume '%s' is mounting by another user.</missing>
- <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>auth_root_keep_always</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_root_keep_always</allow_active>
</defaults>
</policy>
<policy id="hal-storage-eject">
<description>Eject removable media.</description>
- <missing>Ejecting the volume '%s' is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
<policy id="hal-storage-crypto-setup">
<description>Set up decryption for encrypted storage devices.</description>
- <missing>Decrypting the volume '%s' is restricted by system policy.</missing>
- <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
<defaults>
- <allow_remote_inactive>no</allow_remote_inactive>
- <allow_remote_active>no</allow_remote_active>
- <allow_local_inactive>no</allow_local_inactive>
- <allow_local_active>yes</allow_local_active>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
</defaults>
</policy>
diff --git a/tools/hal-acl-tool.c b/tools/hal-acl-tool.c
index d8d7471..b4c5a77 100644
--- a/tools/hal-acl-tool.c
+++ b/tools/hal-acl-tool.c
@@ -747,7 +747,6 @@ acl_device_added_visitor (const char *se
PolKitResult pk_result;
PolKitSeat *pk_seat;
PolKitSession *pk_session;
- PolKitResource *pk_resource;
PolKitAction *pk_action;
char *priv_name;
@@ -774,26 +773,20 @@ acl_device_added_visitor (const char *se
polkit_session_set_ck_is_local (pk_session, session_is_local);
/* TODO: FIXME: polkit_session_set_ck_remote_host (pk_session, );*/
- pk_resource = polkit_resource_new();
- polkit_resource_set_resource_type (pk_resource, "hal");
- polkit_resource_set_resource_id (pk_resource, afd->udi);
-
pk_action = polkit_action_new();
priv_name = g_strdup_printf ("hal-device-file-%s", afd->type);
polkit_action_set_action_id (pk_action, priv_name);
g_free (priv_name);
/* Now ask PolicyKit if the given session should have access */
- pk_result = polkit_context_can_session_access_resource (pk_context,
- pk_action,
- pk_resource,
- pk_session);
+ pk_result = polkit_context_can_session_do_action (pk_context,
+ pk_action,
+ pk_session);
if (pk_result == POLKIT_RESULT_YES) {
afd_grant_to_uid (afd, session_uid);
}
polkit_action_unref (pk_action);
- polkit_resource_unref (pk_resource);
polkit_session_unref (pk_session);
}
More information about the hal-commit
mailing list