hal: Branch 'master'

Danny Kukawka dkukawka at kemper.freedesktop.org
Mon Aug 25 10:21:20 PDT 2008 

 fdi/policy/10osvendor/20-acl-management.fdi     |   75 +++++++++++++++++++++++-
 policy/org.freedesktop.hal.device-access.policy |   45 ++++++++++++++
 2 files changed, 117 insertions(+), 3 deletions(-)

New commits:
commit 8d9c3927a8c02da22d021e744601ef532afb0e6d
Author: Ludwig Nussel <ludwig.nussel at suse.de>
Date:   Mon Aug 25 19:20:04 2008 +0200

    merge additional device access types from hal-resmgr
    
    Merged additional device access types from hal-resmgr:
    - org.freedesktop.hal.device-access.floppy
    - org.freedesktop.hal.device-access.modem
    - org.freedesktop.hal.device-access.joystick
    - org.freedesktop.hal.device-access.mouse
    - org.freedesktop.hal.device-access.video

diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index 5620cae..32becbc 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -3,7 +3,7 @@
 <deviceinfo version="0.2">
   <device>
 
-    <!-- NOTE: if you add a new access.type value, remember to update policy/hal-device-file.policy -->
+    <!-- NOTE: if you add a new access.type value, remember to update policy/org.freedesktop.hal.device-access.policy -->
 
     <!-- classification of devices where access can be controlled goes here -->
 
@@ -35,6 +35,23 @@
       <merge key="access_control.type" type="string">cdrom</merge>
     </match>
 
+    <!-- scsi generic device for optical drives -->
+    <match key="info.capabilities" contains="scsi_generic">
+      <match key="@info.parent:scsi.type" string="cdrom">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+	<merge key="access_control.type" type="string">cdrom</merge>
+      </match>
+      <!-- usb floppy bnc#336327 -->
+      <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
+	<match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
+	  <append key="info.capabilities" type="strlist">access_control</append>
+	  <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+	  <merge key="access_control.type" type="string">floppy</merge>
+	</match>
+      </match>
+    </match>
+
     <!-- DVB cards -->
     <match key="info.capabilities" contains="dvb">
       <append key="info.capabilities" type="strlist">access_control</append>
@@ -54,7 +71,7 @@
       <match key="info.capabilities" sibling_contains="scanner">
 	<append key="info.capabilities" type="strlist">access_control</append>
 	<merge key="access_control.file" type="copy_property">usbraw.device</merge>
-      <merge key="access_control.type" type="string">scanner</merge>
+	<merge key="access_control.type" type="string">scanner</merge>
       </match>
     </match>
 
@@ -97,10 +114,62 @@
       <match key="pda.platform" string="palm">
         <append key="info.capabilities" type="strlist">access_control</append>
         <merge key="access_control.type" type="string">pda</merge>
-        <merge key="access_control.file" type="copy_property">pda.palm.hotsync_interface</merge>
+        <merge key="access_control.file" type="copy_property">pda</merge>
+      </match>
+    </match>
+
+
+    <!-- serial devices are assumed to be modems by default (no access) -->
+    <match key="info.category" string="serial">
+      <match key="serial.device" exists="true">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">serial.device</merge>
+	<merge key="access_control.type" type="string">modem</merge>
+      </match>
+    </match>
+
+    <!-- after serial to be able to override restrictive default -->
+    <!-- FIXME: check if redundant with above "PalmOS PDAs" section -->
+    <match key="pda.platform" exists="true">
+        <append key="info.capabilities" type="strlist">access_control</append>
+        <merge key="access_control.type" type="string">pda</merge>
+        <merge key="access_control.file" type="copy_property">pda</merge>
+    </match>
+
+    <!-- plain old floppy -->
+    <match key="storage.drive_type" string="floppy">
+      <match key="storage.no_partitions_hint" bool="true">
+	<match key="access_control.type" exists="false">
+	  <append key="info.capabilities" type="strlist">access_control</append>
+	  <merge key="access_control.file" type="copy_property">block.device</merge>
+	  <merge key="access_control.type" type="string">floppy</merge>
+	</match>
       </match>
     </match>
 
+    <!-- linux input devices (needed e.g. for games) -->
+    <match key="linux.subsystem" string="input">
+      <!-- joysticks -->
+      <match key="info.capabilities" contains="input.joystick">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">input.device</merge>
+	<merge key="access_control.type" type="string">joystick</merge>
+      </match>
+      <!-- mice -->
+      <match key="info.capabilities" contains="input.mouse">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">input.device</merge>
+	<merge key="access_control.type" type="string">mouse</merge>
+      </match>
+    </match>
+
+    <!-- graphics cards, e.g. for 3d accelleration -->
+    <match key="info.capabilities" contains="drm">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">input.device</merge>
+	<merge key="access_control.type" type="string">video</merge>
+    </match>
+
     <!-- enforcement of policy goes here -->
 
     <!-- add / remove ACL's when devices are added and removed -->
diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index a7adf9f..ead49c1 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -106,4 +106,49 @@ details.
     </defaults>
   </action>
 
+  <action id="org.freedesktop.hal.device-access.floppy">
+    <description>Directly access Floppy devices</description>
+    <message>System policy prevents access to Floppy devices</message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.modem">
+    <description>Directly access serial modem devices</description>
+    <message>System policy prevents access to serial modem devices</message>
+    <defaults>
+      <allow_inactive>auth_admin_keep_always</allow_inactive>
+      <allow_active>auth_admin_keep_always</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.joystick">
+    <description>Directly access Joystick devices</description>
+    <message>System policy prevents access to Joystick devices</message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.mouse">
+    <description>Directly access Mouse devices</description>
+    <message>System policy prevents access to Mouse devices</message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.video">
+    <description>Directly access Video devices</description>
+    <message>System policy prevents access to Video devices</message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
 </policyconfig>

More information about the hal-commit mailing list