hal: Branch 'master' - 2 commits

Tue Oct 21 02:02:49 PDT 2008

fdi/policy/10osvendor/20-acl-management.fdi     |   10 +-
 policy/org.freedesktop.hal.device-access.policy |  112 +++++++++++++-----------
 2 files changed, 71 insertions(+), 51 deletions(-)

New commits:
commit 957473019a844955123f293209be654ffb0d78a2
Author: Danny Kukawka <danny.kukawka at web.de>
Date:   Tue Oct 21 11:00:38 2008 +0200

    add ACL rule and policy for ppdev
    
    Added ACL rule and new device access policy for ppdev devices
    (org.freedesktop.hal.device-access.ppdev).
    
    Since the user normaly don't need access to the device the policy
    is set to auth_admin_keep_always for active and inactive sessions.

diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index 6260970..0e425b3 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -123,7 +123,6 @@
       </match>
     </match>
 
-
     <!-- serial devices are assumed to be modems by default (no access) -->
     <match key="info.category" string="serial">
       <match key="serial.device" exists="true">
@@ -133,6 +132,15 @@
       </match>
     </match>
 
+    <!-- serial devices are assumed to be modems by default (no access) -->
+    <match key="info.category" string="ppdev">
+      <match key="serial.device" exists="true">
+	<append key="info.capabilities" type="strlist">access_control</append>
+	<merge key="access_control.file" type="copy_property">linux.device_file</merge>
+	<merge key="access_control.type" type="string">ppdev</merge>
+      </match>
+    </match>
+
     <!-- after serial to be able to override restrictive default -->
     <!-- FIXME: check if redundant with above "PalmOS PDAs" section -->
     <match key="pda.platform" exists="true">
diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index 978dc03..41c0afe 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -127,6 +127,15 @@ NOTE: Please keep the actions in alpabetical order
     </defaults>
   </action>
 
+  <action id="org.freedesktop.hal.device-access.ppdev">
+    <description>Directly access parallel port devices</description>
+    <message>System policy prevents access to parallel port devices</message>
+    <defaults>
+      <allow_inactive>auth_admin_keep_always</allow_inactive>
+      <allow_active>auth_admin_keep_always</allow_active>
+    </defaults>
+  </action>
+
   <action id="org.freedesktop.hal.device-access.scanner">
     <description>Directly access scanners</description>
     <message>System policy prevents access to scanners</message>
commit fac7704a20261889ff9045d50b44ede956290ad9
Author: Danny Kukawka <danny.kukawka at web.de>
Date:   Tue Oct 21 10:54:16 2008 +0200

    sort device access policies/actions alphabetical
    
    Sorted device access policies/actions in alphabetical order.

diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index 2656afd..978dc03 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -12,22 +12,25 @@ HAL is licensed to you under your choice of the the Academic Free
 License Version 2.1, or the GNU General Public License version 2. Some
 individual source files may be under the GPL only. See COPYING for
 details.
+
+NOTE: Please keep the actions in alpabetical order
+
 -->
 
 <policyconfig>
 
-  <action id="org.freedesktop.hal.device-access.sound">
-    <description>Directly access sound devices</description>
-    <message>System policy prevents access to the sound devices</message>
+  <action id="org.freedesktop.hal.device-access.audio-player">
+    <description>Directly access audio players</description>
+    <message>System policy prevents access to audio players</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.video4linux">
-    <description>Directly access video capture devices</description>
-    <message>System policy prevents access to video capture devices</message>
+  <action id="org.freedesktop.hal.device-access.camera">
+    <description>Directly access digital cameras</description>
+    <message>System policy prevents access to digital cameras</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
@@ -52,92 +55,101 @@ details.
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.camera">
-    <description>Directly access digital cameras</description>
-    <message>System policy prevents access to digital cameras</message>
+  <action id="org.freedesktop.hal.device-access.floppy">
+    <description>Directly access Floppy devices</description>
+    <message>System policy prevents access to Floppy devices</message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_inactive>yes</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.scanner">
-    <description>Directly access scanners</description>
-    <message>System policy prevents access to scanners</message>
+  <action id="org.freedesktop.hal.device-access.ieee1394-avc">
+    <description>Directly access Firewire AVC devices</description>
+    <message>System policy prevents access to Firewire AVC devices</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.audio-player">
-    <description>Directly access audio players</description>
-    <message>System policy prevents access to audio players</message>
+  <action id="org.freedesktop.hal.device-access.ieee1394-iidc">
+    <description>Directly access Firewire IIDC devices</description>
+    <message>System policy prevents access to Firewire IIDC devices</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.ieee1394-iidc">
-    <description>Directly access Firewire IIDC devices</description>
-    <message>System policy prevents access to Firewire IIDC devices</message>
+  <action id="org.freedesktop.hal.device-access.joystick">
+    <description>Directly access Joystick devices</description>
+    <message>System policy prevents access to Joystick devices</message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_inactive>yes</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.ieee1394-avc">
-    <description>Directly access Firewire AVC devices</description>
-    <message>System policy prevents access to Firewire AVC devices</message>
+  <action id="org.freedesktop.hal.device-access.modem">
+    <description>Directly access serial modem devices</description>
+    <message>System policy prevents access to serial modem devices</message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_inactive>auth_admin_keep_always</allow_inactive>
+      <allow_active>auth_admin_keep_always</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.mouse">
+    <description>Directly access Mouse devices</description>
+    <message>System policy prevents access to Mouse devices</message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.pda">
-    <description>Directly access PDA devices</description>
-    <message>System policy prevents access to PDA devices</message>
+  <action id="org.freedesktop.hal.device-access.obex">
+    <description>Directly access OBEX devices</description>
+    <message>System policy prevents access to OBEX devices</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.floppy">
-    <description>Directly access Floppy devices</description>
-    <message>System policy prevents access to Floppy devices</message>
+  <action id="org.freedesktop.hal.device-access.pda">
+    <description>Directly access PDA devices</description>
+    <message>System policy prevents access to PDA devices</message>
     <defaults>
-      <allow_inactive>yes</allow_inactive>
+      <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.modem">
-    <description>Directly access serial modem devices</description>
-    <message>System policy prevents access to serial modem devices</message>
+  <action id="org.freedesktop.hal.device-access.scanner">
+    <description>Directly access scanners</description>
+    <message>System policy prevents access to scanners</message>
     <defaults>
-      <allow_inactive>auth_admin_keep_always</allow_inactive>
-      <allow_active>auth_admin_keep_always</allow_active>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.joystick">
-    <description>Directly access Joystick devices</description>
-    <message>System policy prevents access to Joystick devices</message>
+  <action id="org.freedesktop.hal.device-access.sound">
+    <description>Directly access sound devices</description>
+    <message>System policy prevents access to the sound devices</message>
     <defaults>
-      <allow_inactive>yes</allow_inactive>
+      <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.mouse">
-    <description>Directly access Mouse devices</description>
-    <message>System policy prevents access to Mouse devices</message>
+  <action id="org.freedesktop.hal.device-access.video4linux">
+    <description>Directly access video capture devices</description>
+    <message>System policy prevents access to video capture devices</message>
     <defaults>
-      <allow_inactive>yes</allow_inactive>
+      <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
@@ -151,13 +163,4 @@ details.
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.obex">
-    <description>Directly access OBEX devices</description>
-    <message>System policy prevents access to OBEX devices</message>
-    <defaults>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>yes</allow_active>
-    </defaults>
-  </action>
-
 </policyconfig>
