hal: Branch 'master' - 30 commits
Danny Kukawka
dkukawka at kemper.freedesktop.org
Wed Jan 28 05:41:35 PST 2009
configure.in | 7
doc/spec/hal-spec-access-control.xml | 187 +++++++++++++++++++
doc/spec/hal-spec-properties.xml | 20 +-
fdi/policy/10osvendor/20-acl-management.fdi | 231 +++++++++++++-----------
hal.conf.in | 63 +++---
hald/linux/device.c | 16 +
hald/linux/osspec.c | 10 +
policy/org.freedesktop.hal.device-access.policy | 57 +++--
tools/linux/Makefile.am | 2
9 files changed, 424 insertions(+), 169 deletions(-)
New commits:
commit 101c34aef06dcd8074d7de9e61f296c546996b5d
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 14:14:02 2009 +0100
fixed entries to add acl related keys only if there is a device
Fixed existing entries to add acl related keys only if there is
also a device to which HAL can add the ACL rules.
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index 5ad2ab4..98f8c88 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -9,96 +9,112 @@
<!-- sound card (ALSA) -->
<match key="info.capabilities" contains="alsa">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">alsa.device_file</merge>
- <merge key="access_control.type" type="string">sound</merge>
+ <match key="alsa.device_file" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">alsa.device_file</merge>
+ <merge key="access_control.type" type="string">sound</merge>
+ </match>
</match>
<!-- sound card (OSS) -->
<match key="info.capabilities" contains="oss">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">oss.device_file</merge>
- <merge key="access_control.type" type="string">sound</merge>
+ <match key="oss.device_file" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">oss.device_file</merge>
+ <merge key="access_control.type" type="string">sound</merge>
+ </match>
</match>
<!-- video4linux devices -->
<match key="info.capabilities" contains="video4linux">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">video4linux.device</merge>
- <merge key="access_control.type" type="string">video4linux</merge>
+ <match key="video4linux.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">video4linux.device</merge>
+ <merge key="access_control.type" type="string">video4linux</merge>
+ </match>
</match>
<!-- Removable block devices -->
<match key="info.capabilities" contains="block">
- <match key="@block.storage_device:storage.removable" bool="true">
- <!-- do not set acls on unpartitioned volumes, parent gets them -->
- <match key="block.is_volume" bool="true">
- <match key="volume.is_partition" bool="true">
+ <match key="block.device" exists="true">
+ <match key="@block.storage_device:storage.removable" bool="true">
+ <!-- do not set acls on unpartitioned volumes, parent gets them -->
+ <match key="block.is_volume" bool="true">
+ <match key="volume.is_partition" bool="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">block.device</merge>
+ <merge key="access_control.type" type="string">removable-block</merge>
+ </match>
+ </match>
+ <match key="block.is_volume" bool="false">
<addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">block.device</merge>
<merge key="access_control.type" type="string">removable-block</merge>
</match>
</match>
- <match key="block.is_volume" bool="false">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">block.device</merge>
- <merge key="access_control.type" type="string">removable-block</merge>
- </match>
</match>
</match>
<!-- optical drives -->
<match key="info.capabilities" contains="storage.cdrom">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">block.device</merge>
- <merge key="access_control.type" type="string">cdrom</merge>
+ <match key="block.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">block.device</merge>
+ <merge key="access_control.type" type="string">cdrom</merge>
+ </match>
</match>
<!-- scsi generic device for optical drives -->
<match key="info.capabilities" contains="scsi_generic">
- <match key="@info.parent:scsi.type" string="cdrom">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
- <merge key="access_control.type" type="string">cdrom</merge>
- </match>
- <match key="info.capabilities" contains="scanner">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
- <merge key="access_control.type" type="string">scanner</merge>
- </match>
- <!-- usb floppy bnc#336327 -->
- <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
- <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
+ <match key="scsi_generic.device" exists="true">
+ <match key="@info.parent:scsi.type" string="cdrom">
<addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
- <merge key="access_control.type" type="string">floppy</merge>
- </match>
+ <merge key="access_control.type" type="string">cdrom</merge>
+ </match>
+ <match key="info.capabilities" contains="scanner">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+ <merge key="access_control.type" type="string">scanner</merge>
+ </match>
+ <!-- usb floppy bnc#336327 -->
+ <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
+ <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+ <merge key="access_control.type" type="string">floppy</merge>
+ </match>
+ </match>
</match>
</match>
<!-- DVB cards -->
<match key="info.capabilities" contains="dvb">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">dvb.device</merge>
- <merge key="access_control.type" type="string">dvb</merge>
+ <match key="dvb.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">dvb.device</merge>
+ <merge key="access_control.type" type="string">dvb</merge>
+ </match>
</match>
<!-- support for Linux USB stack where device node is on a child of the main USB device -->
<match key="info.capabilities" contains="usbraw">
- <match key="info.capabilities" sibling_contains="camera">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">usbraw.device</merge>
- <merge key="access_control.type" type="string">camera</merge>
- </match>
- <match key="info.capabilities" sibling_contains="scanner">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">usbraw.device</merge>
- <merge key="access_control.type" type="string">scanner</merge>
- </match>
- <match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">usbraw.device</merge>
- <merge key="access_control.type" type="string">fingerprint-reader</merge>
+ <match key="usbraw.device" exists="true">
+ <match key="info.capabilities" sibling_contains="camera">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+ <merge key="access_control.type" type="string">camera</merge>
+ </match>
+ <match key="info.capabilities" sibling_contains="scanner">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+ <merge key="access_control.type" type="string">scanner</merge>
+ </match>
+ <match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+ <merge key="access_control.type" type="string">fingerprint-reader</merge>
+ </match>
</match>
</match>
@@ -136,14 +152,18 @@
<!-- Firewire devices are mostly driven by userspace libraries -->
<match key="info.capabilities" contains="ieee1394_unit.iidc">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
- <merge key="access_control.type" type="string">ieee1394-iidc</merge>
+ <match key="@ieee1394_unit.originating_device:ieee1394.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
+ <merge key="access_control.type" type="string">ieee1394-iidc</merge>
+ </match>
</match>
<match key="info.capabilities" contains="ieee1394_unit.avc">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
- <merge key="access_control.type" type="string">ieee1394-avc</merge>
+ <match key="@ieee1394_unit.originating_device:ieee1394.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
+ <merge key="access_control.type" type="string">ieee1394-avc</merge>
+ </match>
</match>
<!-- serial devices are assumed to be modems by default (no access) -->
@@ -157,7 +177,7 @@
<!-- serial devices are assumed to be modems by default (no access) -->
<match key="info.category" string="ppdev">
- <match key="serial.device" exists="true">
+ <match key="linux.device_file" exists="true">
<addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">linux.device_file</merge>
<merge key="access_control.type" type="string">ppdev</merge>
@@ -180,43 +200,51 @@
<!-- plain old floppy -->
<match key="storage.drive_type" string="floppy">
- <match key="storage.no_partitions_hint" bool="true">
- <match key="access_control.type" exists="false">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">block.device</merge>
- <merge key="access_control.type" type="string">floppy</merge>
+ <match key="block.device" exists="true">
+ <match key="storage.no_partitions_hint" bool="true">
+ <match key="access_control.type" exists="false">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">block.device</merge>
+ <merge key="access_control.type" type="string">floppy</merge>
+ </match>
</match>
</match>
</match>
<!-- linux input devices (needed e.g. for games) -->
<match key="linux.subsystem" string="input">
- <!-- joysticks -->
- <match key="info.capabilities" contains="input.joystick">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">input.device</merge>
- <merge key="access_control.type" type="string">joystick</merge>
- </match>
- <!-- mice -->
- <match key="info.capabilities" contains="input.mouse">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">input.device</merge>
- <merge key="access_control.type" type="string">mouse</merge>
+ <match key="input.device" exists="true">
+ <!-- joysticks -->
+ <match key="info.capabilities" contains="input.joystick">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">input.device</merge>
+ <merge key="access_control.type" type="string">joystick</merge>
+ </match>
+ <!-- mice -->
+ <match key="info.capabilities" contains="input.mouse">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">input.device</merge>
+ <merge key="access_control.type" type="string">mouse</merge>
+ </match>
</match>
</match>
<!-- graphics cards, e.g. for 3d accelleration -->
<match key="info.capabilities" contains="drm">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">linux.device_file</merge>
- <merge key="access_control.type" type="string">video</merge>
+ <match key="linux.device_file" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">linux.device_file</merge>
+ <merge key="access_control.type" type="string">video</merge>
+ </match>
</match>
<!-- printer devices -->
<match key="info.capabilities" contains="printer">
- <addset key="info.capabilities" type="strlist">access_control</addset>
- <merge key="access_control.file" type="copy_property">printer.device</merge>
- <merge key="access_control.type" type="string">printer</merge>
+ <match key="printer.device" exists="true">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">printer.device</merge>
+ <merge key="access_control.type" type="string">printer</merge>
+ </match>
</match>
<!-- enforcement of policy goes here -->
commit 59d66b8ebcef20f3a48ca6744cc5ee6f5b0c212f
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:45:39 2009 +0100
add current default policies for device access to spec
Added current default policies for device access, for active
and inactive users, to the list of existing policies in the spec.
diff --git a/doc/spec/hal-spec-access-control.xml b/doc/spec/hal-spec-access-control.xml
index ae68f31..b33bd18 100644
--- a/doc/spec/hal-spec-access-control.xml
+++ b/doc/spec/hal-spec-access-control.xml
@@ -58,7 +58,8 @@
<para>
This is a list of the device file policies/rules delivered with
the HAL package to manage ACL's as defined via <literal>
- access_control.type</literal>.
+ access_control.type</literal> and the current default Policykit
+ policies for inactive and active users.
</para>
<informaltable>
<tgroup cols="2">
@@ -66,6 +67,8 @@
<row>
<entry>Type</entry>
<entry>Description</entry>
+ <entry>allow_inactive</entry>
+ <entry>allow_active</entry>
</row>
</thead>
<tbody>
@@ -74,120 +77,160 @@
<literal>audio-player</literal>
</entry>
<entry>Directly access audio players.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>camera</literal>
</entry>
<entry>Directly access digital cameras.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>cdrom</literal>
</entry>
<entry>Directly access optical drives.</entry>
+ <entry>yes</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>dvb</literal>
</entry>
<entry>Directly access DVB devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>fingerprint-reader</literal>
</entry>
<entry>Directly access to fingerprint reader devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>floppy</literal>
</entry>
<entry>Directly access Floppy devices.</entry>
+ <entry>yes</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
- <literal>ieee1394-iidc</literal>
+ <literal>ieee1394-avc</literal>
</entry>
- <entry>Directly access Firewire IIDC devices.</entry>
+ <entry>Directly access Firewire AVC devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
- <literal>ieee1394-avc</literal>
+ <literal>ieee1394-iidc</literal>
</entry>
- <entry>Directly access Firewire AVC devices.</entry>
+ <entry>Directly access Firewire IIDC devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>joystick</literal>
</entry>
<entry>Directly access Joystick devices.</entry>
+ <entry>yes</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>modem</literal>
</entry>
<entry>Directly access serial modem devices.</entry>
+ <entry>auth_admin_keep_always</entry>
+ <entry>auth_admin_keep_always</entry>
</row>
<row>
<entry>
<literal>mouse</literal>
</entry>
<entry>Directly access Mouse (input) devices</entry>
+ <entry>yes</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>obex</literal>
</entry>
<entry>Directly access OBEX devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>pda</literal>
</entry>
<entry>Directly access PDA devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>ppdev</literal>
</entry>
<entry>Directly access parallel port devices.</entry>
+ <entry>auth_admin_keep_always</entry>
+ <entry>auth_admin_keep_always</entry>
</row>
<row>
<entry>
<literal>printer</literal>
</entry>
<entry>Directly access printer devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>removable-block</literal>
</entry>
<entry>Directly access removable block devices.</entry>
+ <entry>no</entry>
+ <entry>no</entry>
</row>
<row>
<entry>
<literal>scanner</literal>
</entry>
<entry>Directly access scanners.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>sound</literal>
</entry>
<entry>Directly access sound devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>video</literal>
</entry>
<entry>Directly access Video devices.</entry>
+ <entry>yes</entry>
+ <entry>yes</entry>
</row>
<row>
<entry>
<literal>video4linux</literal>
</entry>
<entry>Directly access video capture devices.</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
</row>
</tbody>
</tgroup>
commit 0d6eaa5ab4bdbaa73b20db0e9c200af39c00b2ee
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:44:05 2009 +0100
sort existing PolicyKit policies for device access alphabetical
Sorted existing PolicyKit policies for device acces alphabetical.
diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index a2978df..e083eb4 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -19,15 +19,6 @@ NOTE: Please keep the actions in alpabetical order
<policyconfig>
- <action id="org.freedesktop.hal.device-access.fingerprint-reader">
- <description>Directly access to fingerprint reader devices</description>
- <message>System policy prevents access to fingerprint readers</message>
- <defaults>
- <allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
- </defaults>
- </action>
-
<action id="org.freedesktop.hal.device-access.audio-player">
<description>Directly access audio players</description>
<message>System policy prevents access to audio players</message>
@@ -55,18 +46,18 @@ NOTE: Please keep the actions in alpabetical order
</defaults>
</action>
- <action id="org.freedesktop.hal.device-access.removable-block">
- <description>Directly access removable block devices</description>
- <message>System policy prevents access to removable block devices</message>
+ <action id="org.freedesktop.hal.device-access.dvb">
+ <description>Directly access DVB devices</description>
+ <message>System policy prevents access to DVB devices</message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>no</allow_active>
+ <allow_active>yes</allow_active>
</defaults>
</action>
- <action id="org.freedesktop.hal.device-access.dvb">
- <description>Directly access DVB devices</description>
- <message>System policy prevents access to DVB devices</message>
+ <action id="org.freedesktop.hal.device-access.fingerprint-reader">
+ <description>Directly access to fingerprint reader devices</description>
+ <message>System policy prevents access to fingerprint readers</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
@@ -163,6 +154,15 @@ NOTE: Please keep the actions in alpabetical order
</defaults>
</action>
+ <action id="org.freedesktop.hal.device-access.removable-block">
+ <description>Directly access removable block devices</description>
+ <message>System policy prevents access to removable block devices</message>
+ <defaults>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>no</allow_active>
+ </defaults>
+ </action>
+
<action id="org.freedesktop.hal.device-access.scanner">
<description>Directly access scanners</description>
<message>System policy prevents access to scanners</message>
@@ -181,20 +181,20 @@ NOTE: Please keep the actions in alpabetical order
</defaults>
</action>
- <action id="org.freedesktop.hal.device-access.video4linux">
- <description>Directly access video capture devices</description>
- <message>System policy prevents access to video capture devices</message>
+ <action id="org.freedesktop.hal.device-access.video">
+ <description>Directly access Video devices</description>
+ <message>System policy prevents access to Video devices</message>
<defaults>
- <allow_inactive>no</allow_inactive>
+ <allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
- <action id="org.freedesktop.hal.device-access.video">
- <description>Directly access Video devices</description>
- <message>System policy prevents access to Video devices</message>
+ <action id="org.freedesktop.hal.device-access.video4linux">
+ <description>Directly access video capture devices</description>
+ <message>System policy prevents access to video capture devices</message>
<defaults>
- <allow_inactive>yes</allow_inactive>
+ <allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
commit d7a06bc844b922a22db8ec4715e2f602898c3cf9
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:31:45 2009 +0100
filled TODOs with information for the printer namespace
Filled TODOs with information for the printer namespace.
diff --git a/doc/spec/hal-spec-properties.xml b/doc/spec/hal-spec-properties.xml
index 505b7bc..3c400ef 100644
--- a/doc/spec/hal-spec-properties.xml
+++ b/doc/spec/hal-spec-properties.xml
@@ -6092,7 +6092,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
</entry>
<entry></entry>
<entry>Yes</entry>
- <entry>TODO</entry>
+ <entry>Special device file to interact with the printer device.</entry>
</row>
<row>
<entry>
@@ -6100,7 +6100,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
</entry>
<entry></entry>
<entry>Yes</entry>
- <entry>TODO</entry>
+ <entry>Name of the device vendor</entry>
</row>
<row>
<entry>
@@ -6108,7 +6108,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
</entry>
<entry></entry>
<entry>Yes</entry>
- <entry>TODO</entry>
+ <entry>Name of the product.</entry>
</row>
<row>
<entry>
@@ -6116,15 +6116,19 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
</entry>
<entry></entry>
<entry>Yes</entry>
- <entry>TODO</entry>
+ <entry>
+ A string uniquely identifying the instance of the device;
+ ie. it will be different for two devices of the same type.
+ Note that the serial number is broken on some USB devices.
+ </entry>
</row>
<row>
<entry>
<literal>printer.description</literal> (string)
</entry>
<entry></entry>
- <entry>Yes</entry>
- <entry>TODO</entry>
+ <entry>No</entry>
+ <entry>Description for the device.</entry>
</row>
<row>
<entry>
commit 3026136349d7c6947c5e92c96d1338b06695835b
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:26:35 2009 +0100
update spec for printer access policy
Updated spec for new printer access policy.
diff --git a/doc/spec/hal-spec-access-control.xml b/doc/spec/hal-spec-access-control.xml
index c794d19..ae68f31 100644
--- a/doc/spec/hal-spec-access-control.xml
+++ b/doc/spec/hal-spec-access-control.xml
@@ -155,6 +155,12 @@
</row>
<row>
<entry>
+ <literal>printer</literal>
+ </entry>
+ <entry>Directly access printer devices.</entry>
+ </row>
+ <row>
+ <entry>
<literal>removable-block</literal>
</entry>
<entry>Directly access removable block devices.</entry>
commit 2715a26024cb80f2ad424f5a9e12bf79d28b0018
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:25:22 2009 +0100
add ACL and device-access policy for printers
Added ACL and device-access policy for printers.
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index 505e000..5ad2ab4 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -212,6 +212,13 @@
<merge key="access_control.type" type="string">video</merge>
</match>
+ <!-- printer devices -->
+ <match key="info.capabilities" contains="printer">
+ <addset key="info.capabilities" type="strlist">access_control</addset>
+ <merge key="access_control.file" type="copy_property">printer.device</merge>
+ <merge key="access_control.type" type="string">printer</merge>
+ </match>
+
<!-- enforcement of policy goes here -->
<!-- add / remove ACL's when devices are added and removed -->
diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index 5371174..a2978df 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -154,6 +154,15 @@ NOTE: Please keep the actions in alpabetical order
</defaults>
</action>
+ <action id="org.freedesktop.hal.device-access.printer">
+ <description>Directly access printers</description>
+ <message>System policy prevents access to printers</message>
+ <defaults>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
<action id="org.freedesktop.hal.device-access.scanner">
<description>Directly access scanners</description>
<message>System policy prevents access to scanners</message>
commit 4bde0385a38f4bcd8bebf4af8d3e1f0bf38ca075
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:17:23 2009 +0100
use addset instead of append for ACL rules
Changed existing entries to use addset instead of append to prevent
double entries if a device may have more than one matching capability.
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index 358b3c7..505e000 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -9,21 +9,21 @@
<!-- sound card (ALSA) -->
<match key="info.capabilities" contains="alsa">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">alsa.device_file</merge>
<merge key="access_control.type" type="string">sound</merge>
</match>
<!-- sound card (OSS) -->
<match key="info.capabilities" contains="oss">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">oss.device_file</merge>
<merge key="access_control.type" type="string">sound</merge>
</match>
<!-- video4linux devices -->
<match key="info.capabilities" contains="video4linux">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">video4linux.device</merge>
<merge key="access_control.type" type="string">video4linux</merge>
</match>
@@ -34,13 +34,13 @@
<!-- do not set acls on unpartitioned volumes, parent gets them -->
<match key="block.is_volume" bool="true">
<match key="volume.is_partition" bool="true">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">block.device</merge>
<merge key="access_control.type" type="string">removable-block</merge>
</match>
</match>
<match key="block.is_volume" bool="false">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">block.device</merge>
<merge key="access_control.type" type="string">removable-block</merge>
</match>
@@ -49,7 +49,7 @@
<!-- optical drives -->
<match key="info.capabilities" contains="storage.cdrom">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">block.device</merge>
<merge key="access_control.type" type="string">cdrom</merge>
</match>
@@ -57,19 +57,19 @@
<!-- scsi generic device for optical drives -->
<match key="info.capabilities" contains="scsi_generic">
<match key="@info.parent:scsi.type" string="cdrom">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
<merge key="access_control.type" type="string">cdrom</merge>
</match>
<match key="info.capabilities" contains="scanner">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
<merge key="access_control.type" type="string">scanner</merge>
</match>
<!-- usb floppy bnc#336327 -->
<match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
<match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
<merge key="access_control.type" type="string">floppy</merge>
</match>
@@ -78,7 +78,7 @@
<!-- DVB cards -->
<match key="info.capabilities" contains="dvb">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">dvb.device</merge>
<merge key="access_control.type" type="string">dvb</merge>
</match>
@@ -86,17 +86,17 @@
<!-- support for Linux USB stack where device node is on a child of the main USB device -->
<match key="info.capabilities" contains="usbraw">
<match key="info.capabilities" sibling_contains="camera">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
<merge key="access_control.type" type="string">camera</merge>
</match>
<match key="info.capabilities" sibling_contains="scanner">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
<merge key="access_control.type" type="string">scanner</merge>
</match>
<match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
<merge key="access_control.type" type="string">fingerprint-reader</merge>
</match>
@@ -106,27 +106,27 @@
<match key="info.subsystem" string="usb">
<match key="@info.parent:linux.device_file" exists="true">
<match key="info.capabilities" contains="camera">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">camera</merge>
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
</match>
<match key="info.capabilities" contains="scanner">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">scanner</merge>
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
</match>
<match key="info.capabilities" contains="portable_audio_player">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">audio-player</merge>
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
</match>
<match key="info.capabilities" contains="obex">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">obex</merge>
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
</match>
<match key="info.capabilities" contains="biometric.fingerprint_reader">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">fingerprint-reader</merge>
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
</match>
@@ -136,12 +136,12 @@
<!-- Firewire devices are mostly driven by userspace libraries -->
<match key="info.capabilities" contains="ieee1394_unit.iidc">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
<merge key="access_control.type" type="string">ieee1394-iidc</merge>
</match>
<match key="info.capabilities" contains="ieee1394_unit.avc">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
<merge key="access_control.type" type="string">ieee1394-avc</merge>
</match>
@@ -149,7 +149,7 @@
<!-- serial devices are assumed to be modems by default (no access) -->
<match key="info.category" string="serial">
<match key="serial.device" exists="true">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">serial.device</merge>
<merge key="access_control.type" type="string">modem</merge>
</match>
@@ -158,7 +158,7 @@
<!-- serial devices are assumed to be modems by default (no access) -->
<match key="info.category" string="ppdev">
<match key="serial.device" exists="true">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">linux.device_file</merge>
<merge key="access_control.type" type="string">ppdev</merge>
</match>
@@ -167,7 +167,7 @@
<!-- after serial to be able to override restrictive default -->
<match key="info.capabilities" contains="pda">
<!-- PalmOS PDAs -->
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.type" type="string">pda</merge>
<match key="pda.platform" string="palm">
<merge key="access_control.file" type="copy_property">pda.palm.hotsync_interface</merge>
@@ -182,7 +182,7 @@
<match key="storage.drive_type" string="floppy">
<match key="storage.no_partitions_hint" bool="true">
<match key="access_control.type" exists="false">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">block.device</merge>
<merge key="access_control.type" type="string">floppy</merge>
</match>
@@ -193,13 +193,13 @@
<match key="linux.subsystem" string="input">
<!-- joysticks -->
<match key="info.capabilities" contains="input.joystick">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">input.device</merge>
<merge key="access_control.type" type="string">joystick</merge>
</match>
<!-- mice -->
<match key="info.capabilities" contains="input.mouse">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">input.device</merge>
<merge key="access_control.type" type="string">mouse</merge>
</match>
@@ -207,7 +207,7 @@
<!-- graphics cards, e.g. for 3d accelleration -->
<match key="info.capabilities" contains="drm">
- <append key="info.capabilities" type="strlist">access_control</append>
+ <addset key="info.capabilities" type="strlist">access_control</addset>
<merge key="access_control.file" type="copy_property">linux.device_file</merge>
<merge key="access_control.type" type="string">video</merge>
</match>
@@ -216,24 +216,24 @@
<!-- add / remove ACL's when devices are added and removed -->
<match key="info.capabilities" contains="access_control">
- <append key="info.callouts.add" type="strlist">hal-acl-tool --add-device</append>
- <append key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</append>
+ <addset key="info.callouts.add" type="strlist">hal-acl-tool --add-device</addset>
+ <addset key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</addset>
</match>
<match key="info.udi" string="/org/freedesktop/Hal/devices/computer">
<!-- remove all previously added ACL's on start-up -->
- <append key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</append>
+ <addset key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</addset>
<!-- reconfigure all ACL's sessions are added and removed -->
- <append key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</append>
- <append key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</append>
+ <addset key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</addset>
+ <addset key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</addset>
<!-- reconfigure all ACL's when a session becomes active -->
- <append key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</append>
+ <addset key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</addset>
<!-- reconfigure all ACL's when a session becomes inactive -->
- <append key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</append>
+ <addset key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</addset>
</match>
commit ace34e318102988320181ffaeeda3eb890112408
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 28 13:05:49 2009 +0100
put usbraw matches for ACL together into one block
Put usbraw matches for ACL together into one block, fixed
whitespaces.
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index ee63768..358b3c7 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -90,15 +90,11 @@
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
<merge key="access_control.type" type="string">camera</merge>
</match>
- </match>
- <match key="info.capabilities" contains="usbraw">
<match key="info.capabilities" sibling_contains="scanner">
<append key="info.capabilities" type="strlist">access_control</append>
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
<merge key="access_control.type" type="string">scanner</merge>
</match>
- </match>
- <match key="info.capabilities" contains="usbraw">
<match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
<append key="info.capabilities" type="strlist">access_control</append>
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
@@ -211,9 +207,9 @@
<!-- graphics cards, e.g. for 3d accelleration -->
<match key="info.capabilities" contains="drm">
- <append key="info.capabilities" type="strlist">access_control</append>
- <merge key="access_control.file" type="copy_property">linux.device_file</merge>
- <merge key="access_control.type" type="string">video</merge>
+ <append key="info.capabilities" type="strlist">access_control</append>
+ <merge key="access_control.file" type="copy_property">linux.device_file</merge>
+ <merge key="access_control.type" type="string">video</merge>
</match>
<!-- enforcement of policy goes here -->
commit 336d871860710af1cb3a55234d5051f01e842e02
Author: Andreas Schwab <schwab at suse.de>
Date: Sun Jan 25 18:46:08 2009 +0100
fixed buffer overrun
Fixed possible buffer overrun if there are invalid formated
led devices (e.g. iwl-phy0:assoc instead of correctly
iwl-phy0::assoc as the kernel documentation says).
diff --git a/hald/linux/device.c b/hald/linux/device.c
index c1f8deb..21b9176 100644
--- a/hald/linux/device.c
+++ b/hald/linux/device.c
@@ -1296,12 +1296,16 @@ leds_add (const gchar *sysfs_path, const gchar *device_file, HalDevice *parent_d
attributes = g_strsplit_set (dev_name, ":", 0);
if (attributes != NULL) {
- if (attributes[0] != NULL && attributes[0][0] != '\0')
- hal_device_property_set_string (d, "leds.device_name", attributes[0]);
- if (attributes[1] != NULL && attributes[1][0] != '\0')
- hal_device_property_set_string (d, "leds.colour", attributes[1]);
- if (attributes[2] != NULL && attributes[2][0] != '\0')
- hal_device_property_set_string (d, "leds.function", attributes[2]);
+ if (attributes[0] != NULL) {
+ if (attributes[0][0] != '\0')
+ hal_device_property_set_string (d, "leds.device_name", attributes[0]);
+ if (attributes[1] != NULL ) {
+ if (attributes[1][0] != '\0')
+ hal_device_property_set_string (d, "leds.colour", attributes[1]);
+ if (attributes[2] != NULL && attributes[2][0] != '\0')
+ hal_device_property_set_string (d, "leds.function", attributes[2]);
+ }
+ }
}
g_strfreev (attributes);
}
commit 0f2a65e0f42702f5d57b990d481ba8735951b5a5
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 17:28:33 2009 +0100
add section about "Device Files policies" to spec
Added new section about existing "Device File policies", defined
via access_control.type, to the spec.
diff --git a/doc/spec/hal-spec-access-control.xml b/doc/spec/hal-spec-access-control.xml
index 2fdd5da..c794d19 100644
--- a/doc/spec/hal-spec-access-control.xml
+++ b/doc/spec/hal-spec-access-control.xml
@@ -52,6 +52,142 @@
user. This interface is supposed to be stable so 3rd party
packages can depend on it.
</para>
+
+ <sect2 id="access-control-device-file-policies">
+ <title>Device Files policies</title>
+ <para>
+ This is a list of the device file policies/rules delivered with
+ the HAL package to manage ACL's as defined via <literal>
+ access_control.type</literal>.
+ </para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Type</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <literal>audio-player</literal>
+ </entry>
+ <entry>Directly access audio players.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>camera</literal>
+ </entry>
+ <entry>Directly access digital cameras.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>cdrom</literal>
+ </entry>
+ <entry>Directly access optical drives.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>dvb</literal>
+ </entry>
+ <entry>Directly access DVB devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>fingerprint-reader</literal>
+ </entry>
+ <entry>Directly access to fingerprint reader devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>floppy</literal>
+ </entry>
+ <entry>Directly access Floppy devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>ieee1394-iidc</literal>
+ </entry>
+ <entry>Directly access Firewire IIDC devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>ieee1394-avc</literal>
+ </entry>
+ <entry>Directly access Firewire AVC devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>joystick</literal>
+ </entry>
+ <entry>Directly access Joystick devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>modem</literal>
+ </entry>
+ <entry>Directly access serial modem devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>mouse</literal>
+ </entry>
+ <entry>Directly access Mouse (input) devices</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>obex</literal>
+ </entry>
+ <entry>Directly access OBEX devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>pda</literal>
+ </entry>
+ <entry>Directly access PDA devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>ppdev</literal>
+ </entry>
+ <entry>Directly access parallel port devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>removable-block</literal>
+ </entry>
+ <entry>Directly access removable block devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>scanner</literal>
+ </entry>
+ <entry>Directly access scanners.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>sound</literal>
+ </entry>
+ <entry>Directly access sound devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>video</literal>
+ </entry>
+ <entry>Directly access Video devices.</entry>
+ </row>
+ <row>
+ <entry>
+ <literal>video4linux</literal>
+ </entry>
+ <entry>Directly access video capture devices.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
</sect1>
<sect1 id="access-control-ipc">
commit 145e53da57517b9b70eabe6e104668279286cf0a
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 16:21:11 2009 +0100
add some parameter checks to hal_util_*et_driver*() functions
Added some parameter checks and debug messages to
hal_util_get_driver_name() and hal_util_set_driver().
diff --git a/hald/linux/osspec.c b/hald/linux/osspec.c
index 0902b14..f75d88a 100644
--- a/hald/linux/osspec.c
+++ b/hald/linux/osspec.c
@@ -891,6 +891,11 @@ hal_util_get_driver_name (const char *sysfs_path, gchar *driver_name)
gchar driver_path[HAL_PATH_MAX];
struct stat statbuf;
+ if (sysfs_path == NULL) {
+ HAL_WARNING (("hal_util_get_driver_name: sysfs_path == NULL"));
+ return FALSE;
+ }
+
g_snprintf (driver_path, sizeof (driver_path), "%s/driver", sysfs_path);
if (stat (driver_path, &statbuf) == 0) {
gchar buf[256];
@@ -909,6 +914,11 @@ hal_util_set_driver (HalDevice *d, const char *property_name, const char *sysfs_
gboolean ret;
gchar driver_name[256];
+ if (d == NULL || property_name == NULL || sysfs_path == NULL) {
+ HAL_WARNING (("hal_util_set_driver: d, property_name or sysfs_path == NULL"));
+ return FALSE;
+ }
+
memset (driver_name, '\0', sizeof (driver_name));
ret = hal_util_get_driver_name (sysfs_path, driver_name);
if (ret == TRUE)
commit 8b56ff46e57bb9b5cb7d923c21b8c98cd19d487e
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 14:21:15 2009 +0100
fixed HAL D-Bus config: added send_destination for all interfaces
Fixed HAL D-Bus config due to D-Bus changes caused by CVE-2008-4311.
Added send_destination="org.freedesktop.Hal" for all exported
interfaces as recommended here:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/318783
" [...]
*IMPORTANT* you MUST include send_destination on ALL allow or deny
tags. Omitting it is a SERIOUS bug!
<!-- !! SERIOUS BUG !! -->
<allow send_interface="x.y.z" />
This allows any service to receive method calls of the given
interface, not just your own service!
It also implicitly allows any service to receive method calls
with no interface specified, in case they match this interface!
[...] "
diff --git a/hal.conf.in b/hal.conf.in
index 4fee9ad..403465e 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -21,22 +21,37 @@
<allow send_destination="org.freedesktop.Hal"
send_interface="org.freedesktop.DBus.Properties" />
- <allow send_interface="org.freedesktop.Hal.Device"/>
- <allow send_interface="org.freedesktop.Hal.Manager"/>
-
- <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
- <allow send_interface="org.freedesktop.Hal.Device.DockStation"/>
- <allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
- <allow send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
- <allow send_interface="org.freedesktop.Hal.Device.Leds"/>
- <allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
- <allow send_interface="org.freedesktop.Hal.Device.Storage"/>
- <allow send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
- <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Manager"/>
+
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.DockStation"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Leds"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Storage"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Volume"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
</policy>
commit 98c458e250ddd6209dc1f2110ff67481a94421ff
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 14:16:09 2009 +0100
remove all receive_* lines from HAL D-Bus config
Fixed HAL D-Bus config due to D-Bus changes caused by CVE-2008-4311.
Removed all all receive_* lines from HAL D-Bus config as recommended
here: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/318783
diff --git a/hal.conf.in b/hal.conf.in
index 1fb30f6..4fee9ad 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -24,11 +24,6 @@
<allow send_interface="org.freedesktop.Hal.Device"/>
<allow send_interface="org.freedesktop.Hal.Manager"/>
- <allow receive_interface="org.freedesktop.Hal.Device"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Manager"
- receive_sender="org.freedesktop.Hal"/>
-
<allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
<allow send_interface="org.freedesktop.Hal.Device.DockStation"/>
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
@@ -43,32 +38,6 @@
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
<allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
- <allow receive_interface="org.freedesktop.Hal.Device.CPUFreq"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.DockStation"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.KeyboardBacklight"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.KillSwitch"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.Leds"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.LightSensor"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.Storage"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.Storage.Removable"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.Volume"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
- receive_sender="org.freedesktop.Hal"/>
- <allow receive_interface="org.freedesktop.Hal.Device.WakeOnLan"
- receive_sender="org.freedesktop.Hal"/>
</policy>
</busconfig>
commit 36a1b5b709d8c2ac24c8d5c1af44c39cd152290a
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 14:06:05 2009 +0100
add org.freedesktop.DBus.Properties standard iterface
Fixed HAL D-Bus config due to D-Bus changes caused by CVE-2008-4311.
Added org.freedesktop.DBus.Properties standard iterface as
recommended here:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/318783
diff --git a/hal.conf.in b/hal.conf.in
index 8d297af..1fb30f6 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -18,6 +18,8 @@
<policy context="default">
<allow send_destination="org.freedesktop.Hal"
send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.DBus.Properties" />
<allow send_interface="org.freedesktop.Hal.Device"/>
<allow send_interface="org.freedesktop.Hal.Manager"/>
commit df4dc87d65b1cb0d74585a456e3f2ee82bc92317
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 12:40:10 2009 +0100
add org.freedesktop.Hal.Device.DockStation to HAL D-Bus config
Added org.freedesktop.Hal.Device.DockStation to HAL D-Bus config/
policy.
diff --git a/hal.conf.in b/hal.conf.in
index 84171bc..8d297af 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -28,6 +28,7 @@
receive_sender="org.freedesktop.Hal"/>
<allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+ <allow send_interface="org.freedesktop.Hal.Device.DockStation"/>
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
@@ -42,6 +43,8 @@
<allow receive_interface="org.freedesktop.Hal.Device.CPUFreq"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.DockStation"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.KeyboardBacklight"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.KillSwitch"
commit 258a3ad7dd0dc70600141d8263924b0a14411199
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 12:39:11 2009 +0100
add org.freedesktop.Hal.Device.Storage to HAL D-Bus config
Added org.freedesktop.Hal.Device.Storage to HAL D-Bus config/
policy.
diff --git a/hal.conf.in b/hal.conf.in
index f1b38a4..84171bc 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -33,6 +33,7 @@
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Leds"/>
<allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+ <allow send_interface="org.freedesktop.Hal.Device.Storage"/>
<allow send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
@@ -51,6 +52,8 @@
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LightSensor"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.Storage"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Storage.Removable"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
commit 62b8af9821c54dbb53c26accbf09801c5ad516d5
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Thu Jan 22 12:37:39 2009 +0100
add org.freedesktop.Hal.Device.WakeOnLan to HAL D-Bus config
Added org.freedesktop.Hal.Device.WakeOnLan to HAL D-Bus config/
policy.
diff --git a/hal.conf.in b/hal.conf.in
index c0949cd..f1b38a4 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -37,6 +37,7 @@
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
<allow receive_interface="org.freedesktop.Hal.Device.CPUFreq"
receive_sender="org.freedesktop.Hal"/>
@@ -58,6 +59,8 @@
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.WakeOnLan"
+ receive_sender="org.freedesktop.Hal"/>
</policy>
</busconfig>
commit e714a0ee8a5eac65c27ebdbedf49f9fbae341c54
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:36:47 2009 +0100
add D-Bus policy rule for org.freedesktop.Hal.Device.Storage.Removable
Added D-Bus policy rule for org.freedesktop.Hal.Device.Storage.Removable.
diff --git a/hal.conf.in b/hal.conf.in
index 69ac091..c0949cd 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -33,6 +33,7 @@
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Leds"/>
<allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+ <allow send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
@@ -49,6 +50,8 @@
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LightSensor"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.Storage.Removable"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume"
commit 4840ac2fdab4b6693373b9716d4514bfb1090e64
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:32:16 2009 +0100
add D-Bus policy rule for org.freedesktop.Hal.Device.KeyboardBacklight
Added D-Bus policy rule for org.freedesktop.Hal.Device.KeyboardBacklight
diff --git a/hal.conf.in b/hal.conf.in
index c0b8981..69ac091 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -29,6 +29,7 @@
<allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
+ <allow send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Leds"/>
<allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
@@ -38,6 +39,8 @@
<allow receive_interface="org.freedesktop.Hal.Device.CPUFreq"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.KeyboardBacklight"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.KillSwitch"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
commit 6e9ca151bf93046304f231b9a3292d37b88844c5
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:30:56 2009 +0100
add DBus policy rule for org.freedesktop.Hal.Device.LightSensor
Added DBus policy rule for org.freedesktop.Hal.Device.LightSensor.
diff --git a/hal.conf.in b/hal.conf.in
index fc5c95b..c0b8981 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -31,6 +31,7 @@
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Leds"/>
+ <allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
@@ -43,6 +44,8 @@
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Leds"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.LightSensor"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume"
commit 00278969b87e2e82e82c9ded0629a4a6bb9eae56
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:29:29 2009 +0100
add DBus policy rule for org.freedesktop.Hal.Device.CPUFreq
Added DBus policy rule for org.freedesktop.Hal.Device.CPUFreq.
diff --git a/hal.conf.in b/hal.conf.in
index c8b486b..fc5c95b 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -27,6 +27,7 @@
<allow receive_interface="org.freedesktop.Hal.Manager"
receive_sender="org.freedesktop.Hal"/>
+ <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Leds"/>
@@ -34,6 +35,8 @@
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.CPUFreq"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.KillSwitch"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
commit b8b35f234f7b8d406bcf4e97a98cb788b52cc527
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:27:09 2009 +0100
add DBus policy rule for org.freedesktop.Hal.Device.Leds
Added DBus policy rule for org.freedesktop.Hal.Device.Leds.
diff --git a/hal.conf.in b/hal.conf.in
index a4b0553..c8b486b 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -29,6 +29,7 @@
<allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ <allow send_interface="org.freedesktop.Hal.Device.Leds"/>
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
@@ -37,6 +38,8 @@
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.Leds"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume"
commit 8d095056be002d7f0711f92c1d73524930353143
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:23:34 2009 +0100
fix policy for org.freedesktop.Hal.Device.KillSwitch
Fixed policy for org.freedesktop.Hal.Device.KillSwitch by adding
receive_interface and receive_sender="org.freedesktop.Hal".
diff --git a/hal.conf.in b/hal.conf.in
index 1ed400b..a4b0553 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -33,6 +33,8 @@
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.KillSwitch"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
commit 41ae8027cb9e81f0e38a477ee8c4b972dd623bac
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:21:44 2009 +0100
put policy rules in alphabetical order
Put the policy rules in alphabetical order.
diff --git a/hal.conf.in b/hal.conf.in
index add2649..1ed400b 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -18,22 +18,25 @@
<policy context="default">
<allow send_destination="org.freedesktop.Hal"
send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_interface="org.freedesktop.Hal.Manager"/>
+
<allow send_interface="org.freedesktop.Hal.Device"/>
- <allow receive_interface="org.freedesktop.Hal.Manager"
- receive_sender="org.freedesktop.Hal"/>
+ <allow send_interface="org.freedesktop.Hal.Manager"/>
+
<allow receive_interface="org.freedesktop.Hal.Device"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Manager"
+ receive_sender="org.freedesktop.Hal"/>
- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+ <allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
- <allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
- <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
- receive_sender="org.freedesktop.Hal"/>
+
<allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
+ receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume"
receive_sender="org.freedesktop.Hal"/>
<allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
commit d0de333569c243ad88fea1fcf42e495788519446
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:17:54 2009 +0100
remove second policy context="default" block
Removed second <policy context="default"> block, it makes no
sense to have the same default context two times.
diff --git a/hal.conf.in b/hal.conf.in
index f4dba6f..add2649 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -40,14 +40,5 @@
receive_sender="org.freedesktop.Hal"/>
</policy>
- <!-- Default policy for the exported interfaces; if PolicyKit is not used
- for access control you will need to modify this -->
- <policy context="default">
- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
- </policy>
-
</busconfig>
commit b874db76ceb19f5c9312ae5991f70218a0539399
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 19:16:22 2009 +0100
remove policy rule for org.freedesktop.Hal.Device.VideoAdapterPM
Removed policy rule for org.freedesktop.Hal.Device.VideoAdapterPM,
there is no such interface in HAL (anymore?).
diff --git a/hal.conf.in b/hal.conf.in
index 823e40f..f4dba6f 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -44,7 +44,6 @@
for access control you will need to modify this -->
<policy context="default">
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
- <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
commit 78571a76969d54b523b18b112796e38f11b376a1
Merge: bdc438f... 6e73f94...
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 18:55:52 2009 +0100
Merge branch 'master' of ssh://dkukawka@git.freedesktop.org/git/hal
commit bdc438f3454c9f8ef4ccdea1dcb7dce5e55d5cbb
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 18:43:13 2009 +0100
fix spec due to path/filename changes with actual PolicyKit
Fixed spec due to path/filename changes with actual PolicyKit.
diff --git a/doc/spec/hal-spec-access-control.xml b/doc/spec/hal-spec-access-control.xml
index 95006a8..2fdd5da 100644
--- a/doc/spec/hal-spec-access-control.xml
+++ b/doc/spec/hal-spec-access-control.xml
@@ -37,7 +37,7 @@
HAL uses PolicyKit to decide what users should have access
according to PolicyKit configuration; see the PolicyKit
privilege definition
- file <literal>/etc/PolicyKit/privileges/hal-device-file.priv</literal>
+ file <literal>/usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy</literal>
on a system with HAL installed for the default access suggested
by the HAL package and/or OS vendor.
</para>
commit 5ba069ac31919d4c2d08f4d920cc0b59618e7c54
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Wed Jan 21 18:36:12 2009 +0100
fixing spec for access_control.type due to Policykit changes
Fixed spec for access_control.type due to Policykit changes. Fixed
small typo.
diff --git a/doc/spec/hal-spec-properties.xml b/doc/spec/hal-spec-properties.xml
index b28a5bc..505b7bc 100644
--- a/doc/spec/hal-spec-properties.xml
+++ b/doc/spec/hal-spec-properties.xml
@@ -8173,7 +8173,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
<entry>Example: /dev/snd/pcmC0D1p</entry>
<entry>Yes</entry>
<entry>
- Name of the special device file that access can be granted to.
+ Path to the special device file that access can be granted to.
</entry>
</row>
<row>
@@ -8186,7 +8186,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
Type of access - only makes sense when PolicyKit
support is enabled; it's used by PolicyKit to compute
what privilege to check for by
- prepending <literal>hal-device-file-</literal> to the
+ prepending <literal>org.freedesktop.hal.device-access.</literal> to the
value.
</entry>
</row>
commit fab9b6cccc20849ddf1534c9209e827f85038680
Author: Danny Kukawka <danny.kukawka at web.de>
Date: Mon Jan 19 15:53:50 2009 +0100
fix make distcheck
Fixed commit ebb0482963494c8733e211dc5ec16253b776a748 to get
make distcheck working again. A user can't run "make distcheck"
because of /lib/udev/rules.d can't be created due to permissions.
This commit change the Makefile and configure to do the same as
the udev package. The path to ${udev_prefix}/lib/udev/rules.d can
get changed via --with-udev-prefix.
diff --git a/configure.in b/configure.in
index 0c0809a..4f36ad8 100644
--- a/configure.in
+++ b/configure.in
@@ -74,6 +74,12 @@ AC_ARG_WITH([socket-dir],
AS_HELP_STRING([--with-socket-dir=<dir>],
[Location of the HAL D-BUS listening sockets (auto)]))
+AC_ARG_WITH(udev-prefix,
+ AS_HELP_STRING([--with-udev-prefix=DIR], [add prefix to internal udev path names]),
+ [], [with_udev_prefix='${exec_prefix}'])
+udev_prefix=$with_udev_prefix
+AC_SUBST(udev_prefix)
+
if ! test -z "$with_hwdata" ; then
PCI_IDS_DIR="$with_hwdata"
USB_IDS_DIR="$with_hwdata"
@@ -1098,6 +1104,7 @@ echo "
dbus-1 system.d dir: ${DBUS_SYS_DIR}
pci.ids dir: ${PCI_IDS_DIR}
usb.ids dir: ${USB_IDS_DIR}
+ udev prefix: ${udev_prefix}
compiler: ${CC}
cflags: ${CFLAGS}
diff --git a/tools/linux/Makefile.am b/tools/linux/Makefile.am
index 6decfdb..df0782c 100644
--- a/tools/linux/Makefile.am
+++ b/tools/linux/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-udevrulesdir = /lib/udev/rules.d
+udevrulesdir = $(udev_prefix)/lib/udev/rules.d
udevrules_DATA = 90-hal.rules
More information about the hal-commit
mailing list