usr/src/cmd/hal/hal.conf.in

   1 <!DOCTYPE busconfig PUBLIC
   2  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   3  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
   4 <busconfig>
   5
   6   <!-- This configuration file specifies the required security policies
   7        for the HAL to work. -->
   8
   9   <!-- Only root or user @HAL_USER@ can own the HAL service -->
  10   <policy user="@HAL_USER@">
  11     <allow own="org.freedesktop.Hal"/>
  12   </policy>
  13   <policy user="root">
  14     <allow own="org.freedesktop.Hal"/>
  15   </policy>
  16
  17   <policy context="default">
  18     <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
  19     <allow send_interface="org.freedesktop.Hal.Manager"
  20            send_destination="org.freedesktop.Hal"/>
  21     <allow send_interface="org.freedesktop.Hal.Device"
  22            send_destination="org.freedesktop.Hal"/>
  23     <allow send_interface="org.freedesktop.DBus.Introspectable"
  24            send_destination="org.freedesktop.Hal"/>
  25
  26     <!-- These interfaces use RBAC, should not block access at DBus level -->
  27     <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
  28            send_destination="org.freedesktop.Hal"/>
  29     <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
  30            send_destination="org.freedesktop.Hal"/>
  31     <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
  32            send_destination="org.freedesktop.Hal"/>
  33     <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"
  34            send_destination="org.freedesktop.Hal"/>
  35     <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery"
  36            send_destination="org.freedesktop.Hal"/>
  37   </policy>
  38
  39   <!-- Default policy for the exported interfaces -->
  40   <policy context="default">
  41     <deny send_interface="org.freedesktop.Hal.Device.Volume"
  42           send_destination="org.freedesktop.Hal"/>
  43     <deny send_interface="org.freedesktop.Hal.Device.Storage"
  44           send_destination="org.freedesktop.Hal"/>
  45   </policy>
  46
  47   <!-- This will not work if logindevperm is not enabled -->
  48   <policy at_console="true">
  49     <allow send_interface="org.freedesktop.Hal.Device.Volume"
  50            send_destination="org.freedesktop.Hal"/>
  51     <allow send_interface="org.freedesktop.Hal.Device.Storage"
  52            send_destination="org.freedesktop.Hal"/>
  53   </policy>
  54
  55   <!-- You can change this to a more suitable user, or make per-group -->
  56   <policy user="0">
  57     <allow send_interface="org.freedesktop.Hal.Device.Volume"
  58            send_destination="org.freedesktop.Hal"/>
  59     <allow send_interface="org.freedesktop.Hal.Device.Storage"
  60            send_destination="org.freedesktop.Hal"/>
  61   </policy>
  62
  63 </busconfig>