cmd/hal/hal.conf.in

1N/A<!DOCTYPE busconfig PUBLIC
1N/A "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
1N/A "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
1N/A<busconfig>
1N/A
1N/A  <!-- This configuration file specifies the required security policies
1N/A       for the HAL to work. -->
1N/A
1N/A  <!-- Only root or user @HAL_USER@ can own the HAL service -->
1N/A  <policy user="@HAL_USER@">
1N/A    <allow own="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A  <policy user="root">
1N/A    <allow own="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A
1N/A  <policy context="default">
1N/A    <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
1N/A    <allow send_interface="org.freedesktop.Hal.Manager"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.DBus.Introspectable"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A
1N/A    <!-- These interfaces use RBAC, should not block access at DBus level -->
1N/A    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A
1N/A  <!-- Default policy for the exported interfaces -->
1N/A  <policy context="default">
1N/A    <deny send_interface="org.freedesktop.Hal.Device.Volume"
1N/A          send_destination="org.freedesktop.Hal"/>
1N/A    <deny send_interface="org.freedesktop.Hal.Device.Storage"
1N/A          send_destination="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A
1N/A  <!-- This will not work if logindevperm is not enabled -->
1N/A  <policy at_console="true">
1N/A    <allow send_interface="org.freedesktop.Hal.Device.Volume"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.Storage"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A
1N/A  <!-- You can change this to a more suitable user, or make per-group -->
1N/A  <policy user="0">
1N/A    <allow send_interface="org.freedesktop.Hal.Device.Volume"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A    <allow send_interface="org.freedesktop.Hal.Device.Storage"
1N/A           send_destination="org.freedesktop.Hal"/>
1N/A  </policy>
1N/A
1N/A</busconfig>