diff options
| author | Martin Pitt <martin.pitt@ubuntu.com> | 2009-05-12 13:22:35 +0200 |
|---|---|---|
| committer | Martin Pitt <martin.pitt@ubuntu.com> | 2009-05-12 13:22:35 +0200 |
| commit | a18f69ea0d1a100bf85925b81acd0539f564eae6 (patch) | |
| tree | 58bd1814cb907b9e2f11bfcb949bd8eeaf848e91 | |
| parent | ff77e0393931f750caa452c96347ef83f2c3aab7 (diff) | |
add ACL policy for smartcard readers
Grant access to the currently logged-in user on some SCM smart-card readers.
This improves the out-of-box support for OpenGPG card users.
Reported in https://launchpad.net/bugs/57755
| -rw-r--r-- | fdi/policy/10osvendor/10-smartcardreaders.fdi | 16 | ||||
| -rw-r--r-- | fdi/policy/10osvendor/Makefile.am | 1 | ||||
| -rw-r--r-- | policy/org.freedesktop.hal.device-access.policy | 9 |
3 files changed, 26 insertions, 0 deletions
diff --git a/fdi/policy/10osvendor/10-smartcardreaders.fdi b/fdi/policy/10osvendor/10-smartcardreaders.fdi new file mode 100644 index 00000000..1c9388ab --- /dev/null +++ b/fdi/policy/10osvendor/10-smartcardreaders.fdi @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deviceinfo version="0.2"> + <device> + <match key="info.subsystem" string="usb"> + <!-- SCM SPR 335, SPR 532 --> + <match key="usb.vendor_id" int="0x4e6"> + <match key="usb.product_id" int_outof="0x5115;0xe001;0xe003"> + <append key="info.capabilities" type="strlist">access_control</append> + <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> + <merge key="access_control.type" type="string">smart-card-reader</merge> + </match> + </match> + </match> + </device> +</deviceinfo> diff --git a/fdi/policy/10osvendor/Makefile.am b/fdi/policy/10osvendor/Makefile.am index 67c021c3..5a197952 100644 --- a/fdi/policy/10osvendor/Makefile.am +++ b/fdi/policy/10osvendor/Makefile.am @@ -8,6 +8,7 @@ dist_fdi_DATA = \ 10-leds.fdi \ 10-power-mgmt-policy.fdi \ 10-rfkill-switch.fdi \ + 10-smartcardreaders.fdi \ 10-tabletPCs.fdi \ 10-x11-input.fdi \ 15-storage-luks.fdi \ diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy index e083eb49..7643a3e4 100644 --- a/policy/org.freedesktop.hal.device-access.policy +++ b/policy/org.freedesktop.hal.device-access.policy @@ -199,4 +199,13 @@ NOTE: Please keep the actions in alpabetical order </defaults> </action> + <action id="org.freedesktop.hal.device-access.smart-card-reader"> + <description>Directly access smart-card readers</description> + <message>System policy prevents access to the smart-card readers</message> + <defaults> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + </action> + </policyconfig> |