diff options
| author | Danny Kukawka <danny.kukawka@web.de> | 2009-01-28 13:17:23 +0100 |
|---|---|---|
| committer | Danny Kukawka <danny.kukawka@web.de> | 2009-01-28 13:17:23 +0100 |
| commit | 4bde0385a38f4bcd8bebf4af8d3e1f0bf38ca075 (patch) | |
| tree | 3211febfb1a6675b25cc4e8b7e1118212962ce42 | |
| parent | ace34e318102988320181ffaeeda3eb890112408 (diff) | |
use addset instead of append for ACL rules
Changed existing entries to use addset instead of append to prevent
double entries if a device may have more than one matching capability.
| -rw-r--r-- | fdi/policy/10osvendor/20-acl-management.fdi | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi index 358b3c74..505e000f 100644 --- a/fdi/policy/10osvendor/20-acl-management.fdi +++ b/fdi/policy/10osvendor/20-acl-management.fdi @@ -9,21 +9,21 @@ <!-- sound card (ALSA) --> <match key="info.capabilities" contains="alsa"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">alsa.device_file</merge> <merge key="access_control.type" type="string">sound</merge> </match> <!-- sound card (OSS) --> <match key="info.capabilities" contains="oss"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">oss.device_file</merge> <merge key="access_control.type" type="string">sound</merge> </match> <!-- video4linux devices --> <match key="info.capabilities" contains="video4linux"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">video4linux.device</merge> <merge key="access_control.type" type="string">video4linux</merge> </match> @@ -34,13 +34,13 @@ <!-- do not set acls on unpartitioned volumes, parent gets them --> <match key="block.is_volume" bool="true"> <match key="volume.is_partition" bool="true"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">block.device</merge> <merge key="access_control.type" type="string">removable-block</merge> </match> </match> <match key="block.is_volume" bool="false"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">block.device</merge> <merge key="access_control.type" type="string">removable-block</merge> </match> @@ -49,7 +49,7 @@ <!-- optical drives --> <match key="info.capabilities" contains="storage.cdrom"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">block.device</merge> <merge key="access_control.type" type="string">cdrom</merge> </match> @@ -57,19 +57,19 @@ <!-- scsi generic device for optical drives --> <match key="info.capabilities" contains="scsi_generic"> <match key="@info.parent:scsi.type" string="cdrom"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> <merge key="access_control.type" type="string">cdrom</merge> </match> <match key="info.capabilities" contains="scanner"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> <merge key="access_control.type" type="string">scanner</merge> </match> <!-- usb floppy bnc#336327 --> <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8"> <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> <merge key="access_control.type" type="string">floppy</merge> </match> @@ -78,7 +78,7 @@ <!-- DVB cards --> <match key="info.capabilities" contains="dvb"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">dvb.device</merge> <merge key="access_control.type" type="string">dvb</merge> </match> @@ -86,17 +86,17 @@ <!-- support for Linux USB stack where device node is on a child of the main USB device --> <match key="info.capabilities" contains="usbraw"> <match key="info.capabilities" sibling_contains="camera"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">usbraw.device</merge> <merge key="access_control.type" type="string">camera</merge> </match> <match key="info.capabilities" sibling_contains="scanner"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">usbraw.device</merge> <merge key="access_control.type" type="string">scanner</merge> </match> <match key="info.capabilities" sibling_contains="biometic.fingerprint_reader"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">usbraw.device</merge> <merge key="access_control.type" type="string">fingerprint-reader</merge> </match> @@ -106,27 +106,27 @@ <match key="info.subsystem" string="usb"> <match key="@info.parent:linux.device_file" exists="true"> <match key="info.capabilities" contains="camera"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">camera</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> <match key="info.capabilities" contains="scanner"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">scanner</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> <match key="info.capabilities" contains="portable_audio_player"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">audio-player</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> <match key="info.capabilities" contains="obex"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">obex</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> <match key="info.capabilities" contains="biometric.fingerprint_reader"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">fingerprint-reader</merge> <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge> </match> @@ -136,12 +136,12 @@ <!-- Firewire devices are mostly driven by userspace libraries --> <match key="info.capabilities" contains="ieee1394_unit.iidc"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge> <merge key="access_control.type" type="string">ieee1394-iidc</merge> </match> <match key="info.capabilities" contains="ieee1394_unit.avc"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge> <merge key="access_control.type" type="string">ieee1394-avc</merge> </match> @@ -149,7 +149,7 @@ <!-- serial devices are assumed to be modems by default (no access) --> <match key="info.category" string="serial"> <match key="serial.device" exists="true"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">serial.device</merge> <merge key="access_control.type" type="string">modem</merge> </match> @@ -158,7 +158,7 @@ <!-- serial devices are assumed to be modems by default (no access) --> <match key="info.category" string="ppdev"> <match key="serial.device" exists="true"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">linux.device_file</merge> <merge key="access_control.type" type="string">ppdev</merge> </match> @@ -167,7 +167,7 @@ <!-- after serial to be able to override restrictive default --> <match key="info.capabilities" contains="pda"> <!-- PalmOS PDAs --> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.type" type="string">pda</merge> <match key="pda.platform" string="palm"> <merge key="access_control.file" type="copy_property">pda.palm.hotsync_interface</merge> @@ -182,7 +182,7 @@ <match key="storage.drive_type" string="floppy"> <match key="storage.no_partitions_hint" bool="true"> <match key="access_control.type" exists="false"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">block.device</merge> <merge key="access_control.type" type="string">floppy</merge> </match> @@ -193,13 +193,13 @@ <match key="linux.subsystem" string="input"> <!-- joysticks --> <match key="info.capabilities" contains="input.joystick"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">input.device</merge> <merge key="access_control.type" type="string">joystick</merge> </match> <!-- mice --> <match key="info.capabilities" contains="input.mouse"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">input.device</merge> <merge key="access_control.type" type="string">mouse</merge> </match> @@ -207,7 +207,7 @@ <!-- graphics cards, e.g. for 3d accelleration --> <match key="info.capabilities" contains="drm"> - <append key="info.capabilities" type="strlist">access_control</append> + <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">linux.device_file</merge> <merge key="access_control.type" type="string">video</merge> </match> @@ -216,24 +216,24 @@ <!-- add / remove ACL's when devices are added and removed --> <match key="info.capabilities" contains="access_control"> - <append key="info.callouts.add" type="strlist">hal-acl-tool --add-device</append> - <append key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</append> + <addset key="info.callouts.add" type="strlist">hal-acl-tool --add-device</addset> + <addset key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</addset> </match> <match key="info.udi" string="/org/freedesktop/Hal/devices/computer"> <!-- remove all previously added ACL's on start-up --> - <append key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</append> + <addset key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</addset> <!-- reconfigure all ACL's sessions are added and removed --> - <append key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</append> - <append key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</append> + <addset key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</addset> + <addset key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</addset> <!-- reconfigure all ACL's when a session becomes active --> - <append key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</append> + <addset key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</addset> <!-- reconfigure all ACL's when a session becomes inactive --> - <append key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</append> + <addset key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</addset> </match> |