Merge branch 'master' of git+ssh://hughsient@git.freedesktop.org/git/hal

author: Richard Hughes <richard@hughsie.com> 2009-01-29 08:37:46 +0000
committer: Richard Hughes <richard@hughsie.com> 2009-01-29 08:37:46 +0000
commit: 879f06a4e4abc87471a030a5f285dc32455082e4 (patch)
tree: 5a170e78cc16385b2102080581daa03631d15576
parent: f3cec03bef98c0083c2e9a58ab7323e544412700 (diff)
parent: 101c34aef06dcd8074d7de9e61f296c546996b5d (diff)
9 files changed, 424 insertions, 169 deletions
diff --git a/configure.in b/configure.in
index 0c0809af..4f36ad85 100644
--- a/configure.in
+++ b/configure.in
@@ -74,6 +74,12 @@ AC_ARG_WITH([socket-dir],
 	    AS_HELP_STRING([--with-socket-dir=<dir>],
 			   [Location of the HAL D-BUS listening sockets (auto)]))
 
+AC_ARG_WITH(udev-prefix,
+        AS_HELP_STRING([--with-udev-prefix=DIR], [add prefix to internal udev path names]),
+        [], [with_udev_prefix='${exec_prefix}'])
+udev_prefix=$with_udev_prefix
+AC_SUBST(udev_prefix)
+
 if ! test -z "$with_hwdata" ; then
   PCI_IDS_DIR="$with_hwdata"
   USB_IDS_DIR="$with_hwdata"
@@ -1098,6 +1104,7 @@ echo "
         dbus-1 system.d dir:              ${DBUS_SYS_DIR}
         pci.ids dir:                      ${PCI_IDS_DIR}
         usb.ids dir:                      ${USB_IDS_DIR}
+	udev prefix:            	  ${udev_prefix}
 
         compiler:                         ${CC}
         cflags:                           ${CFLAGS}
diff --git a/doc/spec/hal-spec-access-control.xml b/doc/spec/hal-spec-access-control.xml
index 95006a8b..b33bd189 100644
--- a/doc/spec/hal-spec-access-control.xml
+++ b/doc/spec/hal-spec-access-control.xml
@@ -37,7 +37,7 @@
       HAL uses PolicyKit to decide what users should have access
       according to PolicyKit configuration; see the PolicyKit
       privilege definition
-      file <literal>/etc/PolicyKit/privileges/hal-device-file.priv</literal>
+      file <literal>/usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy</literal>
       on a system with HAL installed for the default access suggested
       by the HAL package and/or OS vendor.
     </para>
@@ -52,6 +52,191 @@
       user. This interface is supposed to be stable so 3rd party
       packages can depend on it.
     </para>
+
+      <sect2 id="access-control-device-file-policies">
+        <title>Device Files policies</title>
+	<para>
+          This is a list of the device file policies/rules delivered with
+	  the HAL package to manage ACL's as defined via <literal>
+	  access_control.type</literal> and the current default Policykit
+	  policies for inactive and active users.
+        </para>
+	<informaltable>
+        <tgroup cols="2">
+          <thead>
+            <row>
+              <entry>Type</entry>
+              <entry>Description</entry>
+              <entry>allow_inactive</entry>
+              <entry>allow_active</entry>
+            </row>
+          </thead>
+          <tbody>
+            <row>
+              <entry>
+                <literal>audio-player</literal>
+              </entry>
+              <entry>Directly access audio players.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>camera</literal>
+              </entry>
+              <entry>Directly access digital cameras.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>cdrom</literal>
+              </entry>
+              <entry>Directly access optical drives.</entry>
+	      <entry>yes</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>dvb</literal>
+              </entry>
+              <entry>Directly access DVB devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>fingerprint-reader</literal>
+              </entry>
+              <entry>Directly access to fingerprint reader devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>floppy</literal>
+              </entry>
+              <entry>Directly access Floppy devices.</entry>
+	      <entry>yes</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>ieee1394-avc</literal>
+              </entry>
+              <entry>Directly access Firewire AVC devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>ieee1394-iidc</literal>
+              </entry>
+              <entry>Directly access Firewire IIDC devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>joystick</literal>
+              </entry>
+              <entry>Directly access Joystick devices.</entry>
+	      <entry>yes</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>modem</literal>
+              </entry>
+              <entry>Directly access serial modem devices.</entry>
+	      <entry>auth_admin_keep_always</entry>
+	      <entry>auth_admin_keep_always</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>mouse</literal>
+              </entry>
+              <entry>Directly access Mouse (input) devices</entry>
+	      <entry>yes</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>obex</literal>
+              </entry>
+              <entry>Directly access OBEX devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>pda</literal>
+              </entry>
+              <entry>Directly access PDA devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>ppdev</literal>
+              </entry>
+              <entry>Directly access parallel port devices.</entry>
+	      <entry>auth_admin_keep_always</entry>
+	      <entry>auth_admin_keep_always</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>printer</literal>
+              </entry>
+              <entry>Directly access printer devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>removable-block</literal>
+              </entry>
+              <entry>Directly access removable block devices.</entry>
+	      <entry>no</entry>
+	      <entry>no</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>scanner</literal>
+              </entry>
+              <entry>Directly access scanners.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>sound</literal>
+              </entry>
+              <entry>Directly access sound devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>video</literal>
+              </entry>
+              <entry>Directly access Video devices.</entry>
+	      <entry>yes</entry>
+	      <entry>yes</entry>
+            </row>
+            <row>
+              <entry>
+                <literal>video4linux</literal>
+              </entry>
+              <entry>Directly access video capture devices.</entry>
+	      <entry>no</entry>
+	      <entry>yes</entry>
+            </row>
+          </tbody>
+        </tgroup>
+        </informaltable>
+      </sect2>
+
   </sect1>
 
   <sect1 id="access-control-ipc">
diff --git a/doc/spec/hal-spec-properties.xml b/doc/spec/hal-spec-properties.xml
index b28a5bcf..3c400efe 100644
--- a/doc/spec/hal-spec-properties.xml
+++ b/doc/spec/hal-spec-properties.xml
@@ -6092,7 +6092,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
               </entry>
               <entry></entry>
               <entry>Yes</entry>
-              <entry>TODO</entry>
+              <entry>Special device file to interact with the printer device.</entry>
             </row>
             <row>
               <entry>
@@ -6100,7 +6100,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
               </entry>
               <entry></entry>
               <entry>Yes</entry>
-              <entry>TODO</entry>
+              <entry>Name of the device vendor</entry>
             </row>
             <row>
               <entry>
@@ -6108,7 +6108,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
               </entry>
               <entry></entry>
               <entry>Yes</entry>
-              <entry>TODO</entry>
+              <entry>Name of the product.</entry>
             </row>
             <row>
               <entry>
@@ -6116,15 +6116,19 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
               </entry>
               <entry></entry>
               <entry>Yes</entry>
-              <entry>TODO</entry>
+              <entry>
+		A string uniquely identifying the instance of the device; 
+		ie. it will be different for two devices of the same type. 
+		Note that the serial number is broken on some USB devices.
+	       </entry>
             </row>
             <row>
               <entry>
                 <literal>printer.description</literal> (string)
               </entry>
               <entry></entry>
-              <entry>Yes</entry>
-              <entry>TODO</entry>
+              <entry>No</entry>
+              <entry>Description for the device.</entry>
             </row>
             <row>
               <entry>
@@ -8173,7 +8177,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
               <entry>Example: /dev/snd/pcmC0D1p</entry>
               <entry>Yes</entry>
               <entry>
-                Name of the special device file that access can be granted to.
+                Path to the special device file that access can be granted to.
               </entry>
             </row>
             <row>
@@ -8186,7 +8190,7 @@ org.freedesktop.Hal.Device.Volume.method_signatures = {'ssas', 'as', 'as'}
                 Type of access - only makes sense when PolicyKit
                 support is enabled; it's used by PolicyKit to compute
                 what privilege to check for by
-                prepending <literal>hal-device-file-</literal> to the
+                prepending <literal>org.freedesktop.hal.device-access.</literal> to the
                 value.
               </entry>
             </row>
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi
index ee637681..98f8c88c 100644
--- a/fdi/policy/10osvendor/20-acl-management.fdi
+++ b/fdi/policy/10osvendor/20-acl-management.fdi
@@ -9,100 +9,112 @@
 
     <!-- sound card (ALSA) -->
     <match key="info.capabilities" contains="alsa">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">alsa.device_file</merge>
-      <merge key="access_control.type" type="string">sound</merge>
+      <match key="alsa.device_file" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">alsa.device_file</merge>
+        <merge key="access_control.type" type="string">sound</merge>
+      </match>
     </match>
 
     <!-- sound card (OSS) -->
     <match key="info.capabilities" contains="oss">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">oss.device_file</merge>
-      <merge key="access_control.type" type="string">sound</merge>
+      <match key="oss.device_file" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">oss.device_file</merge>
+        <merge key="access_control.type" type="string">sound</merge>
+      </match>
     </match>
 
     <!-- video4linux devices -->
     <match key="info.capabilities" contains="video4linux">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">video4linux.device</merge>
-      <merge key="access_control.type" type="string">video4linux</merge>
+      <match key="video4linux.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">video4linux.device</merge>
+        <merge key="access_control.type" type="string">video4linux</merge>
+      </match>
     </match>
 
     <!-- Removable block devices -->
     <match key="info.capabilities" contains="block">
-      <match key="@block.storage_device:storage.removable" bool="true">
-        <!-- do not set acls on unpartitioned volumes, parent gets them -->
-        <match key="block.is_volume" bool="true"> 
-          <match key="volume.is_partition" bool="true"> 
-            <append key="info.capabilities" type="strlist">access_control</append>
+      <match key="block.device" exists="true">
+        <match key="@block.storage_device:storage.removable" bool="true">
+          <!-- do not set acls on unpartitioned volumes, parent gets them -->
+          <match key="block.is_volume" bool="true"> 
+            <match key="volume.is_partition" bool="true"> 
+              <addset key="info.capabilities" type="strlist">access_control</addset>
+              <merge key="access_control.file" type="copy_property">block.device</merge>
+              <merge key="access_control.type" type="string">removable-block</merge>
+            </match>
+          </match>
+          <match key="block.is_volume" bool="false"> 
+            <addset key="info.capabilities" type="strlist">access_control</addset>
             <merge key="access_control.file" type="copy_property">block.device</merge>
             <merge key="access_control.type" type="string">removable-block</merge>
           </match>
         </match>
-        <match key="block.is_volume" bool="false"> 
-          <append key="info.capabilities" type="strlist">access_control</append>
-          <merge key="access_control.file" type="copy_property">block.device</merge>
-          <merge key="access_control.type" type="string">removable-block</merge>
-        </match>
       </match>
     </match>
 
     <!-- optical drives -->
     <match key="info.capabilities" contains="storage.cdrom">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">block.device</merge>
-      <merge key="access_control.type" type="string">cdrom</merge>
+      <match key="block.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">block.device</merge>
+        <merge key="access_control.type" type="string">cdrom</merge>
+      </match>
     </match>
 
     <!-- scsi generic device for optical drives -->
     <match key="info.capabilities" contains="scsi_generic">
-      <match key="@info.parent:scsi.type" string="cdrom">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
-	<merge key="access_control.type" type="string">cdrom</merge>
-      </match>
-      <match key="info.capabilities" contains="scanner">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
-	<merge key="access_control.type" type="string">scanner</merge>
-      </match>
-      <!-- usb floppy bnc#336327 -->
-      <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
-	<match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
-	  <append key="info.capabilities" type="strlist">access_control</append>
+      <match key="scsi_generic.device" exists="true">
+        <match key="@info.parent:scsi.type" string="cdrom">
+	  <addset key="info.capabilities" type="strlist">access_control</addset>
 	  <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
-	  <merge key="access_control.type" type="string">floppy</merge>
-	</match>
+	  <merge key="access_control.type" type="string">cdrom</merge>
+        </match>
+        <match key="info.capabilities" contains="scanner">
+  	  <addset key="info.capabilities" type="strlist">access_control</addset>
+	  <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+	  <merge key="access_control.type" type="string">scanner</merge>
+        </match>
+        <!-- usb floppy bnc#336327 -->
+        <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8">
+ 	  <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4">
+	    <addset key="info.capabilities" type="strlist">access_control</addset>
+	    <merge key="access_control.file" type="copy_property">scsi_generic.device</merge>
+	    <merge key="access_control.type" type="string">floppy</merge>
+	  </match>
+        </match>
       </match>
     </match>
 
     <!-- DVB cards -->
     <match key="info.capabilities" contains="dvb">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">dvb.device</merge>
-      <merge key="access_control.type" type="string">dvb</merge>
+      <match key="dvb.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">dvb.device</merge>
+        <merge key="access_control.type" type="string">dvb</merge>
+      </match>
     </match>
 
     <!-- support for Linux USB stack where device node is on a child of the main USB device -->
     <match key="info.capabilities" contains="usbraw">
-      <match key="info.capabilities" sibling_contains="camera">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">usbraw.device</merge>
-        <merge key="access_control.type" type="string">camera</merge>
-      </match>
-    </match>
-    <match key="info.capabilities" contains="usbraw">
-      <match key="info.capabilities" sibling_contains="scanner">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">usbraw.device</merge>
-	<merge key="access_control.type" type="string">scanner</merge>
-      </match>
-    </match>
-    <match key="info.capabilities" contains="usbraw">
-      <match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">usbraw.device</merge>
-	<merge key="access_control.type" type="string">fingerprint-reader</merge>
+      <match key="usbraw.device" exists="true">
+        <match key="info.capabilities" sibling_contains="camera">
+  	  <addset key="info.capabilities" type="strlist">access_control</addset>
+	  <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+          <merge key="access_control.type" type="string">camera</merge>
+        </match>
+        <match key="info.capabilities" sibling_contains="scanner">
+	  <addset key="info.capabilities" type="strlist">access_control</addset>
+	  <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+	  <merge key="access_control.type" type="string">scanner</merge>
+        </match>
+        <match key="info.capabilities" sibling_contains="biometic.fingerprint_reader">
+	  <addset key="info.capabilities" type="strlist">access_control</addset>
+	  <merge key="access_control.file" type="copy_property">usbraw.device</merge>
+	  <merge key="access_control.type" type="string">fingerprint-reader</merge>
+        </match>
       </match>
     </match>
 
@@ -110,27 +122,27 @@
     <match key="info.subsystem" string="usb">
       <match key="@info.parent:linux.device_file" exists="true">
         <match key="info.capabilities" contains="camera">
-          <append key="info.capabilities" type="strlist">access_control</append>
+          <addset key="info.capabilities" type="strlist">access_control</addset>
           <merge key="access_control.type" type="string">camera</merge>
           <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
         </match>
         <match key="info.capabilities" contains="scanner">
-          <append key="info.capabilities" type="strlist">access_control</append>
+          <addset key="info.capabilities" type="strlist">access_control</addset>
           <merge key="access_control.type" type="string">scanner</merge>
           <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
         </match>
         <match key="info.capabilities" contains="portable_audio_player">
-          <append key="info.capabilities" type="strlist">access_control</append>
+          <addset key="info.capabilities" type="strlist">access_control</addset>
           <merge key="access_control.type" type="string">audio-player</merge>
           <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
         </match>
         <match key="info.capabilities" contains="obex">
-          <append key="info.capabilities" type="strlist">access_control</append>
+          <addset key="info.capabilities" type="strlist">access_control</addset>
           <merge key="access_control.type" type="string">obex</merge>
           <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
         </match>
         <match key="info.capabilities" contains="biometric.fingerprint_reader">
-          <append key="info.capabilities" type="strlist">access_control</append>
+          <addset key="info.capabilities" type="strlist">access_control</addset>
           <merge key="access_control.type" type="string">fingerprint-reader</merge>
           <merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
         </match>
@@ -140,20 +152,24 @@
 
     <!-- Firewire devices are mostly driven by userspace libraries -->
     <match key="info.capabilities" contains="ieee1394_unit.iidc">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
-      <merge key="access_control.type" type="string">ieee1394-iidc</merge>
+      <match key="@ieee1394_unit.originating_device:ieee1394.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
+        <merge key="access_control.type" type="string">ieee1394-iidc</merge>
+      </match>
     </match>
     <match key="info.capabilities" contains="ieee1394_unit.avc">
-      <append key="info.capabilities" type="strlist">access_control</append>
-      <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
-      <merge key="access_control.type" type="string">ieee1394-avc</merge>
+      <match key="@ieee1394_unit.originating_device:ieee1394.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
+        <merge key="access_control.type" type="string">ieee1394-avc</merge>
+      </match>
     </match>
 
     <!-- serial devices are assumed to be modems by default (no access) -->
     <match key="info.category" string="serial">
       <match key="serial.device" exists="true">
-	<append key="info.capabilities" type="strlist">access_control</append>
+	<addset key="info.capabilities" type="strlist">access_control</addset>
 	<merge key="access_control.file" type="copy_property">serial.device</merge>
 	<merge key="access_control.type" type="string">modem</merge>
       </match>
@@ -161,8 +177,8 @@
 
     <!-- serial devices are assumed to be modems by default (no access) -->
     <match key="info.category" string="ppdev">
-      <match key="serial.device" exists="true">
-	<append key="info.capabilities" type="strlist">access_control</append>
+      <match key="linux.device_file" exists="true">
+	<addset key="info.capabilities" type="strlist">access_control</addset>
 	<merge key="access_control.file" type="copy_property">linux.device_file</merge>
 	<merge key="access_control.type" type="string">ppdev</merge>
       </match>
@@ -171,7 +187,7 @@
     <!-- after serial to be able to override restrictive default -->
     <match key="info.capabilities" contains="pda">
       <!-- PalmOS PDAs -->
-      <append key="info.capabilities" type="strlist">access_control</append>
+      <addset key="info.capabilities" type="strlist">access_control</addset>
       <merge key="access_control.type" type="string">pda</merge>
       <match key="pda.platform" string="palm">
         <merge key="access_control.file" type="copy_property">pda.palm.hotsync_interface</merge>
@@ -184,60 +200,75 @@
 
     <!-- plain old floppy -->
     <match key="storage.drive_type" string="floppy">
-      <match key="storage.no_partitions_hint" bool="true">
-	<match key="access_control.type" exists="false">
-	  <append key="info.capabilities" type="strlist">access_control</append>
-	  <merge key="access_control.file" type="copy_property">block.device</merge>
-	  <merge key="access_control.type" type="string">floppy</merge>
+      <match key="block.device" exists="true">
+        <match key="storage.no_partitions_hint" bool="true">
+	  <match key="access_control.type" exists="false">
+	    <addset key="info.capabilities" type="strlist">access_control</addset>
+	    <merge key="access_control.file" type="copy_property">block.device</merge>
+	    <merge key="access_control.type" type="string">floppy</merge>
+	  </match>
 	</match>
       </match>
     </match>
 
     <!-- linux input devices (needed e.g. for games) -->
     <match key="linux.subsystem" string="input">
-      <!-- joysticks -->
-      <match key="info.capabilities" contains="input.joystick">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">input.device</merge>
-	<merge key="access_control.type" type="string">joystick</merge>
-      </match>
-      <!-- mice -->
-      <match key="info.capabilities" contains="input.mouse">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">input.device</merge>
-	<merge key="access_control.type" type="string">mouse</merge>
+      <match key="input.device" exists="true">
+        <!-- joysticks -->
+        <match key="info.capabilities" contains="input.joystick">
+	  <addset key="info.capabilities" type="strlist">access_control</addset>
+	  <merge key="access_control.file" type="copy_property">input.device</merge>
+	  <merge key="access_control.type" type="string">joystick</merge>
+        </match>
+        <!-- mice -->
+        <match key="info.capabilities" contains="input.mouse">
+	  <addset key="info.capabilities" type="strlist">access_control</addset>
+ 	  <merge key="access_control.file" type="copy_property">input.device</merge>
+	  <merge key="access_control.type" type="string">mouse</merge>
+        </match>
       </match>
     </match>
 
     <!-- graphics cards, e.g. for 3d accelleration -->
     <match key="info.capabilities" contains="drm">
-	<append key="info.capabilities" type="strlist">access_control</append>
-	<merge key="access_control.file" type="copy_property">linux.device_file</merge>
-	<merge key="access_control.type" type="string">video</merge>
+      <match key="linux.device_file" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">linux.device_file</merge>
+        <merge key="access_control.type" type="string">video</merge>
+      </match>
+    </match>
+
+    <!-- printer devices -->
+    <match key="info.capabilities" contains="printer">
+      <match key="printer.device" exists="true">
+        <addset key="info.capabilities" type="strlist">access_control</addset>
+        <merge key="access_control.file" type="copy_property">printer.device</merge>
+        <merge key="access_control.type" type="string">printer</merge>
+      </match>
     </match>
 
     <!-- enforcement of policy goes here -->
 
     <!-- add / remove ACL's when devices are added and removed -->
     <match key="info.capabilities" contains="access_control">
-      <append key="info.callouts.add" type="strlist">hal-acl-tool --add-device</append>
-      <append key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</append>
+      <addset key="info.callouts.add" type="strlist">hal-acl-tool --add-device</addset>
+      <addset key="info.callouts.remove" type="strlist">hal-acl-tool --remove-device</addset>
     </match>
 
     <match key="info.udi" string="/org/freedesktop/Hal/devices/computer">
 
       <!-- remove all previously added ACL's on start-up -->
-      <append key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</append>
+      <addset key="info.callouts.add" type="strlist">hal-acl-tool --remove-all</addset>
 
       <!-- reconfigure all ACL's sessions are added and removed -->
-      <append key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</append>
-      <append key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</append>
+      <addset key="info.callouts.session_add" type="strlist">hal-acl-tool --reconfigure</addset>
+      <addset key="info.callouts.session_remove" type="strlist">hal-acl-tool --reconfigure</addset>
 
       <!-- reconfigure all ACL's when a session becomes active -->
-      <append key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</append>
+      <addset key="info.callouts.session_active" type="strlist">hal-acl-tool --reconfigure</addset>
 
       <!-- reconfigure all ACL's when a session becomes inactive -->
-      <append key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</append>
+      <addset key="info.callouts.session_inactive" type="strlist">hal-acl-tool --reconfigure</addset>
 
     </match>
 
diff --git a/hal.conf.in b/hal.conf.in
index 823e40f2..403465ef 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -18,36 +18,41 @@
   <policy context="default">
     <allow send_destination="org.freedesktop.Hal"
            send_interface="org.freedesktop.DBus.Introspectable"/>
-    <allow send_interface="org.freedesktop.Hal.Manager"/>
-    <allow send_interface="org.freedesktop.Hal.Device"/>
-    <allow receive_interface="org.freedesktop.Hal.Manager"
-           receive_sender="org.freedesktop.Hal"/>
-    <allow receive_interface="org.freedesktop.Hal.Device"
-           receive_sender="org.freedesktop.Hal"/>
-
-    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
-    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
-    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
-    <allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
-    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
-    <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
-	   receive_sender="org.freedesktop.Hal"/>
-    <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
-	   receive_sender="org.freedesktop.Hal"/>
-    <allow receive_interface="org.freedesktop.Hal.Device.Volume"
-	   receive_sender="org.freedesktop.Hal"/>
-    <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
-	   receive_sender="org.freedesktop.Hal"/>
-  </policy>
+    <allow send_destination="org.freedesktop.Hal"
+           send_interface="org.freedesktop.DBus.Properties" />
+
+    <allow send_destination="org.freedesktop.Hal"
+           send_interface="org.freedesktop.Hal.Device"/>
+    <allow send_destination="org.freedesktop.Hal"
+           send_interface="org.freedesktop.Hal.Manager"/>
+
+    <allow send_destination="org.freedesktop.Hal"
+           send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.DockStation"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Leds"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Storage"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Volume"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
 
-  <!-- Default policy for the exported interfaces; if PolicyKit is not used
-       for access control you will need to modify this -->
-  <policy context="default">
-    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
-    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
-    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
-    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
-    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
   </policy>
 
 </busconfig>
diff --git a/hald/linux/device.c b/hald/linux/device.c
index c1f8debf..21b9176c 100644
--- a/hald/linux/device.c
+++ b/hald/linux/device.c
@@ -1296,12 +1296,16 @@ leds_add (const gchar *sysfs_path, const gchar *device_file, HalDevice *parent_d
 	        attributes = g_strsplit_set (dev_name, ":", 0);
 	
 		if (attributes != NULL) {
-			if (attributes[0] != NULL && attributes[0][0] != '\0')
-				hal_device_property_set_string (d, "leds.device_name", attributes[0]);
-			if (attributes[1] != NULL && attributes[1][0] != '\0')
-				hal_device_property_set_string (d, "leds.colour", attributes[1]);
-			if (attributes[2] != NULL && attributes[2][0] != '\0')
-				hal_device_property_set_string (d, "leds.function", attributes[2]);
+			if (attributes[0] != NULL) {
+				if (attributes[0][0] != '\0')
+					hal_device_property_set_string (d, "leds.device_name", attributes[0]);
+				if (attributes[1] != NULL ) {
+					if (attributes[1][0] != '\0')
+						hal_device_property_set_string (d, "leds.colour", attributes[1]);
+					if (attributes[2] != NULL && attributes[2][0] != '\0')
+						hal_device_property_set_string (d, "leds.function", attributes[2]);
+				}
+			}
 		}
 		g_strfreev (attributes);
 	}
diff --git a/hald/linux/osspec.c b/hald/linux/osspec.c
index 0902b149..f75d88a9 100644
--- a/hald/linux/osspec.c
+++ b/hald/linux/osspec.c
@@ -891,6 +891,11 @@ hal_util_get_driver_name (const char *sysfs_path, gchar *driver_name)
 	gchar driver_path[HAL_PATH_MAX];
 	struct stat statbuf;
 
+	if (sysfs_path == NULL) {
+		HAL_WARNING (("hal_util_get_driver_name: sysfs_path == NULL"));
+		return FALSE;
+	}
+
 	g_snprintf (driver_path, sizeof (driver_path), "%s/driver", sysfs_path);
 	if (stat (driver_path, &statbuf) == 0) {
 		gchar buf[256];
@@ -909,6 +914,11 @@ hal_util_set_driver (HalDevice *d, const char *property_name, const char *sysfs_
 	gboolean ret;
 	gchar driver_name[256];
 
+	if (d == NULL || property_name == NULL || sysfs_path == NULL) {
+		HAL_WARNING (("hal_util_set_driver: d, property_name or sysfs_path == NULL"));
+		return FALSE;
+	}
+
 	memset (driver_name, '\0', sizeof (driver_name));
 	ret = hal_util_get_driver_name (sysfs_path, driver_name);
 	if (ret == TRUE)
diff --git a/policy/org.freedesktop.hal.device-access.policy b/policy/org.freedesktop.hal.device-access.policy
index 53711744..e083eb49 100644
--- a/policy/org.freedesktop.hal.device-access.policy
+++ b/policy/org.freedesktop.hal.device-access.policy
@@ -19,15 +19,6 @@ NOTE: Please keep the actions in alpabetical order
 
 <policyconfig>
 
-  <action id="org.freedesktop.hal.device-access.fingerprint-reader">
-    <description>Directly access to fingerprint reader devices</description>
-    <message>System policy prevents access to fingerprint readers</message>
-    <defaults>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>yes</allow_active>
-    </defaults>
-  </action>
-
   <action id="org.freedesktop.hal.device-access.audio-player">
     <description>Directly access audio players</description>
     <message>System policy prevents access to audio players</message>
@@ -55,18 +46,18 @@ NOTE: Please keep the actions in alpabetical order
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.removable-block">
-    <description>Directly access removable block devices</description>
-    <message>System policy prevents access to removable block devices</message>
+  <action id="org.freedesktop.hal.device-access.dvb">
+    <description>Directly access DVB devices</description>
+    <message>System policy prevents access to DVB devices</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>no</allow_active>
+      <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.dvb">
-    <description>Directly access DVB devices</description>
-    <message>System policy prevents access to DVB devices</message>
+  <action id="org.freedesktop.hal.device-access.fingerprint-reader">
+    <description>Directly access to fingerprint reader devices</description>
+    <message>System policy prevents access to fingerprint readers</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
@@ -154,6 +145,24 @@ NOTE: Please keep the actions in alpabetical order
     </defaults>
   </action>
 
+  <action id="org.freedesktop.hal.device-access.printer">
+    <description>Directly access printers</description>
+    <message>System policy prevents access to printers</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.hal.device-access.removable-block">
+    <description>Directly access removable block devices</description>
+    <message>System policy prevents access to removable block devices</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>no</allow_active>
+    </defaults>
+  </action>
+
   <action id="org.freedesktop.hal.device-access.scanner">
     <description>Directly access scanners</description>
     <message>System policy prevents access to scanners</message>
@@ -172,20 +181,20 @@ NOTE: Please keep the actions in alpabetical order
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.video4linux">
-    <description>Directly access video capture devices</description>
-    <message>System policy prevents access to video capture devices</message>
+  <action id="org.freedesktop.hal.device-access.video">
+    <description>Directly access Video devices</description>
+    <message>System policy prevents access to Video devices</message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
+      <allow_inactive>yes</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-  <action id="org.freedesktop.hal.device-access.video">
-    <description>Directly access Video devices</description>
-    <message>System policy prevents access to Video devices</message>
+  <action id="org.freedesktop.hal.device-access.video4linux">
+    <description>Directly access video capture devices</description>
+    <message>System policy prevents access to video capture devices</message>
     <defaults>
-      <allow_inactive>yes</allow_inactive>
+      <allow_inactive>no</allow_inactive>
       <allow_active>yes</allow_active>
     </defaults>
   </action>
diff --git a/tools/linux/Makefile.am b/tools/linux/Makefile.am
index 6decfdb9..df0782ce 100644
--- a/tools/linux/Makefile.am
+++ b/tools/linux/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
 
-udevrulesdir = /lib/udev/rules.d
+udevrulesdir = $(udev_prefix)/lib/udev/rules.d
 udevrules_DATA = 90-hal.rules
author	Richard Hughes <richard@hughsie.com>	2009-01-29 08:37:46 +0000
committer	Richard Hughes <richard@hughsie.com>	2009-01-29 08:37:46 +0000
commit	879f06a4e4abc87471a030a5f285dc32455082e4 (patch)
tree	5a170e78cc16385b2102080581daa03631d15576
parent	f3cec03bef98c0083c2e9a58ab7323e544412700 (diff)
parent	101c34aef06dcd8074d7de9e61f296c546996b5d (diff)