diff options
| author | Danny Kukawka <danny.kukawka@web.de> | 2009-02-13 15:56:29 +0100 |
|---|---|---|
| committer | Danny Kukawka <danny.kukawka@web.de> | 2009-02-13 15:56:29 +0100 |
| commit | b9beaa06340508be7dd7d519bcb8cf9b3139da29 (patch) | |
| tree | beef3a0e6e63902c6c56c2ac04f214fb334cbdbd | |
| parent | 7d368270dc1737f398cb4226aa5385641601af7f (diff) | |
move all storage/block related policies to one block
Moved all storage/block related policies to one block to
prevent accidentally overwriting of already set policies.
| -rw-r--r-- | fdi/policy/10osvendor/20-acl-management.fdi | 79 |
1 files changed, 42 insertions, 37 deletions
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi index a276e98c..2884a12c 100644 --- a/fdi/policy/10osvendor/20-acl-management.fdi +++ b/fdi/policy/10osvendor/20-acl-management.fdi @@ -35,36 +35,14 @@ </match> - <!-- optical drives --> - <match key="info.capabilities" contains="storage.cdrom"> - <match key="block.device" exists="true"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">block.device</merge> - <merge key="access_control.type" type="string">cdrom</merge> - </match> - </match> - - <!-- scsi generic device for optical drives --> + <!-- scsi generic devices --> <match key="info.capabilities" contains="scsi_generic"> <match key="scsi_generic.device" exists="true"> - <match key="@info.parent:scsi.type" string="cdrom"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> - <merge key="access_control.type" type="string">cdrom</merge> - </match> <match key="info.capabilities" contains="scanner"> <addset key="info.capabilities" type="strlist">access_control</addset> <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> <merge key="access_control.type" type="string">scanner</merge> </match> - <!-- usb floppy bnc#336327 --> - <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8"> - <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> - <merge key="access_control.type" type="string">floppy</merge> - </match> - </match> </match> </match> @@ -129,7 +107,6 @@ </match> </match> - <!-- Firewire devices are mostly driven by userspace libraries --> <match key="info.capabilities" contains="ieee1394_unit.iidc"> <match key="@ieee1394_unit.originating_device:ieee1394.device" exists="true"> @@ -178,19 +155,6 @@ </match> </match> - <!-- plain old floppy --> - <match key="storage.drive_type" string="floppy"> - <match key="block.device" exists="true"> - <match key="storage.no_partitions_hint" bool="true"> - <match key="access_control.type" exists="false"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">block.device</merge> - <merge key="access_control.type" type="string">floppy</merge> - </match> - </match> - </match> - </match> - <!-- linux input devices (needed e.g. for games) --> <match key="linux.subsystem" string="input"> <match key="input.device" exists="true"> @@ -227,6 +191,47 @@ </match> </match> + + <!-- keep all storage/block devices in this section together to prevent trouble --> + <!-- optical drives --> + <match key="info.capabilities" contains="storage.cdrom"> + <match key="block.device" exists="true"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">block.device</merge> + <merge key="access_control.type" type="string">cdrom</merge> + </match> + </match> + <!-- plain old floppy --> + <match key="storage.drive_type" string="floppy"> + <match key="block.device" exists="true"> + <match key="storage.no_partitions_hint" bool="true"> + <match key="access_control.type" exists="false"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">block.device</merge> + <merge key="access_control.type" type="string">floppy</merge> + </match> + </match> + </match> + </match> + <!-- scsi generic block device --> + <match key="info.capabilities" contains="scsi_generic"> + <match key="scsi_generic.device" exists="true"> + <match key="@info.parent:scsi.type" string="cdrom"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> + <merge key="access_control.type" type="string">cdrom</merge> + </match> + <!-- usb floppy bnc#336327 --> + <match key="@info.parent:@info.parent:@info.parent:usb.interface.class" int="8"> + <match key="@info.parent:@info.parent:@info.parent:usb.interface.subclass" int="4"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">scsi_generic.device</merge> + <merge key="access_control.type" type="string">floppy</merge> + </match> + </match> + </match> + </match> + <!-- Removable block devices --> <match key="info.capabilities" contains="block"> <!-- Don't set removable-block policy to devices which have already another policy |