12912Sartem<!DOCTYPE busconfig PUBLIC 22912Sartem "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" 32912Sartem "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> 42912Sartem<busconfig> 52912Sartem 62912Sartem <!-- This configuration file specifies the required security policies 72912Sartem for the HAL to work. --> 82912Sartem 92912Sartem <!-- Only root or user @HAL_USER@ can own the HAL service --> 102912Sartem <policy user="@HAL_USER@"> 112912Sartem <allow own="org.freedesktop.Hal"/> 122912Sartem </policy> 132912Sartem <policy user="root"> 142912Sartem <allow own="org.freedesktop.Hal"/> 152912Sartem </policy> 162912Sartem 172912Sartem <policy context="default"> 188560SArtem.Kachitchkin@Sun.COM <!-- Allow anyone to invoke methods on the Manager and Device interfaces --> 198560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Manager" 208560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 218560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device" 228560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 238560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.DBus.Introspectable" 248560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 252912Sartem 268560SArtem.Kachitchkin@Sun.COM <!-- These interfaces use RBAC, should not block access at DBus level --> 278560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement" 288560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 298560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM" 308560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 318560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel" 328560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 338560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.CPUFreq" 348560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 35*12395SLin.Guo@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery" 36*12395SLin.Guo@Sun.COM send_destination="org.freedesktop.Hal"/> 372912Sartem </policy> 382912Sartem 392912Sartem <!-- Default policy for the exported interfaces --> 402912Sartem <policy context="default"> 418560SArtem.Kachitchkin@Sun.COM <deny send_interface="org.freedesktop.Hal.Device.Volume" 428560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 438560SArtem.Kachitchkin@Sun.COM <deny send_interface="org.freedesktop.Hal.Device.Storage" 448560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 452912Sartem </policy> 462912Sartem 478560SArtem.Kachitchkin@Sun.COM <!-- This will not work if logindevperm is not enabled --> 482912Sartem <policy at_console="true"> 498560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.Volume" 508560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 518560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.Storage" 528560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 532912Sartem </policy> 542912Sartem 552912Sartem <!-- You can change this to a more suitable user, or make per-group --> 562912Sartem <policy user="0"> 578560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.Volume" 588560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 598560SArtem.Kachitchkin@Sun.COM <allow send_interface="org.freedesktop.Hal.Device.Storage" 608560SArtem.Kachitchkin@Sun.COM send_destination="org.freedesktop.Hal"/> 612912Sartem </policy> 622912Sartem 632912Sartem</busconfig> 64