policy definitions are now XML files in PolicKit master

author: David Zeuthen <davidz@redhat.com> 2007-04-22 21:14:56 -0400
committer: David Zeuthen <davidz@redhat.com> 2007-04-22 21:14:56 -0400
commit: 9e37dd339cba8e16587fa666c58906bf3bc1ef35 (patch)
tree: 725a72c1966d8ea19613349ac432ed113ece8927 /policy
parent: b2ee178b46b40d6f5e1ff77d7ec36424f859e5c3 (diff)
5 files changed, 409 insertions, 260 deletions
diff --git a/policy/Makefile.am b/policy/Makefile.am
index f72c6afc..71e1bf2a 100644
--- a/policy/Makefile.am
+++ b/policy/Makefile.am
@@ -3,6 +3,7 @@ if HAVE_POLKIT
 polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
 
 dist_polkit_privilege_DATA =    \
+	hal-lock.policy		\
 	hal-storage.policy	\
 	hal-power.policy	\
 	hal-killswitch.policy	
diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy
index 16e91b30..4eccbfb7 100644
--- a/policy/hal-device-file.policy
+++ b/policy/hal-device-file.policy
@@ -1,86 +1,122 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's ACL management mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david@fubar.dk>
-# 
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
 
-# Directly access sound devices
-#
-#  device-file: special device file
-[Action hal-device-file-sound]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!-- 
+Policy definitions for HAL's ACL Management mechanism
 
-# Directly access video4linux devices
-#
-#  device-file: special device file
-[Action hal-device-file-video4linux]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+Copyright (c) 2007 David Zeuthen <david@fubar.dk>
 
-# Directly access optical drives
-#
-#  device-file: special device file
-[Action hal-device-file-cdrom]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=yes
-AllowLocalActive=yes
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
 
-# Directly access DVB devices
-#
-#  device-file: special device file
-[Action hal-device-file-dvb]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
 
-# Directly access digital cameras
-#
-#  device-file: special device file
-[Action hal-device-file-camera]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<policyconfig>
+  <group id="hal-device-file">
+    <description>Raw device access</description>
+    <description_short>Raw device access</description_short>
 
-# Directly access scanners
-#
-#  device-file: special device file
-[Action hal-device-file-scanner]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+    <policy id="hal-device-file-sound">
+      <description>Directly access sound devices</description>
+      <missing>System policy prevents direct access to the sound device '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all sound devices</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
 
-# Directly access Firewire IIDC devices
-#
-#  device-file: special device file
-[Action hal-device-file-ieee1394-iidc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+    <policy id="hal-device-file-video4linux">
+      <description>Directly access video capture devices</description>
+      <missing>System policy prevents direct access to the video capture device '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all video capture devices</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
 
-# Directly access Firewire AVC devices
-#
-#  device-file: special device file
-[Action hal-device-file-ieee1394-avc]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+    <policy id="hal-device-file-cdrom">
+      <description>Directly access optical drives</description>
+      <missing>System policy prevents direct access to the optical drive '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all video optical drives</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-device-file-dvb">
+      <description>Directly access DVB devices</description>
+      <missing>System policy prevents direct access to the DVB device '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all DVB devices</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-device-file-camera">
+      <description>Directly access digital cameras</description>
+      <missing>System policy prevents direct access to the digital camera '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all digital cameras</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-device-file-scanner">
+      <description>Directly access scanners</description>
+      <missing>System policy prevents direct access to the scanner '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all scanners</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-device-file-ieee1394-iidc">
+      <description>Directly access Firewire IIDC devices</description>
+      <missing>System policy prevents direct access to the Firewire IIDC device '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all Firewire IIDC devices</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-device-file-ieee1394-avc">
+      <description>Directly access Firewire AVC devices</description>
+      <missing>System policy prevents direct access to the Firewire AVC device '%s'.</missing>
+      <apply_to_all_mnemonic>Apply to all Firewire AVC devices</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>yes</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+  </group>
+</policyconfig>
diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy
index d514bf4b..0fb82c44 100644
--- a/policy/hal-killswitch.policy
+++ b/policy/hal-killswitch.policy
@@ -1,28 +1,50 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's RF kill switching mechanism.
-#
-# Copyright (c) 2007 David Zeuthen <david@fubar.dk>
-# 
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Turn Bluetooth radio on/off
-[Action hal-killswitch-bluetooth]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Turn Wireless 802.11 radio on/off
-[Action hal-killswitch-wlan]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!-- 
+Policy definitions for HAL's RF kill switch mechanism
+
+Copyright (c) 2007 David Zeuthen <david@fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+  <group id="hal-killswitch">
+    <description>Radio Killswitches</description>
+    <description_short>RF Killswitch</description_short>
+
+    <policy id="hal-killswitch-bluetooth">
+      <description>Turn Bluetooth radio On/Off</description>
+      <missing>Turning the Bluetooth radio On or Off is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all Bluetooth radios.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-killswitch-wlan">
+      <description>Turn WLAN radio On/Off</description>
+      <missing>Turning the WLAN radio On or Off is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all WLAN radios.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+  </group>
+</policyconfig>
diff --git a/policy/hal-power.policy b/policy/hal-power.policy
index 0376a0f0..fcb45170 100644
--- a/policy/hal-power.policy
+++ b/policy/hal-power.policy
@@ -1,91 +1,158 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's power management mechanisms.
-#
-# Copyright (c) 2007 David Zeuthen <david@fubar.dk>
-# 
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are applied instantly.
-
-# Shutdown the computer
-[Action hal-power-shutdown]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Shutdown computer when multiple users are logged in
-[Action hal-power-shutdown-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Reboot the computer
-[Action hal-power-reboot]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Reboot the computer when multiple users are logged in
-[Action hal-power-reboot-multiple-sessions]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_root
-
-# Configure the system to prefer power savings
-[Action hal-power-set-powersave]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Suspend the system
-[Action hal-power-suspend]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Hibernate the system
-[Action hal-power-hibernate]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Configure CPU frequency scaling
-[Action hal-power-cpufreq]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set laptop panel brightness
-[Action hal-power-lcd-panel]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Read values from ambient light sensor
-[Action hal-power-light-sensor]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set the keyboard backlight
-[Action hal-power-keyboard-backlight]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!-- 
+Policy definitions for HAL's ACL Management mechanism
+
+Copyright (c) 2007 David Zeuthen <david@fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+  <group id="hal-power">
+    <description>Power Management</description>
+    <description_short>Power Management</description_short>
+
+    <policy id="hal-power-shutdown">
+      <description>Shut down the system</description>
+      <missing>System policy prevents shutting down the system.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-shutdown-multiple-sessions">
+      <description>Shut down the system when multiple users are logged in</description>
+      <missing>System policy prevents shutting down the system when multiple users are logged in.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>auth_root</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-reboot">
+      <description>Reboot the system</description>
+      <missing>System policy prevents rebooting the system.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-reboot-multiple-sessions">
+      <description>Reboot the system when multiple users are logged in</description>
+      <missing>System policy prevents rebooting the system when multiple users are logged in.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>auth_root</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-set-powersave">
+      <description>Configure to system to prefer power savings</description>
+      <missing>System policy prevents configuring power savings on the system.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-suspend">
+      <description>Suspend the system</description>
+      <missing>System policy prevents suspending the system.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-hibernate">
+      <description>Hibernate the system</description>
+      <missing>System policy prevents hibernating the system.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-cpufreq">
+      <description>Configure CPU frequency scaling</description>
+      <missing>System policy prevents configuration of CPU frequency scaling.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-lcd-panel">
+      <description>Set laptop panel brightness</description>
+      <missing>System policy prevents setting laptop panel brightness.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-light-sensor">
+      <description>Detect ambient light using light sensor</description>
+      <missing>System policy prevents detecting ambient light using the light sensor.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-power-keyboard-backlight">
+      <description>Set keyboard backlight</description>
+      <missing>System policy prevents setting keyboard backlight.</missing>
+      <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+  </group>
+</policyconfig>
diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy
index a61d0c6e..1bd80838 100644
--- a/policy/hal-storage.policy
+++ b/policy/hal-storage.policy
@@ -1,63 +1,86 @@
-# -*- Conf -*-
-#
-# Policy definitions for HAL's drives/media mechanims.
-#
-# Copyright (c) 2007 David Zeuthen <david@fubar.dk>
-# 
-# HAL is licensed to you under your choice of the the Academic Free
-# License Version 2.1, or the GNU General Public License version
-# 2. Some individual source files may be under the GPL only. See
-# COPYING for details.
-#
-# NOTE: If you make changes to this file, make sure to validate the
-# file using the polkit-privilege-file-validate(1) tool. Changes made
-# to this file are instantly applied.
-
-# Mount file systems from internal drives
-[Action hal-storage-mount-fixed]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from internal drives using options not explicitly granted
-[Action hal-storage-mount-fixed-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Mount file systems from removable/hotpluggable drives
-[Action hal-storage-mount-removable]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Mount file systems from internal drives using options not explicitly granted
-[Action hal-storage-mount-removable-extra-options]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Unmount file systems mounted by other users
-[Action hal-storage-unmount-others]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=auth_self_keep_always
-
-# Eject media from drives
-[Action hal-storage-eject]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
-
-# Set up decryption for encrypted storage devices
-[Action hal-storage-crypto-setup]
-AllowRemoteInactive=no
-AllowRemoteActive=no
-AllowLocalInactive=no
-AllowLocalActive=yes
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<!-- 
+Policy definitions for HAL's drives/media mechanims.
+
+Copyright (c) 2007 David Zeuthen <david@fubar.dk>
+
+HAL is licensed to you under your choice of the the Academic Free
+License Version 2.1, or the GNU General Public License version 2. Some
+individual source files may be under the GPL only. See COPYING for
+details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+  <group id="hal-storage">
+    <description>Storage Drives and Media</description>
+    <description_short>Storage</description_short>
+
+    <policy id="hal-storage-mount-fixed">
+      <description>Mount file systems from internal drives.</description>
+      <missing>Mounting the volume '%s' is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all volumes from _fixed drives.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>auth_root_keep_always</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-storage-mount-removable">
+      <description>Mount file systems from removable drives.</description>
+      <missing>Mounting the volume '%s' is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all volumes from _removable drives.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-storage-unmount-others">
+      <description>Unmount file systems mounted by other users.</description>
+      <missing>The volume '%s' is mounting by another user.</missing>
+      <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>auth_root_keep_always</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-storage-eject">
+      <description>Eject removable media.</description>
+      <missing>Ejecting the volume '%s' is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+    <policy id="hal-storage-crypto-setup">
+      <description>Set up decryption for encrypted storage devices.</description>
+      <missing>Decrypting the volume '%s' is restricted by system policy.</missing>
+      <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic>
+      <defaults>
+        <allow_remote_inactive>no</allow_remote_inactive>
+        <allow_remote_active>no</allow_remote_active>
+        <allow_local_inactive>no</allow_local_inactive>
+        <allow_local_active>yes</allow_local_active>
+      </defaults>
+    </policy>
+
+  </group>
+</policyconfig>
author	David Zeuthen <davidz@redhat.com>	2007-04-22 21:14:56 -0400
committer	David Zeuthen <davidz@redhat.com>	2007-04-22 21:14:56 -0400
commit	9e37dd339cba8e16587fa666c58906bf3bc1ef35 (patch)
tree	725a72c1966d8ea19613349ac432ed113ece8927 /policy
parent	b2ee178b46b40d6f5e1ff77d7ec36424f859e5c3 (diff)