diff options
| author | David Zeuthen <davidz@redhat.com> | 2007-04-08 19:09:13 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2007-04-08 19:09:13 -0400 |
| commit | c994c40ad21a3a956690757eb0193e73fdc8bf72 (patch) | |
| tree | a1a3b7e4dae8be68d1bc4bea3fc637cb18ab037f /policy | |
| parent | 2cefd63578435f4f2a1be7dc612489131947f65f (diff) | |
changes to cope with PolicyKit mass renaming
Diffstat (limited to 'policy')
| -rw-r--r-- | policy/.gitignore | 6 | ||||
| -rw-r--r-- | policy/Makefile.am | 20 | ||||
| -rw-r--r-- | policy/hal-device-file.policy | 70 | ||||
| -rw-r--r-- | policy/hal-killswitch.policy | 28 | ||||
| -rw-r--r-- | policy/hal-power.policy | 91 | ||||
| -rw-r--r-- | policy/hal-storage.policy | 63 |
6 files changed, 278 insertions, 0 deletions
diff --git a/policy/.gitignore b/policy/.gitignore new file mode 100644 index 00000000..355a9b88 --- /dev/null +++ b/policy/.gitignore @@ -0,0 +1,6 @@ +.deps +.libs +Makefile +Makefile.in +*.o +*~ diff --git a/policy/Makefile.am b/policy/Makefile.am new file mode 100644 index 00000000..30497d86 --- /dev/null +++ b/policy/Makefile.am @@ -0,0 +1,20 @@ + +if HAVE_POLKIT +polkit_privilegedir = $(sysconfdir)/PolicyKit/policy + +dist_polkit_privilege_DATA = \ + hal-storage.policy \ + hal-power.policy \ + hal-killswitch.policy + +if HAVE_ACLMGMT +dist_polkit_privilege_DATA += hal-device-file.policy +endif + +check: + $(POLKIT_POLICY_FILE_VALIDATE) $(dist_polkit_privilege_DATA) + +endif + +clean-local : + rm -f *~ diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy new file mode 100644 index 00000000..800ef2f2 --- /dev/null +++ b/policy/hal-device-file.policy @@ -0,0 +1,70 @@ +# -*- Conf -*- +# +# Policy definitions for HAL's ACL management mechanism. +# +# Copyright (c) 2007 David Zeuthen <david@fubar.dk> +# +# HAL is licensed to you under your choice of the the Academic Free +# License Version 2.1, or the GNU General Public License version +# 2. Some individual source files may be under the GPL only. See +# COPYING for details. +# +# NOTE: If you make changes to this file, make sure to validate the +# file using the polkit-privilege-file-validate(1) tool. Changes made +# to this file are applied instantly. + +# Directly access sound devices +[Action hal-device-file-sound] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access video4linux devices +[Action hal-device-file-video4linux] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access optical drives +[Action hal-device-file-cdrom] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=yes +AllowLocalActive=yes + +# Directly access DVB devices +[Action hal-device-file-dvb] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access digital cameras +[Action hal-device-file-camera] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access scanners +[Action hal-device-file-scanner] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access Firewire IIDC devices +[Action hal-device-file-ieee1394-iidc] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Directly access Firewire AVC devices +[Action hal-device-file-ieee1394-avc] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy new file mode 100644 index 00000000..d514bf4b --- /dev/null +++ b/policy/hal-killswitch.policy @@ -0,0 +1,28 @@ +# -*- Conf -*- +# +# Policy definitions for HAL's RF kill switching mechanism. +# +# Copyright (c) 2007 David Zeuthen <david@fubar.dk> +# +# HAL is licensed to you under your choice of the the Academic Free +# License Version 2.1, or the GNU General Public License version +# 2. Some individual source files may be under the GPL only. See +# COPYING for details. +# +# NOTE: If you make changes to this file, make sure to validate the +# file using the polkit-privilege-file-validate(1) tool. Changes made +# to this file are applied instantly. + +# Turn Bluetooth radio on/off +[Action hal-killswitch-bluetooth] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Turn Wireless 802.11 radio on/off +[Action hal-killswitch-wlan] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes diff --git a/policy/hal-power.policy b/policy/hal-power.policy new file mode 100644 index 00000000..0376a0f0 --- /dev/null +++ b/policy/hal-power.policy @@ -0,0 +1,91 @@ +# -*- Conf -*- +# +# Policy definitions for HAL's power management mechanisms. +# +# Copyright (c) 2007 David Zeuthen <david@fubar.dk> +# +# HAL is licensed to you under your choice of the the Academic Free +# License Version 2.1, or the GNU General Public License version +# 2. Some individual source files may be under the GPL only. See +# COPYING for details. +# +# NOTE: If you make changes to this file, make sure to validate the +# file using the polkit-privilege-file-validate(1) tool. Changes made +# to this file are applied instantly. + +# Shutdown the computer +[Action hal-power-shutdown] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Shutdown computer when multiple users are logged in +[Action hal-power-shutdown-multiple-sessions] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_root + +# Reboot the computer +[Action hal-power-reboot] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Reboot the computer when multiple users are logged in +[Action hal-power-reboot-multiple-sessions] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_root + +# Configure the system to prefer power savings +[Action hal-power-set-powersave] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Suspend the system +[Action hal-power-suspend] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Hibernate the system +[Action hal-power-hibernate] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Configure CPU frequency scaling +[Action hal-power-cpufreq] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Set laptop panel brightness +[Action hal-power-lcd-panel] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Read values from ambient light sensor +[Action hal-power-light-sensor] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Set the keyboard backlight +[Action hal-power-keyboard-backlight] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy new file mode 100644 index 00000000..a61d0c6e --- /dev/null +++ b/policy/hal-storage.policy @@ -0,0 +1,63 @@ +# -*- Conf -*- +# +# Policy definitions for HAL's drives/media mechanims. +# +# Copyright (c) 2007 David Zeuthen <david@fubar.dk> +# +# HAL is licensed to you under your choice of the the Academic Free +# License Version 2.1, or the GNU General Public License version +# 2. Some individual source files may be under the GPL only. See +# COPYING for details. +# +# NOTE: If you make changes to this file, make sure to validate the +# file using the polkit-privilege-file-validate(1) tool. Changes made +# to this file are instantly applied. + +# Mount file systems from internal drives +[Action hal-storage-mount-fixed] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_self_keep_always + +# Mount file systems from internal drives using options not explicitly granted +[Action hal-storage-mount-fixed-extra-options] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_self_keep_always + +# Mount file systems from removable/hotpluggable drives +[Action hal-storage-mount-removable] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Mount file systems from internal drives using options not explicitly granted +[Action hal-storage-mount-removable-extra-options] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_self_keep_always + +# Unmount file systems mounted by other users +[Action hal-storage-unmount-others] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=auth_self_keep_always + +# Eject media from drives +[Action hal-storage-eject] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes + +# Set up decryption for encrypted storage devices +[Action hal-storage-crypto-setup] +AllowRemoteInactive=no +AllowRemoteActive=no +AllowLocalInactive=no +AllowLocalActive=yes |