<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- This configuration file specifies the required security policies for the HAL to work. --> <!-- Only root or user @HAL_USER@ can own the HAL service --> <policy user="@HAL_USER@"> <allow own="org.freedesktop.Hal"/> </policy> <policy user="root"> <allow own="org.freedesktop.Hal"/> </policy> <policy context="default"> <!-- Allow anyone to invoke methods on the Manager and Device interfaces --> <allow send_interface="org.freedesktop.Hal.Manager" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.DBus.Introspectable" send_destination="org.freedesktop.Hal"/> <!-- These interfaces use RBAC, should not block access at DBus level --> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.CPUFreq" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery" send_destination="org.freedesktop.Hal"/> </policy> <!-- Default policy for the exported interfaces --> <policy context="default"> <deny send_interface="org.freedesktop.Hal.Device.Volume" send_destination="org.freedesktop.Hal"/> <deny send_interface="org.freedesktop.Hal.Device.Storage" send_destination="org.freedesktop.Hal"/> </policy> <!-- This will not work if logindevperm is not enabled --> <policy at_console="true"> <allow send_interface="org.freedesktop.Hal.Device.Volume" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.Storage" send_destination="org.freedesktop.Hal"/> </policy> <!-- You can change this to a more suitable user, or make per-group --> <policy user="0"> <allow send_interface="org.freedesktop.Hal.Device.Volume" send_destination="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.Storage" send_destination="org.freedesktop.Hal"/> </policy> </busconfig>