xref: /illumos-gate/usr/src/cmd/hal/hal.conf.in (revision 27954b0d964ffcb749cf19296906e7fecdf3da1b)
1<!DOCTYPE busconfig PUBLIC
2 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
3 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
4<busconfig>
5
6  <!-- This configuration file specifies the required security policies
7       for the HAL to work. -->
8
9  <!-- Only root or user @HAL_USER@ can own the HAL service -->
10  <policy user="@HAL_USER@">
11    <allow own="org.freedesktop.Hal"/>
12  </policy>
13  <policy user="root">
14    <allow own="org.freedesktop.Hal"/>
15  </policy>
16
17  <policy context="default">
18    <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
19    <allow send_interface="org.freedesktop.Hal.Manager"
20           send_destination="org.freedesktop.Hal"/>
21    <allow send_interface="org.freedesktop.Hal.Device"
22           send_destination="org.freedesktop.Hal"/>
23    <allow send_interface="org.freedesktop.DBus.Introspectable"
24           send_destination="org.freedesktop.Hal"/>
25
26    <!-- These interfaces use RBAC, should not block access at DBus level -->
27    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
28           send_destination="org.freedesktop.Hal"/>
29    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
30           send_destination="org.freedesktop.Hal"/>
31    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
32           send_destination="org.freedesktop.Hal"/>
33    <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"
34           send_destination="org.freedesktop.Hal"/>
35    <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery"
36           send_destination="org.freedesktop.Hal"/>
37  </policy>
38
39  <!-- Default policy for the exported interfaces -->
40  <policy context="default">
41    <deny send_interface="org.freedesktop.Hal.Device.Volume"
42          send_destination="org.freedesktop.Hal"/>
43    <deny send_interface="org.freedesktop.Hal.Device.Storage"
44          send_destination="org.freedesktop.Hal"/>
45  </policy>
46
47  <!-- This will not work if logindevperm is not enabled -->
48  <policy at_console="true">
49    <allow send_interface="org.freedesktop.Hal.Device.Volume"
50           send_destination="org.freedesktop.Hal"/>
51    <allow send_interface="org.freedesktop.Hal.Device.Storage"
52           send_destination="org.freedesktop.Hal"/>
53  </policy>
54
55  <!-- You can change this to a more suitable user, or make per-group -->
56  <policy user="0">
57    <allow send_interface="org.freedesktop.Hal.Device.Volume"
58           send_destination="org.freedesktop.Hal"/>
59    <allow send_interface="org.freedesktop.Hal.Device.Storage"
60           send_destination="org.freedesktop.Hal"/>
61  </policy>
62
63</busconfig>
64