xref: /illumos-gate/usr/src/cmd/hal/hal.conf.in (revision b695575577bae0337af339d76949713bfe1c9013)
1<!DOCTYPE busconfig PUBLIC
2 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
3 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
4<busconfig>
5
6  <!-- This configuration file specifies the required security policies
7       for the HAL to work. -->
8
9  <!-- Only root or user @HAL_USER@ can own the HAL service -->
10  <policy user="@HAL_USER@">
11    <allow own="org.freedesktop.Hal"/>
12  </policy>
13  <policy user="root">
14    <allow own="org.freedesktop.Hal"/>
15  </policy>
16
17  <policy context="default">
18    <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
19    <allow send_interface="org.freedesktop.Hal.Manager"
20           send_destination="org.freedesktop.Hal"/>
21    <allow send_interface="org.freedesktop.Hal.Device"
22           send_destination="org.freedesktop.Hal"/>
23    <allow send_interface="org.freedesktop.DBus.Introspectable"
24           send_destination="org.freedesktop.Hal"/>
25
26    <!-- These interfaces use RBAC, should not block access at DBus level -->
27    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
28           send_destination="org.freedesktop.Hal"/>
29    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
30           send_destination="org.freedesktop.Hal"/>
31    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
32           send_destination="org.freedesktop.Hal"/>
33    <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"
34           send_destination="org.freedesktop.Hal"/>
35  </policy>
36
37  <!-- Default policy for the exported interfaces -->
38  <policy context="default">
39    <deny send_interface="org.freedesktop.Hal.Device.Volume"
40          send_destination="org.freedesktop.Hal"/>
41    <deny send_interface="org.freedesktop.Hal.Device.Storage"
42          send_destination="org.freedesktop.Hal"/>
43  </policy>
44
45  <!-- This will not work if logindevperm is not enabled -->
46  <policy at_console="true">
47    <allow send_interface="org.freedesktop.Hal.Device.Volume"
48           send_destination="org.freedesktop.Hal"/>
49    <allow send_interface="org.freedesktop.Hal.Device.Storage"
50           send_destination="org.freedesktop.Hal"/>
51  </policy>
52
53  <!-- You can change this to a more suitable user, or make per-group -->
54  <policy user="0">
55    <allow send_interface="org.freedesktop.Hal.Device.Volume"
56           send_destination="org.freedesktop.Hal"/>
57    <allow send_interface="org.freedesktop.Hal.Device.Storage"
58           send_destination="org.freedesktop.Hal"/>
59  </policy>
60
61</busconfig>
62