1<!DOCTYPE busconfig PUBLIC 2 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" 3 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> 4<busconfig> 5 6 <!-- This configuration file specifies the required security policies 7 for the HAL to work. --> 8 9 <!-- Only root or user @HAL_USER@ can own the HAL service --> 10 <policy user="@HAL_USER@"> 11 <allow own="org.freedesktop.Hal"/> 12 </policy> 13 <policy user="root"> 14 <allow own="org.freedesktop.Hal"/> 15 </policy> 16 17 <policy context="default"> 18 <!-- Allow anyone to invoke methods on the Manager and Device interfaces --> 19 <allow send_interface="org.freedesktop.Hal.Manager" 20 send_destination="org.freedesktop.Hal"/> 21 <allow send_interface="org.freedesktop.Hal.Device" 22 send_destination="org.freedesktop.Hal"/> 23 <allow send_interface="org.freedesktop.DBus.Introspectable" 24 send_destination="org.freedesktop.Hal"/> 25 26 <!-- These interfaces use RBAC, should not block access at DBus level --> 27 <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement" 28 send_destination="org.freedesktop.Hal"/> 29 <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM" 30 send_destination="org.freedesktop.Hal"/> 31 <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel" 32 send_destination="org.freedesktop.Hal"/> 33 <allow send_interface="org.freedesktop.Hal.Device.CPUFreq" 34 send_destination="org.freedesktop.Hal"/> 35 <allow send_interface="org.freedesktop.Hal.Device.NetworkDiscovery" 36 send_destination="org.freedesktop.Hal"/> 37 </policy> 38 39 <!-- Default policy for the exported interfaces --> 40 <policy context="default"> 41 <deny send_interface="org.freedesktop.Hal.Device.Volume" 42 send_destination="org.freedesktop.Hal"/> 43 <deny send_interface="org.freedesktop.Hal.Device.Storage" 44 send_destination="org.freedesktop.Hal"/> 45 </policy> 46 47 <!-- This will not work if logindevperm is not enabled --> 48 <policy at_console="true"> 49 <allow send_interface="org.freedesktop.Hal.Device.Volume" 50 send_destination="org.freedesktop.Hal"/> 51 <allow send_interface="org.freedesktop.Hal.Device.Storage" 52 send_destination="org.freedesktop.Hal"/> 53 </policy> 54 55 <!-- You can change this to a more suitable user, or make per-group --> 56 <policy user="0"> 57 <allow send_interface="org.freedesktop.Hal.Device.Volume" 58 send_destination="org.freedesktop.Hal"/> 59 <allow send_interface="org.freedesktop.Hal.Device.Storage" 60 send_destination="org.freedesktop.Hal"/> 61 </policy> 62 63</busconfig> 64