
<!DOCTYPE busconfig PUBLIC

 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"

 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">

<busconfig>


  <!-- This configuration file specifies the required security policies

       for the HAL to work. -->


  <!-- Only root or user haldaemon can own the HAL service -->

  <policy user="haldaemon">

    <allow own="org.freedesktop.Hal"/>

  </policy>

  <policy user="root">

    <allow own="org.freedesktop.Hal"/>

  </policy>


  <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->

  <policy context="default">

    <allow send_interface="org.freedesktop.DBus.Introspectable"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Manager"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device"

           send_destination="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Manager"

           receive_sender="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Device"

           receive_sender="org.freedesktop.Hal"/>


    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.Volume"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"

           send_destination="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"

           receive_sender="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"

           receive_sender="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Device.Volume"

           receive_sender="org.freedesktop.Hal"/>

    <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"

           receive_sender="org.freedesktop.Hal"/>

  </policy>


  <!-- Default policy for the exported interfaces; if PolicyKit is not used

       for access control you will need to modify this -->

  <policy context="default">

    <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"

          send_destination="org.freedesktop.Hal"/>

    <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"

          send_destination="org.freedesktop.Hal"/>

    <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"

          send_destination="org.freedesktop.Hal"/>

    <deny send_interface="org.freedesktop.Hal.Device.Volume"

          send_destination="org.freedesktop.Hal"/>

    <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"

          send_destination="org.freedesktop.Hal"/>

  </policy>


  <!-- This will not work if consolekit is not enabled -->

  <policy at_console="true">

    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.Volume"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.DockStation"

           send_destination="org.freedesktop.Hal"/>

  </policy>


  <!-- Debian groups policies -->

  <policy group="powerdev">

    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.DockStation"

           send_destination="org.freedesktop.Hal"/>

  </policy>

  <policy group="plugdev">

    <allow send_interface="org.freedesktop.Hal.Device.Volume"

           send_destination="org.freedesktop.Hal"/>

    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"

           send_destination="org.freedesktop.Hal"/>

  </policy>


  <!-- Allow root to call any method, for instance:

  * NetworkManager access to KillSwitch interface

  * powersaved access to CPUFreq interface

  -->

  <policy user="root">

    <allow send_destination="org.freedesktop.Hal"/>

  </policy>


</busconfig>