chiark / gitweb /
logind: allow unprivileged session-device access
authorDavid Herrmann <dh.herrmann@gmail.com>
Tue, 15 Oct 2013 19:13:39 +0000 (21:13 +0200)
committerDavid Herrmann <dh.herrmann@gmail.com>
Tue, 15 Oct 2013 19:13:39 +0000 (21:13 +0200)
The session-device/control API was introduced for unprivileged device
access from within a session. Add the required dbus policy to the default
logind policies.

Note: logind validates that only root and the user of a session can
use the API. Furthermore, only a single API user gets access at a time.

src/login/org.freedesktop.login1.conf

index 0407609..04e735e 100644 (file)
                        send_interface="org.freedesktop.login1.Session"
                        send_member="SetIdleHint"/>
 
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="PauseDeviceComplete"/>
+
                 <allow receive_sender="org.freedesktop.login1"/>
         </policy>