From: David Herrmann <dh.herrmann@gmail.com>
Date: Tue, 15 Oct 2013 19:13:39 +0000 (+0200)
Subject: logind: allow unprivileged session-device access
X-Git-Tag: v209~1874
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=d7d1c8f983599dca6ee30229375215978657c072

logind: allow unprivileged session-device access

The session-device/control API was introduced for unprivileged device
access from within a session. Add the required dbus policy to the default
logind policies.

Note: logind validates that only root and the user of a session can
use the API. Furthermore, only a single API user gets access at a time.
---

diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf
index 0407609c1..04e735eb5 100644
--- a/src/login/org.freedesktop.login1.conf
+++ b/src/login/org.freedesktop.login1.conf
@@ -148,6 +148,26 @@
                        send_interface="org.freedesktop.login1.Session"
                        send_member="SetIdleHint"/>
 
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="PauseDeviceComplete"/>
+
                 <allow receive_sender="org.freedesktop.login1"/>
         </policy>