10
11
<match key="info.capabilities" contains="alsa">
11
12
<append key="info.capabilities" type="strlist">access_control</append>
12
13
<merge key="access_control.file" type="copy_property">alsa.device_file</merge>
14
<merge key="access_control.type" type="string">sound</merge>
15
17
<!-- sound card (OSS) -->
16
18
<match key="info.capabilities" contains="oss">
17
19
<append key="info.capabilities" type="strlist">access_control</append>
18
20
<merge key="access_control.file" type="copy_property">oss.device_file</merge>
21
<merge key="access_control.type" type="string">sound</merge>
21
24
<!-- video4linux devices -->
22
25
<match key="info.capabilities" contains="video4linux">
23
26
<append key="info.capabilities" type="strlist">access_control</append>
24
27
<merge key="access_control.file" type="copy_property">video4linux.device</merge>
28
<merge key="access_control.type" type="string">video4linux</merge>
27
31
<!-- optical drives -->
28
32
<match key="info.capabilities" contains="storage.cdrom">
29
33
<append key="info.capabilities" type="strlist">access_control</append>
30
34
<merge key="access_control.file" type="copy_property">block.device</merge>
35
<merge key="access_control.type" type="string">cdrom</merge>
34
39
<match key="info.capabilities" contains="dvb">
35
40
<append key="info.capabilities" type="strlist">access_control</append>
36
41
<merge key="access_control.file" type="copy_property">dvb.device</merge>
42
<merge key="access_control.type" type="string">dvb</merge>
45
<!-- support for Linux USB stack where device node is on a child of the main USB device -->
40
46
<match key="info.capabilities" contains="usbraw">
41
47
<match key="info.capabilities" sibling_contains="camera">
42
48
<append key="info.capabilities" type="strlist">access_control</append>
43
49
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
50
<merge key="access_control.type" type="string">camera</merge>
48
53
<match key="info.capabilities" contains="usbraw">
49
54
<match key="info.capabilities" sibling_contains="scanner">
50
55
<append key="info.capabilities" type="strlist">access_control</append>
51
56
<merge key="access_control.file" type="copy_property">usbraw.device</merge>
57
<merge key="access_control.type" type="string">scanner</merge>
61
<!-- support for Linux USB stack where linux.device_file is set (e.g. device node is on the main usb device) -->
62
<match key="info.subsystem" string="usb">
63
<match key="@info.parent:linux.device_file" exists="true">
64
<match key="info.capabilities" contains="camera">
65
<append key="info.capabilities" type="strlist">access_control</append>
66
<merge key="access_control.type" type="string">camera</merge>
67
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
69
<match key="info.capabilities" contains="scanner">
70
<append key="info.capabilities" type="strlist">access_control</append>
71
<merge key="access_control.type" type="string">scanner</merge>
72
<merge key="access_control.file" type="copy_property">@info.parent:linux.device_file</merge>
55
78
<!-- Firewire devices are mostly driven by userspace libraries -->
56
79
<match key="info.capabilities" contains="ieee1394_unit.iidc">
57
80
<append key="info.capabilities" type="strlist">access_control</append>
58
81
<merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
82
<merge key="access_control.type" type="string">ieee1394-iidc</merge>
60
84
<match key="info.capabilities" contains="ieee1394_unit.avc">
61
85
<append key="info.capabilities" type="strlist">access_control</append>
62
86
<merge key="access_control.file" type="copy_property">@ieee1394_unit.originating_device:ieee1394.device</merge>
65
<!-- policy goes here - this can be amended by 3rd party packages,
66
e.g. the flumotion package may provide a fdi-file that
67
appends the 'flumotion' user to access_control.grant_user for
68
e.g. webcam's or audio devices - see RH bug #140853 for
71
<!-- grant access to local session whether it's active or not -->
72
<match key="info.capabilities" contains="access_control">
73
<merge key="access_control.grant_local_session" type="bool">true</merge>
87
<merge key="access_control.type" type="string">ieee1394-avc</merge>
77
90
<!-- enforcement of policy goes here -->