2011-05-25 00:55:58 +02:00
|
|
|
<?xml version="1.0"?> <!--*-nxml-*-->
|
|
|
|
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
|
|
|
|
|
|
<!--
|
2020-11-09 05:23:58 +01:00
|
|
|
SPDX-License-Identifier: LGPL-2.1-or-later
|
2017-11-18 18:18:16 +01:00
|
|
|
|
2011-05-25 00:55:58 +02:00
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2011-05-25 00:55:58 +02:00
|
|
|
(at your option) any later version.
|
|
|
|
-->
|
|
|
|
|
|
|
|
<busconfig>
|
|
|
|
|
|
|
|
<policy user="root">
|
|
|
|
<allow own="org.freedesktop.login1"/>
|
|
|
|
<allow send_destination="org.freedesktop.login1"/>
|
|
|
|
<allow receive_sender="org.freedesktop.login1"/>
|
|
|
|
</policy>
|
|
|
|
|
|
|
|
<policy context="default">
|
2011-06-28 21:56:41 +02:00
|
|
|
<deny send_destination="org.freedesktop.login1"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Peer"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
|
|
send_member="Get"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
|
|
send_member="GetAll"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetSession"/>
|
|
|
|
|
2012-02-01 19:04:54 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetSessionByPID"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="GetUserByPID"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="GetSeat"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="ListSessions"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
2013-06-20 04:00:28 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="ListUsers"/>
|
2013-06-20 04:00:28 +02:00
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ListSeats"/>
|
|
|
|
|
2012-04-16 16:47:33 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ListInhibitors"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Inhibit"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetUserLinger"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ActivateSession"/>
|
|
|
|
|
2012-02-07 20:12:13 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ActivateSessionOnSeat"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="LockSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="UnlockSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="LockSessions"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="UnlockSessions"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="KillSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="KillUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateSeat"/>
|
|
|
|
|
2012-02-10 00:56:44 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="PowerOff"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Reboot"/>
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Halt"/>
|
|
|
|
|
2012-05-08 19:02:25 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Suspend"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Hibernate"/>
|
|
|
|
|
2012-12-17 21:32:21 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="HybridSleep"/>
|
|
|
|
|
2018-03-08 14:17:33 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2018-03-28 18:00:06 +02:00
|
|
|
send_member="SuspendThenHibernate"/>
|
2018-03-08 14:17:33 +01:00
|
|
|
|
2012-02-10 02:35:48 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-02-11 00:13:10 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanPowerOff"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanReboot"/>
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHalt"/>
|
|
|
|
|
2012-02-11 00:13:10 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-05-08 19:02:25 +02:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanSuspend"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHibernate"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-12-17 21:32:21 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHybridSleep"/>
|
|
|
|
|
2018-03-08 14:17:33 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2018-03-28 18:00:06 +02:00
|
|
|
send_member="CanSuspendThenHibernate"/>
|
2018-03-08 14:17:33 +01:00
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ScheduleShutdown"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CancelScheduledShutdown"/>
|
|
|
|
|
2019-03-09 21:30:58 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanRebootParameter"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetRebootParameter"/>
|
|
|
|
|
2015-04-03 18:03:06 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanRebootToFirmwareSetup"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetRebootToFirmwareSetup"/>
|
|
|
|
|
2015-08-24 14:54:22 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2018-10-22 20:06:52 +02:00
|
|
|
send_member="CanRebootToBootLoaderMenu"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetRebootToBootLoaderMenu"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanRebootToBootLoaderEntry"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetRebootToBootLoaderEntry"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2015-08-24 14:54:22 +02:00
|
|
|
send_member="SetWallMessage"/>
|
|
|
|
|
2012-12-17 21:32:21 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-02-10 02:35:48 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="AttachDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="FlushDevices"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="ActivateSession"/>
|
|
|
|
|
2014-02-22 00:23:17 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchTo"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchToPrevious"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchToNext"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Activate"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Lock"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Unlock"/>
|
|
|
|
|
2011-06-29 19:53:27 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetIdleHint"/>
|
|
|
|
|
2016-05-11 19:34:13 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetLockedHint"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Kill"/>
|
|
|
|
|
2013-10-15 21:13:39 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="TakeControl"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="ReleaseControl"/>
|
|
|
|
|
2020-02-23 04:44:42 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetType"/>
|
|
|
|
|
2013-10-15 21:13:39 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="TakeDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="ReleaseDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="PauseDeviceComplete"/>
|
|
|
|
|
logind: add SetBrightness() bus call for setting brightness of leds/backlight devices associated with a seat
This augments the drm/input device management by adding a single method
call for setting the brightness of an "leds" or "backlight" kernel class
device.
This method call requires no privileges to call, but a caller can only
change the brightness on sessions that are currently active, and they
must own the session.
This does not do enumeration of such class devices, feature or range
probing, chnage notification; it doesn't help associating graphics or
input devices with their backlight or leds devices. For all that clients
should go directly to udev/sysfs. The SetBrightness() call is just for
executing the actual change operation, that is otherwise privileged.
Example line:
busctl call org.freedesktop.login1 /org/freedesktop/login1/session/self org.freedesktop.login1.Session SetBrightness ssu "backlight" "intel_backlight" 200
The parameter the SetBrightness() call takes are the kernel subsystem
(i.e. "leds" or "backlight"), the device name, and the brightness
value.
On some hw setting the brightness is slow, and implementation and write
access to the sysfs knobs exposes this slowness. Due to this we'll fork
off a writer process in the background so that logind doesn't have to
block. Moreover, write requestes are coalesced: when a write request is
enqueued while one is already being executed it is queued. When another
write reques is then enqueued the earlier one is replaced by the newer
one, so that only one queued write request per device remains at any
time. Method replies are sent as soon as the first write request that
happens after the request was received is completed.
It is recommended that bus clients turn off the "expect_reply" flag on
the dbus messages they send though, that relieves logind from sending
completion notification and is particularly a good idea if clients
implement reactive UI sliders that send a quick secession of write
requests.
Replaces: #12413
2019-04-28 11:07:56 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetBrightness"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.User"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.User"
|
|
|
|
send_member="Kill"/>
|
|
|
|
|
2011-05-25 00:55:58 +02:00
|
|
|
<allow receive_sender="org.freedesktop.login1"/>
|
|
|
|
</policy>
|
|
|
|
|
|
|
|
</busconfig>
|