Systemd/extras/udev-acl/70-acl.rules

# do not edit this file, it will be overwritten on update

# Do not use TAG+="udev-acl" outside of this file. This variable is private to
# udev-acl of this udev release and may be replaced at any time.

ENV{MAJOR}=="", GOTO="acl_end"
ACTION=="remove", GOTO="acl_apply"

# PTP/MTP protocol devices, cameras, portable media players
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="", ENV{DEVTYPE}=="usb_device", IMPORT{program}="usb_id --export %p"
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl"

# digicams with proprietary protocol
ENV{ID_GPHOTO2}=="*?", TAG+="udev-acl"

# SCSI scanners
KERNEL=="sg[0-9]*", ATTRS{type}=="6", TAG+="udev-acl"
KERNEL=="sg[0-9]*", ATTRS{type}=="3", ATTRS{vendor}=="HP|EPSON|Epson", TAG+="udev-acl"

# USB scanners
ENV{libsane_matched}=="yes", TAG+="udev-acl"

# HPLIP devices (necessary for ink level check and HP tool maintenance)
ENV{ID_HPLIP}=="1", TAG+="udev-acl"

# optical drives
SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="udev-acl"

# sound devices
SUBSYSTEM=="sound", TAG+="udev-acl"
# sound jack-sense
SUBSYSTEM=="input", SUBSYSTEMS=="sound", TAG+="udev-acl"

# webcams, frame grabber, TV cards
SUBSYSTEM=="video4linux", TAG+="udev-acl"
SUBSYSTEM=="dvb", TAG+="udev-acl"

# IIDC devices: industrial cameras and some webcams
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*",  TAG+="udev-acl"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*",  TAG+="udev-acl"
# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="udev-acl"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="udev-acl"

# DRI video devices
SUBSYSTEM=="drm", KERNEL=="card*", TAG+="udev-acl"

# KVM
SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="udev-acl"

# smart-card readers
ENV{ID_SMARTCARD_READER}=="*?", TAG+="udev-acl"

# joysticks
SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="udev-acl"

# color measurement devices
ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="udev-acl"

# apply ACL for all locally logged in users
LABEL="acl_apply", TAG=="udev-acl", TEST=="/var/run/ConsoleKit/database", \
  RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"

LABEL="acl_end"