Blob Blame History Raw
From 6d3e661d97dd6157381ca1dd52b839e2049b86b5 Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Tue, 15 Oct 2013 21:13:39 +0200
Subject: [PATCH] logind: allow unprivileged session-device access

The session-device/control API was introduced for unprivileged device
access from within a session. Add the required dbus policy to the default
logind policies.

Note: logind validates that only root and the user of a session can
use the API. Furthermore, only a single API user gets access at a time.
---
 src/login/org.freedesktop.login1.conf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf
index 0407609..04e735e 100644
--- a/src/login/org.freedesktop.login1.conf
+++ b/src/login/org.freedesktop.login1.conf
@@ -148,6 +148,26 @@
                        send_interface="org.freedesktop.login1.Session"
                        send_member="SetIdleHint"/>
 
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseControl"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="TakeDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="ReleaseDevice"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Session"
+                       send_member="PauseDeviceComplete"/>
+
                 <allow receive_sender="org.freedesktop.login1"/>
         </policy>