[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How do I allow automatic non root access to my non standard USB device ?

On Wed, 2009-01-21 at 13:19 -0900, Jeff Spaleta wrote:
> On Wed, Jan 21, 2009 at 1:09 PM, Kevin Coffin <kevin finway co uk> wrote:
> >Although the quick hack that I
> > posted does seem to work for me I am not sure exactly how it is
> > achieved. I do not see the group/owner on the endpoints for the usb
> > device change. If you have any pointers to further reading on the
> > inter-actions between hal and policykit they would be gratefully
> > received.
> Aren't they done via acl manipulations?
> Do you see changes in the getfacl  output?

Ah, I didn't know about this command. Yes it does show that the acl's
have changed. Also when using ls -la you get this:

crw-rw-r--+ 1 root root 189, 4 2009-01-22 14:28 005

I have not seen the plus sign being used before.

> >
> > There is probably a better way to do this. Further reading today
> > indicated that this should have been placed in /etc/hal directory
> > structure. I do have an rpm for openocd and it would be nice to have it
> > install the correct permissions in the right place.
> The question remains. If a new documentation effort were to be made
> what form of documentation would be the first priority to work on?
> -jef

I guess what I was looking for was something which would give the steps
of how to integrate a totally unknown device into the hal/policykit
structure so that it could be used by a user other than root.

For example:

1. add a policy file to the /usr/share/PolicyKit/policy directory

  <action id="org.freedesktop.hal.device-access.usb-jtag">
    <description>Directly access to usb jtag devices</description>
    <message>System policy prevents access to usb jtag devices</message>

This then shows up in the authorizations gui so that users can be added
to the acl.

2. Hal requires some metadata about this device, so add a .fd file in
the /usr/share/hal/fdi/information/20thirdparty directory containing

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">

      <match key="usb_device.vendor_id" int="0x15ba">
         <append key="info.capabilities"
         <append key="info.capabilities"
          <append key="info.capabilities"
          <merge key="access_control.file"
          <merge key="access_control.type"

3. Add .fdi file for hal policy to
the /usr/share/hal/fdi/policy/20thirdparty directory containing

   <match key="info.capabilities" contains="usbraw">
      <match key="info.capabilities" sibling_contains="usb-jtag">
	<append key="info.capabilities" type="strlist">access_control</append>
	<merge key="access_control.file"
	<merge key="access_control.type" type="string">usb-jtag</merge>

    <!-- support for Linux USB stack where linux.device_file is set
(e.g. device node is on the main usb device) -->
    <match key="info.subsystem" string="usb">
      <match key="@info.parent:linux.device_file" exists="true">
       <match key="info.capabilities" contains="usb-jtag">
          <append key="info.capabilities"
          <merge key="access_control.type"
          <merge key="access_control.file"

4 Run the authorizations gui and grant the user the right to access the

Oh look I've done it now - its simple when you have done it once. Would
you like me to write it up with more detail ? Someone will need to look
over it because I am not sure that everything I have done is correct.

Comments and suggestions welcome.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]