Hal 规范

<!-- @page { margin: 2cm } H3 { margin-left: 0.16cm; margin-right: 0.16cm; margin-top: 0.16cm; margin-bottom: 0.16cm; background: #ffffff; border: none; padding: 0cm; color: #000000; background: #ffffff } H3.western { font-family: "Times New Roman", serif; font-size: 12pt } H3.cjk { font-family: "Times New Roman", serif; font-size: 12pt; font-style: normal } H3.ctl { font-family: "Times New Roman", serif; font-size: 13pt } H2 { margin-left: 0.16cm; margin-right: 0.16cm; margin-top: 0.16cm; margin-bottom: 0.16cm; background: #ffffff; border: none; padding: 0cm; color: #000000; background: #ffffff } H2.western { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } H2.cjk { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } H2.ctl { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } P { margin-bottom: 0.21cm } A:link { so-language: zxx } -->

AL 0.5.10 Specification

David Zeuthen


           
<david@fubar.dk>
          

Version 0.5.10

 

Table of Contents

1. Introduction

About

Acknowledgements

Architecture of HAL

Device Objects

Device Capabilities

2. Device Information Files

Matching

Merging

Search Paths

3. Access Control

Device Files

D-Bus Interfaces

4. Locking

Overview

Guidelines

5. Device Properties

General Properties

info namespace

Callouts

Addons

Method calls

Subsystem-Specific Properties

pci namespace

serial namespace

usb_device namespace

usb namespace

platform namespace

ide_host namespace

ide namespace

scsi_host namespace

scsi namespace

ieee1394_host namespace

ieee1394_node namespace

ieee1394 namespace

mmc_host namespace

mmc namespace

ccw namespace

ccwgroup namespace

iucv namespace

block namespace

xen namespace

bluetooth_hci namespace

bluetooth_acl namespace

bluetooth_sco namespace

Functional Properties

system namespace

volume namespace

volume.disc namespace

storage namespace

storage.cdrom namespace

storage.linux_raid namespace

net namespace

net.80203 namespace

net.80211 namespace

net.bluetooth namespace

net.irda namespace

net.80211control namespace

input namespace

input.keys namespace

input.keypad namespace

input.keyboard namespace

input.mouse namespace

input.switch namespace

input.joystick namespace

input.tablet namespace

input.keymap namespace

pcmcia_socket namespace

printer namespace

portable_audio_player namespace

alsa namespace

oss namespace

camera namespace

scanner namespace

laptop_panel namespace

ac_adapter namespace

battery namespace

button namespace

processor namespace

light_sensor namespace

power_management namespace

tape namespace

killswitch namespace

Misc. Properties

access_control namespace

Deprecated Properties

6. D-Bus interfaces

org.freedesktop.Hal.Manager interface

org.freedesktop.Hal.Device interface

org.freedesktop.Hal.Device.SystemPowerManagement interface

org.freedesktop.Hal.Device.CPUFreq interface

org.freedesktop.Hal.Device.LaptopPanel interface

org.freedesktop.Hal.Device.KeyboardBacklight interface

org.freedesktop.Hal.Device.LightSensor interface

org.freedesktop.Hal.Device.Storage interface

org.freedesktop.Hal.Device.Volume interface

org.freedesktop.Hal.Device.Volume.Crypto interface

org.freedesktop.Hal.Device.KillSwitch interface

org.freedesktop.Hal.Device.AccessControl interface

Chapter 1. Introduction

Table of Contents

About

Acknowledgements

Architecture of HAL

Device Objects

Device Capabilities

About

This document concerns the specification of HAL which is a piece of software that provides a view of the various hardware attached to a system. In addition to this, HAL keeps detailed metadata for each piece of hardware and provide hooks such that system- and desktop-level software can react to changes in the hardware configuration in order to maintain system policy.

该文档用于描述HAL规范,HAL提供了一个绑定于当前系统的各种硬件的视图。除此之外,HAL维护每一个硬件细节数据,并提供可以让应用程序对硬件配置的改变作出响应的系统和桌面级的钩子来维护系统策略。

HAL represents a piece of hardware as a device object. A device object is identified by a unique identifer and carries a set of key/value paris referred to as device properties. Some properties are derived from the actual hardware, some are merged from device information files and some are related to the actual device configuration. This document specifies the set of device properties and gives them well-defined meaning. This enable system and desktop level components to distinguish between the different device objects and discover and configure devices based on these properties.

HALdevice object(设备对象)来表示硬件。每个设备对象使用一个唯一标识来标识,并随该标识附有一组键值属性。一些属性来自于实际的硬件,而另一些来自于device infomation files(设备信息文件),还有来自于实际设备配置。该文档定义一组设备属性,并给予定义。这些可以使系统桌面级组件基于这些属性来区分不同设备对象,发现,配置设备的不同。

HAL provides an easy-to-use API through D-Bus which is an IPC framework that, among other

things, provides a system-wide message-bus that allows applications to talk to one another. Specifically, D-Bus provides asynchronous notification such that HAL can notify other peers on the message-bus when devices are added and removed as well as when properties on a device are changing.

HAL通过提供了系统范围总线进行进程间通信的IPC框架D-Bus提供易于使用的API。特别是,D-Bus提供一步通信记住,来使HAL可以在设备被插入,删除,或者设备的一个属性被改变时,来提示在总线上的其他节点。

The most important goal of HAL is to provide plug-and-play facilities for UNIX-like desktops with focus on providing a rich and extensible description of device characteristics and features. HAL has no other major dependencies apart from D-Bus which, given sufficient infrastructure, allows it to be implemented on many UNIX-like systems. The major focus, initially, is systems running the Linux 2.6 series kernels.

HAL最重要的目标是为在Unix类系统桌面上的即插即用设备提供丰富的可扩展的设备特征,HAL除了D-bus之外,没有其他的依赖,使其可以在众多的unix类系统实现。最初主要的焦点是,系统需要运行于2.6系列内核。

Acknowledgements

Havoc Pennington's article ''Making Hardware Just Work'' motivated this work. The specification and software would not exist without all the useful ideas, suggestions, comments and patches from the Free Desktop and HAL mailing lists.

All trademarks mentioned belong to their respective owners.

Havoc Pennington 的文章  ''Making Hardware Just Work'' 描述了hal的开发动机。如果没有freedesktophal邮件列表当中的讨论,想法,评论,不定。就不会存在这样一个规范和软件。

 

Architecture of HAL

The HAL consists of a number of components as outlined in the diagram below. Note that this diagram is high-level and doesn't capture all implementation details.

hal由下图中的组件组成。该图是高层设计图并没有包含所有细节

 

Details on each component

  • HAL daemon

A system-wide service that maintains a database of device objects. The daemon is responsible for merging information from device information files and managing the life cycle of device objects. The service is implemented as a daemon and uses helpers to query devices for specific information.

一个维护设备对象数据库的系统级别服务。该守护进程附着合并设备信息文件的信息并管理设备对象生命周期。该服务被实现为一个守护进程并帮助查询设备专属的信息。

  • Applications

These are applications consuming services from HAL; this includes desktop-wide session daemons for maintaining policy such as power and disk/volume management.

这些应用程序使用hal的服务;其中包括桌面级别用来维护电源和磁盘管理的会话守护进程

  • Callouts

Callouts are programs that run when device objects are added and removed in the HAL daemon. This is useful for 3rd party software to merge additional information onto the device object before it is announced on D-Bus. Callouts are specified on a per-device basis with the info.callouts.add and info.callouts.remove. See the section called “ info namespace ” for details.

Callouts 是当设备被插入或者移除的时候执行的程序。这对于第三方程序用来在dbus运行之前合并设备对象附加设备信息,Callouts被指定在每一个设备上,通过info.callouts.addinfo.callouts.remove.

  • Methods

It is possible to specify that a given HAL device object implements a specific D-Bus interface, e.g. org.freedesktop.Hal.Device.Frob with a set of methods Foo, Bar and Baz and have programs run when applications call into this interface. This is defined in the info.interfaces property, consult the section called “ info namespace ” for details.

指定一个hal给定的设备对象实现一个特定的d-bus接口。Org.freedesktop.Hal.Device.FrobFoo,BarBaz一组方法,并在当有应用程序调用接口时运行一个程序。位于info.interfaces中定义。

  • Addons

An addon can be characterized as a daemon whose life cycle is tied to a device object in HAL. And addon can also claim a specific interface on the device object to provide services to applications for configuring / using the device without having to spawn a new program for every method call. HAL provides a facility to launch/destroy one or more addons per device object using the info.addons property. See the section called “ info namespace ” for details.

一个addon可以作为一个守护进程,它的生命周期与设备对象的绑定在一起。并且addon可以在设备对象上声明一个特定的接口来提供服务给应用程序配置和使用设备。这样不需要为每一个调用派生一个新的程序。Hal通过info.addons属性提供了加载和销毁每个设备上一个或多个addons

  • Device Information Files

A set of files that matches properties on device objects and merges additional information. These files are used, for among other things, to specify what callouts, methods and addons to associate with a device object. For example, for drives using removable media, HAL includes an add-on daemon which sole purpose is to continously poll the drive to detect media change.

一组匹配设备对象属性和合并设备附加信息的文件。这些文件被用来指定那些callouts方法和addons绑定于一个设备对象。例如,驱动一个设备对象。HAL包含一个andon守护进程,唯一的目的是持续的检查媒体是否该百年

The D-Bus system message bus is used to provide a ''network API'' to applications. As D-Bus is designed to be language independent, potentially many languages / runtime systems will be able to easily access the services offered by HAL.

dbus系统消息总线被用来提供网络api给应用程序。正如d-bus被设计成语言无关,使hal的服务可以使用任何语言和运行时系统来访问。

Device Objects

It is important to precisely define the term HAL device object. It's actually a bit blurry to define in general, it includes what most UNIX-like systems consider first class objects when it comes to hardware. In particular, a device object should represent the smallest unit of addressable hardware. This means there can be a one-to-many relationship between a physical device and the device objects exported by HAL. Specifically, a multi-function printer, which appear to users as a single device may show up as several device objects; e.g. one HAL device object for each of the printing, scanning, fax and storage interfaces. Conversely, some devices may be implemented such that the HAL device object represent several functional interfaces. HAL is not concerned with this duality of either one-to-many or many-to-one relationships between device objects and the actual iron constituting what users normally understand as a single piece of hardware; a device object represents the smallest addressable unit.

最重要的是给hal设备对象一个定义。实际上它的定义有些模糊,它包含了unix类系统所认为的第一类对象。实际上,一个设备对象表示一个可以寻址硬件的最小单位。意味着通过hal可以导出物理设备到设备对象的一对多关系。特别是,一个多功能打印机,对用户来说一个设备是可以表示为多个设备对象。一个hal设备对象对应一个打印,扫描,传真存储接口。相反一个设备可以实现成一个hal设备对象表现为几个功能接口。hal并不关心设备对象和实际设备多对一还是一对多的关系来组成用户所懂得一个单独硬件;一个设备对象就表示一个最小寻址单元。

Device objects in HAL are organised on a by-connection basis, e.g. for a given device object X it is possible to find the device object Y where X is attached to Y. This gives structure to the device database of HAL; it is possible to map the devices out in a tree. Further, software emulation devices exported by the operating system kernel, such as SCSI emulation for USB Storage Devices, are also considered device objects in HAL. This implies that operating system kernel specific bits leak into the device object database. However applications using HAL will not notice this, such device objects are not referenced anywhere in the device objects that users are interested in; they are merely used as glue to build the device tree.

hal当中设备对象依赖基本连接组织一起。例如一个给定的设备对象X绑定于Y,则会尽可能的找到设备对象Y。这就是hal数据库的结构;会尽可能将设备映射到一颗树。然而,操作系统内核导出的软件模拟设备,如usb存储设备模拟的scsi也同样被hal认为是设备对象。这意味着操作系统内核特定位渗入到设备对象数据库当中。然而使用hal的应用程序并不会注意到这点,这样设备对象的不会引用到该用户感兴趣设备对象当中的的任何地方。它们仅仅是作为粘合剂绑定到设备树。

In addition to provide information about what kind of hardware a device object represents (such as a PCI or USB device) and how to address it, HAL merges information about the functional interfaces the operating system kernel provides in order to use the device; in most cases this is represented on the device object as a string property with the name of the special device file in /dev. In addition to the special device file, a number of other useful properties are merged. This means that both hardware and functional properties are on the same device object, which may prove to be useful for an application programmer. For example, an application might query HAL for the device object that exports the special device file /dev/input/mouse2 and learn that this is provide by an USB mouse from a certain manufacturer by checking the properties that export the USB vendor and product identifiers. See the section called “Device Capabilities” and Chapter 5, Device Properties for details.

另外系统关于设备对象的类型(如pci或者usb设备)和如何寻址的信息,hal合并关于操作系统内核提供的功能接口来使用设备;大多数情况是设备对象中的一个字符串属性包含指定设备对象。另外特定的设备文件有一些其他的有用信息合并进来。这就意味着硬件和功能属性位于同一个设备对象当中,证明了对于程序开发人员很有用。例如,一个应用程序可以查询hal的设备对象/dev/input/mouse2并且通过检查设备对象到处的usb厂商和产品标识获知这是一个usb鼠标。

Finally, HAL provides one or more D-Bus interfaces for applications to configure and/or use the device. These interfaces are discussed in Chapter 6, D-Bus interfaces.

Summarizing, a device object is comprised by

最后,hal会提供一个或多个dbus接口给应用程序配置和使用设备。这下接口会在第6章集中讨论。一个设备对象的组成如下:

  • UDI

This is the the Unique Device Identifer, that is unique for a device object - that is, no other device object can have the same UDI at the same time. The UDI is computed using bus-specific information and is meant to be unique across device insertions and independent of the physical port or slot the device may be plugged into.

这是一个唯一标识,它唯一的标识了一个设备对象。不会同时有两个设备使用同样的UDIUDI通过总线规格信息计算出来并且不依赖所插入的物理接口。

  • Properties

Each device object got a set of properties which are key/value pairs. The key is an ASCII string while the value can be one of several types, see below. Properties are arranged into name spaces using ''.'' as a separator.

每个设备对象得到一组键/值属性对。keyASCII字符串,属性值可以是多种类型。属性名称通过.'为分割符的名字空间中排列

  •  
    • string - UTF8 string

    • strlist - ordered list with UTF8 strings

    • int - 32-bit signed integer

    • uint64 - 64-bit unsigned integer

    • bool - truth value

    • double - IEEE754 double precision floating point number

  • Interfaces

Applications can configure and/or use a device using D-Bus interfaces. Typically, there's a one-to-one relationship between capabilities/namespaces and interfaces.

Properties of a device object carry all the important information about a device object. For organisational reasons properties are also namespaced using ''.'' as a separator.

       应用程序可以通过dbus接口配置和使用设备。通常,接口和功能是一对一的关系。属性承载了设备对象的所有重要信息。仍然通过.”作为分割符作为名字空间组织。

It can be useful to classify properties into four groups

属性通常被分来为四组。

  • Metadata - Information about how the devices are connected with respect to each other (parent/child relationships), what kind of device it is, what functionality it provides etc.

元数据 - 关于设备如何互相连接的信息,以及是何种设备和提供何种功能。

  • Facts - vendor ID, product ID, disk serial numbers, number of buttons on a mouse, formats accepted by a mp3 player and so on.
    Facts -
    厂商ID,产品ID,磁盘序列号,在鼠标上的按钮数量,mp3播放器支持格式等等。

  • Usage specific information - Network link status, special device file name, filesystem mount location etc.

使用规格信息 - 网络连接状态,指定的设备文件名,文件系统加载等等。

  • Policy - How the device is to be used be users; usually defined by the system administrator.

策略,设备如何被用户使用;通常被系统管理员来指定。

The first category is determined by HAL, the second category includes information merged from either querying the hardware itself or from device information files. The third category is intercepted by monitoring the hardware and finally the last is merged from files under control of the system administrator. This document is concerned with precisely defining several properties; see Chapter 5, Device Properties and onwards for more information. As a complement to device properties, HAL also provides conditions on HAL device objects. Conditions are used to relay events that are happening on devices which are not easily expressed in properties. This includes events such as ''processor is overheating'' or ''block device unmounted''.

第一类是由HAL检测出来的,第二类包括从设备硬件查询的信息和设备信息文件合并而来的。第三类通过监视硬件被解析和最终合并系统管理员的配置文件。该文档关系这些属性的定义。更多的信息在第五章介绍。作为设备属性的一个补充,hal在设备对象上提供conditionsconditions用来延迟很难属性表达的设备时间。包括时间有处理器过热,块设备未加载。

There is a special hal device object referred to as the ''root computer device object''. This device object represent the entire system as a whole and all other devices are either directly or indirectly childs of this device object. It has the UDI /org/freedesktop/Hal/devices/computer.

这里有一个特殊的hal设备对象引用到root computer设备对象。该设备对象表示整个系统和所有其他设备对象直接活间接的父设备对象。它的udi/org/freedesktop/Hal/devices/computer.

The fundamental idea about HAL is that all ''interesting'' information about hardware that a desktop application needs, can be obtained by querying HAL. Below is a screenshot of a simple device manager application shipped with HAL called hal-device-manager. This application is communicating with the HAL daemon and displays the tree of device objects. The shown properties are for a device object representing a harddisk.

关于hal的基本想法是所有应用程序感兴趣的硬件信息可以通过hal查询。下面是一个简单的设备管理应用程序的截图,程序名为hal-device-manager。该应用程序与hal守护进程通信并显示设备对象树。显示的是一个硬盘设备对象。

 

Device Capabilities

Mainstream hardware isn't very good at reporting what it really is, it only reports, at best, how to interact with it. This is a problem; many devices, such as MP3 players or digital still cameras, appear to the operating system as plain USB Mass Storage devices when the device in fact is a lot more than just that. The core of the problem is that without external metadata, the operating system and desktop environment will present it to the user as just e.g. a mass storage device.

主流硬件不是非常善于报告它是什么,最好的情况下,它仅报告如何和它交互。这是个问题。许多设备,如mp3播放器或者数码相机,展现给操作系统的是一个普通usb存储设备,但实际上设备要比那个复杂。这个问题的核心是没有额外的元数据,操作系统和桌面缓建将会提供给用户的仅仅是存储设备。

As HAL is concerned with merging of external metadata, through e.g. device information files, there needs to be some scheme on how to record what the device actually is. This is achieved by two textual properties, info.category and info.capabilities. The former describes what the device is (as a single alphanumeric keyword) and the latter describes what the device does (as a number of alphanumeric keywords separated by whitespace). The keywords available for use is defined in this document; we'll refer to them in following simply as capabilities.

hal所关心的合并外部数据,通过设备信息文件,这些需要一些scheme记录设备是什么。该文档通过两个属性,info.category and info.capabilities.前一个描述了设备是什么(作为一个单独的字符关键字),后者描述设备能做什么(一组字符关键字通过空格分割)。关键该文档中定义,我们将引用他们做外简单capabilities.

HAL itself, assigns capabilities on device detection time by inspecting the device class (if available, it depends on the bus type) and looking at information from the operating system and the hardware itself.

Hal 自己在设备检测的时候通过检测设备类(如果可用,这依赖设备类型)并从操作系统硬件查询设备信息来赋予capabilities

User mode drivers such as libgphoto2 and sane provides device information to merge information about devices they can drive. As such, device objects represent an USB interface gain additional properties such as ''scanner'' or ''camera''.

用户模式驱动像libgphoto2sane提供设备信息合并关于他们可以驱动何种设备,例如设备对象表示为一个usb借口获得附加属性scanner或者camera.

Having a capability also means that part of the property namespace, prefixed with the capability name, will be populated with more specific information about the capability. Indeed, some properties may even be required such that applications and device libraries have something to expect. For instance, the capability for being a MP3 player may require properties defining what audio formats the device support (e.g. Ogg and MP3), whether it support recording of audio, and how to interact with the device. For example, the latter may specify ''USB Storage Device'' or ''proprietary protocol, use libfooplayer''.

拥有一种能力也意味这能属性的名字空间,有能力的填充,需要更多指定信息关于capability。一些应用程序和设备库要求一些属性。例如,mp3播放器的功能要求属性定义支持什么样的格式。是否能录音,如何与设备交互,例如后者可以指定usb存储设备,属性协议,使用libfooplayer

Finally, capabilities have an inheritance scheme, e.g. if a device has a capability foo.bar, it must also have the capability foo.

最后,功能可以继承,例如一个设备有foo.bar功能,它也必须有foo功能。

Chapter 2. Device Information Files

Table of Contents

Matching

Merging

Search Paths

Device information files (.fdi files is a shorthand) are used to merge arbitrary properties onto device objects. The way device information files works is that once all device properties are merged onto a device object it is tried against the set of installed device information files. Device information files are used for both merging facts and policy settings about devices.

设备信息文件(.fdi 是缩写)用来合并设备上的专属信息。设备信息文件的工作方式是一旦所有设备属性被合并到设备对象上后它一定依赖所有安装的设备信息文件。设备信息文件被用来合并所有因素和所有关于设备的策略设置。

Matching

Each device information file got a number of <match key="some_property" [string|int|bool|..]="required_value" > directives that is tested against the properties of the device object. If all the match directives passes then the device information can include <[merge|append|prepend|addset] key="some_property" type="[string|int|bool|..]"> directives to respectively merge new properties or append to existing properties on the device object. It's important to emphasize that any previously property stemming from device detection can be overridden by a device information file.

每个设备信息文件都有大量的<match key="some_property" [string|int|bool|..]="required_value" >规则用来匹配这是些设备的属性。如果所有传递给设备信息的匹配项可以包含<[merge|append|prepend|addset] key="some_property" type="[string|int|bool|..]"> 来各自合并新属性或者追加以存在的设备属性。非常需要强调的是任何前一个从设备检测填塞物的属性都可以被设备信息文件覆盖。

The <match>, <merge>, <append>, <prepend> and <addset> directives always requires the key attribute which must be either a property name on the device object in question or a path to a property on another device object. The latter case is expressed either through direct specification of the UDI, such as /org/freedesktop/Hal/devices/computer:foo.bar or indirect references such as @info.parent:baz where the latter means that the device object specified by the UDI in the string property info.parent should be used to query the property baz. It is also possible to use multiple indirections, e.g. for a volume on a USB memory stick the indirection @block.storage_device:@storage.originating_device:usb.vendor_id will reference the usb.vendor_id property on the device object representing the USB interface.

<match>, <merge>, <append>, <prepend> and <addset>总是要求key属性,该属性是设备对象一个属性上的或一个到另一个设备对象属性。后面的情况是表达任意通过直接UDI规范。像/org/freedesktop/Hal/devices/computer:foo.bar或者间接引用像@info.parent:baz,意思是查询nfo.parent属性值指定设备对象的属性baz.也可能用于多重间接,例如usb存储卡的一个分区的间接引用@block.storage_device:@storage.originating_device:usb.vendor_id,表示将要引用usb接口表现的设备对象usb.vendor_id属性。

When the property to match have been determined a number of attributes can be used within the <match> tag:

大量的属性可以用户match标记:

  • string - match a string property; for example <match key="foo.bar" string="baz"> will match only if 'foo.bar' is a string property assuming the value 'baz'. 匹配一个字符属性

  • int - match an integer property 匹配一个整形属性

  • uint64 - match property with the 64-bit unsigned type 匹配一个无符号64位这个女性值

  • bool - match a boolean property 匹配一个布尔值

  • double - match a property of type double 匹配一个double类似

  • exists - used as <match key="foo.bar" exists="true">. Can be used with 'true' and 'false' respectively to match when a property exists and it doesn't.

  • empty - can only be used on string or strlist properties with 'true' and 'false'. The semantics for 'true' is to match only when the string is non-empty.

  • is_ascii - matches only when a string property contain only ASCII characters. Can be used with 'true' or 'false'.

  • is_absolute_path - matches only when a string property represents an absolute path (the path doesn't have to exist). Can be used with 'true' or 'false'.

  • sibling_contains - can only be used with string and strlist (string list). For a string key this matches when a sibling item contains the (sub-)string in the same property. For a string list, this is if a string matches an item in the list.

  • contains - can only be used with string and strlist (string list). For a string key this matches when the property contains the given (sub-)string. For a string list this match if the given string match a item of the list.

  • contains_ncase - like contains but the property and the given key are converted to lowercase before check.

  • contains_not - can only be used with strlist (string list) and string properties. For a string list this match if the given string not match any of the item of the list (or the property is not set for the device). For a string this match of the property not contains the (sub-)string. You can use this attribute to construct if/else blocks together with e.g. contains.

  • prefix - can only be used with string properties. Matches if property begins with the key.

  • prefix_ncase - like prefix but the property and the given key are converted to lowercase before the check.

  • suffix - can only be used with string properties. Matches if property ends with the key.

  • suffix_ncase - like suffix but the property and the given key are converted to lowercase before the check.

  • compare_lt - can be used on int, uint64, double and string properties to compare with a constant. Matches when the given property is less than the given constant using the default ordering.

  • compare_le - like compare_lt but matches when less than or equal.

  • compare_gt - like compare_lt but matches when greater than.

  • compare_ge - like compare_lt but matches when greater than or equal.

  • compare_ne - like compare_lt but matches when not equal.

Merging

The <merge>, <append>, <prepend> and <addset> directives all require the type attribute which specifies what to merge. The following values are supported

  • string - The value is copied to the property. For example <merge key="foo.bar" type="string">baz</merge> will merge the value 'baz' into the property 'foo.bar'.

  • strlist - For <merge> the value is copied to the property and the current property will be overwritten. For <append> and <prepend> the value is append or prepend to the list as new item. For <addset> the strlist is treated as a set and the value is appended if, and only if, the value doesn't exist already. Usage of <copy_property> overwrite the complete list with the value of the given property to copy from.

  • bool - Can merge the values 'true' or 'false'

  • int - Merges an integer

  • uint64 - Merges an unsigned 64-bit integer

  • double - Merges a double precision floating point number

  • copy_property - Copies the value of a given property - supports paths with direct and indirect UDI's. For example <merge key="foo.bar" type="copy_property">@info.parent:baz.bat</merge> will merge the value of the property baz.bat on the device object with the UDI from the property info.parent into the property foo.bar on the device object being processed.

The <remove>, directive require only a key and can be used with all keys. For strlist there is additionally a special syntax to remove a item from the string list. For example to remove item 'bla' from property 'foo.bar': <remove key="foo.bar" type="strlist">bla</remove>

Search Paths

Device Information files are read from two directories

  • /usr/share/hal/fdi - for files provided by packages

包提供的文件

  • /etc/hal/fdi - for files provided by the system administrator / user

由系统管理员和用户提供的文件

in exactly that order. This means that the files provided by the system administrator will be processed last such that they can overwrite / change properties caused by the device information files provided by packages. The following directory structure is used in /usr/share/hal/fdi

       系统管理员提供的文件应该被靠后处理,以至于他们可以覆盖包提供设置。以下是/usr/share/hal/fdi的目录结构:

  • information - device information files used to merge device information

设备信息文件用来合并设备信息

  •  
    • 10freedesktop - included with the hal package

hal包包含的

  •  
    • 20thirdparty - from a 3rd party, not included in hal package

第三方的不包含在hal当中

  • policy - device information files to merge policy properties such as addons or callouts.

设备信息文件合并策略属性,如addonscallouts

  •  
    • 10osvendor included with the hal package

  •  
    • 20thirdparty - from a 3rd party, not included in hal package

  • preprobe - device information files read before probing devices

在检测设备之前都的设备信息文件

  •  
    • 10osvendor - included with the hal package

    • 20thirdparty - from a 3rd party, not included in hal package

As evident, third party packages should drop device information files in

很明显,第三方包的设备信息文件应该放入一下几个目录中

  • /usr/share/hal/fdi/information/20thirdparty

  • /usr/share/hal/fdi/policy/20thirdparty

  • /usr/share/hal/fdi/preprobe/20thirdparty

The /etc/hal/fdi tree uses this layout

  • information - device information files used to merge device information

  • policy - device information files to merge policy properties such as addons or callouts.

  • preprobe - device information files to read before probing devices

All device information files are matched for every hal device object in the following order.

所有设备信息文件都被通过一下顺序来匹配每个hal设备对象。

  1. When a device is discovered, the preprobe device information files (e.g. all files from /usr/share/hal/fdi/preprobe and /etc/hal/fdi/preprobe) are processed.

Typically, this class of device information files is used to tell HAL to leave the device alone by setting the bool property info.ignore to TRUE. It can also be used to run programs, preprobe callouts, prior to normal device investigation.

当一个设备被发现,preprobe的设备信息文件 (e.g. all files from /usr/share/hal/fdi/preprobe and /etc/hal/fdi/preprobe)将被处理

典型的。这类设备信息文件被用来告诉hal通过设置属性info.ignore来把设备独立。

  1. HAL now runs the preprobe callouts.

hal运行preprobecallouts

  1. HAL now probes/investigates the device.

hal现在检测设备

  1. All the information device information files (e.g. all files from /usr/share/hal/fdi/information and /etc/hal/fdi/information) are processed.

These device information files are typically used to associate extra information with a device object.

所有设备信息文件(e.g. all files from /usr/share/hal/fdi/information and /etc/hal/fdi/information) 被处理。这些设备信息文件被典型的用来关联而外的设备对象信息。

  1. All the policy policy information files (e.g. all files from /usr/share/hal/fdi/policy and /etc/hal/fdi/policy) are processed.

These device information files are typically used to associate callouts and addons with a device object.

所有的策略信息文件被处理。这些设备信息文件被典型的用来关联calloutsaddons

  1. HAL now runs the callouts, starts addons, and then finally announces the device on the system message bus.

hal开始运行callouts,运行addons。最终在系统消息总线上声明设备。

 

 

<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } A:link { so-language: zxx } -->

Chapter 3. Access Control

Table of Contents

Device Files

D-Bus Interfaces

Access to hardware by unprivileged users is traditionally granted in two ways either by granting access to the special device file or allowing access through another process, using IPC acting on behalf of the user. HAL follows the latter model and uses the system-wide message bus (D-Bus) as the IPC mechanism. In addition, HAL has support for modifying the ACL's (access control lists) on a device file to grant/revoke access to users based on several criteria.

无权限的用户访问硬件通常被授予权限通过两种方式,一种是获得访问指定设备文件或者通过ipc机制代替该用户在其他进程得到访问权限。hal使用后者并通过d-bus的系统范围总线作为ipc机制。另外,hal支持修改设备文件的acl来获得和拒绝用户的访问。

Device Files

If HAL is built with --enable-acl-management (requires both --enable-console-kit and --enable-policy-kit) then ACL's on device objects with the capability access_control are automatically managed according to the properties defined in the section called “ access_control namespace ”. In addition, for this configuration, HAL ships with a device information file (normally installed in /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi) that merges this capability on device objects that are normally accessed by unprivileged users through the device file. This includes e.g. sound cards, webcams and other devices but excludes drives and volumes as the latter two are normally accessed by a user through mounting them into the file system.

如果hal构建时,带有--enable-acl-management(同时要求--enable-console-kit and --enable-policy-kit) ,则设备对象的acl会有访问控制的能力。并通过属性进行自动管理。该内容在”access control namespace定义。另外,为了该配置,hal传送一个设备信息文件。(通常安装在/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi),该文件用来合并该能力到被无权用户访问的设备的设备对象上。这包括,声卡,摄像头和其他设备,但排除了磁盘和卷被加在后同查跟你被用户通过加载到文件系统中使用。

HAL uses PolicyKit to decide what users should have access according to PolicyKit configuration; see the PolicyKit privilege definition file /etc/PolicyKit/privileges/hal-device-file.priv on a system with HAL installed for the default access suggested by the HAL package and/or OS vendor.

hal使用policykit通过policykit的配置来决定什么用户可以访问。在系统安装hal时会提供默认的policykit权限定义文件/etc/PolicyKit/privileges/hal-device-file.priv

In addition, 3rd party packages can supply device information files to specify (via the access_control.grant_user and access_control.grant_group properties) that a given user or group should always have access to a device file. This is useful for system-wide software (such as AV streaming management) that runs as an unprivileged system user. This interface is supposed to be stable so 3rd party packages can depend on it.

另外,第三方软件包可以提供设备信息文件指定一个给定的用户和组总是可以访问一个设备文件(通过access_control.grant_user and access_control.grant_group 属性)。一个有用的系统级软件。这个接口被指定稳定所以第三方软件包可以被依赖。

D-Bus Interfaces

If HAL is built without ConsoleKit support (e.g. without --enable-console-kit) access to the various D-Bus interfaces that provides mechanisms is only protected by the D-Bus security configuration files (e.g. using at_console to restrict to console user on Red Hat systems) and, in certain cases, restricted to the super user.

如果hal内建不包含consolekit支持来访问dbus接口,则该机制只能由dbus安全配置文件来提供(没有--enable-console-kit选项),在某种情况,限制超级用户。

If ConsoleKit support is enabled, access to D-Bus interfaces is currently hardcoded to only allow active users at the system console. If PolicyKit support is enabled, the PolicyKit library will be in charge of determining access; see the PolicyKit privilege definition files in /etc/PolicyKit/privileges on a system with HAL installed for the default access suggested by the HAL package and/or OS vendor.

如果consolekit支持启用,访问d-bus接口是当前硬编码只允许激活用户在系统控制台。如果policykit支持,policykit库负责坚持访问。查看policykit权限定义文件在/etc/polikcykit/privileges

Chapter 4. Locking

Table of Contents

Overview

Guidelines

As HAL is a mechanism that enables programs in a desktop session to enforce the policy of the users choice, unexpected things can happen. For example, if the user is in the middle of partitioning a disk drive, it is desirable to keep the desktop from mounting partitions that have not yet been prepared with a suitable file system. In fact, in such a situation data loss may be the result if a volume have an old file system signature indicating it's mountable and, simultenously, another tool is writing to the raw block device. The mechanism that automounters use, HAL, provides locking primitives to avoid this.

正如hal是一个使程序可以在桌面会话当中执行用户的策略,可能有无法预期的事情可能发生。例如,如果一个用户希望加载一个还未有合适文件系统的分区。事实上,在这种情况下如果一个分区带有一个就得文件系统特这个你显示他可以被加载,并同时另一个工具在原始块设备上写数据,会导致数据丢失。自动磁盘挂载工具使用hal提供的锁来避免这些。

Further, for multi-user systems, several desktop sessions may run on a system each on their own display. Suppose that one session becomes idle and the power management daemon in that session decides to suspend the system according to user preferences in the idle session. The result is that users at other seats will see the system suspend and this is not desirable. The power management daemons in all sessions need to cooperate to ensure that the system only suspends when e.g. all sessions are idle or not at all. The mechanism that each power management daemon uses, HAL, provides locking primitives that can be used to achieve this.

此外,对于多用户系统,几个桌面绘画会同时运行在一个系统中,每一个会话拥有自己的显示器。假设一个会话变得空闲并且电源管理进程决定暂停系统。这会导致其他用户看到系统暂停并且不愿意看到。在所有会话当中,电源管理进程需要在所有会话都空闲的时候才暂停系统。每个电源管理进程都使用hal提供的锁,来完成这个。

Overview

HAL provides a mechanism to lock a specific D-Bus interface either for a specific device or for all the devices the caller have access to.

hal提供一个机制来锁住指定设备或者所有设备的dbus接口。

The former is achieved by using the AcquireInterfaceLock() and ReleaseInterfaceLock() methods on the org.freedesktop.Hal.Device interface that every device object implements (see the section called “org.freedesktop.Hal.Device interface”). By using this API, a caller can prevent any other caller from invoking methods on the given interface for the given device object - other callers will simply see the org.freedesktop.Hal.Device.InterfaceLocked exception if they attempt to invoke a method on the given interface on the given device. The locker can specify whether the lock is exclusive meaning if multiple clients clients can hold the lock or if only one client can hold the lock at one time. If a client don't have access to the interface of the device, attempts to lock will fail with a org.freedesktop.Hal.PermissionDenied exception. If a client loses access to a device (say, if his session is switched away from using fast user switching) while holding a lock, he will lose the lock; this can be tracked by listening to the InterfaceLockReleased signal.

前者通过每个设备都实现的接口org.freedesktop.Hal.Device AcquireInterfaceLock()ReleaseInterfaceLock()方法完成 锁定。通过使用该api,调用者可以防止任何其他调用者调用给定设备对象的给定接口。如果其他的调用者打算调用这个指定设备对象指定的接口,只会看到 org.freedesktop.Hal.Device.InterfaceLocked异常。如果一个客户当持有锁的时候,丢失了对一个设备访问(如果他的会话通过快速用户切换被切换),他将会丢失该锁。这可以通过InterfaceLockReleased信号监听。

All local clients, whether they are active or not, can always lock interfaces on the root computer device object (this doesn't mean that they are privileged to use the interfaces though) - the rationale is that this device object represents shared infrastructure, e.g. power management, and even inactive sessions needs to participate in managing this.

所有本地客户端,无论他们是否激活,他们总是可以锁定root computer设备对象接口(这不以为着他们有权限使用该接口)该原理是设备对象爱嗯表现为共享架构,如电源管理,其实非激活绘画仍需要参与管理。

If another client already holds a lock exclusively, attempts from other clients to acquire the lock will fail with the org.freedesktop.Hal.Device.InterfaceAlreadyLocked exception even if they have access to the device.

如果另一个客户端已经互斥的持有一个锁,其他用户打算请求该锁将会错误,并产生 org.freedesktop.Hal.Device.InterfaceAlreadyLocked异常,即使他们有权限访问。

In addition, a client may opt to lock all devices that he got access to by using the AcquireGlobalInterfaceLock() and ReleaseGlobalInterfaceLock() methods on the org.freedesktop.Hal.Manager interface on the /org/freedesktop/Hal/Manager object (see the section called “org.freedesktop.Hal.Manager interface”). Global interface locks can also be obtained exclusively if the caller so desires. Unlike per-device interface locking, it is not checked at locking time whether the locker have access to a given device; instead checking is done when callers attempt to access the interface.

另外,一个客户端可以锁定所有设备,通过AcquireGlobalInterfaceLock() and ReleaseGlobalInterfaceLock()方法在 org.freedesktop.Hal.Manager 对象的org.freedesktop.Hal.Manager接口中。如果调用者愿意,全局接口锁同样可以互斥。不像每个设备接口锁,当锁定时它不会检查锁定者是否访问给定设备。当调用者访问接口时才检查。

The algorithm used for determining if a caller is locked out is shown below. A caller A is locked out of an interface IFACE on a device object DEVICE if, and only if,

该算法是解决是否一个调用者被拒绝锁定。一个调用者A锁定DEVICE设备对象IFACE接口被拒绝

  1.  
    1. Another caller B is holding a lock on the interface IFACE on DEVICE and A don't have either a global lock on IFACE or a lock on IFACE on DEVICE; or

    2. 另一个调用者B持有一个所在DEVICEIFACE接口上并且A没有全局锁IFACE或者DEVICEIFACE

    3. Another caller B is holding the global lock on the interface IFACE and B has access to DEVICE and and A don't have either a global lock on IFACE or a lock on IFACE on DEVICE.

    4. 另一个调用者B持有全局锁IFACE并且B访问DEVICE并且A没有其他全局锁在IFACE或者DEVICEIFACE.

In other words, a caller A can grab a global lock, but that doesn't mean A can lock other clients out of devices that A doesn't have access to. Specifically a caller is never locked out if he has locked an interface either globally or on the device in question. However, if two clients have a lock on a device, then both can access it. To ensure that everyone is locked out, a caller needs to use an exclusive lock.

换句话说,调用者A可以捕获一个全局锁,但是不意味着A可以锁定A没有权限访问的其他接口,特别是一个调用者觉不可以

Note that certain interfaces will also check whether other locks are being held on other device objects. This is specified on a per-interface basis in Chapter 6, D-Bus interfaces.

If a process holding locks disconnects from the system bus, the locks being held by that process will be released.

Guidelines

Locking is only useful if applications requiring exclusive access actually use the locking primitives to cooperate with other applications. Here is a list of guidelines.

锁仅对想要通过排斥其他访问与其他应用程序合作的应用程序有用。这里是一个向导列表。

Disk Management / Partitioning

In order to prevent HAL-based automounters from mounting partitions that are being prepared, applications that access block devices directly (and pokes the kernel to reload the partitioning table) should lock out automounters by either a) obtaining the org.freedesktop.Hal.Device.Storage lock on each drive being processed; or b) obtaintaing the global org.freedesktop.Hal.Device.Storage lock. This includes programs like fdisk, gparted, parted and operating system installers. See also the section called “org.freedesktop.Hal.Device.Volume interface” and the hal-lock(1) program and manual page.

为了防止基于hal的自动加载器加载正在准备分区,直接访问块设备的应用程序(直接通过内核重新加载分区表)将被排除获得 将被处理的每个设备的org.freedesktop.Hal.Device.Storage锁或者获得org.freedesktop.Hal.Device.Storage的全局锁。这些程序包括fdisk, gparted, parted 和操作系统安装程序。

Power Management

  •  
    • Typically, a desktop session includes a session-wide power management daemon that enforces the policy of the users choice, e.g. whether the system should suspend to ram on lid close, whether to hibernate the system after the user being idle for 30 minutes and so on. In a multi-user setup (both fast user switching and multi-seat), this can break in various interesting ways unless the power management daemons cooperate. Also, there may be software running at the system level who will want to inhibit a desktop session power management daemon from suspending / shutting down.

    • 典型的,一个桌面绘画包含一个会话范围的电源管理守护进程强制用户选择策略。例如系统是否应该暂停 ,是否暂停系统当用户空闲30分钟。在多用户环境中,这可以被多种方式大乱,除非电源管理进程互相合作。同样,这里需要一个软件运行于系统级别,它会禁止一个桌面会话管理进程暂停系统。

System-level software that do not wish to be interrupted by the effect of someone calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface MUST hold the org.freedesktop.Hal.Device.SystemPowerManagement lock non-exclusively on the root computer device object. For example, the YUM software updater should hold the lock when doing an RPM transaction.

系统级别软件不希望被调用org.freedesktop.Hal.Device.SystemPowerManagement 接口而被中断。系统级别软件应该持有root computer设备对象的org.freedesktop.Hal.Device.SystemPowerManagement 的锁。例如YUM软件更新在执行RPM事务的时候就应该持有该锁。

In addition, any power management session daemon instance

另外,任何电源会话管理进程实例应该

... MUST hold the org.freedesktop.Hal.Device.SystemPowerManagement lock non-exclusively on the root computer device object unless it is prepared to call into this interface itself. This typically means that the PM daemon instance simply acquires the lock on start up and releases it just before it calls into the org.freedesktop.Hal.Device.SystemPowerManagement interface. In other words, the PM daemon instance needs to hold the lock exactly when it doesn't want other PM daemon instances to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface. This means that if the user have configured the PM daemon instance to go to sleep after 30 minutes of inactivity, the lock should be released then.

持有在root computer设备对象的org.freedesktop.Hal.Device.SystemPowerManagement 的非排斥,除非它自己打算调用该借接口。这典型的以为这PM实例简单的要求启动并当的调用org.freedesktop.Hal.Device.SystemPowerManagement 接口时才会释放。还句话说,PM进程实例需要把持该锁当PM不想其他PM调用org.freedesktop.Hal.Device.SystemPowerManagement 接口。这意味着如果用户配置PM在空闲30分钟后释放锁。

... MUST not hold the lock when the session is inactive (fast user switching) UNLESS an application in the session have explicitly called Inhibit() on the org.freedesktop.PowerManagement D-Bus session bus interface of the PM daemon.

不必在会话未激活的状况下持有锁。除非一个应用程序在绘画中显示的调用inhibit()在  org.freedesktop.PowerManagement

... MUST check that no other process is holding the lock (using the IsLockedByOthers method on the standard org.freedesktop.Hal.Device interface) before calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface. If another process is holding the lock, it means that either 1) another session is not prepared to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface; OR 2) some system-level software is holding the lock. The PM daemon instance MUST respect this by not calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface itself.

在调用之前应该确保没有其他进程把持锁,如果其他进程持有该锁,则以为着其他会话没有准备好调用该接口,、或者一些系统级别软件持有该锁,则PM应该尊重不调用该接口。

However, any Power management daemon instance

... MAY prompt the user, if applicable, to ask if she still wants to perform the requested action (e.g. call into the org.freedesktop.Hal.Device.SystemPowerManagement interface) despite the fact that another process (possibly from another user) is indicating that it does not want the system to e.g. suspend. Only if the user agrees, the power management instance should call into the org.freedesktop.Hal.Device.SystemPowerManagement interface. Typically, it's only useful to prompt the user with such questions if the request to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface originates from user input, e.g. either a hotkey, the user clicking a suspend button in the UI or an application invoking the Suspend() method on the org.freedesktop.PowerManagement D-Bus session interface of the PM daemon.

应该提示用户,如果可用,去询问如果她仍然想要表现请求动作(如调用 org.freedesktop.Hal.Device.SystemPowerManagement

... MAY ignore that other processes are holding the lock and call into the org.freedesktop.Hal.Device.SystemPowerManagement interface anyway, but ONLY if if the request to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface originated from e.g. lid close, critically low battery or other similar conditions.

... MAY still call SetPowerSave() on the org.freedesktop.Hal.Device.SystemPowerManagement interface even if other processes are holding the lock. 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值