<!-- @page { margin: 2cm } H3 { margin-left: 0.16cm; margin-right: 0.16cm; margin-top: 0.16cm; margin-bottom: 0.16cm; background: #ffffff; border: none; padding: 0cm; color: #000000; background: #ffffff } H3.western { font-family: "Times New Roman", serif; font-size: 12pt } H3.cjk { font-family: "Times New Roman", serif; font-size: 12pt; font-style: normal } H3.ctl { font-family: "Times New Roman", serif; font-size: 13pt } H2 { margin-left: 0.16cm; margin-right: 0.16cm; margin-top: 0.16cm; margin-bottom: 0.16cm; background: #ffffff; border: none; padding: 0cm; color: #000000; background: #ffffff } H2.western { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } H2.cjk { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } H2.ctl { font-family: "Times New Roman", serif; font-size: 14pt; font-style: italic } P { margin-bottom: 0.21cm } A:link { so-language: zxx } -->
AL 0.5.10 Specification
David Zeuthen
Version 0.5.10
Table of Contents
portable_audio_player namespace
org.freedesktop.Hal.Manager interface
org.freedesktop.Hal.Device interface
org.freedesktop.Hal.Device.SystemPowerManagement interface
org.freedesktop.Hal.Device.CPUFreq interface
org.freedesktop.Hal.Device.LaptopPanel interface
org.freedesktop.Hal.Device.KeyboardBacklight interface
org.freedesktop.Hal.Device.LightSensor interface
org.freedesktop.Hal.Device.Storage interface
org.freedesktop.Hal.Device.Volume interface
org.freedesktop.Hal.Device.Volume.Crypto interface
org.freedesktop.Hal.Device.KillSwitch interface
org.freedesktop.Hal.Device.AccessControl interface
Chapter 1. Introduction
Table of Contents
About
This document concerns the specification of HAL which is a piece of software that provides a view of the various hardware attached to a system. In addition to this, HAL keeps detailed metadata for each piece of hardware and provide hooks such that system- and desktop-level software can react to changes in the hardware configuration in order to maintain system policy.
該文檔用於描述HAL規範,HAL提供了一個綁定於當前系統的各種硬件的視圖。除此之外,HAL維護每一個硬件細節數據,並提供可以讓應用程序對硬件配置的改變作出響應的系統和桌面級的鉤子來維護系統策略。
HAL represents a piece of hardware as a device object. A device object is identified by a unique identifer and carries a set of key/value paris referred to as device properties. Some properties are derived from the actual hardware, some are merged from device information files and some are related to the actual device configuration. This document specifies the set of device properties and gives them well-defined meaning. This enable system and desktop level components to distinguish between the different device objects and discover and configure devices based on these properties.
HAL用device object(設備對象)來表示硬件。每個設備對象使用一個唯一標識來標識,並隨該標識附有一組鍵值屬性。一些屬性來自於實際的硬件,而另一些來自於device infomation files(設備信息文件),還有來自於實際設備配置。該文檔定義一組設備屬性,並給予定義。這些可以使系統桌面級組件基於這些屬性來區分不同設備對象,發現,配置設備的不同。
HAL provides an easy-to-use API through D-Bus which is an IPC framework that, among other
things, provides a system-wide message-bus that allows applications to talk to one another. Specifically, D-Bus provides asynchronous notification such that HAL can notify other peers on the message-bus when devices are added and removed as well as when properties on a device are changing.
HAL通過提供了系統範圍總線進行進程間通信的IPC框架D-Bus提供易於使用的API。特別是,D-Bus提供一步通信記住,來使HAL可以在設備被插入,刪除,或者設備的一個屬性被改變時,來提示在總線上的其他節點。
The most important goal of HAL is to provide plug-and-play facilities for UNIX-like desktops with focus on providing a rich and extensible description of device characteristics and features. HAL has no other major dependencies apart from D-Bus which, given sufficient infrastructure, allows it to be implemented on many UNIX-like systems. The major focus, initially, is systems running the Linux 2.6 series kernels.
HAL最重要的目標是爲在Unix類系統桌面上的即插即用設備提供豐富的可擴展的設備特徵,HAL除了D-bus之外,沒有其他的依賴,使其可以在衆多的unix類系統實現。最初主要的焦點是,系統需要運行於2.6系列內核。
Acknowledgements
Havoc Pennington's article ''Making Hardware Just Work'' motivated this work. The specification and software would not exist without all the useful ideas, suggestions, comments and patches from the Free Desktop and HAL mailing lists.
All trademarks mentioned belong to their respective owners.
Havoc Pennington 的文章 ''Making Hardware Just Work'' 描述了hal的開發動機。如果沒有freedesktop和hal郵件列表當中的討論,想法,評論,不定。就不會存在這樣一個規範和軟件。
Architecture of HAL
The HAL consists of a number of components as outlined in the diagram below. Note that this diagram is high-level and doesn't capture all implementation details.
hal由下圖中的組件組成。該圖是高層設計圖並沒有包含所有細節
Details on each component
-
HAL daemon
A system-wide service that maintains a database of device objects. The daemon is responsible for merging information from device information files and managing the life cycle of device objects. The service is implemented as a daemon and uses helpers to query devices for specific information.
一個維護設備對象數據庫的系統級別服務。該守護進程附着合併設備信息文件的信息並管理設備對象生命週期。該服務被實現爲一個守護進程並幫助查詢設備專屬的信息。
-
Applications
These are applications consuming services from HAL; this includes desktop-wide session daemons for maintaining policy such as power and disk/volume management.
這些應用程序使用hal的服務;其中包括桌面級別用來維護電源和磁盤管理的會話守護進程
-
Callouts
Callouts are programs that run when device objects are added and removed in the HAL daemon. This is useful for 3rd party software to merge additional information onto the device object before it is announced on D-Bus. Callouts are specified on a per-device basis with the info.callouts.add and info.callouts.remove. See the section called “ info namespace ” for details.
Callouts 是當設備被插入或者移除的時候執行的程序。這對於第三方程序用來在dbus運行之前合併設備對象附加設備信息,Callouts被指定在每一個設備上,通過info.callouts.add和info.callouts.remove.
-
Methods
It is possible to specify that a given HAL device object implements a specific D-Bus interface, e.g. org.freedesktop.Hal.Device.Frob with a set of methods Foo, Bar and Baz and have programs run when applications call into this interface. This is defined in the info.interfaces property, consult the section called “ info namespace ” for details.
指定一個hal給定的設備對象實現一個特定的d-bus接口。Org.freedesktop.Hal.Device.Frob由Foo,Bar和Baz一組方法,並在當有應用程序調用接口時運行一個程序。位於info.interfaces中定義。
-
Addons
An addon can be characterized as a daemon whose life cycle is tied to a device object in HAL. And addon can also claim a specific interface on the device object to provide services to applications for configuring / using the device without having to spawn a new program for every method call. HAL provides a facility to launch/destroy one or more addons per device object using the info.addons property. See the section called “ info namespace ” for details.
一個addon可以作爲一個守護進程,它的生命週期與設備對象的綁定在一起。並且addon可以在設備對象上聲明一個特定的接口來提供服務給應用程序配置和使用設備。這樣不需要爲每一個調用派生一個新的程序。Hal通過info.addons屬性提供了加載和銷燬每個設備上一個或多個addons。
-
Device Information Files
A set of files that matches properties on device objects and merges additional information. These files are used, for among other things, to specify what callouts, methods and addons to associate with a device object. For example, for drives using removable media, HAL includes an add-on daemon which sole purpose is to continously poll the drive to detect media change.
一組匹配設備對象屬性和合並設備附加信息的文件。這些文件被用來指定那些callouts方法和addons綁定於一個設備對象。例如,驅動一個設備對象。HAL包含一個andon守護進程,唯一的目的是持續的檢查媒體是否該百年
The D-Bus system message bus is used to provide a ''network API'' to applications. As D-Bus is designed to be language independent, potentially many languages / runtime systems will be able to easily access the services offered by HAL.
dbus系統消息總線被用來提供網絡api給應用程序。正如d-bus被設計成語言無關,使hal的服務可以使用任何語言和運行時系統來訪問。
Device Objects
It is important to precisely define the term HAL device object. It's actually a bit blurry to define in general, it includes what most UNIX-like systems consider first class objects when it comes to hardware. In particular, a device object should represent the smallest unit of addressable hardware. This means there can be a one-to-many relationship between a physical device and the device objects exported by HAL. Specifically, a multi-function printer, which appear to users as a single device may show up as several device objects; e.g. one HAL device object for each of the printing, scanning, fax and storage interfaces. Conversely, some devices may be implemented such that the HAL device object represent several functional interfaces. HAL is not concerned with this duality of either one-to-many or many-to-one relationships between device objects and the actual iron constituting what users normally understand as a single piece of hardware; a device object represents the smallest addressable unit.
最重要的是給hal設備對象一個定義。實際上它的定義有些模糊,它包含了unix類系統所認爲的第一類對象。實際上,一個設備對象表示一個可以尋址硬件的最小單位。意味着通過hal可以導出物理設備到設備對象的一對多關係。特別是,一個多功能打印機,對用戶來說一個設備是可以表示爲多個設備對象。一個hal設備對象對應一個打印,掃描,傳真存儲接口。相反一個設備可以實現成一個hal設備對象表現爲幾個功能接口。hal並不關心設備對象和實際設備多對一還是一對多的關係來組成用戶所懂得一個單獨硬件;一個設備對象就表示一個最小尋址單元。
Device objects in HAL are organised on a by-connection basis, e.g. for a given device object X it is possible to find the device object Y where X is attached to Y. This gives structure to the device database of HAL; it is possible to map the devices out in a tree. Further, software emulation devices exported by the operating system kernel, such as SCSI emulation for USB Storage Devices, are also considered device objects in HAL. This implies that operating system kernel specific bits leak into the device object database. However applications using HAL will not notice this, such device objects are not referenced anywhere in the device objects that users are interested in; they are merely used as glue to build the device tree.
在hal當中設備對象依賴基本連接組織一起。例如一個給定的設備對象X綁定於Y,則會儘可能的找到設備對象Y。這就是hal數據庫的結構;會儘可能將設備映射到一顆樹。然而,操作系統內核導出的軟件模擬設備,如usb存儲設備模擬的scsi也同樣被hal認爲是設備對象。這意味着操作系統內核特定位滲入到設備對象數據庫當中。然而使用hal的應用程序並不會注意到這點,這樣設備對象的不會引用到該用戶感興趣設備對象當中的的任何地方。它們僅僅是作爲粘合劑綁定到設備樹。
In addition to provide information about what kind of hardware a device object represents (such as a PCI or USB device) and how to address it, HAL merges information about the functional interfaces the operating system kernel provides in order to use the device; in most cases this is represented on the device object as a string property with the name of the special device file in /dev. In addition to the special device file, a number of other useful properties are merged. This means that both hardware and functional properties are on the same device object, which may prove to be useful for an application programmer. For example, an application might query HAL for the device object that exports the special device file /dev/input/mouse2 and learn that this is provide by an USB mouse from a certain manufacturer by checking the properties that export the USB vendor and product identifiers. See the section called “Device Capabilities” and Chapter 5, Device Properties for details.
另外系統關於設備對象的類型(如pci或者usb設備)和如何尋址的信息,hal合併關於操作系統內核提供的功能接口來使用設備;大多數情況是設備對象中的一個字符串屬性包含指定設備對象。另外特定的設備文件有一些其他的有用信息合並進來。這就意味着硬件和功能屬性位於同一個設備對象當中,證明了對於程序開發人員很有用。例如,一個應用程序可以查詢hal的設備對象/dev/input/mouse2並且通過檢查設備對象到處的usb廠商和產品標識獲知這是一個usb鼠標。
Finally, HAL provides one or more D-Bus interfaces for applications to configure and/or use the device. These interfaces are discussed in Chapter 6, D-Bus interfaces.
Summarizing, a device object is comprised by
最後,hal會提供一個或多個dbus接口給應用程序配置和使用設備。這下接口會在第6章集中討論。一個設備對象的組成如下:
-
UDI
This is the the Unique Device Identifer, that is unique for a device object - that is, no other device object can have the same UDI at the same time. The UDI is computed using bus-specific information and is meant to be unique across device insertions and independent of the physical port or slot the device may be plugged into.
這是一個唯一標識,它唯一的標識了一個設備對象。不會同時有兩個設備使用同樣的UDI。UDI通過總線規格信息計算出來並且不依賴所插入的物理接口。
-
Properties
Each device object got a set of properties which are key/value pairs. The key is an ASCII string while the value can be one of several types, see below. Properties are arranged into name spaces using ''.'' as a separator.
每個設備對象得到一組鍵/值屬性對。key爲ASCII字符串,屬性值可以是多種類型。屬性名稱通過‘.'爲分割符的名字空間中排列
-
-
string - UTF8 string
-
strlist - ordered list with UTF8 strings
-
int - 32-bit signed integer
-
uint64 - 64-bit unsigned integer
-
bool - truth value
-
double - IEEE754 double precision floating point number
-
-
Interfaces
Applications can configure and/or use a device using D-Bus interfaces. Typically, there's a one-to-one relationship between capabilities/namespaces and interfaces.
Properties of a device object carry all the important information about a device object. For organisational reasons properties are also namespaced using ''.'' as a separator.
應用程序可以通過dbus接口配置和使用設備。通常,接口和功能是一對一的關係。屬性承載了設備對象的所有重要信息。仍然通過”.”作爲分割符作爲名字空間組織。
It can be useful to classify properties into four groups
屬性通常被分來爲四組。
-
Metadata - Information about how the devices are connected with respect to each other (parent/child relationships), what kind of device it is, what functionality it provides etc.
元數據 - 關於設備如何互相連接的信息,以及是何種設備和提供何種功能。
-
Facts - vendor ID, product ID, disk serial numbers, number of buttons on a mouse, formats accepted by a mp3 player and so on.
Facts - 廠商ID,產品ID,磁盤序列號,在鼠標上的按鈕數量,mp3播放器支持格式等等。 -
Usage specific information - Network link status, special device file name, filesystem mount location etc.
使用規格信息 - 網絡連接狀態,指定的設備文件名,文件系統加載等等。
-
Policy - How the device is to be used be users; usually defined by the system administrator.
策略,設備如何被用戶使用;通常被系統管理員來指定。
The first category is determined by HAL, the second category includes information merged from either querying the hardware itself or from device information files. The third category is intercepted by monitoring the hardware and finally the last is merged from files under control of the system administrator. This document is concerned with precisely defining several properties; see Chapter 5, Device Properties and onwards for more information. As a complement to device properties, HAL also provides conditions on HAL device objects. Conditions are used to relay events that are happening on devices which are not easily expressed in properties. This includes events such as ''processor is overheating'' or ''block device unmounted''.
第一類是由HAL檢測出來的,第二類包括從設備硬件查詢的信息和設備信息文件合併而來的。第三類通過監視硬件被解析和最終合併系統管理員的配置文件。該文檔關係這些屬性的定義。更多的信息在第五章介紹。作爲設備屬性的一個補充,hal在設備對象上提供conditions。conditions用來延遲很難屬性表達的設備時間。包括時間有處理器過熱,塊設備未加載。
There is a special hal device object referred to as the ''root computer device object''. This device object represent the entire system as a whole and all other devices are either directly or indirectly childs of this device object. It has the UDI /org/freedesktop/Hal/devices/computer.
這裏有一個特殊的hal設備對象引用到“root computer設備對象”。該設備對象表示整個系統和所有其他設備對象直接活間接的父設備對象。它的udi是/org/freedesktop/Hal/devices/computer.
The fundamental idea about HAL is that all ''interesting'' information about hardware that a desktop application needs, can be obtained by querying HAL. Below is a screenshot of a simple device manager application shipped with HAL called hal-device-manager. This application is communicating with the HAL daemon and displays the tree of device objects. The shown properties are for a device object representing a harddisk.
關於hal的基本想法是所有應用程序感興趣的硬件信息可以通過hal查詢。下面是一個簡單的設備管理應用程序的截圖,程序名爲hal-device-manager。該應用程序與hal守護進程通信並顯示設備對象樹。顯示的是一個硬盤設備對象。
Device Capabilities
Mainstream hardware isn't very good at reporting what it really is, it only reports, at best, how to interact with it. This is a problem; many devices, such as MP3 players or digital still cameras, appear to the operating system as plain USB Mass Storage devices when the device in fact is a lot more than just that. The core of the problem is that without external metadata, the operating system and desktop environment will present it to the user as just e.g. a mass storage device.
主流硬件不是非常善於報告它是什麼,最好的情況下,它僅報告如何和它交互。這是個問題。許多設備,如mp3播放器或者數碼相機,展現給操作系統的是一個普通usb存儲設備,但實際上設備要比那個複雜。這個問題的核心是沒有額外的元數據,操作系統和桌面緩建將會提供給用戶的僅僅是存儲設備。
As HAL is concerned with merging of external metadata, through e.g. device information files, there needs to be some scheme on how to record what the device actually is. This is achieved by two textual properties, info.category and info.capabilities. The former describes what the device is (as a single alphanumeric keyword) and the latter describes what the device does (as a number of alphanumeric keywords separated by whitespace). The keywords available for use is defined in this document; we'll refer to them in following simply as capabilities.
hal所關心的合併外部數據,通過設備信息文件,這些需要一些scheme記錄設備是什麼。該文檔通過兩個屬性,info.category and info.capabilities.前一個描述了設備是什麼(作爲一個單獨的字符關鍵字),後者描述設備能做什麼(一組字符關鍵字通過空格分割)。關鍵該文檔中定義,我們將引用他們做外簡單capabilities.
HAL itself, assigns capabilities on device detection time by inspecting the device class (if available, it depends on the bus type) and looking at information from the operating system and the hardware itself.
Hal 自己在設備檢測的時候通過檢測設備類(如果可用,這依賴設備類型)並從操作系統硬件查詢設備信息來賦予capabilities。
User mode drivers such as libgphoto2 and sane provides device information to merge information about devices they can drive. As such, device objects represent an USB interface gain additional properties such as ''scanner'' or ''camera''.
用戶模式驅動像libgphoto2和sane提供設備信息合併關於他們可以驅動何種設備,例如設備對象表示爲一個usb藉口獲得附加屬性scanner或者camera.
Having a capability also means that part of the property namespace, prefixed with the capability name, will be populated with more specific information about the capability. Indeed, some properties may even be required such that applications and device libraries have something to expect. For instance, the capability for being a MP3 player may require properties defining what audio formats the device support (e.g. Ogg and MP3), whether it support recording of audio, and how to interact with the device. For example, the latter may specify ''USB Storage Device'' or ''proprietary protocol, use libfooplayer''.
擁有一種能力也意味這能屬性的名字空間,有能力的填充,需要更多指定信息關於capability。一些應用程序和設備庫要求一些屬性。例如,mp3播放器的功能要求屬性定義支持什麼樣的格式。是否能錄音,如何與設備交互,例如後者可以指定usb存儲設備,屬性協議,使用libfooplayer。
Finally, capabilities have an inheritance scheme, e.g. if a device has a capability foo.bar, it must also have the capability foo.
最後,功能可以繼承,例如一個設備有foo.bar功能,它也必須有foo功能。
Chapter 2. Device Information Files
Table of Contents
Device information files (.fdi files is a shorthand) are used to merge arbitrary properties onto device objects. The way device information files works is that once all device properties are merged onto a device object it is tried against the set of installed device information files. Device information files are used for both merging facts and policy settings about devices.
設備信息文件(.fdi 是縮寫)用來合併設備上的專屬信息。設備信息文件的工作方式是一旦所有設備屬性被合併到設備對象上後它一定依賴所有安裝的設備信息文件。設備信息文件被用來合併所有因素和所有關於設備的策略設置。
Matching
Each device information file got a number of <match key="some_property" [string|int|bool|..]="required_value" > directives that is tested against the properties of the device object. If all the match directives passes then the device information can include <[merge|append|prepend|addset] key="some_property" type="[string|int|bool|..]"> directives to respectively merge new properties or append to existing properties on the device object. It's important to emphasize that any previously property stemming from device detection can be overridden by a device information file.
每個設備信息文件都有大量的<match key="some_property" [string|int|bool|..]="required_value" >規則用來匹配這是些設備的屬性。如果所有傳遞給設備信息的匹配項可以包含<[merge|append|prepend|addset] key="some_property" type="[string|int|bool|..]"> 來各自合併新屬性或者追加以存在的設備屬性。非常需要強調的是任何前一個從設備檢測填塞物的屬性都可以被設備信息文件覆蓋。
The <match>, <merge>, <append>, <prepend> and <addset> directives always requires the key attribute which must be either a property name on the device object in question or a path to a property on another device object. The latter case is expressed either through direct specification of the UDI, such as /org/freedesktop/Hal/devices/computer:foo.bar or indirect references such as @info.parent:baz where the latter means that the device object specified by the UDI in the string property info.parent should be used to query the property baz. It is also possible to use multiple indirections, e.g. for a volume on a USB memory stick the indirection @block.storage_device:@storage.originating_device:usb.vendor_id will reference the usb.vendor_id property on the device object representing the USB interface.
<match>, <merge>, <append>, <prepend> and <addset>總是要求key屬性,該屬性是設備對象一個屬性上的或一個到另一個設備對象屬性。後面的情況是表達任意通過直接UDI規範。像/org/freedesktop/Hal/devices/computer:foo.bar或者間接引用像@info.parent:baz,意思是查詢nfo.parent屬性值指定設備對象的屬性baz.也可能用於多重間接,例如usb存儲卡的一個分區的間接引用@block.storage_device:@storage.originating_device:usb.vendor_id,表示將要引用usb接口表現的設備對象usb.vendor_id屬性。
When the property to match have been determined a number of attributes can be used within the <match> tag:
大量的屬性可以用戶match標記:
-
string - match a string property; for example <match key="foo.bar" string="baz"> will match only if 'foo.bar' is a string property assuming the value 'baz'. 匹配一個字符屬性
-
int - match an integer property 匹配一個整形屬性
-
uint64 - match property with the 64-bit unsigned type 匹配一個無符號64位這個女性值
-
bool - match a boolean property 匹配一個布爾值
-
double - match a property of type double 匹配一個double類似
-
exists - used as <match key="foo.bar" exists="true">. Can be used with 'true' and 'false' respectively to match when a property exists and it doesn't.
-
empty - can only be used on string or strlist properties with 'true' and 'false'. The semantics for 'true' is to match only when the string is non-empty.
-
is_ascii - matches only when a string property contain only ASCII characters. Can be used with 'true' or 'false'.
-
is_absolute_path - matches only when a string property represents an absolute path (the path doesn't have to exist). Can be used with 'true' or 'false'.
-
sibling_contains - can only be used with string and strlist (string list). For a string key this matches when a sibling item contains the (sub-)string in the same property. For a string list, this is if a string matches an item in the list.
-
contains - can only be used with string and strlist (string list). For a string key this matches when the property contains the given (sub-)string. For a string list this match if the given string match a item of the list.
-
contains_ncase - like contains but the property and the given key are converted to lowercase before check.
-
contains_not - can only be used with strlist (string list) and string properties. For a string list this match if the given string not match any of the item of the list (or the property is not set for the device). For a string this match of the property not contains the (sub-)string. You can use this attribute to construct if/else blocks together with e.g. contains.
-
prefix - can only be used with string properties. Matches if property begins with the key.
-
prefix_ncase - like prefix but the property and the given key are converted to lowercase before the check.
-
suffix - can only be used with string properties. Matches if property ends with the key.
-
suffix_ncase - like suffix but the property and the given key are converted to lowercase before the check.
-
compare_lt - can be used on int, uint64, double and string properties to compare with a constant. Matches when the given property is less than the given constant using the default ordering.
-
compare_le - like compare_lt but matches when less than or equal.
-
compare_gt - like compare_lt but matches when greater than.
-
compare_ge - like compare_lt but matches when greater than or equal.
-
compare_ne - like compare_lt but matches when not equal.
Merging
The <merge>, <append>, <prepend> and <addset> directives all require the type attribute which specifies what to merge. The following values are supported
-
string - The value is copied to the property. For example <merge key="foo.bar" type="string">baz</merge> will merge the value 'baz' into the property 'foo.bar'.
-
strlist - For <merge> the value is copied to the property and the current property will be overwritten. For <append> and <prepend> the value is append or prepend to the list as new item. For <addset> the strlist is treated as a set and the value is appended if, and only if, the value doesn't exist already. Usage of <copy_property> overwrite the complete list with the value of the given property to copy from.
-
bool - Can merge the values 'true' or 'false'
-
int - Merges an integer
-
uint64 - Merges an unsigned 64-bit integer
-
double - Merges a double precision floating point number
-
copy_property - Copies the value of a given property - supports paths with direct and indirect UDI's. For example <merge key="foo.bar" type="copy_property">@info.parent:baz.bat</merge> will merge the value of the property baz.bat on the device object with the UDI from the property info.parent into the property foo.bar on the device object being processed.
The <remove>, directive require only a key and can be used with all keys. For strlist there is additionally a special syntax to remove a item from the string list. For example to remove item 'bla' from property 'foo.bar': <remove key="foo.bar" type="strlist">bla</remove>
Search Paths
Device Information files are read from two directories
-
/usr/share/hal/fdi - for files provided by packages
包提供的文件
-
/etc/hal/fdi - for files provided by the system administrator / user
由系統管理員和用戶提供的文件
in exactly that order. This means that the files provided by the system administrator will be processed last such that they can overwrite / change properties caused by the device information files provided by packages. The following directory structure is used in /usr/share/hal/fdi
系統管理員提供的文件應該被靠後處理,以至於他們可以覆蓋包提供設置。以下是/usr/share/hal/fdi的目錄結構:
-
information - device information files used to merge device information
設備信息文件用來合併設備信息
-
-
10freedesktop - included with the hal package
-
hal包包含的
-
-
20thirdparty - from a 3rd party, not included in hal package
-
第三方的不包含在hal當中
-
policy - device information files to merge policy properties such as addons or callouts.
設備信息文件合併策略屬性,如addons和callouts
-
-
10osvendor - included with the hal package
-
-
-
20thirdparty - from a 3rd party, not included in hal package
-
-
preprobe - device information files read before probing devices
在檢測設備之前都的設備信息文件
-
-
10osvendor - included with the hal package
-
20thirdparty - from a 3rd party, not included in hal package
-
As evident, third party packages should drop device information files in
很明顯,第三方包的設備信息文件應該放入一下幾個目錄中
-
/usr/share/hal/fdi/information/20thirdparty
-
/usr/share/hal/fdi/policy/20thirdparty
-
/usr/share/hal/fdi/preprobe/20thirdparty
The /etc/hal/fdi tree uses this layout
-
information - device information files used to merge device information
-
policy - device information files to merge policy properties such as addons or callouts.
-
preprobe - device information files to read before probing devices
All device information files are matched for every hal device object in the following order.
所有設備信息文件都被通過一下順序來匹配每個hal設備對象。
-
When a device is discovered, the preprobe device information files (e.g. all files from /usr/share/hal/fdi/preprobe and /etc/hal/fdi/preprobe) are processed.
Typically, this class of device information files is used to tell HAL to leave the device alone by setting the bool property info.ignore to TRUE. It can also be used to run programs, preprobe callouts, prior to normal device investigation.
當一個設備被發現,preprobe的設備信息文件 (e.g. all files from /usr/share/hal/fdi/preprobe and /etc/hal/fdi/preprobe)將被處理
典型的。這類設備信息文件被用來告訴hal通過設置屬性info.ignore來把設備獨立。
-
HAL now runs the preprobe callouts.
hal運行preprobe的callouts
-
HAL now probes/investigates the device.
hal現在檢測設備
-
All the information device information files (e.g. all files from /usr/share/hal/fdi/information and /etc/hal/fdi/information) are processed.
These device information files are typically used to associate extra information with a device object.
所有設備信息文件(e.g. all files from /usr/share/hal/fdi/information and /etc/hal/fdi/information) 被處理。這些設備信息文件被典型的用來關聯而外的設備對象信息。
-
All the policy policy information files (e.g. all files from /usr/share/hal/fdi/policy and /etc/hal/fdi/policy) are processed.
These device information files are typically used to associate callouts and addons with a device object.
所有的策略信息文件被處理。這些設備信息文件被典型的用來關聯callouts和addons
-
HAL now runs the callouts, starts addons, and then finally announces the device on the system message bus.
hal開始運行callouts,運行addons。最終在系統消息總線上聲明設備。
<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } A:link { so-language: zxx } -->
Chapter 3. Access Control
Table of Contents
Access to hardware by unprivileged users is traditionally granted in two ways either by granting access to the special device file or allowing access through another process, using IPC acting on behalf of the user. HAL follows the latter model and uses the system-wide message bus (D-Bus) as the IPC mechanism. In addition, HAL has support for modifying the ACL's (access control lists) on a device file to grant/revoke access to users based on several criteria.
無權限的用戶訪問硬件通常被授予權限通過兩種方式,一種是獲得訪問指定設備文件或者通過ipc機制代替該用戶在其他進程得到訪問權限。hal使用後者並通過d-bus的系統範圍總線作爲ipc機制。另外,hal支持修改設備文件的acl來獲得和拒絕用戶的訪問。
If HAL is built with --enable-acl-management (requires both --enable-console-kit and --enable-policy-kit) then ACL's on device objects with the capability access_control are automatically managed according to the properties defined in the section called “ access_control namespace ”. In addition, for this configuration, HAL ships with a device information file (normally installed in /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi) that merges this capability on device objects that are normally accessed by unprivileged users through the device file. This includes e.g. sound cards, webcams and other devices but excludes drives and volumes as the latter two are normally accessed by a user through mounting them into the file system.
如果hal構建時,帶有--enable-acl-management(同時要求--enable-console-kit and --enable-policy-kit) ,則設備對象的acl會有訪問控制的能力。並通過屬性進行自動管理。該內容在”access control namespace定義。另外,爲了該配置,hal傳送一個設備信息文件。(通常安裝在/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi),該文件用來合併該能力到被無權用戶訪問的設備的設備對象上。這包括,聲卡,攝像頭和其他設備,但排除了磁盤和卷被加在後同查跟你被用戶通過加載到文件系統中使用。
HAL uses PolicyKit to decide what users should have access according to PolicyKit configuration; see the PolicyKit privilege definition file /etc/PolicyKit/privileges/hal-device-file.priv on a system with HAL installed for the default access suggested by the HAL package and/or OS vendor.
hal使用policykit通過policykit的配置來決定什麼用戶可以訪問。在系統安裝hal時會提供默認的policykit權限定義文件/etc/PolicyKit/privileges/hal-device-file.priv
In addition, 3rd party packages can supply device information files to specify (via the access_control.grant_user and access_control.grant_group properties) that a given user or group should always have access to a device file. This is useful for system-wide software (such as AV streaming management) that runs as an unprivileged system user. This interface is supposed to be stable so 3rd party packages can depend on it.
另外,第三方軟件包可以提供設備信息文件指定一個給定的用戶和組總是可以訪問一個設備文件(通過access_control.grant_user and access_control.grant_group 屬性)。一個有用的系統級軟件。這個接口被指定穩定所以第三方軟件包可以被依賴。
If HAL is built without ConsoleKit support (e.g. without --enable-console-kit) access to the various D-Bus interfaces that provides mechanisms is only protected by the D-Bus security configuration files (e.g. using at_console to restrict to console user on Red Hat systems) and, in certain cases, restricted to the super user.
如果hal內建不包含consolekit支持來訪問dbus接口,則該機制只能由dbus安全配置文件來提供(沒有--enable-console-kit選項),在某種情況,限制超級用戶。
If ConsoleKit support is enabled, access to D-Bus interfaces is currently hardcoded to only allow active users at the system console. If PolicyKit support is enabled, the PolicyKit library will be in charge of determining access; see the PolicyKit privilege definition files in /etc/PolicyKit/privileges on a system with HAL installed for the default access suggested by the HAL package and/or OS vendor.
如果consolekit支持啓用,訪問d-bus接口是當前硬編碼只允許激活用戶在系統控制檯。如果policykit支持,policykit庫負責堅持訪問。查看policykit權限定義文件在/etc/polikcykit/privileges中
Table of Contents
As HAL is a mechanism that enables programs in a desktop session to enforce the policy of the users choice, unexpected things can happen. For example, if the user is in the middle of partitioning a disk drive, it is desirable to keep the desktop from mounting partitions that have not yet been prepared with a suitable file system. In fact, in such a situation data loss may be the result if a volume have an old file system signature indicating it's mountable and, simultenously, another tool is writing to the raw block device. The mechanism that automounters use, HAL, provides locking primitives to avoid this.
正如hal是一個使程序可以在桌面會話當中執行用戶的策略,可能有無法預期的事情可能發生。例如,如果一個用戶希望加載一個還未有合適文件系統的分區。事實上,在這種情況下如果一個分區帶有一個就得文件系統特這個你顯示他可以被加載,並同時另一個工具在原始塊設備上寫數據,會導致數據丟失。自動磁盤掛載工具使用hal提供的鎖來避免這些。
Further, for multi-user systems, several desktop sessions may run on a system each on their own display. Suppose that one session becomes idle and the power management daemon in that session decides to suspend the system according to user preferences in the idle session. The result is that users at other seats will see the system suspend and this is not desirable. The power management daemons in all sessions need to cooperate to ensure that the system only suspends when e.g. all sessions are idle or not at all. The mechanism that each power management daemon uses, HAL, provides locking primitives that can be used to achieve this.
此外,對於多用戶系統,幾個桌面繪畫會同時運行在一個系統中,每一個會話擁有自己的顯示器。假設一個會話變得空閒並且電源管理進程決定暫停系統。這會導致其他用戶看到系統暫停並且不願意看到。在所有會話當中,電源管理進程需要在所有會話都空閒的時候才暫停系統。每個電源管理進程都使用hal提供的鎖,來完成這個。
HAL provides a mechanism to lock a specific D-Bus interface either for a specific device or for all the devices the caller have access to.
hal提供一個機制來鎖住指定設備或者所有設備的dbus接口。
The former is achieved by using the AcquireInterfaceLock() and ReleaseInterfaceLock() methods on the org.freedesktop.Hal.Device interface that every device object implements (see the section called “org.freedesktop.Hal.Device interface”). By using this API, a caller can prevent any other caller from invoking methods on the given interface for the given device object - other callers will simply see the org.freedesktop.Hal.Device.InterfaceLocked exception if they attempt to invoke a method on the given interface on the given device. The locker can specify whether the lock is exclusive meaning if multiple clients clients can hold the lock or if only one client can hold the lock at one time. If a client don't have access to the interface of the device, attempts to lock will fail with a org.freedesktop.Hal.PermissionDenied exception. If a client loses access to a device (say, if his session is switched away from using fast user switching) while holding a lock, he will lose the lock; this can be tracked by listening to the InterfaceLockReleased signal.
前者通過每個設備都實現的接口org.freedesktop.Hal.Device 的AcquireInterfaceLock()和ReleaseInterfaceLock()方法完成 鎖定。通過使用該api,調用者可以防止任何其他調用者調用給定設備對象的給定接口。如果其他的調用者打算調用這個指定設備對象指定的接口,只會看到 org.freedesktop.Hal.Device.InterfaceLocked異常。如果一個客戶當持有鎖的時候,丟失了對一個設備訪問(如果他的會話通過快速用戶切換被切換),他將會丟失該鎖。這可以通過InterfaceLockReleased信號監聽。
All local clients, whether they are active or not, can always lock interfaces on the root computer device object (this doesn't mean that they are privileged to use the interfaces though) - the rationale is that this device object represents shared infrastructure, e.g. power management, and even inactive sessions needs to participate in managing this.
所有本地客戶端,無論他們是否激活,他們總是可以鎖定root computer設備對象接口(這不以爲着他們有權限使用該接口)該原理是設備對象愛嗯表現爲共享架構,如電源管理,其實非激活繪畫仍需要參與管理。
If another client already holds a lock exclusively, attempts from other clients to acquire the lock will fail with the org.freedesktop.Hal.Device.InterfaceAlreadyLocked exception even if they have access to the device.
如果另一個客戶端已經互斥的持有一個鎖,其他用戶打算請求該鎖將會錯誤,併產生 org.freedesktop.Hal.Device.InterfaceAlreadyLocked異常,即使他們有權限訪問。
In addition, a client may opt to lock all devices that he got access to by using the AcquireGlobalInterfaceLock() and ReleaseGlobalInterfaceLock() methods on the org.freedesktop.Hal.Manager interface on the /org/freedesktop/Hal/Manager object (see the section called “org.freedesktop.Hal.Manager interface”). Global interface locks can also be obtained exclusively if the caller so desires. Unlike per-device interface locking, it is not checked at locking time whether the locker have access to a given device; instead checking is done when callers attempt to access the interface.
另外,一個客戶端可以鎖定所有設備,通過AcquireGlobalInterfaceLock() and ReleaseGlobalInterfaceLock()方法在 org.freedesktop.Hal.Manager 對象的org.freedesktop.Hal.Manager接口中。如果調用者願意,全局接口鎖同樣可以互斥。不像每個設備接口鎖,當鎖定時它不會檢查鎖定者是否訪問給定設備。當調用者訪問接口時才檢查。
The algorithm used for determining if a caller is locked out is shown below. A caller A is locked out of an interface IFACE on a device object DEVICE if, and only if,
該算法是解決是否一個調用者被拒絕鎖定。一個調用者A鎖定DEVICE設備對象IFACE接口被拒絕
-
-
Another caller B is holding a lock on the interface IFACE on DEVICE and A don't have either a global lock on IFACE or a lock on IFACE on DEVICE; or
-
另一個調用者B持有一個所在DEVICE的IFACE接口上並且A沒有全局鎖IFACE或者DEVICE的IFACE
-
Another caller B is holding the global lock on the interface IFACE and B has access to DEVICE and and A don't have either a global lock on IFACE or a lock on IFACE on DEVICE.
-
另一個調用者B持有全局鎖IFACE並且B訪問DEVICE並且A沒有其他全局鎖在IFACE或者DEVICE的IFACE.
-
In other words, a caller A can grab a global lock, but that doesn't mean A can lock other clients out of devices that A doesn't have access to. Specifically a caller is never locked out if he has locked an interface either globally or on the device in question. However, if two clients have a lock on a device, then both can access it. To ensure that everyone is locked out, a caller needs to use an exclusive lock.
換句話說,調用者A可以捕獲一個全局鎖,但是不意味着A可以鎖定A沒有權限訪問的其他接口,特別是一個調用者覺不可以
Note that certain interfaces will also check whether other locks are being held on other device objects. This is specified on a per-interface basis in Chapter 6, D-Bus interfaces.
If a process holding locks disconnects from the system bus, the locks being held by that process will be released.
Locking is only useful if applications requiring exclusive access actually use the locking primitives to cooperate with other applications. Here is a list of guidelines.
鎖僅對想要通過排斥其他訪問與其他應用程序合作的應用程序有用。這裏是一個嚮導列表。
Disk Management / Partitioning
In order to prevent HAL-based automounters from mounting partitions that are being prepared, applications that access block devices directly (and pokes the kernel to reload the partitioning table) should lock out automounters by either a) obtaining the org.freedesktop.Hal.Device.Storage lock on each drive being processed; or b) obtaintaing the global org.freedesktop.Hal.Device.Storage lock. This includes programs like fdisk, gparted, parted and operating system installers. See also the section called “org.freedesktop.Hal.Device.Volume interface” and the hal-lock(1) program and manual page.
爲了防止基於hal的自動加載器加載正在準備分區,直接訪問塊設備的應用程序(直接通過內核重新加載分區表)將被排除獲得 將被處理的每個設備的org.freedesktop.Hal.Device.Storage鎖或者獲得org.freedesktop.Hal.Device.Storage的全局鎖。這些程序包括fdisk, gparted, parted 和操作系統安裝程序。
Power Management
-
-
Typically, a desktop session includes a session-wide power management daemon that enforces the policy of the users choice, e.g. whether the system should suspend to ram on lid close, whether to hibernate the system after the user being idle for 30 minutes and so on. In a multi-user setup (both fast user switching and multi-seat), this can break in various interesting ways unless the power management daemons cooperate. Also, there may be software running at the system level who will want to inhibit a desktop session power management daemon from suspending / shutting down.
-
典型的,一個桌面繪畫包含一個會話範圍的電源管理守護進程強制用戶選擇策略。例如系統是否應該暫停 ,是否暫停系統當用戶空閒30分鐘。在多用戶環境中,這可以被多種方式大亂,除非電源管理進程互相合作。同樣,這裏需要一個軟件運行於系統級別,它會禁止一個桌面會話管理進程暫停系統。
-
System-level software that do not wish to be interrupted by the effect of someone calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface MUST hold the org.freedesktop.Hal.Device.SystemPowerManagement lock non-exclusively on the root computer device object. For example, the YUM software updater should hold the lock when doing an RPM transaction.
系統級別軟件不希望被調用org.freedesktop.Hal.Device.SystemPowerManagement 接口而被中斷。系統級別軟件應該持有root computer設備對象的org.freedesktop.Hal.Device.SystemPowerManagement 的鎖。例如YUM軟件更新在執行RPM事務的時候就應該持有該鎖。
In addition, any power management session daemon instance
另外,任何電源會話管理進程實例應該
... MUST hold the org.freedesktop.Hal.Device.SystemPowerManagement lock non-exclusively on the root computer device object unless it is prepared to call into this interface itself. This typically means that the PM daemon instance simply acquires the lock on start up and releases it just before it calls into the org.freedesktop.Hal.Device.SystemPowerManagement interface. In other words, the PM daemon instance needs to hold the lock exactly when it doesn't want other PM daemon instances to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface. This means that if the user have configured the PM daemon instance to go to sleep after 30 minutes of inactivity, the lock should be released then.
持有在root computer設備對象的org.freedesktop.Hal.Device.SystemPowerManagement 的非排斥,除非它自己打算調用該借接口。這典型的以爲這PM實例簡單的要求啓動並當的調用org.freedesktop.Hal.Device.SystemPowerManagement 接口時纔會釋放。還句話說,PM進程實例需要把持該鎖當PM不想其他PM調用org.freedesktop.Hal.Device.SystemPowerManagement 接口。這意味着如果用戶配置PM在空閒30分鐘後釋放鎖。
... MUST not hold the lock when the session is inactive (fast user switching) UNLESS an application in the session have explicitly called Inhibit() on the org.freedesktop.PowerManagement D-Bus session bus interface of the PM daemon.
不必在會話未激活的狀況下持有鎖。除非一個應用程序在繪畫中顯示的調用inhibit()在 org.freedesktop.PowerManagement
... MUST check that no other process is holding the lock (using the IsLockedByOthers method on the standard org.freedesktop.Hal.Device interface) before calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface. If another process is holding the lock, it means that either 1) another session is not prepared to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface; OR 2) some system-level software is holding the lock. The PM daemon instance MUST respect this by not calling into the org.freedesktop.Hal.Device.SystemPowerManagement interface itself.
在調用之前應該確保沒有其他進程把持鎖,如果其他進程持有該鎖,則以爲着其他會話沒有準備好調用該接口,、或者一些系統級別軟件持有該鎖,則PM應該尊重不調用該接口。
However, any Power management daemon instance
... MAY prompt the user, if applicable, to ask if she still wants to perform the requested action (e.g. call into the org.freedesktop.Hal.Device.SystemPowerManagement interface) despite the fact that another process (possibly from another user) is indicating that it does not want the system to e.g. suspend. Only if the user agrees, the power management instance should call into the org.freedesktop.Hal.Device.SystemPowerManagement interface. Typically, it's only useful to prompt the user with such questions if the request to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface originates from user input, e.g. either a hotkey, the user clicking a suspend button in the UI or an application invoking the Suspend() method on the org.freedesktop.PowerManagement D-Bus session interface of the PM daemon.
應該提示用戶,如果可用,去詢問如果她仍然想要表現請求動作(如調用 org.freedesktop.Hal.Device.SystemPowerManagement
... MAY ignore that other processes are holding the lock and call into the org.freedesktop.Hal.Device.SystemPowerManagement interface anyway, but ONLY if if the request to call into the org.freedesktop.Hal.Device.SystemPowerManagement interface originated from e.g. lid close, critically low battery or other similar conditions.
... MAY still call SetPowerSave() on the org.freedesktop.Hal.Device.SystemPowerManagement interface even if other processes are holding the lock.