HAL allows users to halt, shutdown systems, etc... As unpriveledged user.
Issue appears to be systematic.
D-Bus does not install that policy. Each service (in this case HAL, which is deprecated) is responsible for its own security policy: if you don't like HAL's policy, please report that as a bug in HAL, or upgrade your distribution to a version in which HAL can be removed.
(For instance, lots of things in Debian 6 depended on HAL, but in Debian 7 only a few dependencies remain. Other major distributions have had a similar change.)