add polkit XML policies, include them in install target

all new .policy files are well formed but i am waiting
for freedesktop to fix the doctype DTD file:
http://thread.gmane.org/gmane.comp.freedesktop.policykit/374

diff --git a/Makefile b/Makefile
index 3e47048e525857119a51f2d687cd2194de15c26a..48d3b873b75a87df6219b8c18fa5c301e77a3a21 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -45,11 +45,13 @@ CONFDIR=    conf
 POLICYDIR=     $(CONFDIR)/sysbus-policy
 ISPECTDIR=     $(CONFDIR)/introspect-xml
 SERVICEFDIR=   $(CONFDIR)/service-files
+POLKITDIR=  $(CONFDIR)/polkit-policy
 
 INTFDIR=       $(SRCDIR)/interfaces
 
 DBUS_POLICYDIR=        $(SYSCONFDIR)/dbus-1/system.d
 DBUS_CONFIGDIR=        $(PREFIX)/share/dbus-1/system-services
+POLKIT_POLICYDIR=   $(PREFIX)/share/polkit-1/actions
 
 INVOKE_GENFILE_SCRIPT= \
                ./scripts/gen-gdbus-interfaces.sh 
@@ -95,6 +97,7 @@ _install_conf: _generate_servicefiles
        ${INSTALL_DATA} $(POLICYDIR)/*-dbus.conf $(DESTDIR)$(DBUS_POLICYDIR)/
        ${INSTALL_DATA} $(SERVICEFDIR)/*.service $(DESTDIR)$(DBUS_CONFIGDIR)/
        ${INSTALL_DATA} $(CONFDIR)/systemd_compat.conf $(DESTDIR)$(SYSCONFDIR)/
+       ${INSTALL_DATA} $(POLKITDIR)/*.policy $(DESTDIR)$(POLKIT_POLICYDIR)/
 
 _install_interface_binaries: $(LINKHN)
        ${INSTALL_PROGRAM_DIR} $(DESTDIR)$(BINDIR)

diff --git a/conf/polkit-policy/org.freedesktop.hostname1.policy b/conf/polkit-policy/org.freedesktop.hostname1.policy
new file mode 100644 (file)
index 0000000..c36f736
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.hostname1.policy
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.hostname1.SetHostname">
+        <description>Set dynamic (system) hostname.</description>
+        <message>Setting the dynamic (system) hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetStaticHostname">
+        <description>Set static hostname.</description>
+        <message>Setting the static hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetPrettyHostname">
+        <description>Set pretty (UTF-8) hostname.</description>
+        <message>Setting the pretty (UTF-8) hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetIconName">
+        <description>Set system's icon name.</description>
+        <message>Setting the system's icon name requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetChassis">
+        <description>Set system's chassis type.</description>
+        <message>Setting the system's chassis type requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>

diff --git a/conf/polkit-policy/org.freedesktop.locale1.policy b/conf/polkit-policy/org.freedesktop.locale1.policy
new file mode 100644 (file)
index 0000000..d605267
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.locale1.policy
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.locale1.SetLocale">
+        <description>Set system's locale.</description>
+        <message>Setting the system's locale requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.locale1.SetX11Keyboard">
+        <description>Set Xorg keymap.</description>
+        <message>Setting Xorg's keymap requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>

diff --git a/conf/polkit-policy/org.freedesktop.login1.policy b/conf/polkit-policy/org.freedesktop.login1.policy
new file mode 100644 (file)
index 0000000..e851a84
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.login1.policy
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <!-- TODO this nightmare -->
+
+</policyconfig>

diff --git a/conf/polkit-policy/org.freedesktop.timedate1.policy b/conf/polkit-policy/org.freedesktop.timedate1.policy
new file mode 100644 (file)
index 0000000..3bd95b4
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.timedate1.policy
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.timedate1.SetTime">
+        <description>Set system time.</description>
+        <message>Setting the system time requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetTimezone">
+        <description>Set local timezone.</description>
+        <message>Setting the timezone requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetLocalRTC">
+        <description>Switch RTC between UTC and local time.</description>
+        <message>Switching to the system's real time clock source requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetNTP">
+        <description>Toggle clock synchronization through NTP.</description>
+        <message>Toggling NTP requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>