From 89048d5b9f63b1fbc3d1520221500ed139dbc28b Mon Sep 17 00:00:00 2001
From: kremlin <ian@kremlin.cc>
Date: Fri, 15 Aug 2014 17:44:56 -0500
Subject: [PATCH] add polkit XML policies, include them in install target

all new .policy files are well formed but i am waiting
for freedesktop to fix the doctype DTD file:
http://thread.gmane.org/gmane.comp.freedesktop.policykit/374
---
 Makefile                                      |  3 +
 .../org.freedesktop.hostname1.policy          | 57 +++++++++++++++++++
 .../org.freedesktop.locale1.policy            | 27 +++++++++
 .../org.freedesktop.login1.policy             | 10 ++++
 .../org.freedesktop.timedate1.policy          | 47 +++++++++++++++
 5 files changed, 144 insertions(+)
 create mode 100644 conf/polkit-policy/org.freedesktop.hostname1.policy
 create mode 100644 conf/polkit-policy/org.freedesktop.locale1.policy
 create mode 100644 conf/polkit-policy/org.freedesktop.login1.policy
 create mode 100644 conf/polkit-policy/org.freedesktop.timedate1.policy

diff --git a/Makefile b/Makefile
index 3e47048..48d3b87 100644
--- a/Makefile
+++ b/Makefile
@@ -45,11 +45,13 @@ CONFDIR=	conf
 POLICYDIR=	$(CONFDIR)/sysbus-policy
 ISPECTDIR=	$(CONFDIR)/introspect-xml
 SERVICEFDIR=	$(CONFDIR)/service-files
+POLKITDIR=  $(CONFDIR)/polkit-policy
 
 INTFDIR=	$(SRCDIR)/interfaces
 
 DBUS_POLICYDIR=	$(SYSCONFDIR)/dbus-1/system.d
 DBUS_CONFIGDIR=	$(PREFIX)/share/dbus-1/system-services
+POLKIT_POLICYDIR=   $(PREFIX)/share/polkit-1/actions
 
 INVOKE_GENFILE_SCRIPT= \
 		./scripts/gen-gdbus-interfaces.sh 
@@ -95,6 +97,7 @@ _install_conf: _generate_servicefiles
 	${INSTALL_DATA} $(POLICYDIR)/*-dbus.conf $(DESTDIR)$(DBUS_POLICYDIR)/
 	${INSTALL_DATA} $(SERVICEFDIR)/*.service $(DESTDIR)$(DBUS_CONFIGDIR)/
 	${INSTALL_DATA} $(CONFDIR)/systemd_compat.conf $(DESTDIR)$(SYSCONFDIR)/
+	${INSTALL_DATA} $(POLKITDIR)/*.policy $(DESTDIR)$(POLKIT_POLICYDIR)/
 
 _install_interface_binaries: $(LINKHN)
 	${INSTALL_PROGRAM_DIR} $(DESTDIR)$(BINDIR)
diff --git a/conf/polkit-policy/org.freedesktop.hostname1.policy b/conf/polkit-policy/org.freedesktop.hostname1.policy
new file mode 100644
index 0000000..c36f736
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.hostname1.policy
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.hostname1.SetHostname">
+        <description>Set dynamic (system) hostname.</description>
+        <message>Setting the dynamic (system) hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetStaticHostname">
+        <description>Set static hostname.</description>
+        <message>Setting the static hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetPrettyHostname">
+        <description>Set pretty (UTF-8) hostname.</description>
+        <message>Setting the pretty (UTF-8) hostname requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetIconName">
+        <description>Set system's icon name.</description>
+        <message>Setting the system's icon name requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.hostname1.SetChassis">
+        <description>Set system's chassis type.</description>
+        <message>Setting the system's chassis type requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>
diff --git a/conf/polkit-policy/org.freedesktop.locale1.policy b/conf/polkit-policy/org.freedesktop.locale1.policy
new file mode 100644
index 0000000..d605267
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.locale1.policy
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.locale1.SetLocale">
+        <description>Set system's locale.</description>
+        <message>Setting the system's locale requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.locale1.SetX11Keyboard">
+        <description>Set Xorg keymap.</description>
+        <message>Setting Xorg's keymap requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>
diff --git a/conf/polkit-policy/org.freedesktop.login1.policy b/conf/polkit-policy/org.freedesktop.login1.policy
new file mode 100644
index 0000000..e851a84
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.login1.policy
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <!-- TODO this nightmare -->
+
+</policyconfig>
diff --git a/conf/polkit-policy/org.freedesktop.timedate1.policy b/conf/polkit-policy/org.freedesktop.timedate1.policy
new file mode 100644
index 0000000..3bd95b4
--- /dev/null
+++ b/conf/polkit-policy/org.freedesktop.timedate1.policy
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+
+<policyconfig>
+    <vendor>OpenBSD</vendor>
+    <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase -->
+
+    <action id="org.freedesktop.timedate1.SetTime">
+        <description>Set system time.</description>
+        <message>Setting the system time requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetTimezone">
+        <description>Set local timezone.</description>
+        <message>Setting the timezone requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetLocalRTC">
+        <description>Switch RTC between UTC and local time.</description>
+        <message>Switching to the system's real time clock source requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+
+    <action id="org.freedesktop.timedate1.SetNTP">
+        <description>Toggle clock synchronization through NTP.</description>
+        <message>Toggling NTP requires authentication.</message>
+        <defaults>
+            <allow_any>auth_admin_keep</allow_any>
+            <allow_inactive>auth_admin_keep</allow_inactive>
+            <allow_active>auth_admin_keep</allow_active>
+        </defaults>
+    </action>
+</policyconfig>
-- 
2.41.0