From 3b641cb27c28bdf42865ee15f7ccd2b6c9e9d3d1 Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Thu, 21 Nov 2013 21:12:37 +0000
Subject: polkit: Add support to draksec for writing polkit policy override
 rules.

This allows draksec to override things properly under polkit.
---
 perl-install/standalone/polkit/Makefile                 |  5 ++++-
 perl-install/standalone/polkit/org.mageia.draksec.rules | 11 +++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 perl-install/standalone/polkit/org.mageia.draksec.rules

(limited to 'perl-install/standalone/polkit')

diff --git a/perl-install/standalone/polkit/Makefile b/perl-install/standalone/polkit/Makefile
index 070f4211e..6cd42c013 100644
--- a/perl-install/standalone/polkit/Makefile
+++ b/perl-install/standalone/polkit/Makefile
@@ -1,8 +1,10 @@
 BINDIR = /usr/bin
 LIBEXECDIR = /usr/libexec
 BINDEST = $(PREFIX)$(BINDIR)
+POLKITRULESDEST = $(PREFIX)/usr/share/polkit-1/rules.d
 POLKITPOLICYDEST = $(PREFIX)/usr/share/polkit-1/actions
 
+RULES := $(wildcard *.rules)
 POLICY_IN := $(wildcard *.policy.in)
 POLICY = $(POLICY_IN:.policy.in=.policy)
 WRAPPERS = $(patsubst org.mageia.%.policy,%,$(POLICY))
@@ -19,6 +21,7 @@ clean:
 	intltool-merge --utf8 ../po $< $@ -x -u -c ../po/.intltool-merge-cache
 
 install: all
-	install -d $(BINDEST) $(POLKITPOLICYDEST)
+	install -d $(BINDEST) $(POLKITRULESDEST) $(POLKITPOLICYDEST)
 	install -m755 $(WRAPPERS) $(BINDEST)
 	install -m644 $(POLICY) $(POLKITPOLICYDEST)
+	install -m644 $(RULES) $(POLKITRULESDEST)
diff --git a/perl-install/standalone/polkit/org.mageia.draksec.rules b/perl-install/standalone/polkit/org.mageia.draksec.rules
new file mode 100644
index 000000000..45a7f0efe
--- /dev/null
+++ b/perl-install/standalone/polkit/org.mageia.draksec.rules
@@ -0,0 +1,11 @@
+polkit.addRule(function(action, subject) {
+  if (typeof drakToolAuth != "function" || action.id.indexOf("org.mageia.") != 0)
+    return polkit.Result.NOT_HANDLED;
+
+  var tool = action.id.split(".")[2];
+  var rv = drakToolAuth(tool);
+  if (rv != polkit.Result.NOT_HANDLED)
+    polkit.log("draksec security policy for '" + tool + "' is overriden to '" + rv + "'");
+  return rv;
+});
+
-- 
cgit v1.2.1