pool/polkit
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1034882 from Base:System

Browse Source 
- read actions also from /etc/polkit-1/actions (jsc#PED-1405)
  added polkit-actions-in-etc.patch

OBS-URL: https://build.opensuse.org/request/show/1034882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=87
This commit is contained in:
Dominique Leuenberger 2022-11-10 13:19:33 +00:00 committed by Git OBS Bridge
commit 87333f231e
3 changed files with 239 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
polkit-actions-in-etc.patch Normal file
View File

@ -0,0 +1,227 @@
diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index 90715a5..10dd217 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -104,6 +104,7 @@ System Context | |
+------------------+ |
^ |
| +--------------------------------------+
+ | | /etc/polkit-1/actions/*.policy |
| | /usr/share/polkit-1/actions/*.policy |
| +--------------------------------------+
|
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
index 3894fe9..17652e6 100644
--- a/src/polkitbackend/polkitbackendactionpool.c
+++ b/src/polkitbackend/polkitbackendactionpool.c
@@ -91,8 +91,10 @@ typedef struct
{
/* directory with .policy files, e.g. /usr/share/polkit-1/actions */
GFile *directory;
+ GFile *directory_alt;
GFileMonitor *dir_monitor;
+ GFileMonitor *dir_monitor_alt;
/* maps from action_id to a ParsedAction struct */
GHashTable *parsed_actions;
@@ -109,6 +111,8 @@ enum
{
PROP_0,
PROP_DIRECTORY,
+ /* TODO combine into PROP_DIRECTORIES? */
+ PROP_DIRECTORY_ALT,
};
#define POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPoolPrivate))
@@ -153,9 +157,15 @@ polkit_backend_action_pool_finalize (GObject *object)
if (priv->directory != NULL)
g_object_unref (priv->directory);
+ if (priv->directory_alt != NULL)
+ g_object_unref (priv->directory_alt);
+
if (priv->dir_monitor != NULL)
g_object_unref (priv->dir_monitor);
+ if (priv->dir_monitor_alt != NULL)
+ g_object_unref (priv->dir_monitor_alt);
+
if (priv->parsed_actions != NULL)
g_hash_table_unref (priv->parsed_actions);
@@ -183,6 +193,10 @@ polkit_backend_action_pool_get_property (GObject *object,
g_value_set_object (value, priv->directory);
break;
+ case PROP_DIRECTORY_ALT:
+ g_value_set_object (value, priv->directory_alt);
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -274,6 +288,28 @@ polkit_backend_action_pool_set_property (GObject *object,
}
break;
+ case PROP_DIRECTORY_ALT:
+ priv->directory_alt = g_value_dup_object (value);
+
+ error = NULL;
+ priv->dir_monitor_alt = g_file_monitor_directory (priv->directory_alt,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &error);
+ if (priv->dir_monitor_alt == NULL)
+ {
+ g_warning ("Error monitoring actions alt directory: %s", error->message);
+ g_error_free (error);
+ }
+ else
+ {
+ g_signal_connect (priv->dir_monitor_alt,
+ "changed",
+ (GCallback) dir_monitor_changed,
+ pool);
+ }
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -308,6 +344,18 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
G_PARAM_STATIC_NICK |
G_PARAM_STATIC_BLURB));
+ g_object_class_install_property (gobject_class,
+ PROP_DIRECTORY_ALT,
+ g_param_spec_object ("directoryalt",
+ "DirectoryAlt",
+ "Alternative directory to load action description files from",
+ G_TYPE_FILE,
+ G_PARAM_READWRITE |
+ G_PARAM_CONSTRUCT_ONLY |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_NICK |
+ G_PARAM_STATIC_BLURB));
+
/**
* PolkitBackendActionPool::changed:
* @action_pool: A #PolkitBackendActionPool.
@@ -334,12 +382,13 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
* Returns: A #PolkitBackendActionPool. Free with g_object_unref().
**/
PolkitBackendActionPool *
-polkit_backend_action_pool_new (GFile *directory)
+polkit_backend_action_pool_new (GFile *directory, GFile *directory_alt)
{
PolkitBackendActionPool *pool;
pool = POLKIT_BACKEND_ACTION_POOL (g_object_new (POLKIT_BACKEND_TYPE_ACTION_POOL,
"directory", directory,
+ "directoryalt", directory_alt,
NULL));
return pool;
@@ -505,12 +554,14 @@ ensure_all_files (PolkitBackendActionPool *pool)
{
PolkitBackendActionPoolPrivate *priv;
GFileEnumerator *e;
+ GFileEnumerator *e_alt;
GFileInfo *file_info;
GError *error;
priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool);
e = NULL;
+ e_alt = NULL;
if (priv->has_loaded_all_files)
goto out;
@@ -548,12 +599,48 @@ ensure_all_files (PolkitBackendActionPool *pool)
} /* for all files */
+ /* TODO priority for files in /etc */
+
+ e_alt = g_file_enumerate_children (priv->directory_alt,
+ "standard::name",
+ G_FILE_QUERY_INFO_NONE,
+ NULL,
+ &error);
+ if (error != NULL)
+ {
+ g_warning ("Error enumerating files: %s", error->message);
+ goto out;
+ }
+
+ while ((file_info = g_file_enumerator_next_file (e_alt, NULL, &error)) != NULL)
+ {
+ const gchar *name;
+
+ name = g_file_info_get_name (file_info);
+ /* only consider files with the right suffix */
+ if (g_str_has_suffix (name, ".policy"))
+ {
+ GFile *file;
+
+ file = g_file_get_child (priv->directory_alt, name);
+
+ ensure_file (pool, file);
+
+ g_object_unref (file);
+ }
+
+ g_object_unref (file_info);
+
+ } /* for all files */
+
priv->has_loaded_all_files = TRUE;
out:
if (e != NULL)
g_object_unref (e);
+ if (e_alt != NULL)
+ g_object_unref (e_alt);
}
/* ---------------------------------------------------------------------------------------------------- */
diff --git a/src/polkitbackend/polkitbackendactionpool.h b/src/polkitbackend/polkitbackendactionpool.h
index e992eea..9ccb526 100644
--- a/src/polkitbackend/polkitbackendactionpool.h
+++ b/src/polkitbackend/polkitbackendactionpool.h
@@ -64,7 +64,7 @@ struct _PolkitBackendActionPoolClass
};
GType polkit_backend_action_pool_get_type (void) G_GNUC_CONST;
-PolkitBackendActionPool *polkit_backend_action_pool_new (GFile *directory);
+PolkitBackendActionPool *polkit_backend_action_pool_new (GFile *directory, GFile *directory_alt);
GList *polkit_backend_action_pool_get_all_actions (PolkitBackendActionPool *pool,
const gchar *locale);
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 1cfc88e..a975cac 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -292,6 +292,7 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
{
PolkitBackendInteractiveAuthorityPrivate *priv;
GFile *directory;
+ GFile *directory_alt;
GError *error;
/* Force registering error domain */
@@ -300,8 +301,10 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
directory = g_file_new_for_path (PACKAGE_DATA_DIR "/polkit-1/actions");
- priv->action_pool = polkit_backend_action_pool_new (directory);
+ directory_alt = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/actions");
+ priv->action_pool = polkit_backend_action_pool_new (directory, directory_alt);
g_object_unref (directory);
+ g_object_unref (directory_alt);
g_signal_connect (priv->action_pool,
"changed",
(GCallback) action_pool_changed,

6
polkit.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Nov 09 07:39:53 CET 2022 - aschnell@suse.com
- read actions also from /etc/polkit-1/actions (jsc#PED-1405)
added polkit-actions-in-etc.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 15 13:26:34 UTC 2022 - Marcus Meissner <meissner@suse.com> Thu Sep 15 13:26:34 UTC 2022 - Marcus Meissner <meissner@suse.com>

6
polkit.spec
View File

@ -50,6 +50,8 @@ Patch4: polkit-adjust-libexec-path.patch
# PATCH-FIX-UPSTREAM polkit-fix-pam-prefix.patch luc14n0@opensuse.org -- Make # PATCH-FIX-UPSTREAM polkit-fix-pam-prefix.patch luc14n0@opensuse.org -- Make
# intended use of pam_prefix meson option rather than hard-coded path # intended use of pam_prefix meson option rather than hard-coded path
Patch5: polkit-fix-pam-prefix.patch Patch5: polkit-fix-pam-prefix.patch
# Read actions also from /etc/polkit-1/actions
Patch6: polkit-actions-in-etc.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gettext BuildRequires: gettext
@ -204,6 +206,9 @@ mv %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-default.rules \
mkdir -p %{buildroot}%{_sysusersdir} mkdir -p %{buildroot}%{_sysusersdir}
install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/ install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/
# create actions dir in /etc
mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%pre -f polkit.pre %pre -f polkit.pre
%service_add_pre polkit.service %service_add_pre polkit.service
@ -264,6 +269,7 @@ install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/
%{_pam_vendordir}/polkit-1 %{_pam_vendordir}/polkit-1
%dir %{_sysconfdir}/polkit-1 %dir %{_sysconfdir}/polkit-1
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d %attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
%dir %{_sysconfdir}/polkit-1/actions
%{_bindir}/pkaction %{_bindir}/pkaction
%{_bindir}/pkcheck %{_bindir}/pkcheck
%{_bindir}/pkttyagent %{_bindir}/pkttyagent