diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | doc/api/tmpl/libpolkit.sgml | 55 | ||||
| -rw-r--r-- | doc/spec/polkit-spec.html | 26 | ||||
| -rw-r--r-- | polkitd/polkit-manager.c | 2 |
4 files changed, 74 insertions, 15 deletions
@@ -1,5 +1,11 @@ 2006-06-06 David Zeuthen <davidz@redhat.com> + * polkitd/polkit-manager.c (polkit_manager_get_caller_info): For + now, comment out SELinux stuff as it breaks when SELinux is not + available. + +2006-06-06 David Zeuthen <davidz@redhat.com> + Patch from Frederic Peters <fpeters@entrouvert.com>. jhbuild monitors files being installed and prevents them from being written out of its target directory. This means HAL now prevents diff --git a/doc/api/tmpl/libpolkit.sgml b/doc/api/tmpl/libpolkit.sgml index 1939dc3..a19e86c 100644 --- a/doc/api/tmpl/libpolkit.sgml +++ b/doc/api/tmpl/libpolkit.sgml @@ -9,13 +9,11 @@ libpolkit </para> - <!-- ##### SECTION See_Also ##### --> <para> </para> - <!-- ##### SECTION Stability_Level ##### --> @@ -61,3 +59,56 @@ libpolkit @Returns: +<!-- ##### FUNCTION libpolkit_get_privilege_list ##### --> +<para> + +</para> + +@ctx: +@result: +@Returns: + + +<!-- ##### FUNCTION libpolkit_is_uid_allowed_for_privilege ##### --> +<para> + +</para> + +@ctx: +@system_bus_unique_name: +@user: +@privilege: +@resource: +@out_is_allowed: +@out_is_temporary: +@out_is_privileged_but_restricted_to_system_bus_unique_name: +@Returns: + + +<!-- ##### FUNCTION libpolkit_revoke_temporary_privilege ##### --> +<para> + +</para> + +@ctx: +@user: +@privilege: +@resource: +@result: +@Returns: + + +<!-- ##### FUNCTION libpolkit_get_allowed_resources_for_privilege_for_uid ##### --> +<para> + +</para> + +@ctx: +@user: +@privilege: +@resources: +@ions: +@num_non_temporary: +@Returns: + + diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html index 51f6195..df946de 100644 --- a/doc/spec/polkit-spec.html +++ b/doc/spec/polkit-spec.html @@ -1,10 +1,10 @@ <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br> <code class="email"><<a href="mailto:david@fubar.dk">david@fubar.dk</a>></code><br> - </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2867132">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2867155">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2897848">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2862356">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2862581">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2866392">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2866469">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2866494"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866523"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866556"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2862178"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2906842"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2867132">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2867132"></a>About</h2></div></div></div><p> + </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2993332">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2993355">Privileges</a></span></dt><dt><span class="sect1"><a href="#id3024047">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2988556">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2988781">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2992592">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2992668">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2992694"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2992722"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2992755"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2988375"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id3033039"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2993332">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2993332"></a>About</h2></div></div></div><p> PolicyKit is a system for enabling unprivileged desktop applications to invoke privileged methods on system-wide components in a controlled manner. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2867155">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2897848">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2862356">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2867155"></a>Privileges</h2></div></div></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2993355">Privileges</a></span></dt><dt><span class="sect1"><a href="#id3024047">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2988556">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2993355"></a>Privileges</h2></div></div></div><p> One major concept of the PolicyKit system is the notion of privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span> (referred to simply as @@ -17,7 +17,7 @@ allowed to invoke a method, the system level component defines a set of <span class="emphasis"><em>privileges</em></span>. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2897848"></a>Architecture</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3024047"></a>Architecture</h2></div></div></div><p> The PolicyKit system is basically client/server and is implemented as the system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS @@ -34,7 +34,7 @@ In addition, the PolicyKit system includes client side libraries and command-line utilities wrapping the D-BUS API of the <code class="literal">org.freedesktop.PolicyKit</code> service. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2862356"></a>Example</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2988556"></a>Example</h2></div></div></div><p> As an example, HAL exports the method <code class="literal">Mount</code> on the <code class="literal">org.freedesktop.Hal.Device.Volume</code> interface @@ -96,20 +96,20 @@ <img src="polkit-arch.png"> </p><p> The whole example is outlined in the diagram above. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2862581">Resource Identifiers</a></span></dt></dl></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2988781">Resource Identifiers</a></span></dt></dl></div><p> PolicyKit allows granting privileges only on certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it is possible to grant the privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the user with uid 500 but only for the HAL device object representing e.g. the <code class="literal">/dev/hda3</code> partition. - </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2862581"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying + </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2988781"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying what service they belong to. The following resource identifiers are defined </p><div class="itemizedlist"><ul type="disc"><li><p> <code class="literal">hal://</code> HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code> - </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2866392">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2866469">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2866494"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866523"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2866556"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2862178"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2906842"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2866392"></a>Privilege Descriptors</h2></div></div></div><p> + </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2992592">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2992668">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2992694"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2992722"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2992755"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2988375"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id3033039"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2992592"></a>Privilege Descriptors</h2></div></div></div><p> Applications, such as HAL, installs <span class="emphasis"><em>privilege descriptors</em></span> into the <code class="literal">/etc/PolicyKit/privilege.d</code> directory @@ -128,7 +128,7 @@ Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently. </p></li><li><p> Whether a user with the privilege may permanently grant it to other users. - </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2866469"></a>File Format</h2></div></div></div><p> + </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2992668"></a>File Format</h2></div></div></div><p> A developer of a system-wide application wanting to define a privilege must create a privilege descriptor. This is a a simple <code class="literal">.ini</code>-like config file. Here is what @@ -142,7 +142,7 @@ CanObtain= CanGrant= ObtainRequireRoot= - </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866494"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> + </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2992694"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> This is a list of privileges the user must possess in order to possess the given privilege. If the user doesn't possess all of these privileges he is not considered to possess the @@ -151,7 +151,7 @@ for one or more resources. E.g., if <code class="literal">foo</code> is a required privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866523"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2992722"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> This is a list of privileges that, if a user possess any of these, he is consider to possess the given privilege. The list may be empty. A privilege in this list is considered @@ -159,7 +159,7 @@ resources. As with <code class="literal">RequiredPrivileges</code>, if <code class="literal">foo</code> is a sufficient privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2866556"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2992755"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> Both <code class="literal">Allow</code> and <code class="literal">Deny</code> contains lists describing what users are allowed respectively denied the privilege. The elements of in each @@ -258,7 +258,7 @@ has <code class="literal">CanObtain</code> set to <code class="literal">False</code>, the user will always have to authenticate as the super user. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2862178"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2988375"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> This property (it can assume the values <code class="literal">True</code> and <code class="literal">False</code>) describes whether an user with the given privilege can @@ -289,7 +289,7 @@ the value <code class="literal">True</code> if this property assumes the value <code class="literal">True</code>. Otherwise this property effectively assumes the value <code class="literal">False</code>. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2906842"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3033039"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> If the property <code class="literal">CanObtain</code> assumes the value <code class="literal">True</code> or <code class="literal">Temporary</code> it means the user can diff --git a/polkitd/polkit-manager.c b/polkitd/polkit-manager.c index 947d333..c1cef18 100644 --- a/polkitd/polkit-manager.c +++ b/polkitd/polkit-manager.c @@ -354,6 +354,7 @@ polkit_manager_get_caller_info (PolicyKitManager *manager, goto out; } +#if 0 if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionSELinuxSecurityContext", &error, G_TYPE_STRING, sender, G_TYPE_INVALID, @@ -369,6 +370,7 @@ polkit_manager_get_caller_info (PolicyKitManager *manager, selinux_context_string = (char *) g_array_free (calling_selinux_context, FALSE); g_message ("selinux context = '%s' for sender '%s'", selinux_context_string, sender); g_free (selinux_context_string); +#endif caller_info = g_new0 (CallerInfo, 1); caller_info->uid = *calling_uid; |