summaryrefslogtreecommitdiff
path: root/doc/spec/polkit-spec-configuration.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/spec/polkit-spec-configuration.xml')
-rw-r--r--doc/spec/polkit-spec-configuration.xml295
1 files changed, 0 insertions, 295 deletions
diff --git a/doc/spec/polkit-spec-configuration.xml b/doc/spec/polkit-spec-configuration.xml
deleted file mode 100644
index 63b432c..0000000
--- a/doc/spec/polkit-spec-configuration.xml
+++ /dev/null
@@ -1,295 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-
-<chapter id="polkit-conf">
- <title>PolicyKit configuration</title>
-
- <sect1 id="conf-declaring-actions">
- <title>Declaring Actions</title>
-
- <para>
- A Mechanism needs to declare what Actions it supports. This is
- achieved by dropping one or more XML files with the suffix <literal>.policy</literal>
- into the <literal>/usr/share/PolicyKit/policy</literal> directory.
- </para>
- <para>
- The name of the XML file is significant. Each XML file can only
- declare actions from the namespace of it's own name; for example
- actions <literal>org.foobar.action-a</literal>, <literal>org.foobar.action-b</literal>
- and <literal>org.foobar.action-c</literal> would all go into the
- file <literal>org.foobar.policy</literal> while
- actions <literal>com.my-company.product-awesome.action-a</literal>, <literal>com.mycompany.product-awesome.action-b</literal>
- would go into the
- file <literal>com.mycompany.product-awesome.policy</literal>.
- </para>
- <para>
- An example of a <literal>.policy</literal> file would be the following:
- </para>
- <programlisting>
- <![CDATA[
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
-<policyconfig>
- <vendor>The PolicyKit Project</vendor>
- <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
- <icon_name>polkit-icon</icon_name>
-
- <action id="org.gnome.policykit.examples.frobnicate">
- <description>Frobnicate</description>
- <description xml:lang="da">Frobniker</description>
- <description xml:lang="en_CA">Frobnicate, Aye!</description>
- <message>System policy prevents the PolicyKit-gnome example helper from Frobnicating</message>
- <message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Frobnikere!</message>
- <message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Frobnicating, Aye!</message>
-
- <icon_name>polkit-icon-frobnicate</icon_name>
- <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/about-frobnicating</vendor_url>
-
- <defaults>
- <allow_any>no</allow_any>
- <allow_inactive>no</allow_inactive>
- <allow_active>auth_self</allow_active>
- </defaults>
- </action>
-
- <action id="org.gnome.policykit.examples.tweak">
- <description>Tweak</description>
- <description xml:lang="da">Tvæk</description>
- <description xml:lang="en_CA">Tweak, Aye!</description>
- <message>System policy prevents the PolicyKit-gnome example helper from Tweaking</message>
- <message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Tvække!</message>
- <message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Tweaking, Aye!</message>
-
- <!-- just inherit icon_name and vendor_url -->
-
- <defaults>
- <allow_any>no</allow_any>
- <allow_inactive>no</allow_inactive>
- <allow_active>auth_admin</allow_active>
- </defaults>
- </action>
-
-</policyconfig>
-]]>
- </programlisting>
- <para>
- The policy declaration includes:
- <itemizedlist>
- <listitem>
- <para>
- <emphasis>Action Identifier:</emphasis> This identifies
- the action and can only contain the
- characters <literal>[a-z][0-9].-</literal>,
- e.g. lower-case ASCII, digits, period and hyphen. In
- addition the identifier needs to start with a lower-case
- ASCII character. The rationale for having everything is
- lower case is to make it easy to make a distinction
- between PolicyKit actions and D-Bus methods / interfaces
- as the latter is normally using CamelCase.
- </para><para>
- In order for the identifier to be unique, it is
- recommended that a revser domain name is chosen, for
- example if the company Acme Inc. has a product called
- Frakker that exports two Actions Blit and Blop the action
- names should be chosen
- as <literal>com.acme.frakker.blit</literal>
- and <literal>com.acme.frakker.blop</literal>.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>Defaults:</emphasis>
- The <literal>allow_any</literal>, <literal>allow_inactive</literal>
- and <literal>allow_active</literal> tags specify the
- default answer that <literal>libpolkit</literal> will
- return for respectively any, inactive and active
- sessions. See below for valid values and their
- meaning. Any of these elements, including the
- enclosing <literal>defaults</literal> elements may be
- omitted.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>Textual descriptions:</emphasis> Simply included
- for convenience and organizational purposes. Useful for
- graphical editors for
- authorizations. Standard <literal>xml:lang</literal>
- mechnanisms are used to convey localized strings (note
- that intltool 0.36 or greater includes native support for
- handling <literal>.policy</literal> files).
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>Vendor:</emphasis> The <literal>vendor</literal>
- and <literal>vendor_url</literal> describes who is
- supplying the action. Both can be set at the top-level of
- the <literal>.policy</literal> file and each Action can
- further override it. These tags are optional.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>Icon:</emphasis>
- The <literal>icon_name</literal> tag can be used to
- specify an icon name for the action or group of
- actions. The name must adhere to the freedesktop.org Icon
- Naming spec (for theming purposes) and cannot include
- directory separators and must not include filename
- extensions like <literal>.png</literal>. Like with vendor
- tags, this tag can be set at the top level and also be
- specialized for each individual action. This tag is
- optional.
- </para>
- </listitem>
- </itemizedlist>
- The following values for the defaults are
- <itemizedlist>
- <listitem>
- <para>
- <emphasis>no</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_self_one_shot</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_self</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_self_keep_session</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_self_keep_always</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_admin_one_shot</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_admin</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_admin_keep_session</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>auth_admin_keep_always</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis>yes</emphasis>
- </para>
- </listitem>
- </itemizedlist>
- The main point here is that individual upstream software
- projects can provide sensible defaults, e.g. it's sensible for
- the example with a dial-up mechanism to configure
- the <literal>org.freedesktop.networkmanager.dialup-trusted</literal> Action to
- return <emphasis>yes</emphasis> for local active sessions and
- the Action
- <literal>org.freedesktop.networkmanager.dialup-untrusted</literal> to perhaps
- return <emphasis>auth_admin_keep_session</emphasis>. See
- <xref linkend="beyond-defaults"/> for how individual machines
- and sites can customize this.
- </para>
-
- <para>
- The <literal>polkit-list-actions</literal>(1) tool will list all
- the Actions known to <literal>libpolkit</literal> in a
- convenient
- format. The <literal>polkit-policy-file-validate</literal>(1)
- tool can be used to check policy files as part of the software
- release and installation process.
- </para>
-
- <sect2 id="conf-declaring-actions-annotations">
- <title>Annotations</title>
- <para>
- When declaring an Action, one can also annotate it with one or
- more key/value pairs:
- </para>
- <programlisting>
- <![CDATA[
- <action id="com.example.blahblaster.run-as-root">
- <description>Run the graphical BlahBlaster application as the super user</description>
- <message>System policy prevents the BlahBlaster application</message>
- <defaults>
- <allow_inactive>no</allow_inactive>
- <allow_active>auth_admin</allow_active>
- </defaults>
- <annotate key="org.freedesktop.PolicyKit.run-as-superuser.path">/usr/bin/BlahBlaster</annotate>
- </action>
-]]>
- </programlisting>
- <para>
- This is useful when writing an extensible Mechanism that other
- applications wants to use. The example declaration above is
- dealing with an (hypothetical and setuid root) mechanism,
- let's call it
- <literal>run-as-superuser</literal>, that can start graphical
- applications as uid 0. Suppose the user invokes it like this
- </para>
- <programlisting>
- run-as-superuser /usr/bin/BlahBlaster
- </programlisting>
- <para>
- Now, the <literal>run-as-superuser</literal> mechanism is only
- passed a path to the application to start. In order to
- determine if the calling user is allowed to run the given
- application as root, we need to determine the PolicyKit Action
- and then use libpolkit as usual to get an answer (and possibly
- make the user authenticate to gain the privilege to run the
- application). By using annotations,
- the <literal>run-as-superuser</literal> mechanism can query
- what the action is simply by searching for the Action that has
- an annotation
- where <literal>org.freedesktop.PolicyKit.run-as-superuser.path</literal>
- equals the given path,
- e.g. <literal>/usr/bin/BlahBlaster</literal>. It then becomes
- part of the documentation for
- the <literal>run-as-superuser</literal> program to specify
- that applications wanting to use it, simply just needs to
- provide a PolicyKit <literal>.policy</literal> file that
- declares an Action with an
- annotation <literal>org.freedesktop.PolicyKit.run-as-superuser.path</literal>
- whose value is the path to the binary.
- </para>
-
- </sect2>
- </sect1>
-
- <sect1 id="beyond-defaults">
- <title>Beyond the Defaults</title>
-
- <para>
- System administrators and sites can tweak what
- answer <literal>libpolkit</literal> returns depending on the
- Action and Subject and other factors through the configuration
- file <literal>/etc/PolicyKit/PolicyKit.conf</literal>. The
- configuration file format, along with examples, is described in
- the associated manual page of the same name. Note that this file
- is not supposed to be modified by individual packages, it is
- solely the responsibility of the system administrator to make
- changes to this file.
- </para>
- </sect1>
-
-</chapter>
View Lorry Controller Status