2007-08-21 04:54:04 -07:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!DOCTYPE policyconfig PUBLIC
|
|
|
|
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
|
|
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
|
|
|
<policyconfig>
|
|
|
|
|
2008-02-26 12:02:02 -08:00
|
|
|
<!--
|
|
|
|
Policy definitions for PackageKit system actions.
|
2009-06-16 09:36:23 -07:00
|
|
|
Copyright (c) 2007-2009 Richard Hughes <richard@hughsie.com>
|
2008-02-26 12:02:02 -08:00
|
|
|
-->
|
2007-08-21 04:54:04 -07:00
|
|
|
|
2008-02-26 11:18:03 -08:00
|
|
|
<vendor>The PackageKit Project</vendor>
|
2023-04-07 05:02:08 -07:00
|
|
|
<vendor_url>https://www.freedesktop.org/software/PackageKit/</vendor_url>
|
2008-02-26 11:18:03 -08:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
|
2008-11-24 09:47:35 -08:00
|
|
|
<action id="org.freedesktop.packagekit.cancel-foreign">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users are allowed to cancel their own task without
|
|
|
|
authentication, but a different user id needs the admin password
|
|
|
|
to cancel another users task.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Cancel foreign task</description>
|
|
|
|
<message>Authentication is required to cancel a task that was not started by yourself</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-11-24 09:47:35 -08:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2008-11-24 09:47:35 -08:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-install">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
2022-08-25 09:04:35 -07:00
|
|
|
- Normal users need authentication to install signed packages
|
|
|
|
from signed repositories, because otherwise the system is
|
|
|
|
only as secure as the least-secure package available in the
|
|
|
|
repositories.
|
2009-07-15 02:22:02 -07:00
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Install signed package</description>
|
|
|
|
<message>Authentication is required to install software</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2013-05-28 06:34:59 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-install-untrusted">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to install untrusted or
|
|
|
|
unrecognised packages, as allowing users to do this without a
|
|
|
|
password would be a massive security hole.
|
|
|
|
- This is not retained as each package should be authenticated.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Install untrusted local file</description>
|
|
|
|
<message>Authentication is required to install untrusted software</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-04-07 01:40:39 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2008-04-14 16:02:05 -07:00
|
|
|
<allow_active>auth_admin</allow_active>
|
2008-04-07 01:40:39 -07:00
|
|
|
</defaults>
|
2012-02-20 11:46:54 -08:00
|
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
|
2008-04-07 01:40:39 -07:00
|
|
|
</action>
|
|
|
|
|
2014-10-02 01:46:30 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-reinstall">
|
|
|
|
<!-- SECURITY
|
|
|
|
- Normal users require admin authentication to reinstall packages.
|
|
|
|
- Authorization to install packages does not imply permissions to
|
|
|
|
reinstall them and vice versa.
|
|
|
|
- If a package in question is not trusted, user's permission to install
|
|
|
|
untrusted package will be checked as well.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Install already installed package again</description>
|
|
|
|
<message>Authentication is required to reinstall software</message>
|
2014-10-02 01:46:30 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
|
|
|
<action id="org.freedesktop.packagekit.package-downgrade">
|
|
|
|
<!-- SECURITY
|
|
|
|
- Normal users require admin authentication to downgrade packages.
|
2022-08-25 09:04:35 -07:00
|
|
|
- User authorized to downgrade signed packages is authorized to install
|
2014-10-02 01:46:30 -07:00
|
|
|
them as well.
|
|
|
|
- If a package in question is not trusted, user's permission to install
|
|
|
|
untrusted package will be checked as well.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Install older version of installed package</description>
|
|
|
|
<message>Authentication is required to downgrade software</message>
|
2014-10-02 01:46:30 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
|
|
</defaults>
|
|
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-trust-signing-key">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to add signing keys.
|
|
|
|
- This implies adding an explicit trust, and should not be granted
|
|
|
|
without a secure authentication.
|
|
|
|
- This is not kept as each package should be authenticated.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Trust a key used for signing software</description>
|
|
|
|
<message>Authentication is required to consider a key used for signing software as trusted</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-02-18 16:14:01 -08:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2008-04-14 12:54:21 -07:00
|
|
|
<allow_active>auth_admin</allow_active>
|
2007-09-21 08:45:54 -07:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-eula-accept">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users do not require admin authentication to accept new
|
|
|
|
licence agreements.
|
|
|
|
- Change this to 'auth_admin' for environments where users should not
|
|
|
|
be given the option to make legal decisions.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Accept EULA</description>
|
|
|
|
<message>Authentication is required to accept a EULA</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-04-17 04:05:51 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2008-07-19 01:00:24 -07:00
|
|
|
<allow_active>yes</allow_active>
|
2007-08-25 09:52:23 -07:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-remove">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to remove packages as
|
|
|
|
this can make the system unbootable or stop other applications from
|
|
|
|
working.
|
|
|
|
- Be sure to close the tool used to remove the packages after the
|
|
|
|
admin authentication has been obtained, otherwise packages can still
|
|
|
|
be removed. If this is not possible, change this authentication to
|
|
|
|
'auth_admin'.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Remove package</description>
|
|
|
|
<message>Authentication is required to remove software</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
2012-02-20 11:48:49 -08:00
|
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
|
2007-08-21 04:54:04 -07:00
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-update">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users do not require admin authentication to update the
|
|
|
|
system as the packages will be signed, and the action is required
|
|
|
|
to update the system when unattended.
|
|
|
|
- Changing this to anything other than 'yes' will break unattended
|
|
|
|
updates.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Update software</description>
|
|
|
|
<message>Authentication is required to update software</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>yes</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-08-04 16:10:19 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-sources-configure">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to enable or disable
|
2018-02-19 03:12:00 -08:00
|
|
|
software repositories as this can be used to enable new updates or
|
2009-07-15 02:22:02 -07:00
|
|
|
install different versions of software.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Change software repository parameters</description>
|
|
|
|
<message>Authentication is required to change software repository parameters</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-10-13 16:04:24 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-10-13 16:04:24 -07:00
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-sources-refresh">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users do not require admin authentication to refresh the
|
|
|
|
cache, as this doesn't actually install or remove software.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Refresh system repositories</description>
|
|
|
|
<message>Authentication is required to refresh the system repositories</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-10-26 06:22:31 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2007-10-26 06:22:31 -07:00
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
2008-05-16 06:33:53 -07:00
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-network-proxy-configure">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users do not require admin authentication to set the proxy
|
|
|
|
used for downloading packages.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Set network proxy</description>
|
|
|
|
<message>Authentication is required to set the network proxy used for downloading software</message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>preferences-system-network-proxy</icon_name>
|
2008-05-16 06:33:53 -07:00
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2008-05-16 06:33:53 -07:00
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2015-10-28 04:18:27 -07:00
|
|
|
<action id="org.freedesktop.packagekit.upgrade-system">
|
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to upgrade the disto as
|
|
|
|
this can make the system unbootable or stop other applications from
|
|
|
|
working.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Upgrade System</description>
|
|
|
|
<message>Authentication is required to upgrade the operating system</message>
|
2015-10-28 04:18:27 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
|
|
|
<allow_any>no</allow_any>
|
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
<allow_active>auth_admin</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2011-12-23 03:18:19 -08:00
|
|
|
<action id="org.freedesktop.packagekit.repair-system">
|
2011-12-15 00:21:20 -08:00
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to repair the system
|
|
|
|
since this can make the system unbootable or stop other
|
|
|
|
applications from working.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Repair System</description>
|
|
|
|
<message>Authentication is required to repair the installed software</message>
|
2011-12-15 00:21:20 -08:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2011-12-15 00:21:20 -08:00
|
|
|
<allow_active>auth_admin</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2012-06-01 15:01:49 -07:00
|
|
|
<action id="org.freedesktop.packagekit.trigger-offline-update">
|
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users are able to ask updates to be installed at
|
|
|
|
early boot time without a password.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Trigger offline updates</description>
|
|
|
|
<message>Authentication is required to trigger offline updates</message>
|
2012-06-01 15:01:49 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2012-06-01 15:01:49 -07:00
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2016-05-25 02:41:48 -07:00
|
|
|
<action id="org.freedesktop.packagekit.trigger-offline-upgrade">
|
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users require admin authentication to upgrade the system
|
|
|
|
to a new distribution since this can make the system unbootable or
|
|
|
|
stop other applications from working.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Trigger offline updates</description>
|
|
|
|
<message>Authentication is required to trigger offline updates</message>
|
2016-05-25 02:41:48 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
|
|
<allow_active>auth_admin</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2012-06-04 07:47:30 -07:00
|
|
|
<action id="org.freedesktop.packagekit.clear-offline-update">
|
|
|
|
<!-- SECURITY:
|
|
|
|
- Normal users are able to clear the updates message that is
|
|
|
|
shown after an updates are applied at boot time.
|
|
|
|
-->
|
2019-01-24 06:00:29 -08:00
|
|
|
<description>Clear offline update message</description>
|
|
|
|
<message>Authentication is required to clear the offline updates message</message>
|
2012-06-04 07:47:30 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
<defaults>
|
2014-05-04 23:17:01 -07:00
|
|
|
<allow_any>auth_admin</allow_any>
|
|
|
|
<allow_inactive>auth_admin</allow_inactive>
|
2012-06-04 07:47:30 -07:00
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
</defaults>
|
|
|
|
</action>
|
|
|
|
|
2007-08-21 04:54:04 -07:00
|
|
|
</policyconfig>
|
2008-02-26 12:02:02 -08:00
|
|
|
|