2007-08-21 04:54:04 -07:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<!DOCTYPE policyconfig PUBLIC
|
|
|
|
|
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
|
|
|
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
|
|
|
|
<policyconfig>
|
|
|
|
|
|
2008-02-26 12:02:02 -08:00
|
|
|
<!--
|
|
|
|
|
Policy definitions for PackageKit system actions.
|
2009-06-16 09:36:23 -07:00
|
|
|
Copyright (c) 2007-2009 Richard Hughes <richard@hughsie.com>
|
2008-02-26 12:02:02 -08:00
|
|
|
-->
|
2007-08-21 04:54:04 -07:00
|
|
|
|
2008-02-26 11:18:03 -08:00
|
|
|
<vendor>The PackageKit Project</vendor>
|
|
|
|
|
<vendor_url>http://www.packagekit.org/</vendor_url>
|
|
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
|
|
2008-11-24 09:47:35 -08:00
|
|
|
<action id="org.freedesktop.packagekit.cancel-foreign">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users are allowed to cancel their own task without
|
|
|
|
|
authentication, but a different user id needs the admin password
|
|
|
|
|
to cancel another users task.
|
|
|
|
|
-->
|
2008-11-24 09:47:35 -08:00
|
|
|
<_description>Cancel foreign task</_description>
|
|
|
|
|
<_message>Authentication is required to cancel a task that was not started by yourself</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-11-24 09:47:35 -08:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2008-11-24 09:47:35 -08:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2008-11-24 09:47:35 -08:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-install">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users do not need authentication to install signed packages
|
|
|
|
|
from signed repositories, as this cannot exploit a system.
|
|
|
|
|
- Paranoid users (or parents!) can change this to 'auth_admin' or
|
|
|
|
|
'auth_admin_keep'.
|
|
|
|
|
-->
|
2008-11-24 09:47:35 -08:00
|
|
|
<_description>Install signed package</_description>
|
2008-07-19 01:00:24 -07:00
|
|
|
<_message>Authentication is required to install a signed package</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-08-21 04:54:04 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-11-19 12:00:17 -08:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-install-untrusted">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to install untrusted or
|
|
|
|
|
unrecognised packages, as allowing users to do this without a
|
|
|
|
|
password would be a massive security hole.
|
|
|
|
|
- This is not retained as each package should be authenticated.
|
|
|
|
|
-->
|
2008-04-22 11:08:09 -07:00
|
|
|
<_description>Install untrusted local file</_description>
|
2008-07-19 01:00:24 -07:00
|
|
|
<_message>Authentication is required to install an untrusted package</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-04-07 01:40:39 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2008-04-07 01:40:39 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2008-04-14 16:02:05 -07:00
|
|
|
<allow_active>auth_admin</allow_active>
|
2008-04-07 01:40:39 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-trust-signing-key">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to add signing keys.
|
|
|
|
|
- This implies adding an explicit trust, and should not be granted
|
|
|
|
|
without a secure authentication.
|
|
|
|
|
- This is not kept as each package should be authenticated.
|
|
|
|
|
-->
|
2008-07-19 01:00:24 -07:00
|
|
|
<_description>Trust a key used for signing packages</_description>
|
|
|
|
|
<_message>Authentication is required to consider a key used for signing packages as trusted</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-02-18 16:14:01 -08:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2008-02-18 16:14:01 -08:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2008-04-14 12:54:21 -07:00
|
|
|
<allow_active>auth_admin</allow_active>
|
2007-09-21 08:45:54 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-eula-accept">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users do not require admin authentication to accept new
|
|
|
|
|
licence agreements.
|
|
|
|
|
- Change this to 'auth_admin' for environments where users should not
|
|
|
|
|
be given the option to make legal decisions.
|
|
|
|
|
-->
|
2008-04-17 04:05:51 -07:00
|
|
|
<_description>Accept EULA</_description>
|
2008-04-18 04:36:20 -07:00
|
|
|
<_message>Authentication is required to accept a EULA</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2008-04-17 04:05:51 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2008-04-17 04:05:51 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2008-07-19 01:00:24 -07:00
|
|
|
<allow_active>yes</allow_active>
|
2007-08-25 09:52:23 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.package-remove">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to remove packages as
|
|
|
|
|
this can make the system unbootable or stop other applications from
|
|
|
|
|
working.
|
|
|
|
|
- Be sure to close the tool used to remove the packages after the
|
|
|
|
|
admin authentication has been obtained, otherwise packages can still
|
|
|
|
|
be removed. If this is not possible, change this authentication to
|
|
|
|
|
'auth_admin'.
|
|
|
|
|
-->
|
2008-02-26 15:36:56 -08:00
|
|
|
<_description>Remove package</_description>
|
2008-04-18 04:36:20 -07:00
|
|
|
<_message>Authentication is required to remove packages</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-08-21 04:54:04 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-update">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users do not require admin authentication to update the
|
|
|
|
|
system as the packages will be signed, and the action is required
|
|
|
|
|
to update the system when unattended.
|
|
|
|
|
- Changing this to anything other than 'yes' will break unattended
|
|
|
|
|
updates.
|
|
|
|
|
-->
|
2008-07-19 01:00:24 -07:00
|
|
|
<_description>Update packages</_description>
|
|
|
|
|
<_message>Authentication is required to update packages</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-08-21 04:54:04 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-08-21 04:54:04 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>yes</allow_active>
|
2007-08-21 04:54:04 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-rollback">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to rollback system state
|
|
|
|
|
as this will change a large number of packages, and could expose the
|
|
|
|
|
system to previously patched security vulnerabilities.
|
|
|
|
|
-->
|
2008-02-26 15:36:56 -08:00
|
|
|
<_description>Rollback to a previous transaction</_description>
|
2008-04-18 04:36:20 -07:00
|
|
|
<_message>Authentication is required to rollback a transaction</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-10-04 11:19:21 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-10-04 11:19:21 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin</allow_active>
|
2007-10-04 11:19:21 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-08-04 16:10:19 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-sources-configure">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to enable or disable
|
|
|
|
|
software sources as this can be used to enable new updates or
|
|
|
|
|
install different versions of software.
|
|
|
|
|
-->
|
2008-04-18 04:36:20 -07:00
|
|
|
<_description>Change software source parameters</_description>
|
|
|
|
|
<_message>Authentication is required to change software source parameters</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-10-13 16:04:24 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-10-13 16:04:24 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
2007-10-13 16:04:24 -07:00
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-sources-refresh">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users do not require admin authentication to refresh the
|
|
|
|
|
cache, as this doesn't actually install or remove software.
|
|
|
|
|
-->
|
2008-07-19 01:00:24 -07:00
|
|
|
<_description>Refresh system sources</_description>
|
|
|
|
|
<_message>Authentication is required to refresh the system sources</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>package-x-generic</icon_name>
|
2007-10-26 06:22:31 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2007-10-26 06:22:31 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
</action>
|
2008-05-16 06:33:53 -07:00
|
|
|
|
2008-07-19 01:00:24 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-network-proxy-configure">
|
2009-07-15 02:22:02 -07:00
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users do not require admin authentication to set the proxy
|
|
|
|
|
used for downloading packages.
|
|
|
|
|
-->
|
2008-05-16 06:33:53 -07:00
|
|
|
<_description>Set network proxy</_description>
|
|
|
|
|
<_message>Authentication is required to set the network proxy used for downloading packages</_message>
|
2009-06-18 00:46:12 -07:00
|
|
|
<icon_name>preferences-system-network-proxy</icon_name>
|
2008-05-16 06:33:53 -07:00
|
|
|
<defaults>
|
2009-06-16 09:36:23 -07:00
|
|
|
<allow_any>no</allow_any>
|
2008-05-16 06:33:53 -07:00
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>yes</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2010-04-28 08:38:55 -07:00
|
|
|
<action id="org.freedesktop.packagekit.system-change-install-root">
|
|
|
|
|
<!-- SECURITY:
|
|
|
|
|
- This is used when users want to install to a different prefix, for
|
|
|
|
|
instance to a LTSP image or a virtual machine.
|
|
|
|
|
- This could be used to overwrite files not owned by the user using
|
|
|
|
|
a carefully created package file.
|
|
|
|
|
-->
|
|
|
|
|
<_description>Change location that packages are installed</_description>
|
|
|
|
|
<_message>Authentication is required to change the location used to decompress packages</_message>
|
|
|
|
|
<icon_name>security-high</icon_name>
|
|
|
|
|
<defaults>
|
|
|
|
|
<allow_any>no</allow_any>
|
|
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2009-08-20 00:33:14 -07:00
|
|
|
<action id="org.freedesktop.packagekit.device-rebind">
|
|
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to rebind a driver
|
|
|
|
|
so that it works after we install firmware.
|
|
|
|
|
- This should not be set to 'yes' as unprivileged users could then
|
|
|
|
|
try to rebind drivers in use, for instance security authentication
|
|
|
|
|
devices.
|
|
|
|
|
-->
|
|
|
|
|
<_description>Reload a device</_description>
|
|
|
|
|
<_message>Authentication is required to reload the device with a new driver</_message>
|
|
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
|
<defaults>
|
|
|
|
|
<allow_any>no</allow_any>
|
|
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
<annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/pk-device-rebind</annotate>
|
|
|
|
|
</action>
|
|
|
|
|
|
2010-11-03 04:54:28 -07:00
|
|
|
<action id="org.freedesktop.packagekit.upgrade-system">
|
|
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to upgrade the disto as
|
|
|
|
|
this can make the system unbootable or stop other applications from
|
|
|
|
|
working.
|
|
|
|
|
-->
|
2010-11-12 09:49:34 -08:00
|
|
|
<_description>Upgrade System</_description>
|
2010-11-03 04:54:28 -07:00
|
|
|
<_message>Authentication is required to upgrade the operating system</_message>
|
|
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
|
<defaults>
|
|
|
|
|
<allow_any>no</allow_any>
|
|
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>auth_admin</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2011-12-15 00:21:20 -08:00
|
|
|
<action id="org.freedesktop.packagekit.repiar-system">
|
|
|
|
|
<!-- SECURITY:
|
|
|
|
|
- Normal users require admin authentication to repair the system
|
|
|
|
|
since this can make the system unbootable or stop other
|
|
|
|
|
applications from working.
|
|
|
|
|
-->
|
|
|
|
|
<_description>Repair System</_description>
|
|
|
|
|
<_message>Authentication is required to repair the installed software</_message>
|
|
|
|
|
<icon_name>package-x-generic</icon_name>
|
|
|
|
|
<defaults>
|
|
|
|
|
<allow_any>no</allow_any>
|
|
|
|
|
<allow_inactive>no</allow_inactive>
|
|
|
|
|
<allow_active>auth_admin</allow_active>
|
|
|
|
|
</defaults>
|
|
|
|
|
</action>
|
|
|
|
|
|
2007-08-21 04:54:04 -07:00
|
|
|
</policyconfig>
|
2008-02-26 12:02:02 -08:00
|
|
|
|
