diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2024-06-17 14:32:19 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2024-06-18 08:48:10 +0200 |
commit | f77de32b2d950faee5d19d7b2f37ee9eb5fff7e9 (patch) | |
tree | 975c6127c3c7e9743a1cfd943410353bc1ad387f /data/50-org.Arctica-Project.arctica-greeter.rules | |
parent | 4418e2c01101c6d5a974d87d81295e5916601272 (diff) | |
download | arctica-greeter-f77de32b2d950faee5d19d7b2f37ee9eb5fff7e9.tar.gz arctica-greeter-f77de32b2d950faee5d19d7b2f37ee9eb5fff7e9.tar.bz2 arctica-greeter-f77de32b2d950faee5d19d7b2f37ee9eb5fff7e9.zip |
data/50-org.Arctica-Project.arctica-greeter.rules: Make networking more configurable in Arctica Greeter.
Diffstat (limited to 'data/50-org.Arctica-Project.arctica-greeter.rules')
-rw-r--r-- | data/50-org.Arctica-Project.arctica-greeter.rules | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/data/50-org.Arctica-Project.arctica-greeter.rules b/data/50-org.Arctica-Project.arctica-greeter.rules index fff4af1..ddd666a 100644 --- a/data/50-org.Arctica-Project.arctica-greeter.rules +++ b/data/50-org.Arctica-Project.arctica-greeter.rules @@ -1,66 +1,76 @@ -// Disable Controlling of Network Devices +// Allow enabling/disabling of Network Devices in arctica-greeter / LightDM polkit.addRule(function(action, subject) { - if (subject.user !== 'lightdm') + if (subject.user !== 'lightdm') { return undefined; + } if (action.id == "org.freedesktop.NetworkManager.enable-disable-network" || action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" || action.id == "org.freedesktop.NetworkManager.enable-disable-wwan" || action.id == "org.freedesktop.NetworkManager.enable-disable-wimax") { - return polkit.Result.NO; + return polkit.Result.YES; } }); -// Disable Sleep and Wake +// Allow Sleep and Wake in LightDM (for power management purposes) polkit.addRule(function(action, subject) { - if (subject.user !== 'lightdm') + if (subject.user !== 'lightdm') { return undefined; + } if (action.id == "org.freedesktop.NetworkManager.sleep-wake") { - return polkit.Result.NO; + return polkit.Result.YES; } }); -// Disable WiFi Sharing +// Disable WiFi Sharing in LightDM polkit.addRule(function(action, subject) { - if (subject.user !== 'lightdm') + if (subject.user !== 'lightdm') { return undefined; + } if ((action.id == "org.freedesktop.NetworkManager.wifi.share.protected" || action.id == "org.freedesktop.NetworkManager.wifi.share.open")) { - return polkit.Result.NO; + return polkit.Result.NO; } }); -// Disable Settings Modifications +// Allow system settings modifications via arctica-greeter / LightDM +// This leads to the greeter's nm-applet creating non-private WiFi connection profiles +// by default, see: +// https://gitlab.gnome.org/GNOME/network-manager-applet/-/commit/a0f95d83ff946ba854143414c97c4ed7af19b7fa +// +// As a result, all users can use WiFi connection profiles that were originally configured +// in the greeter. Security implications are that all users with access to the greeter can +// via WiFi credentials that other users configured previously via the greeter. polkit.addRule(function(action, subject) { - if (subject.user !== 'lightdm') + if (subject.user !== 'lightdm') { return undefined; + } - if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" || - action.id == "org.freedesktop.NetworkManager.settings.modify.system" || - action.id == "org.freedesktop.NetworkManager.settings.modify.hostname") { - return polkit.Result.NO; + if (action.id == "org.freedesktop.NetworkManager.settings.modify.system") { + return polkit.Result.YES; } }); -// Disable User Connections +// Allow users to create new WiFi connection profiles via arctica-greeter / LightDM polkit.addRule(function(action, subject) { if (subject.user !== 'lightdm') return undefined; - if (action.id == "org.freedesktop.NetworkManager.use-user-connections") { - return polkit.Result.NO; + if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" || + action.id == "org.freedesktop.NetworkManager.settings.modify.hostname") { + return polkit.Result.NO; } }); -// Enable Controlling of Network Connections +// Enable Controlling of Network Connections in LightDM polkit.addRule(function(action, subject) { if (subject.user !== 'lightdm') return undefined; - if (action.id.match("org.freedesktop.NetworkManager.network-control") && + if (action.id.match("org.freedesktop.NetworkManager.network-control")) && subject.active == true) { - return polkit.Result.YES; + return polkit.Result.YES; } }); |