diff options
Diffstat (limited to 'data/50-org.Arctica-Project.arctica-greeter.rules')
-rw-r--r-- | data/50-org.Arctica-Project.arctica-greeter.rules | 105 |
1 files changed, 74 insertions, 31 deletions
diff --git a/data/50-org.Arctica-Project.arctica-greeter.rules b/data/50-org.Arctica-Project.arctica-greeter.rules index b194628..ddd666a 100644 --- a/data/50-org.Arctica-Project.arctica-greeter.rules +++ b/data/50-org.Arctica-Project.arctica-greeter.rules @@ -1,33 +1,76 @@ -polkit.addRule (function (action, subject) { - if (subject.user == "lightdm") { - switch (action.id) { - // Disable Controlling of Network Devices - case 'org.freedesktop.NetworkManager.enable-disable-network': - case 'org.freedesktop.NetworkManager.enable-disable-wifi': - case 'org.freedesktop.NetworkManager.enable-disable-wwan': - case 'org.freedesktop.NetworkManager.enable-disable-wimax': - // Disable Sleep and Wake - case 'org.freedesktop.NetworkManager.sleep-wake': - // Disable WiFi Sharing - case 'org.freedesktop.NetworkManager.wifi.share.protected': - case 'org.freedesktop.NetworkManager.wifi.share.open': - // Disable Settings Modifications - case 'org.freedesktop.NetworkManager.settings.modify.own': - case 'org.freedesktop.NetworkManager.settings.modify.system': - case 'org.freedesktop.NetworkManager.settings.modify.hostname': - // Disable User Connections - case 'org.freedesktop.NetworkManager.use-user-connections': - // Enable Controlling of Network Connections - case 'org.freedesktop.NetworkManager.network-control': +// Allow enabling/disabling of Network Devices in arctica-greeter / LightDM +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') { + return undefined; + } + + if (action.id == "org.freedesktop.NetworkManager.enable-disable-network" || + action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" || + action.id == "org.freedesktop.NetworkManager.enable-disable-wwan" || + action.id == "org.freedesktop.NetworkManager.enable-disable-wimax") { + return polkit.Result.YES; + } +}); + +// Allow Sleep and Wake in LightDM (for power management purposes) +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') { + return undefined; + } + + if (action.id == "org.freedesktop.NetworkManager.sleep-wake") { + return polkit.Result.YES; + } +}); + +// Disable WiFi Sharing in LightDM +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') { + return undefined; + } + + if ((action.id == "org.freedesktop.NetworkManager.wifi.share.protected" || + action.id == "org.freedesktop.NetworkManager.wifi.share.open")) { + return polkit.Result.NO; + } +}); + +// Allow system settings modifications via arctica-greeter / LightDM +// This leads to the greeter's nm-applet creating non-private WiFi connection profiles +// by default, see: +// https://gitlab.gnome.org/GNOME/network-manager-applet/-/commit/a0f95d83ff946ba854143414c97c4ed7af19b7fa +// +// As a result, all users can use WiFi connection profiles that were originally configured +// in the greeter. Security implications are that all users with access to the greeter can +// via WiFi credentials that other users configured previously via the greeter. +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') { + return undefined; + } + + if (action.id == "org.freedesktop.NetworkManager.settings.modify.system") { + return polkit.Result.YES; + } +}); + +// Allow users to create new WiFi connection profiles via arctica-greeter / LightDM +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') + return undefined; + + if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" || + action.id == "org.freedesktop.NetworkManager.settings.modify.hostname") { return polkit.Result.NO; - break; - default: - /* - * Do nothing... for now. - * - * This means that polkit will continue scanning for other rules. - */ - break; - } - } + } +}); + +// Enable Controlling of Network Connections in LightDM +polkit.addRule(function(action, subject) { + if (subject.user !== 'lightdm') + return undefined; + + if (action.id.match("org.freedesktop.NetworkManager.network-control")) && + subject.active == true) { + return polkit.Result.YES; + } }); |