blob: ddd666a8c5c51a35ef177ded750dfda99406ba14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
// Allow enabling/disabling of Network Devices in arctica-greeter / LightDM
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm') {
return undefined;
}
if (action.id == "org.freedesktop.NetworkManager.enable-disable-network" ||
action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" ||
action.id == "org.freedesktop.NetworkManager.enable-disable-wwan" ||
action.id == "org.freedesktop.NetworkManager.enable-disable-wimax") {
return polkit.Result.YES;
}
});
// Allow Sleep and Wake in LightDM (for power management purposes)
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm') {
return undefined;
}
if (action.id == "org.freedesktop.NetworkManager.sleep-wake") {
return polkit.Result.YES;
}
});
// Disable WiFi Sharing in LightDM
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm') {
return undefined;
}
if ((action.id == "org.freedesktop.NetworkManager.wifi.share.protected" ||
action.id == "org.freedesktop.NetworkManager.wifi.share.open")) {
return polkit.Result.NO;
}
});
// Allow system settings modifications via arctica-greeter / LightDM
// This leads to the greeter's nm-applet creating non-private WiFi connection profiles
// by default, see:
// https://gitlab.gnome.org/GNOME/network-manager-applet/-/commit/a0f95d83ff946ba854143414c97c4ed7af19b7fa
//
// As a result, all users can use WiFi connection profiles that were originally configured
// in the greeter. Security implications are that all users with access to the greeter can
// via WiFi credentials that other users configured previously via the greeter.
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm') {
return undefined;
}
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system") {
return polkit.Result.YES;
}
});
// Allow users to create new WiFi connection profiles via arctica-greeter / LightDM
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm')
return undefined;
if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" ||
action.id == "org.freedesktop.NetworkManager.settings.modify.hostname") {
return polkit.Result.NO;
}
});
// Enable Controlling of Network Connections in LightDM
polkit.addRule(function(action, subject) {
if (subject.user !== 'lightdm')
return undefined;
if (action.id.match("org.freedesktop.NetworkManager.network-control")) &&
subject.active == true) {
return polkit.Result.YES;
}
});
|
