Commit 299ab139 authored by Dan Williams's avatar Dan Williams

core: add policy for overall network control

Allows for locking down connections completely and disallowing
certain users from touching networking at all.
parent a0822752
......@@ -54,5 +54,14 @@
</defaults>
</action>
<action id="org.freedesktop.NetworkManager.network-control">
<_description>Allow control of network connections</_description>
<_message>System policy prevents control of network connections</_message>
<defaults>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>
......@@ -32,6 +32,7 @@
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_USE_USER_CONNECTIONS "org.freedesktop.NetworkManager.use-user-connections"
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
typedef struct NMAuthChain NMAuthChain;
......
......@@ -3076,6 +3076,7 @@ get_permissions_done_cb (NMAuthChain *chain,
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_USE_USER_CONNECTIONS);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
dbus_g_method_return (context, results);
g_hash_table_destroy (results);
}
......@@ -3110,6 +3111,7 @@ impl_manager_get_permissions (NMManager *self,
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_USE_USER_CONNECTIONS, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
}
/* Legacy 0.6 compatibility interface */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment