Don’t prohibit applications from including authorization rules
Submitted by Miloslav Trmac
Assigned to David Zeuthen @david
Description
Based on https://bugzilla.redhat.com/show_bug.cgi?id=956005:
The polkit manual states this:
"Authorization rules are intended for two specific audiences
System Administrators
Special-purpose Operating Systems / Environments
and those audiences only. In particular, applications, mechanisms and general-purpose operating systems must never include any authorization rules."
However, it’s become clear that the .action mechanism is not sufficient for expressing various real-world situations (look in /usr/share/polkit-1/rules.d/ ; e.g. gnome-initial-setup and lightdm needs extra access for their special-purpose users, or allowing access to “wheel” members without a password,).
Extending the .action mechanism, or inventing yet another one, purely to keep some abstract separation between users’ and programmers’ policy, is not reasonable; so just remove the documentation discouraging applications from adding their own .rules.
(I can’t see an any obvious middle ground between just prohibiting it, and just allowing it: in particular, allowing applications to only drop in .rules for their own actions isn’t sufficient, see gnome-initial-setup above for a counterexample.)