Skip to content

GitLab

Commit 4d0994f4 authored by David Zeuthen's avatar David Zeuthen
Browse files
Options

add support for vendor, vendor_url and icon_name tags in .policy files

parent 055b8bb7
Hide whitespace changes
Inline Side-by-side
Showing with 296 additions and 4 deletions
doc/spec/polkit-spec-configuration.xml
View file @ 4d0994f4
......@@ -19,6 +19,9 @@
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>The PolicyKit Project</vendor>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<icon_name>polkit-icon</icon_name>
<action id="org.gnome.policykit.examples.frobnicate">
<description>Frobnicate</description>
......@@ -27,6 +30,10 @@
<message>System policy prevents the PolicyKit-gnome example helper from Frobnicating</message>
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Frobnikere!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Frobnicating, Aye!</message>
<icon_name>polkit-icon-frobnicate</icon_name>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/about-frobnicating</vendor_url>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
......@@ -41,6 +48,9 @@
<message>System policy prevents the PolicyKit-gnome example helper from Tweaking</message>
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Tvække!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Tweaking, Aye!</message>
<!-- just inherit icon_name and vendor_url -->
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
......@@ -91,13 +101,37 @@
<listitem>
<para>
<emphasis>Textual descriptions:</emphasis> Simply included
for convenience and organizational
purposes. Standard <literal>xml:lang</literal> mechnanisms
are used to convey localized strings (note that intltool
0.36 or greater includes native support for
for convenience and organizational purposes. Useful for
graphical editors for
authorizations. Standard <literal>xml:lang</literal>
mechnanisms are used to convey localized strings (note
that intltool 0.36 or greater includes native support for
handling <literal>.policy</literal> files).
</para>
</listitem>
<listitem>
<para>
<emphasis>Vendor:</emphasis> The <literal>vendor</literal>
and <literal>vendor_url</literal> describes who is
supplying the action. Both can be set at the top-level of
the <literal>.policy</literal> file and each Action can
further override it. These tags are optional.
</para>
</listitem>
<listitem>
<para>
<emphasis>Icon:</emphasis>
The <literal>icon_name</literal> tag can be used to
specify an icon name for the action or group of
actions. The name must adhere to the freedesktop.org Icon
Naming spec (for theming purposes) and cannot include
directory separators and must not include filename
extensions like <literal>.png</literal>. Like with vendor
tags, this tag can be set at the top level and also be
specialized for each individual action. This tag is
optional.
</para>
</listitem>
</itemizedlist>
The following values for the defaults are
<itemizedlist>
......@@ -106,6 +140,11 @@
<emphasis>no</emphasis>
</para>
</listitem>
<listitem>
<para>
<emphasis>auth_self_one_shot</emphasis>
</para>
</listitem>
<listitem>
<para>
<emphasis>auth_self</emphasis>
......@@ -121,6 +160,11 @@
<emphasis>auth_self_keep_always</emphasis>
</para>
</listitem>
<listitem>
<para>
<emphasis>auth_admin_one_shot</emphasis>
</para>
</listitem>
<listitem>
<para>
<emphasis>auth_admin</emphasis>
......
policy/org.freedesktop.policykit.policy.in
View file @ 4d0994f4
......@@ -15,6 +15,8 @@ file are instantly applied.
-->
<policyconfig>
<vendor>The PolicyKit Project</vendor>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<action id="org.freedesktop.policykit.read">
<_description>Read authorizations of other users</_description>
......
src/polkit/polkit-policy-file-entry.c
View file @ 4d0994f4
......@@ -69,6 +69,9 @@ struct _PolKitPolicyFileEntry
char *policy_description;
char *policy_message;
char *vendor;
char *vendor_url;
char *icon_name;
KitHash *annotations;
};
......@@ -76,6 +79,9 @@ struct _PolKitPolicyFileEntry
/* NOTE: we take ownership of the annotations object */
PolKitPolicyFileEntry *
_polkit_policy_file_entry_new (const char *action_id,
const char *vendor,
const char *vendor_url,
const char *icon_name,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
......@@ -99,6 +105,16 @@ _polkit_policy_file_entry_new (const char *action_id,
if (pfe->action == NULL)
goto error;
pfe->vendor = NULL;
pfe->vendor_url = NULL;
pfe->icon_name = NULL;
if (vendor != NULL && (pfe->vendor = kit_strdup (vendor)) == NULL)
goto error;
if (vendor_url != NULL && (pfe->vendor_url = kit_strdup (vendor_url)) == NULL)
goto error;
if (icon_name != NULL && (pfe->icon_name = kit_strdup (icon_name)) == NULL)
goto error;
if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
/* if we don't support obtaining authorizations
* through authenticating, then make the defaults
......@@ -242,6 +258,74 @@ polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_
return policy_file_entry->policy_message;
}
/**
* polkit_policy_file_entry_get_action_vendor:
* @policy_file_entry: the object
*
* Get the name of the vendor of this action.
*
* Note, if polkit_context_set_load_descriptions() on the
* #PolKitContext object used to get this object wasn't called, this
* method will return #NULL.
*
* Returns: string or #NULL if descriptions are not loaded or vendor
* tag isn't set - caller shall not free this string
*
* Since: 0.7
*/
const char *
polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry)
{
kit_return_val_if_fail (policy_file_entry != NULL, NULL);
return policy_file_entry->vendor;
}
/**
* polkit_policy_file_entry_get_action_vendor_url:
* @policy_file_entry: the object
*
* Get the URL of the vendor of this action.
*
* Note, if polkit_context_set_load_descriptions() on the
* #PolKitContext object used to get this object wasn't called, this
* method will return #NULL.
*
* Returns: string or #NULL if descriptions are not loaded or vendor
* url isn't set - caller shall not free this string
*
* Since: 0.7
*/
const char *
polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry)
{
kit_return_val_if_fail (policy_file_entry != NULL, NULL);
return policy_file_entry->vendor_url;
}
/**
* polkit_policy_file_entry_get_action_icon_name:
* @policy_file_entry: the object
*
* Get the name of the icon that represents the action. This name
* conforms to the freedesktop.org icon naming specification.
*
* Note, if polkit_context_set_load_descriptions() on the
* #PolKitContext object used to get this object wasn't called, this
* method will return #NULL.
*
* Returns: string or #NULL if descriptions are not loaded or icon
* tag isn't set - caller shall not free this string
*
* Since: 0.7
*/
const char *
polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry)
{
kit_return_val_if_fail (policy_file_entry != NULL, NULL);
return policy_file_entry->icon_name;
}
/**
* polkit_policy_file_entry_ref:
* @policy_file_entry: the policy file object
......@@ -287,6 +371,9 @@ polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
kit_free (policy_file_entry->policy_description);
kit_free (policy_file_entry->policy_message);
kit_free (policy_file_entry->vendor);
kit_free (policy_file_entry->vendor_url);
kit_free (policy_file_entry->icon_name);
kit_free (policy_file_entry);
}
......@@ -584,6 +671,9 @@ _run_test (void)
goto oom;
if ((pfe = _polkit_policy_file_entry_new ("org.example-action",
NULL,
NULL,
NULL,
POLKIT_RESULT_NO,
POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
......@@ -630,6 +720,9 @@ _run_test (void)
polkit_policy_file_entry_unref (pfe);
if ((pfe = _polkit_policy_file_entry_new ("org.example-action-2",
NULL,
NULL,
NULL,
POLKIT_RESULT_NO,
POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
......
src/polkit/polkit-policy-file-entry.h
View file @ 4d0994f4
......@@ -66,6 +66,10 @@ PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEn
const char *polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry);
polkit_bool_t polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
PolKitPolicyFileEntryAnnotationsForeachFunc cb,
void *user_data);
......
src/polkit/polkit-policy-file.c
View file @ 4d0994f4
......@@ -72,9 +72,15 @@ enum {
STATE_NONE,
STATE_UNKNOWN_TAG,
STATE_IN_POLICY_CONFIG,
STATE_IN_POLICY_VENDOR,
STATE_IN_POLICY_VENDOR_URL,
STATE_IN_POLICY_ICON_NAME,
STATE_IN_ACTION,
STATE_IN_ACTION_DESCRIPTION,
STATE_IN_ACTION_MESSAGE,
STATE_IN_ACTION_VENDOR,
STATE_IN_ACTION_VENDOR_URL,
STATE_IN_ACTION_ICON_NAME,
STATE_IN_DEFAULTS,
STATE_IN_DEFAULTS_ALLOW_ANY,
STATE_IN_DEFAULTS_ALLOW_INACTIVE,
......@@ -92,7 +98,14 @@ typedef struct {
const char *path;
char *global_vendor;
char *global_vendor_url;
char *global_icon_name;
char *action_id;
char *vendor;
char *vendor_url;
char *icon_name;
PolKitResult defaults_allow_any;
PolKitResult defaults_allow_inactive;
......@@ -125,6 +138,14 @@ pd_unref_action_data (ParserData *pd)
{
kit_free (pd->action_id);
pd->action_id = NULL;
kit_free (pd->vendor);
pd->vendor = NULL;
kit_free (pd->vendor_url);
pd->vendor_url = NULL;
kit_free (pd->icon_name);
pd->icon_name = NULL;
kit_free (pd->policy_description_nolang);
pd->policy_description_nolang = NULL;
kit_free (pd->policy_message_nolang);
......@@ -153,6 +174,13 @@ pd_unref_data (ParserData *pd)
pd_unref_action_data (pd);
kit_free (pd->lang);
pd->lang = NULL;
kit_free (pd->global_vendor);
pd->global_vendor = NULL;
kit_free (pd->global_vendor_url);
pd->global_vendor_url = NULL;
kit_free (pd->global_icon_name);
pd->global_icon_name = NULL;
}
static void
......@@ -199,6 +227,12 @@ _start (void *data, const char *el, const char **attr)
pd->defaults_allow_any = POLKIT_RESULT_NO;
pd->defaults_allow_inactive = POLKIT_RESULT_NO;
pd->defaults_allow_active = POLKIT_RESULT_NO;
} else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
state = STATE_IN_POLICY_VENDOR;
} else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
state = STATE_IN_POLICY_VENDOR_URL;
} else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
state = STATE_IN_POLICY_ICON_NAME;
}
break;
case STATE_IN_ACTION:
......@@ -218,6 +252,12 @@ _start (void *data, const char *el, const char **attr)
goto oom;
}
state = STATE_IN_ACTION_MESSAGE;
} else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
state = STATE_IN_ACTION_VENDOR;
} else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
state = STATE_IN_ACTION_VENDOR_URL;
} else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
state = STATE_IN_ACTION_ICON_NAME;
} else if (strcmp (el, "annotate") == 0) {
if (num_attr != 2 || strcmp (attr[0], "key") != 0)
goto error;
......@@ -259,6 +299,36 @@ error:
XML_StopParser (pd->parser, FALSE);
}
static polkit_bool_t
_validate_icon_name (const char *icon_name)
{
unsigned int n;
polkit_bool_t ret;
size_t len;
ret = FALSE;
len = strlen (icon_name);
/* check for common suffixes */
if (kit_str_has_suffix (icon_name, ".png"))
goto out;
if (kit_str_has_suffix (icon_name, ".jpg"))
goto out;
/* icon name cannot be a path */
for (n = 0; n < len; n++) {
if (icon_name [n] == '/') {
goto out;
}
}
ret = TRUE;
out:
return ret;
}
static void
_cdata (void *data, const char *s, int len)
{
......@@ -297,6 +367,64 @@ _cdata (void *data, const char *s, int len)
}
break;
case STATE_IN_POLICY_VENDOR:
if (pd->load_descriptions) {
kit_free (pd->global_vendor);
pd->global_vendor = str;
str = NULL;
}
break;
case STATE_IN_POLICY_VENDOR_URL:
if (pd->load_descriptions) {
kit_free (pd->global_vendor_url);
pd->global_vendor_url = str;
str = NULL;
}
break;
case STATE_IN_POLICY_ICON_NAME:
if (! _validate_icon_name (str)) {
kit_warning ("Icon name '%s' is invalid", str);
goto error;
}
if (pd->load_descriptions) {
kit_free (pd->global_icon_name);
pd->global_icon_name = str;
str = NULL;
}
break;
case STATE_IN_ACTION_VENDOR:
if (pd->load_descriptions) {
kit_free (pd->vendor);
pd->vendor = str;
str = NULL;
}
break;
case STATE_IN_ACTION_VENDOR_URL:
if (pd->load_descriptions) {
kit_free (pd->vendor_url);
pd->vendor_url = str;
str = NULL;
}
break;
case STATE_IN_ACTION_ICON_NAME:
if (! _validate_icon_name (str)) {
kit_warning ("Icon name '%s' is invalid", str);
goto error;
}
if (pd->load_descriptions) {
kit_free (pd->icon_name);
pd->icon_name = str;
str = NULL;
}
break;
case STATE_IN_DEFAULTS_ALLOW_ANY:
if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
goto error;
......@@ -396,9 +524,27 @@ _end (void *data, const char *el)
const char *policy_description;
const char *policy_message;
PolKitPolicyFileEntry *pfe;
char *vendor;
char *vendor_url;
char *icon_name;
vendor = pd->vendor;
if (vendor == NULL)
vendor = pd->global_vendor;
vendor_url = pd->vendor_url;
if (vendor_url == NULL)
vendor_url = pd->global_vendor_url;
icon_name = pd->icon_name;
if (icon_name == NULL)
icon_name = pd->global_icon_name;
/* NOTE: caller takes ownership of the annotations object */
pfe = _polkit_policy_file_entry_new (pd->action_id,
vendor,
vendor_url,
icon_name,
pd->defaults_allow_any,
pd->defaults_allow_inactive,
pd->defaults_allow_active,
......
src/polkit/polkit-private.h
View file @ 4d0994f4
......@@ -85,6 +85,9 @@ PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any
PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
const char *vendor,
const char *vendor_url,
const char *icon_name,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment