diff --git a/debian/changelog b/debian/changelog index c46af96..f24eece 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +tileos-system-adjustments (1.6.0~tileos) unstable; urgency=medium + + * Update polkit rules + + -- Aleksey Samoilov Tue, 09 Apr 2024 15:48:39 +0400 + tileos-system-adjustments (1.5.1~tileos) unstable; urgency=medium * Fix comments diff --git a/debian/tileos-system-adjustments.install b/debian/tileos-system-adjustments.install index dfef24e..5e4c40a 100644 --- a/debian/tileos-system-adjustments.install +++ b/debian/tileos-system-adjustments.install @@ -1,2 +1,3 @@ /etc /var +/usr diff --git a/usr/share/polkit-1/rules.d/com.tileos.desktop.rules b/usr/share/polkit-1/rules.d/com.tileos.desktop.rules new file mode 100644 index 0000000..97ab5b3 --- /dev/null +++ b/usr/share/polkit-1/rules.d/com.tileos.desktop.rules @@ -0,0 +1,76 @@ +// Mounting, checking, etc. of internal drives +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" || + action.id == "org.freedesktop.udisks2.encrypted-unlock-system" || + action.id == "org.freedesktop.udisks2.filesystem-fstab") && + subject.active == true && subject.local == true && + subject.isInGroup("sudo")) { + return polkit.Result.YES; + } +}); + +// Change CPU Frequency scaling +polkit.addRule(function(action, subject) { + if ((action.id == "org.gnome.cpufreqselector" || + action.id == "org.mate.cpufreqselector" ) && + subject.active == true && subject.local == true && + subject.isInGroup("sudo")) { + return polkit.Result.YES; + } +}); + +// Setting the clock +polkit.addRule(function(action, subject) { + if ((action.id == "org.gnome.controlcenter.datetime.configure" || + action.id == "org.kde.kcontrol.kcmclock.save" || + action.id == "org.freedesktop.timedate1.set-time" || + action.id == "org.freedesktop.timedate1.set-timezone" || + action.id == "org.freedesktop.timedate1.set-local-rtc" || + action.id == "org.freedesktop.timedate1.set-ntp" || + action.id == "com.canonical.controlcenter.datetime.configure" || + action.id == "org.mate.settingsdaemon.datetimemechanism.settime") && + subject.active == true && subject.local == true && + subject.isInGroup("sudo")) { + return polkit.Result.YES; + } +}); + +// Update already installed software +polkit.addRule(function(action, subject) { + if (action.id == "org.debian.apt.upgrade-packages" && + subject.active == true && subject.local == true && + subject.isInGroup("sudo")) { + return polkit.Result.YES; + } +}); + +// Printer administration +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism.") == 0 && + subject.active == true && subject.local == true && + (subject.isInGroup("sudo") || subject.isInGroup("lpadmin"))) { + return polkit.Result.YES; + } +}); + +// Disable hibernate by default in Ubuntu +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.upower.hibernate" || + action.id == "org.freedesktop.login1.hibernate" || + action.id == "org.freedesktop.login1.handle-hibernate-key" || + action.id == "org.freedesktop.login1.hibernate-multiple-sessions") { + return polkit.Result.NO; + } +}); + +// Allow admins to set the hostname,locale,keyboard,date/time without prompting +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.locale1.set-locale" || + action.id == "org.freedesktop.locale1.set-keyboard" || + action.id == "org.freedesktop.hostname1.set-static-hostname" || + action.id == "org.freedesktop.hostname1.set-hostname") && + subject.active == true && subject.local == true && + subject.isInGroup("sudo")) { + return polkit.Result.YES; + } +}); diff --git a/var/lib/polkit-1/localauthority/10-vendor.d/com.tileos.desktop.pkla b/var/lib/polkit-1/localauthority/10-vendor.d/com.tileos.desktop.pkla index a09de87..5198cf5 100644 --- a/var/lib/polkit-1/localauthority/10-vendor.d/com.tileos.desktop.pkla +++ b/var/lib/polkit-1/localauthority/10-vendor.d/com.tileos.desktop.pkla @@ -1,6 +1,39 @@ [Mounting, checking, etc. of internal drives] Identity=unix-group:admin;unix-group:sudo -Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab; -ResultAny=auth_admin -ResultInactive=auth_admin +Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab; +ResultActive=yes + +[Change CPU Frequency scaling] +Identity=unix-group:admin;unix-group:sudo +Action=org.gnome.cpufreqselector;org.mate.cpufreqselector +ResultActive=yes + +[Setting the clock] +Identity=unix-group:admin;unix-group:sudo +Action=org.gnome.clockapplet.mechanism.*;org.gnome.controlcenter.datetime.configure;org.kde.kcontrol.kcmclock.save;org.freedesktop.timedate1.set-time;org.freedesktop.timedate1.set-timezone;org.freedesktop.timedate1.set-local-rtc;org.freedesktop.timedate1.set-ntp;com.canonical.controlcenter.datetime.configure;org.mate.settingsdaemon.datetimemechanism.settime +ResultActive=yes + +[Update already installed software] +Identity=unix-group:admin;unix-group:sudo +Action=org.debian.apt.upgrade-packages +ResultActive=yes + +[Printer administration] +Identity=unix-group:lpadmin;unix-group:admin;unix-group:sudo +Action=org.opensuse.cupspkhelper.mechanism.* +ResultActive=yes + +[Disable hibernate by default in upower] +Identity=unix-user:* +Action=org.freedesktop.upower.hibernate +ResultActive=no + +[Disable hibernate by default in logind] +Identity=unix-user:* +Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions;org.freedesktop.login1.hibernate-ignore-inhibit +ResultActive=no + +[Allow admins to set the hostname,locale,keyboard,date/time without prompting] +Identity=unix-group:admin;unix-group:sudo +Action=org.freedesktop.locale1.set-locale;org.freedesktop.locale1.set-keyboard;org.freedesktop.hostname1.set-static-hostname;org.freedesktop.hostname1.set-hostname ResultActive=yes