Update polkit rules

debian/changelog

@@ -1,3 +1,9 @@
+tileos-system-adjustments (1.6.0~tileos) unstable; urgency=medium
+
+  * Update polkit rules 
+
+ -- Aleksey Samoilov <samoilov.lex@gmail.com>  Tue, 09 Apr 2024 15:48:39 +0400
+
 tileos-system-adjustments (1.5.1~tileos) unstable; urgency=medium
 
   * Fix comments

debian/tileos-system-adjustments.install

@@ -1,2 +1,3 @@
 /etc
 /var
+/usr

usr/share/polkit-1/rules.d/com.tileos.desktop.rules

@@ -0,0 +1,76 @@
+// Mounting, checking, etc. of internal drives
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
+         action.id == "org.freedesktop.udisks2.encrypted-unlock-system" ||
+         action.id == "org.freedesktop.udisks2.filesystem-fstab") &&
+        subject.active == true && subject.local == true &&
+        subject.isInGroup("sudo")) {
+            return polkit.Result.YES;
+    }
+});
+
+// Change CPU Frequency scaling
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.gnome.cpufreqselector" ||
+         action.id == "org.mate.cpufreqselector" ) &&
+        subject.active == true && subject.local == true &&
+        subject.isInGroup("sudo")) {
+            return polkit.Result.YES;
+    }
+});
+
+// Setting the clock
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.gnome.controlcenter.datetime.configure" ||
+         action.id == "org.kde.kcontrol.kcmclock.save" ||
+         action.id == "org.freedesktop.timedate1.set-time" ||
+         action.id == "org.freedesktop.timedate1.set-timezone" ||
+         action.id == "org.freedesktop.timedate1.set-local-rtc" ||
+         action.id == "org.freedesktop.timedate1.set-ntp" ||
+         action.id == "com.canonical.controlcenter.datetime.configure" ||
+         action.id == "org.mate.settingsdaemon.datetimemechanism.settime") &&
+        subject.active == true && subject.local == true &&
+        subject.isInGroup("sudo")) {
+            return polkit.Result.YES;
+    }
+});
+
+// Update already installed software
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.debian.apt.upgrade-packages" &&
+        subject.active == true && subject.local == true &&
+        subject.isInGroup("sudo")) {
+            return polkit.Result.YES;
+    }
+});
+
+// Printer administration
+polkit.addRule(function(action, subject) {
+    if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism.") == 0 &&
+        subject.active == true && subject.local == true &&
+        (subject.isInGroup("sudo") || subject.isInGroup("lpadmin"))) {
+            return polkit.Result.YES;
+    }
+});
+
+// Disable hibernate by default in Ubuntu
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.upower.hibernate" ||
+         action.id == "org.freedesktop.login1.hibernate" ||
+         action.id == "org.freedesktop.login1.handle-hibernate-key" ||
+         action.id == "org.freedesktop.login1.hibernate-multiple-sessions") {
+            return polkit.Result.NO;
+    }
+});
+
+// Allow admins to set the hostname,locale,keyboard,date/time without prompting
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.freedesktop.locale1.set-locale" ||
+         action.id == "org.freedesktop.locale1.set-keyboard" ||
+         action.id == "org.freedesktop.hostname1.set-static-hostname" ||
+         action.id == "org.freedesktop.hostname1.set-hostname") &&
+        subject.active == true && subject.local == true &&
+        subject.isInGroup("sudo")) {
+            return polkit.Result.YES;
+    }
+});

var/lib/polkit-1/localauthority/10-vendor.d/com.tileos.desktop.pkla

@@ -1,6 +1,39 @@
 [Mounting, checking, etc. of internal drives]
 Identity=unix-group:admin;unix-group:sudo
-Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
+Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
-ResultAny=auth_admin
+ResultActive=yes
-ResultInactive=auth_admin
+
+[Change CPU Frequency scaling]
+Identity=unix-group:admin;unix-group:sudo
+Action=org.gnome.cpufreqselector;org.mate.cpufreqselector
+ResultActive=yes
+
+[Setting the clock]
+Identity=unix-group:admin;unix-group:sudo
+Action=org.gnome.clockapplet.mechanism.*;org.gnome.controlcenter.datetime.configure;org.kde.kcontrol.kcmclock.save;org.freedesktop.timedate1.set-time;org.freedesktop.timedate1.set-timezone;org.freedesktop.timedate1.set-local-rtc;org.freedesktop.timedate1.set-ntp;com.canonical.controlcenter.datetime.configure;org.mate.settingsdaemon.datetimemechanism.settime
+ResultActive=yes
+
+[Update already installed software]
+Identity=unix-group:admin;unix-group:sudo
+Action=org.debian.apt.upgrade-packages
+ResultActive=yes
+
+[Printer administration]
+Identity=unix-group:lpadmin;unix-group:admin;unix-group:sudo
+Action=org.opensuse.cupspkhelper.mechanism.*
+ResultActive=yes
+
+[Disable hibernate by default in upower]
+Identity=unix-user:*
+Action=org.freedesktop.upower.hibernate
+ResultActive=no
+
+[Disable hibernate by default in logind]
+Identity=unix-user:*
+Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions;org.freedesktop.login1.hibernate-ignore-inhibit
+ResultActive=no
+
+[Allow admins to set the hostname,locale,keyboard,date/time without prompting]
+Identity=unix-group:admin;unix-group:sudo
+Action=org.freedesktop.locale1.set-locale;org.freedesktop.locale1.set-keyboard;org.freedesktop.hostname1.set-static-hostname;org.freedesktop.hostname1.set-hostname
 ResultActive=yes