PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sat Nov 17 18:17:41 PST 2007
doc/spec/polkit-spec-configuration.xml | 52 +++++++++-
policy/org.freedesktop.policykit.policy.in | 2
src/polkit/polkit-policy-file-entry.c | 93 ++++++++++++++++++
src/polkit/polkit-policy-file-entry.h | 4
src/polkit/polkit-policy-file.c | 146 +++++++++++++++++++++++++++++
src/polkit/polkit-private.h | 3
6 files changed, 296 insertions(+), 4 deletions(-)
New commits:
commit 4d0994f45ee4cb1b31475932a17ea8ac5288a289
Author: David Zeuthen <davidz at redhat.com>
Date: Sat Nov 17 21:17:50 2007 -0500
add support for vendor, vendor_url and icon_name tags in .policy files
diff --git a/doc/spec/polkit-spec-configuration.xml b/doc/spec/polkit-spec-configuration.xml
index 717cf9c..4cddbf4 100644
--- a/doc/spec/polkit-spec-configuration.xml
+++ b/doc/spec/polkit-spec-configuration.xml
@@ -19,6 +19,9 @@
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
+ <vendor>The PolicyKit Project</vendor>
+ <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
+ <icon_name>polkit-icon</icon_name>
<action id="org.gnome.policykit.examples.frobnicate">
<description>Frobnicate</description>
@@ -27,6 +30,10 @@
<message>System policy prevents the PolicyKit-gnome example helper from Frobnicating</message>
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Frobnikere!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Frobnicating, Aye!</message>
+
+ <icon_name>polkit-icon-frobnicate</icon_name>
+ <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/about-frobnicating</vendor_url>
+
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
@@ -41,6 +48,9 @@
<message>System policy prevents the PolicyKit-gnome example helper from Tweaking</message>
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Tvække!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Tweaking, Aye!</message>
+
+ <!-- just inherit icon_name and vendor_url -->
+
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
@@ -91,13 +101,37 @@
<listitem>
<para>
<emphasis>Textual descriptions:</emphasis> Simply included
- for convenience and organizational
- purposes. Standard <literal>xml:lang</literal> mechnanisms
- are used to convey localized strings (note that intltool
- 0.36 or greater includes native support for
+ for convenience and organizational purposes. Useful for
+ graphical editors for
+ authorizations. Standard <literal>xml:lang</literal>
+ mechnanisms are used to convey localized strings (note
+ that intltool 0.36 or greater includes native support for
handling <literal>.policy</literal> files).
</para>
</listitem>
+ <listitem>
+ <para>
+ <emphasis>Vendor:</emphasis> The <literal>vendor</literal>
+ and <literal>vendor_url</literal> describes who is
+ supplying the action. Both can be set at the top-level of
+ the <literal>.policy</literal> file and each Action can
+ further override it. These tags are optional.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis>Icon:</emphasis>
+ The <literal>icon_name</literal> tag can be used to
+ specify an icon name for the action or group of
+ actions. The name must adhere to the freedesktop.org Icon
+ Naming spec (for theming purposes) and cannot include
+ directory separators and must not include filename
+ extensions like <literal>.png</literal>. Like with vendor
+ tags, this tag can be set at the top level and also be
+ specialized for each individual action. This tag is
+ optional.
+ </para>
+ </listitem>
</itemizedlist>
The following values for the defaults are
<itemizedlist>
@@ -108,6 +142,11 @@
</listitem>
<listitem>
<para>
+ <emphasis>auth_self_one_shot</emphasis>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
<emphasis>auth_self</emphasis>
</para>
</listitem>
@@ -123,6 +162,11 @@
</listitem>
<listitem>
<para>
+ <emphasis>auth_admin_one_shot</emphasis>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
<emphasis>auth_admin</emphasis>
</para>
</listitem>
diff --git a/policy/org.freedesktop.policykit.policy.in b/policy/org.freedesktop.policykit.policy.in
index 14e7af6..c2e8652 100644
--- a/policy/org.freedesktop.policykit.policy.in
+++ b/policy/org.freedesktop.policykit.policy.in
@@ -15,6 +15,8 @@ file are instantly applied.
-->
<policyconfig>
+ <vendor>The PolicyKit Project</vendor>
+ <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<action id="org.freedesktop.policykit.read">
<_description>Read authorizations of other users</_description>
diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c
index 331092a..5ef3702 100644
--- a/src/polkit/polkit-policy-file-entry.c
+++ b/src/polkit/polkit-policy-file-entry.c
@@ -69,6 +69,9 @@ struct _PolKitPolicyFileEntry
char *policy_description;
char *policy_message;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
KitHash *annotations;
};
@@ -76,6 +79,9 @@ struct _PolKitPolicyFileEntry
/* NOTE: we take ownership of the annotations object */
PolKitPolicyFileEntry *
_polkit_policy_file_entry_new (const char *action_id,
+ const char *vendor,
+ const char *vendor_url,
+ const char *icon_name,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
@@ -99,6 +105,16 @@ _polkit_policy_file_entry_new (const char *action_id,
if (pfe->action == NULL)
goto error;
+ pfe->vendor = NULL;
+ pfe->vendor_url = NULL;
+ pfe->icon_name = NULL;
+ if (vendor != NULL && (pfe->vendor = kit_strdup (vendor)) == NULL)
+ goto error;
+ if (vendor_url != NULL && (pfe->vendor_url = kit_strdup (vendor_url)) == NULL)
+ goto error;
+ if (icon_name != NULL && (pfe->icon_name = kit_strdup (icon_name)) == NULL)
+ goto error;
+
if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
/* if we don't support obtaining authorizations
* through authenticating, then make the defaults
@@ -243,6 +259,74 @@ polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_
}
/**
+ * polkit_policy_file_entry_get_action_vendor:
+ * @policy_file_entry: the object
+ *
+ * Get the name of the vendor of this action.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or vendor
+ * tag isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry)
+{
+ kit_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->vendor;
+}
+
+/**
+ * polkit_policy_file_entry_get_action_vendor_url:
+ * @policy_file_entry: the object
+ *
+ * Get the URL of the vendor of this action.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or vendor
+ * url isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry)
+{
+ kit_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->vendor_url;
+}
+
+/**
+ * polkit_policy_file_entry_get_action_icon_name:
+ * @policy_file_entry: the object
+ *
+ * Get the name of the icon that represents the action. This name
+ * conforms to the freedesktop.org icon naming specification.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or icon
+ * tag isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry)
+{
+ kit_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->icon_name;
+}
+
+
+/**
* polkit_policy_file_entry_ref:
* @policy_file_entry: the policy file object
*
@@ -287,6 +371,9 @@ polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
kit_free (policy_file_entry->policy_description);
kit_free (policy_file_entry->policy_message);
+ kit_free (policy_file_entry->vendor);
+ kit_free (policy_file_entry->vendor_url);
+ kit_free (policy_file_entry->icon_name);
kit_free (policy_file_entry);
}
@@ -584,6 +671,9 @@ _run_test (void)
goto oom;
if ((pfe = _polkit_policy_file_entry_new ("org.example-action",
+ NULL,
+ NULL,
+ NULL,
POLKIT_RESULT_NO,
POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
@@ -630,6 +720,9 @@ _run_test (void)
polkit_policy_file_entry_unref (pfe);
if ((pfe = _polkit_policy_file_entry_new ("org.example-action-2",
+ NULL,
+ NULL,
+ NULL,
POLKIT_RESULT_NO,
POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
diff --git a/src/polkit/polkit-policy-file-entry.h b/src/polkit/polkit-policy-file-entry.h
index 79375b0..ddf276f 100644
--- a/src/polkit/polkit-policy-file-entry.h
+++ b/src/polkit/polkit-policy-file-entry.h
@@ -66,6 +66,10 @@ PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEn
const char *polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry);
+const char *polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry);
+const char *polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry);
+const char *polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry);
+
polkit_bool_t polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
PolKitPolicyFileEntryAnnotationsForeachFunc cb,
void *user_data);
diff --git a/src/polkit/polkit-policy-file.c b/src/polkit/polkit-policy-file.c
index a164367..93ead7f 100644
--- a/src/polkit/polkit-policy-file.c
+++ b/src/polkit/polkit-policy-file.c
@@ -72,9 +72,15 @@ enum {
STATE_NONE,
STATE_UNKNOWN_TAG,
STATE_IN_POLICY_CONFIG,
+ STATE_IN_POLICY_VENDOR,
+ STATE_IN_POLICY_VENDOR_URL,
+ STATE_IN_POLICY_ICON_NAME,
STATE_IN_ACTION,
STATE_IN_ACTION_DESCRIPTION,
STATE_IN_ACTION_MESSAGE,
+ STATE_IN_ACTION_VENDOR,
+ STATE_IN_ACTION_VENDOR_URL,
+ STATE_IN_ACTION_ICON_NAME,
STATE_IN_DEFAULTS,
STATE_IN_DEFAULTS_ALLOW_ANY,
STATE_IN_DEFAULTS_ALLOW_INACTIVE,
@@ -92,7 +98,14 @@ typedef struct {
const char *path;
+ char *global_vendor;
+ char *global_vendor_url;
+ char *global_icon_name;
+
char *action_id;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
PolKitResult defaults_allow_any;
PolKitResult defaults_allow_inactive;
@@ -125,6 +138,14 @@ pd_unref_action_data (ParserData *pd)
{
kit_free (pd->action_id);
pd->action_id = NULL;
+
+ kit_free (pd->vendor);
+ pd->vendor = NULL;
+ kit_free (pd->vendor_url);
+ pd->vendor_url = NULL;
+ kit_free (pd->icon_name);
+ pd->icon_name = NULL;
+
kit_free (pd->policy_description_nolang);
pd->policy_description_nolang = NULL;
kit_free (pd->policy_message_nolang);
@@ -153,6 +174,13 @@ pd_unref_data (ParserData *pd)
pd_unref_action_data (pd);
kit_free (pd->lang);
pd->lang = NULL;
+
+ kit_free (pd->global_vendor);
+ pd->global_vendor = NULL;
+ kit_free (pd->global_vendor_url);
+ pd->global_vendor_url = NULL;
+ kit_free (pd->global_icon_name);
+ pd->global_icon_name = NULL;
}
static void
@@ -199,6 +227,12 @@ _start (void *data, const char *el, const char **attr)
pd->defaults_allow_any = POLKIT_RESULT_NO;
pd->defaults_allow_inactive = POLKIT_RESULT_NO;
pd->defaults_allow_active = POLKIT_RESULT_NO;
+ } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_VENDOR;
+ } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_VENDOR_URL;
+ } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_ICON_NAME;
}
break;
case STATE_IN_ACTION:
@@ -218,6 +252,12 @@ _start (void *data, const char *el, const char **attr)
goto oom;
}
state = STATE_IN_ACTION_MESSAGE;
+ } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_VENDOR;
+ } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_VENDOR_URL;
+ } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_ICON_NAME;
} else if (strcmp (el, "annotate") == 0) {
if (num_attr != 2 || strcmp (attr[0], "key") != 0)
goto error;
@@ -259,6 +299,36 @@ error:
XML_StopParser (pd->parser, FALSE);
}
+static polkit_bool_t
+_validate_icon_name (const char *icon_name)
+{
+ unsigned int n;
+ polkit_bool_t ret;
+ size_t len;
+
+ ret = FALSE;
+
+ len = strlen (icon_name);
+
+ /* check for common suffixes */
+ if (kit_str_has_suffix (icon_name, ".png"))
+ goto out;
+ if (kit_str_has_suffix (icon_name, ".jpg"))
+ goto out;
+
+ /* icon name cannot be a path */
+ for (n = 0; n < len; n++) {
+ if (icon_name [n] == '/') {
+ goto out;
+ }
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
static void
_cdata (void *data, const char *s, int len)
{
@@ -297,6 +367,64 @@ _cdata (void *data, const char *s, int len)
}
break;
+ case STATE_IN_POLICY_VENDOR:
+ if (pd->load_descriptions) {
+ kit_free (pd->global_vendor);
+ pd->global_vendor = str;
+ str = NULL;
+ }
+ break;
+
+ case STATE_IN_POLICY_VENDOR_URL:
+ if (pd->load_descriptions) {
+ kit_free (pd->global_vendor_url);
+ pd->global_vendor_url = str;
+ str = NULL;
+ }
+ break;
+
+ case STATE_IN_POLICY_ICON_NAME:
+ if (! _validate_icon_name (str)) {
+ kit_warning ("Icon name '%s' is invalid", str);
+ goto error;
+ }
+
+ if (pd->load_descriptions) {
+ kit_free (pd->global_icon_name);
+ pd->global_icon_name = str;
+ str = NULL;
+ }
+ break;
+
+ case STATE_IN_ACTION_VENDOR:
+ if (pd->load_descriptions) {
+ kit_free (pd->vendor);
+ pd->vendor = str;
+ str = NULL;
+ }
+ break;
+
+ case STATE_IN_ACTION_VENDOR_URL:
+ if (pd->load_descriptions) {
+ kit_free (pd->vendor_url);
+ pd->vendor_url = str;
+ str = NULL;
+ }
+ break;
+
+ case STATE_IN_ACTION_ICON_NAME:
+ if (! _validate_icon_name (str)) {
+ kit_warning ("Icon name '%s' is invalid", str);
+ goto error;
+ }
+
+ if (pd->load_descriptions) {
+ kit_free (pd->icon_name);
+ pd->icon_name = str;
+ str = NULL;
+ }
+ break;
+
case STATE_IN_DEFAULTS_ALLOW_ANY:
if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
goto error;
@@ -396,9 +524,27 @@ _end (void *data, const char *el)
const char *policy_description;
const char *policy_message;
PolKitPolicyFileEntry *pfe;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
+
+ vendor = pd->vendor;
+ if (vendor == NULL)
+ vendor = pd->global_vendor;
+
+ vendor_url = pd->vendor_url;
+ if (vendor_url == NULL)
+ vendor_url = pd->global_vendor_url;
+
+ icon_name = pd->icon_name;
+ if (icon_name == NULL)
+ icon_name = pd->global_icon_name;
/* NOTE: caller takes ownership of the annotations object */
pfe = _polkit_policy_file_entry_new (pd->action_id,
+ vendor,
+ vendor_url,
+ icon_name,
pd->defaults_allow_any,
pd->defaults_allow_inactive,
pd->defaults_allow_active,
diff --git a/src/polkit/polkit-private.h b/src/polkit/polkit-private.h
index 35b1f82..3d518c1 100644
--- a/src/polkit/polkit-private.h
+++ b/src/polkit/polkit-private.h
@@ -85,6 +85,9 @@ PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any
PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
+ const char *vendor,
+ const char *vendor_url,
+ const char *icon_name,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
More information about the hal-commit
mailing list