Clarification on the imply annotation

chinmoy ranjan chinmoyrp65.gsoc at gmail.com
Sun May 14 13:36:00 UTC 2017


Hello devs,

I am a Google Summer of Code student working with KDE on the project
"Polkit support in KIO[1]". The goal of this project is to enable KIO (this
library provides file management functions in KDE softwares) to perform
file handling operations with escalated privilege. This way the user can
perform file handling operations in root owned location without having to
start the whole application as root.
My approach[2] involves using the KAuth library(authentication framework
for KDE) to create separate polkit actions for each file handling
operation, like delete, copy, symlink, rename etc. One of the behavioural
changes that is expected is when a user authenticates himself for a polkit
action, say delete, he should be able to perform other actions , like  copy
or symlink, during the time period when privileges are escalated for a
while without having to provide his credentials.
So in pursuit of this I found the imply annotation in the reference manual
of polkit. I used it in my PoC patch[3] (I directly modified the policy
file) and it did produced the desired behaviour. When I authenticated
myself for the delete operation, other actions like symlink were unlocked
as well for a while. In other words it solved my little problem.

Now this is my first time working with polkit. So my doubts are,
1> Is this the actual work of imply annotation, i.e, to unlock(if I am
putting it correctly) other actions after authenticating for one action?
Although it is mentioned in the reference manual that it unlocks multiple
actions from distinct mechanisms but a little clarification would help.
2> If its not the purpose of the imply annotation then what is it for? And
what can I use in my project?
3> If imply annotation is indeed suitable for my project then I will have
to add the support for annotations in KAuth library. In that case is there
any guideline or specification that I must comply with?

I would be very grateful if anyone could provide any sort of help.

Regards,
Chinmoy

[1]:
https://community.kde.org/GSoC/2017/Ideas#Project:_Polkit_support_in_KIO
[2] GSOC proposal:
https://docs.google.com/document/d/1LhuHwwo_hCziM2-3UsffpODwnjypYQjMnB7YHEQd4dQ/edit?usp=sharing
[3]: https://git.reviewboard.kde.org/r/129983/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/polkit-devel/attachments/20170514/de164f89/attachment.html>


More information about the polkit-devel mailing list