policy: split Device into Info and Control

It's useful to let distros and admins set policy differently for device
information (for support, inventory, etc) than for actually controlling
the device like PIN/PUK unlocks.

policy/org.freedesktop.modem-manager.policy.in

@@ -9,9 +9,18 @@
   <vendor_url>http://www.freedesktop.org/wiki/ModemManager</vendor_url>
   <icon_name>modem-manager</icon_name>
 
-  <action id="org.freedesktop.ModemManager.Device">
-    <_description>Unlock and retrieve mobile broadband device information</_description>
-    <_message>System policy prevents unlocking the device or requesting information from it.</_message>
+  <action id="org.freedesktop.ModemManager.Device.Control">
+    <_description>Unlock and control a mobile broadband device</_description>
+    <_message>System policy prevents unlocking or controlling the mobile broadband device.</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_self_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.ModemManager.Device.Info">
+    <_description>Request mobile broadband device identifying information</_description>
+    <_message>System policy prevents requesting identifying information from the mobile broadband device.</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>auth_self_keep</allow_active>

src/mm-auth-provider.h

@@ -22,9 +22,10 @@
 #include "mm-auth-request.h"
 
 /* Authorizations */
-#define MM_AUTHORIZATION_DEVICE   "org.freedesktop.ModemManager.Device"
-#define MM_AUTHORIZATION_CONTACTS "org.freedesktop.ModemManager.Contacts"
-#define MM_AUTHORIZATION_SMS      "org.freedesktop.ModemManager.SMS"
+#define MM_AUTHORIZATION_DEVICE_INFO    "org.freedesktop.ModemManager.Device.Info"
+#define MM_AUTHORIZATION_DEVICE_CONTROL "org.freedesktop.ModemManager.Device.Control"
+#define MM_AUTHORIZATION_CONTACTS       "org.freedesktop.ModemManager.Contacts"
+#define MM_AUTHORIZATION_SMS            "org.freedesktop.ModemManager.SMS"
 /******************/
 
 

src/mm-modem-cdma.c

@@ -212,7 +212,7 @@ impl_modem_cdma_get_esn (MMModemCdma *self, DBusGMethodInvocation *context)
 
     /* Make sure the caller is authorized to get the ESN */
     if (!mm_modem_auth_request (MM_MODEM (self),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_INFO,
                                 context,
                                 esn_auth_cb,
                                 NULL,

src/mm-modem-gsm-card.c

@@ -225,7 +225,7 @@ impl_gsm_modem_get_imei (MMModemGsmCard *modem, DBusGMethodInvocation *context)
 
     /* Make sure the caller is authorized to get the IMEI */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_INFO,
                                 context,
                                 imei_auth_cb,
                                 NULL,
@@ -262,7 +262,7 @@ impl_gsm_modem_get_imsi (MMModemGsmCard *modem, DBusGMethodInvocation *context)
 
     /* Make sure the caller is authorized to get the IMSI */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_INFO,
                                 context,
                                 imsi_auth_cb,
                                 NULL,
@@ -343,7 +343,7 @@ impl_gsm_modem_send_puk (MMModemGsmCard *modem,
 
     /* Make sure the caller is authorized to send the PUK */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_CONTROL,
                                 context,
                                 send_puk_auth_cb,
                                 info,
@@ -386,7 +386,7 @@ impl_gsm_modem_send_pin (MMModemGsmCard *modem,
 
     /* Make sure the caller is authorized to unlock the modem */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_CONTROL,
                                 context,
                                 send_pin_auth_cb,
                                 info,
@@ -430,7 +430,7 @@ impl_gsm_modem_enable_pin (MMModemGsmCard *modem,
 
     /* Make sure the caller is authorized to enable a PIN */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_CONTROL,
                                 context,
                                 enable_pin_auth_cb,
                                 info,
@@ -474,7 +474,7 @@ impl_gsm_modem_change_pin (MMModemGsmCard *modem,
 
     /* Make sure the caller is authorized to change the PIN */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_CONTROL,
                                 context,
                                 change_pin_auth_cb,
                                 info,

src/mm-modem-gsm-network.c

@@ -422,7 +422,7 @@ impl_gsm_modem_scan (MMModemGsmNetwork *modem,
 
     /* Make sure the caller is authorized to request a scan */
     if (!mm_modem_auth_request (MM_MODEM (modem),
-                                MM_AUTHORIZATION_DEVICE,
+                                MM_AUTHORIZATION_DEVICE_CONTROL,
                                 context,
                                 scan_auth_cb,
                                 NULL,