Files
ModemManager/data/org.freedesktop.ModemManager1.policy.in.in
Aleksander Morgado 0c7265de29 build: new strict & permissive polkit policies in '--with-polkit'
The '--with-polkit' configure switch now supports more options than just yes
or no:

 * strict: Active user needs to explicitly authenticate when peforming an
   operation defined in the Device.Control, Messaging, Location or Contacts
   interfaces. Polkit policy is set to 'auth_self_keep'.

 * permissive: Active user doesn't need to explicitly authenticate when
   peforming an operation defined in the Device.Control, Messaging, Location or
   Contacts interfaces. Polkit policy is set to 'yes'.

 * none: don't use polkit.

If '--with-polkit' is not given, usage will be automatically decided based on
the presence of the Polkit headers in the system (if headers found, strict
policy will be applied, otherwise none).

Also:
 * '--with-polkit' is equivalent to '--with-polkit=strict'
 * '--with-polkit=yes' is equivalent to '--with-polkit=strict'
 * '--with-polkit=no' is equivalent to '--with-polkit=none'
 * '--without-polkit' is equivalent to '--with-polkit=none'

By default, ModemManager will always apply the strict policy, in order to
protect the user from unwanted operations in the modem (e.g. getting the PIN
locked forever after wrong PIN/PUK unlock attempts).

https://bugzilla.gnome.org/show_bug.cgi?id=701740
2013-06-13 09:21:52 +02:00

76 lines
2.9 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>ModemManager</vendor>
<vendor_url>http://www.freedesktop.org/wiki/ModemManager</vendor_url>
<icon_name>ModemManager</icon_name>
<action id="org.freedesktop.ModemManager1.Control">
<_description>Control the Modem Manager daemon</_description>
<_message>System policy prevents controlling the Modem Manager.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.Device.Control">
<_description>Unlock and control a mobile broadband device</_description>
<_message>System policy prevents unlocking or controlling the mobile broadband device.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.Contacts">
<_description>Add, modify, and delete mobile broadband contacts</_description>
<_message>System policy prevents adding, modifying, or deleting this device's contacts.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.Messaging">
<_description>Send, save, modify, and delete text messages</_description>
<_message>System policy prevents sending or maniuplating this device's text messages.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.Location">
<_description>Enable and view geographic location and positioning information</_description>
<_message>System policy prevents enabling or viewing geographic location information.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.USSD">
<_description>Query and utilize network information and services</_description>
<_message>System policy prevents querying or utilizing network information and services.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.ModemManager1.Firmware">
<_description>Query and manage firmware on a mobile broadband device</_description>
<_message>System policy prevents querying or managing this device's firmware.</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
</action>
</policyconfig>