diff --git a/clients/cli/general.c b/clients/cli/general.c
index d0cfc844a..2c22bdc94 100644
--- a/clients/cli/general.c
+++ b/clients/cli/general.c
@@ -124,6 +124,8 @@ permission_to_string (NMClientPermission perm)
return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
case NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK:
return NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
+ case NM_CLIENT_PERMISSION_WIFI_SCAN:
+ return NM_AUTH_PERMISSION_WIFI_SCAN;
default:
return _("unknown");
}
diff --git a/data/org.freedesktop.NetworkManager.policy.in.in b/data/org.freedesktop.NetworkManager.policy.in.in
index d1460c2cc..8b6ea5155 100644
--- a/data/org.freedesktop.NetworkManager.policy.in.in
+++ b/data/org.freedesktop.NetworkManager.policy.in.in
@@ -74,6 +74,16 @@
+
+ <_description>Allow control of Wi-Fi scans
+ <_message>System policy prevents Wi-Fi scans
+
+ auth_admin
+ yes
+ yes
+
+
+
<_description>Connection sharing via a protected Wi-Fi network
<_message>System policy prevents sharing connections via a protected Wi-Fi network
diff --git a/libnm/nm-client.h b/libnm/nm-client.h
index 97363ef75..edb3ed784 100644
--- a/libnm/nm-client.h
+++ b/libnm/nm-client.h
@@ -107,6 +107,7 @@ G_BEGIN_DECLS
* statistics can be globally enabled or disabled
* @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
* connectivity check can be enabled or disabled
+ * @NM_CLIENT_PERMISSION_WIFI_SCAN: controls whether wifi scans can be performed
* @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
*
* #NMClientPermission values indicate various permissions that NetworkManager
@@ -130,8 +131,9 @@ typedef enum {
NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
+ NM_CLIENT_PERMISSION_WIFI_SCAN = 17,
- NM_CLIENT_PERMISSION_LAST = 16,
+ NM_CLIENT_PERMISSION_LAST = 17,
} NMClientPermission;
/**
diff --git a/libnm/nm-manager.c b/libnm/nm-manager.c
index 0b47c6abe..7b57c46ec 100644
--- a/libnm/nm-manager.c
+++ b/libnm/nm-manager.c
@@ -310,6 +310,8 @@ nm_permission_to_client (const char *nm)
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK))
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SCAN))
+ return NM_CLIENT_PERMISSION_WIFI_SCAN;
return NM_CLIENT_PERMISSION_NONE;
}
diff --git a/shared/nm-common-macros.h b/shared/nm-common-macros.h
index 2edb97285..f5aa3a1ea 100644
--- a/shared/nm-common-macros.h
+++ b/shared/nm-common-macros.h
@@ -40,6 +40,7 @@
#define NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK "org.freedesktop.NetworkManager.checkpoint-rollback"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS "org.freedesktop.NetworkManager.enable-disable-statistics"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK "org.freedesktop.NetworkManager.enable-disable-connectivity-check"
+#define NM_AUTH_PERMISSION_WIFI_SCAN "org.freedesktop.NetworkManager.wifi.scan"
#define NM_CLONED_MAC_PRESERVE "preserve"
#define NM_CLONED_MAC_PERMANENT "permanent"
diff --git a/src/devices/wifi/nm-device-iwd.c b/src/devices/wifi/nm-device-iwd.c
index 0420f8bcc..dcc161d28 100644
--- a/src/devices/wifi/nm-device-iwd.c
+++ b/src/devices/wifi/nm-device-iwd.c
@@ -1130,7 +1130,7 @@ _nm_device_iwd_request_scan (NMDeviceIwd *self,
NM_DEVICE_AUTH_REQUEST,
invocation,
NULL,
- NM_AUTH_PERMISSION_NETWORK_CONTROL,
+ NM_AUTH_PERMISSION_WIFI_SCAN,
TRUE,
dbus_request_scan_cb,
options ? g_variant_ref (options) : NULL);
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index 63eafe71b..25f7b9f50 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -1202,7 +1202,7 @@ _nm_device_wifi_request_scan (NMDeviceWifi *self,
NM_DEVICE_AUTH_REQUEST,
invocation,
NULL,
- NM_AUTH_PERMISSION_NETWORK_CONTROL,
+ NM_AUTH_PERMISSION_WIFI_SCAN,
TRUE,
dbus_request_scan_cb,
options ? g_variant_ref (options) : NULL);