Rename everything but the on-disk location to flatpak

1 files changed, 86 insertions, 0 deletions

diff --git a/system-helper/org.freedesktop.Flatpak.policy.in b/system-helper/org.freedesktop.Flatpak.policy.in
new file mode 100644
index 0000000..a420339
--- /dev/null
+++ b/system-helper/org.freedesktop.Flatpak.policy.in
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+
+  <!--
+    Policy definitions for Flatpak system actions.
+    Copyright (c) 2016 Alexander Larsson <alexl@redhat.com>
+  -->
+
+  <vendor>The Flatpak Project</vendor>
+  <vendor_url>https://cgit.freedesktop.org/xdg-app/xdg-app/</vendor_url>
+  <icon_name>package-x-generic</icon_name>
+
+  <action id="org.freedesktop.Flatpak.app-install">
+    <!-- SECURITY:
+          - Normal users do not need authentication to install signed applications
+            from signed repositories, as this cannot exploit a system.
+          - Paranoid users (or parents!) can change this to 'auth_admin' or
+            'auth_admin_keep'.
+     -->
+    <_description>Install signed application</_description>
+    <_message>Authentication is required to install software</_message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.Flatpak.runtime-install">
+    <!-- SECURITY:
+          - Normal users do not need authentication to install signed applications
+            from signed repositories, as this cannot exploit a system.
+          - Paranoid users (or parents!) can change this to 'auth_admin' or
+            'auth_admin_keep'.
+     -->
+    <_description>Install signed runtime</_description>
+    <_message>Authentication is required to install software</_message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.Flatpak.app-update">
+    <!-- SECURITY:
+          - Normal users do not require admin authentication to update an
+            app as the commit will be signed, and the action is required
+            to update the system when unattended.
+          - Changing this to anything other than 'yes' will break unattended
+            updates.
+     -->
+    <_description>Update signed application</_description>
+    <_message>Authentication is required to update software</_message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.Flatpak.runtime-update">
+    <!-- SECURITY:
+          - Normal users do not require admin authentication to update a
+            runtime as the commit will be signed, and the action is required
+            to update the system when unattended.
+          - Changing this to anything other than 'yes' will break unattended
+            updates.
+     -->
+    <_description>Update signed runtime</_description>
+    <_message>Authentication is required to update software</_message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+</policyconfig>