diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-05-09 11:07:53 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-05-09 11:11:55 +0200 |
commit | 8abbc0186efe977cec2a3214e7aa3703e9f1169f (patch) | |
tree | f02d20ec637609e32d473e45b1ad8b6a8a6de281 /system-helper/org.freedesktop.Flatpak.policy.in | |
parent | ba37b22d78f3b1011ceab182c8a4a05d5ba630a7 (diff) | |
download | xdg-app-8abbc0186efe977cec2a3214e7aa3703e9f1169f.tar.gz |
Rename everything but the on-disk location to flatpak
Diffstat (limited to 'system-helper/org.freedesktop.Flatpak.policy.in')
-rw-r--r-- | system-helper/org.freedesktop.Flatpak.policy.in | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/system-helper/org.freedesktop.Flatpak.policy.in b/system-helper/org.freedesktop.Flatpak.policy.in new file mode 100644 index 0000000..a420339 --- /dev/null +++ b/system-helper/org.freedesktop.Flatpak.policy.in @@ -0,0 +1,86 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> +<policyconfig> + + <!-- + Policy definitions for Flatpak system actions. + Copyright (c) 2016 Alexander Larsson <alexl@redhat.com> + --> + + <vendor>The Flatpak Project</vendor> + <vendor_url>https://cgit.freedesktop.org/xdg-app/xdg-app/</vendor_url> + <icon_name>package-x-generic</icon_name> + + <action id="org.freedesktop.Flatpak.app-install"> + <!-- SECURITY: + - Normal users do not need authentication to install signed applications + from signed repositories, as this cannot exploit a system. + - Paranoid users (or parents!) can change this to 'auth_admin' or + 'auth_admin_keep'. + --> + <_description>Install signed application</_description> + <_message>Authentication is required to install software</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.Flatpak.runtime-install"> + <!-- SECURITY: + - Normal users do not need authentication to install signed applications + from signed repositories, as this cannot exploit a system. + - Paranoid users (or parents!) can change this to 'auth_admin' or + 'auth_admin_keep'. + --> + <_description>Install signed runtime</_description> + <_message>Authentication is required to install software</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.Flatpak.app-update"> + <!-- SECURITY: + - Normal users do not require admin authentication to update an + app as the commit will be signed, and the action is required + to update the system when unattended. + - Changing this to anything other than 'yes' will break unattended + updates. + --> + <_description>Update signed application</_description> + <_message>Authentication is required to update software</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.Flatpak.runtime-update"> + <!-- SECURITY: + - Normal users do not require admin authentication to update a + runtime as the commit will be signed, and the action is required + to update the system when unattended. + - Changing this to anything other than 'yes' will break unattended + updates. + --> + <_description>Update signed runtime</_description> + <_message>Authentication is required to update software</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + </action> + +</policyconfig> |