[gdm/wip/initial-setup-redux: 2/4] Add policy for the setup session

[Matthias Clasen <matthiasc src gnome org>]

commit 44f78332af01a00995e8aa5cdde27ad788ba8428
Author: Matthias Clasen <mclasen redhat com>
Date:   Thu May 19 20:23:36 2011 -0400

    Add policy for the setup session

 data/20-gnome-initial-setup.pkla    |   13 +++++++++++++
 data/Makefile.am                    |    8 ++++++++
 data/org.gnome.initial-setup.policy |   20 ++++++++++++++++++++
 3 files changed, 41 insertions(+), 0 deletions(-)
---
diff --git a/data/20-gnome-initial-setup.pkla b/data/20-gnome-initial-setup.pkla
new file mode 100644
index 0000000..c305ca1
--- /dev/null
+++ b/data/20-gnome-initial-setup.pkla
@@ -0,0 +1,13 @@
+# Authorizations/policy for the wheel group.
+#
+# DO NOT EDIT THIS FILE, it will be overwritten on update.
+#
+# Allow the gdm-initial-setup user to do certain actions without being
+# interrupted by password dialogs
+#
+[Initial Setup Permissions]
+Identity=unix-user:gnome-initial-setup
+Action=org.freedesktop.accounts.*;org.freedesktop.timedate1.*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.RealtimeKit1.*;org.gnome.initial-setup.pkexec.install;
+ResultAny=auth_admin
+ResultInactive=auth_admin
+ResultActive=yes
diff --git a/data/Makefile.am b/data/Makefile.am
index f0d00bf..fc6242a 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -97,11 +97,19 @@ gdm-smartcard: gdm-smartcard.pam
 pamdir = $(PAM_PREFIX)/pam.d
 pam_DATA = gdm-fingerprint gdm-smartcard
 
+policydir = $(datadir)/gdm
+policy_DATA = 20-gnome-initial-setup.pkla
+
+polkitdir = $(datadir)/polkit-1/actions
+polkit_DATA = org.gnome.initial-setup.policy
+
 EXTRA_DIST =			\
 	$(schemas_in_files)	\
 	$(schemas_DATA)		\
 	$(dbusconf_in_files)	\
 	$(localealias_DATA)	\
+	$(policy_DATA)		\
+	$(polkit_DATA)		\
 	gdm.schemas.in.in	\
 	gdm.conf-custom.in 	\
 	Xsession.in 		\
diff --git a/data/org.gnome.initial-setup.policy b/data/org.gnome.initial-setup.policy
new file mode 100644
index 0000000..31d6981
--- /dev/null
+++ b/data/org.gnome.initial-setup.policy
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
+<policyconfig>
+
+ <vendor>GNOME</vendor>
+ <vendor_url>http://www.gnome.org</vendor_url>
+
+ <action id="org.gnome.initial-setup.pkexec.install">
+    <description>Copy account data</description>
+    <message>Authentication is required to copy account data</message>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/install</annotate>
+ </action>
+</policyconfig>