[gnome-initial-setup] data: Add a polkit .rules and .policy file

[Jasper St. Pierre <jstpierre src gnome org>]

commit 2c1bf13ab27a17509890a15bc6de13fe54816c0c
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Mon Jun 11 17:26:00 2012 -0400

    data: Add a polkit .rules and .policy file
    
    The .policy was lifted from gdm.
    The .rules was ported from the associated .pkla file from gdm as well.
    Thanks to David Zeuthen <davidz redhat com> for helping with the port.

 data/20-gnome-initial-setup.rules   |   26 ++++++++++++++++++++++++++
 data/Makefile.am                    |   12 ++++++++++++
 data/org.gnome.initial-setup.policy |   20 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 0 deletions(-)
---
diff --git a/data/20-gnome-initial-setup.rules b/data/20-gnome-initial-setup.rules
new file mode 100644
index 0000000..3c37da3
--- /dev/null
+++ b/data/20-gnome-initial-setup.rules
@@ -0,0 +1,26 @@
+// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
+//
+// DO NOT EDIT THIS FILE, it will be overwritten on update.
+//
+// Allow the gnome-initial-setup user to do certain actions without
+// being interrupted by password dialogs
+
+polkit.addRule(function(action, subject) {
+    if (subject.user !== 'gnome-initial-setup')
+        return undefined;
+
+    var actionMatches = (action.id === 'org.freedesktop.udisks2.filesystem-mount-system' ||
+                         action.id === 'org.gnome.initial-setup.pkexec.install' ||
+                         action.id.indexOf('org.freedesktop.accounts.') === 0 ||
+                         action.id.indexOf('org.freedesktop.timedate1.') === 0 ||
+                         action.id.indexOf('org.freedesktop.RealtimeKit1.') === 0);
+
+    if (actionMatches) {
+        if (subject.local && subject.active)
+            return 'yes';
+        else
+            return 'auth_admin';
+    }
+
+    return undefined;
+});
diff --git a/data/Makefile.am b/data/Makefile.am
index e1ff208..0388894 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -12,12 +12,24 @@ edit = $(AM_V_GEN) sed \
 
 @INTLTOOL_DESKTOP_RULE@
 
+policydir = $(datadir)/gnome-initial-setup
+policy_DATA =						\
+	20-gnome-initial-setup.rules			\
+	$(NULL)
+
+polkitdir = $(datadir)/polkit-1/actions
+polkit_DATA =						\
+	org.gnome.initial-setup.policy			\
+	$(NULL)
+
 desktopdir = $(pkgdatadir)/applications
 desktop_DATA =						\
 	gnome-initial-setup.desktop			\
 	$(NULL)
 
 EXTRA_DIST =						\
+	20-gnome-initial-setup.rules			\
+	org.gnome.initial-setup.policy			\
 	gnome-initial-setup.desktop.in.in		\
 	$(NULL)
 
diff --git a/data/org.gnome.initial-setup.policy b/data/org.gnome.initial-setup.policy
new file mode 100644
index 0000000..31d6981
--- /dev/null
+++ b/data/org.gnome.initial-setup.policy
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
+<policyconfig>
+
+ <vendor>GNOME</vendor>
+ <vendor_url>http://www.gnome.org</vendor_url>
+
+ <action id="org.gnome.initial-setup.pkexec.install">
+    <description>Copy account data</description>
+    <message>Authentication is required to copy account data</message>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/install</annotate>
+ </action>
+</policyconfig>