summaryrefslogtreecommitdiff
path: root/policy/org.freedesktop.packagekit.policy.in
blob: 59bf25a2c9f7aceac0ea4dab3b32fda495df7e0e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>

  <!--
    Policy definitions for PackageKit system actions.
    Copyright (c) 2007-2009 Richard Hughes <richard@hughsie.com>
  -->

  <vendor>The PackageKit Project</vendor>
  <vendor_url>http://www.packagekit.org/</vendor_url>
  <icon_name>package-x-generic</icon_name>

  <action id="org.freedesktop.packagekit.cancel-foreign">
    <!-- SECURITY:
          - Normal users are allowed to cancel their own task without
            authentication, but a different user id needs the admin password
            to cancel another users task.
     -->
    <description>Cancel foreign task</description>
    <message>Authentication is required to cancel a task that was not started by yourself</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.package-install">
    <!-- SECURITY:
          - Normal users do not need authentication to install signed packages
            from signed repositories, as this cannot exploit a system.
          - Paranoid users (or parents!) can change this to 'auth_admin' or
            'auth_admin_keep'.
     -->
    <description>Install signed package</description>
    <message>Authentication is required to install software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.package-install-untrusted">
    <!-- SECURITY:
          - Normal users require admin authentication to install untrusted or
            unrecognised packages, as allowing users to do this without a
            password would be a massive security hole.
          - This is not retained as each package should be authenticated.
     -->
    <description>Install untrusted local file</description>
    <message>Authentication is required to install untrusted software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
  </action>

  <action id="org.freedesktop.packagekit.package-reinstall">
    <!-- SECURITY
          - Normal users require admin authentication to reinstall packages.
          - Authorization to install packages does not imply permissions to
            reinstall them and vice versa.
          - If a package in question is not trusted, user's permission to install
            untrusted package will be checked as well.
     -->
    <description>Install already installed package again</description>
    <message>Authentication is required to reinstall software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.package-downgrade">
    <!-- SECURITY
          - Normal users require admin authentication to downgrade packages.
          - User authorized to dowgrade signed packages is authorized to install
            them as well.
          - If a package in question is not trusted, user's permission to install
            untrusted package will be checked as well.
     -->
    <description>Install older version of installed package</description>
    <message>Authentication is required to downgrade software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
  </action>

  <action id="org.freedesktop.packagekit.system-trust-signing-key">
    <!-- SECURITY:
          - Normal users require admin authentication to add signing keys.
          - This implies adding an explicit trust, and should not be granted
            without a secure authentication.
          - This is not kept as each package should be authenticated.
     -->
    <description>Trust a key used for signing software</description>
    <message>Authentication is required to consider a key used for signing software as trusted</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.package-eula-accept">
    <!-- SECURITY:
          - Normal users do not require admin authentication to accept new
            licence agreements.
          - Change this to 'auth_admin' for environments where users should not
            be given the option to make legal decisions.
     -->
    <description>Accept EULA</description>
    <message>Authentication is required to accept a EULA</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.package-remove">
    <!-- SECURITY:
          - Normal users require admin authentication to remove packages as
            this can make the system unbootable or stop other applications from
            working.
          - Be sure to close the tool used to remove the packages after the
            admin authentication has been obtained, otherwise packages can still
            be removed. If this is not possible, change this authentication to
            'auth_admin'.
     -->
    <description>Remove package</description>
    <message>Authentication is required to remove software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.imply">org.freedesktop.packagekit.package-install</annotate>
  </action>

  <action id="org.freedesktop.packagekit.system-update">
    <!-- SECURITY:
          - Normal users do not require admin authentication to update the
            system as the packages will be signed, and the action is required
            to update the system when unattended.
          - Changing this to anything other than 'yes' will break unattended
            updates.
     -->
    <description>Update software</description>
    <message>Authentication is required to update software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.system-sources-configure">
    <!-- SECURITY:
          - Normal users require admin authentication to enable or disable
            software repositories as this can be used to enable new updates or
            install different versions of software.
     -->
    <description>Change software repository parameters</description>
    <message>Authentication is required to change software repository parameters</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.system-sources-refresh">
    <!-- SECURITY:
          - Normal users do not require admin authentication to refresh the
            cache, as this doesn't actually install or remove software.
     -->
    <description>Refresh system repositories</description>
    <message>Authentication is required to refresh the system repositories</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.system-network-proxy-configure">
    <!-- SECURITY:
          - Normal users do not require admin authentication to set the proxy
            used for downloading packages.
     -->
    <description>Set network proxy</description>
    <message>Authentication is required to set the network proxy used for downloading software</message>
    <icon_name>preferences-system-network-proxy</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.device-rebind">
    <!-- SECURITY:
          - Normal users require admin authentication to rebind a driver
            so that it works after we install firmware.
          - This should not be set to 'yes' as unprivileged users could then
            try to rebind drivers in use, for instance security authentication
            devices.
     -->
    <description>Reload a device</description>
    <message>Authentication is required to reload the device with a new driver</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/pk-device-rebind</annotate>
  </action>

  <action id="org.freedesktop.packagekit.upgrade-system">
    <!-- SECURITY:
          - Normal users require admin authentication to upgrade the disto as
            this can make the system unbootable or stop other applications from
            working.
     -->
    <description>Upgrade System</description>
    <message>Authentication is required to upgrade the operating system</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.repair-system">
    <!-- SECURITY:
          - Normal users require admin authentication to repair the system
            since this can make the system unbootable or stop other
            applications from working.
     -->
    <description>Repair System</description>
    <message>Authentication is required to repair the installed software</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.trigger-offline-update">
    <!-- SECURITY:
          - Normal users are able to ask updates to be installed at
            early boot time without a password.
     -->
    <description>Trigger offline updates</description>
    <message>Authentication is required to trigger offline updates</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.trigger-offline-upgrade">
    <!-- SECURITY:
          - Normal users require admin authentication to upgrade the system
            to a new distribution since this can make the system unbootable or
            stop other applications from working.
     -->
    <description>Trigger offline updates</description>
    <message>Authentication is required to trigger offline updates</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
  </action>

  <action id="org.freedesktop.packagekit.clear-offline-update">
    <!-- SECURITY:
          - Normal users are able to clear the updates message that is
            shown after an updates are applied at boot time.
     -->
    <description>Clear offline update message</description>
    <message>Authentication is required to clear the offline updates message</message>
    <icon_name>package-x-generic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

</policyconfig>