marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
flatpak-builder/system-helper/org.freedesktop.Flatpak.pol...

164 lines
6.1 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<!--
Policy definitions for Flatpak system actions.
Copyright (c) 2016 Alexander Larsson <alexl@redhat.com>
-->
<vendor>The Flatpak Project</vendor>
<vendor_url>https://cgit.freedesktop.org/xdg-app/xdg-app/</vendor_url>
<icon_name>package-x-generic</icon_name>
<action id="org.freedesktop.Flatpak.app-install">
<!-- SECURITY:
- Normal users do not need authentication to install signed applications
from signed repositories, as this cannot exploit a system.
- Paranoid users (or parents!) can change this to 'auth_admin' or
'auth_admin_keep'.
-->
<description>Install signed application</description>
<message>Authentication is required to install software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.runtime-install">
<!-- SECURITY:
- Normal users do not need authentication to install signed applications
from signed repositories, as this cannot exploit a system.
- Paranoid users (or parents!) can change this to 'auth_admin' or
'auth_admin_keep'.
-->
<description>Install signed runtime</description>
<message>Authentication is required to install software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.app-update">
<!-- SECURITY:
- Normal users do not require admin authentication to update an
app as the commit will be signed, and the action is required
to update the system when unattended.
- Changing this to anything other than 'yes' will break unattended
updates.
-->
<description>Update signed application</description>
<message>Authentication is required to update software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.runtime-update">
<!-- SECURITY:
- Normal users do not require admin authentication to update a
runtime as the commit will be signed, and the action is required
to update the system when unattended.
- Changing this to anything other than 'yes' will break unattended
updates.
-->
<description>Update signed runtime</description>
<message>Authentication is required to update software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.update-remote">
<!-- SECURITY:
- Normal users do not need authentication to update metadata
from signed repositories.
-->
<description>Update remote metadata</description>
<message>Authentication is required to update remote info</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.install-bundle">
<description>Install bundle</description>
<message>Authentication is required to install software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.runtime-uninstall">
<description>Uninstall runtime</description>
<message>Authentication is required to uninstall software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.app-uninstall">
<description>Uninstall app</description>
<message>Authentication is required to uninstall software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.configure-remote">
<description>Configure Remote</description>
<message>Authentication is required to configure software repositories</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.Flatpak.appstream-update">
<!-- SECURITY:
- Normal users do not require admin authentication to update
appstream data as it will be signed, and the action is required
to update the system when unattended.
- Changing this to anything other than 'yes' will break unattended
updates.
-->
<description>Update appstream</description>
<message>Authentication is required to update software</message>
<icon_name>package-x-generic</icon_name>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>
Reference in New Issue View Git Blame Copy Permalink