From 283868e1dcd8ea7475850d9c6e7d4722c473dd50 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Wed, 6 Aug 2014 11:45:36 +0200
Subject: core: Verify systemd1 DBus method callers via polkit

DBus methods that retrieve information can be called by anyone.

DBus methods that modify state of units are verified via polkit
action: org.freedesktop.systemd1.manage-units

DBus methods that modify state of unit files are verified via polkit
action: org.freedesktop.systemd1.manage-unit-files

DBus methods that reload the entire daemon state are verified via polkit
action: org.freedesktop.systemd1.reload-daemon

DBus methods that modify job state are callable from the clients
that started the job.

root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property
access etc. There are several DBus methods that can only be
called by root.

Open up the dbus1 policy for the above methods.

(Heavily modified by Lennart, making use of the new
bus_verify_polkit_async() version that doesn't force us to always
pass the original callback around. Also, interactive auhentication must
be opt-in, not unconditional, hence I turned this off.)
---
 src/core/org.freedesktop.systemd1.policy.in.in | 30 ++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'src/core/org.freedesktop.systemd1.policy.in.in')

diff --git a/src/core/org.freedesktop.systemd1.policy.in.in b/src/core/org.freedesktop.systemd1.policy.in.in
index 51bdafac45..387677d396 100644
--- a/src/core/org.freedesktop.systemd1.policy.in.in
+++ b/src/core/org.freedesktop.systemd1.policy.in.in
@@ -38,4 +38,34 @@
                 <annotate key="org.freedesktop.policykit.exec.path">@bindir@/systemd-stdio-bridge</annotate>
         </action>
 
+        <action id="org.freedesktop.systemd1.manage-units">
+                <_description>Manage system services or units</_description>
+                <_message>Authentication is required to manage system services or units.</_message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+        </action>
+
+        <action id="org.freedesktop.systemd1.manage-unit-files">
+                <_description>Manage system service or unit files</_description>
+                <_message>Authentication is required to manage system service or unit files.</_message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+        </action>
+
+        <action id="org.freedesktop.systemd1.reload-daemon">
+                <_description>Reload the systemd state</_description>
+                <_message>Authentication is required to reload the systemd state.</_message>
+                <defaults>
+                        <allow_any>auth_admin</allow_any>
+                        <allow_inactive>auth_admin</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+        </action>
+
 </policyconfig>
-- 
cgit v1.2.3-54-g00ecf