firewalld: Add polkit JS authority rules files

This should help with FreedomBox getting authorizations to access firewalld D-Bus API for polkit versions > 0.105 where polkit local authority is not available. Helps #1728. Tests performed: - Install policykit-1 version 0.105. Something like apt install policykit-1=0.105-26 libpolkit-agent-1-0=0.105-26 libpolkit-gobject-1-0=0.105-26 - Visit privoxy page. See internal networks warning with all the interfaces listed properly. - Visit firewalld page, view list of apps and services properly. - Enable privoxy, see the port opened in firewalld page. - Disable privoxy, see the port closed in firewalld page. - Run diagnostics for privoxy see that ports' diagnostics results pass. - Add Debian experimental to /etc/apt/sources.list. apt update. Then install policykit-1 version 0.116. apt install -t experimental policykit-1. - Repeat all above tests. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Veiko Aasa <veiko17@disroot.org>
2026-04-01 09:30:29 +00:00 · 2020-03-04 10:26:33 -08:00 · 2020-03-04 10:26:33 -08:00 · 2361c9e0b6
commit 2361c9e0b6
parent a2710f1ede
1 changed files with 16 additions and 0 deletions
--- a/plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules
+++ b/plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules
@ -0,0 +1,16 @@
+/*
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+This file is used only by policykit-1 version > 0.105. A corresponding .pkla
+file is used by policykit-1 <= 0.105. See:
+https://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html
+
+*/
+
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.fedoraproject.FirewallD1.config.info" ||
+         action.id == "org.fedoraproject.FirewallD1.config") &&
+        subject.user == "plinth") {
+        return polkit.Result.YES;
+    }
+});