File gnome-shell-private-connection.patch of Package gnome-shell

From f9a23ba5908fb93d25ef702510ea182c220db8aa Mon Sep 17 00:00:00 2001
From: Giovanni Campagna <gcampagna@src.gnome.org>
Date: Thu, 31 Mar 2011 15:56:13 +0200
Subject: [PATCH] NetworkMenu: create private connections if the user is not
 authorized

Check polkit setting at startup and add, if needed, the "permissions"
setting to the connections we create, so that polkit authentication is
never needed. The connection is thus only available to other users
if the system administrator decides so.

https://bugzilla.gnome.org/show_bug.cgi?id=646187
---
 js/ui/status/network.js | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

Index: gnome-shell-3.30.1/js/ui/status/network.js
===================================================================
--- gnome-shell-3.30.1.orig/js/ui/status/network.js	2018-10-08 21:33:22.000000000 +0200
+++ gnome-shell-3.30.1/js/ui/status/network.js	2018-10-22 20:25:19.866377309 +0200
@@ -7,6 +7,7 @@ const Gtk = imports.gi.Gtk;
 const Lang = imports.lang;
 const Mainloop = imports.mainloop;
 const NM = imports.gi.NM;
+const Polkit = imports.gi.Polkit;
 const Signals = imports.signals;
 const Shell = imports.gi.Shell;
 const St = imports.gi.St;
@@ -333,6 +334,11 @@ var NMConnectionDevice = new Lang.Class(
 
     _autoConnect() {
         let connection = new NM.SimpleConnection();
+        if (this._privateConnections) {
+            let connectionSetting = new NM.SettingConnection();
+            connectionSetting.add_permission('user', GLib.get_user_name(), null);
+            connection.add_setting(connectionSetting);
+        }
         this._client.add_and_activate_connection_async(connection, this._device, null, null, null);
     },
 
@@ -473,10 +479,11 @@ var NMDeviceWired = new Lang.Class({
     Extends: NMConnectionDevice,
     category: NMConnectionCategory.WIRED,
 
-    _init(client, device) {
+    _init(client, device, privateConnections) {
         this.parent(client, device);
 
         this.item.menu.addSettingsAction(_("Wired Settings"), 'gnome-network-panel.desktop');
+        this._privateConnections = privateConnections;
     },
 
     _hasCarrier() {
@@ -688,11 +695,12 @@ var NMWirelessDialog = new Lang.Class({
     Name: 'NMWirelessDialog',
     Extends: ModalDialog.ModalDialog,
 
-    _init(client, device) {
+    _init(client, device, privateConnections) {
         this.parent({ styleClass: 'nm-dialog' });
 
         this._client = client;
         this._device = device;
+        this._privateConnections = privateConnections;
 
         this._wirelessEnabledChangedId = this._client.connect('notify::wireless-enabled',
                                                               this._syncView.bind(this));
@@ -924,6 +932,11 @@ var NMWirelessDialog = new Lang.Class({
                             this._device.get_path(), accessPoints[0].get_path()]);
             } else {
                 let connection = new NM.SimpleConnection();
+                if (this._privateConnections) {
+                    let connectionSetting = new NM.SettingConnection();
+                    connectionSetting.add_permission('user', GLib.get_user_name(), null);
+                    connection.add_setting(connectionSetting);
+                }
                 this._client.add_and_activate_connection_async(connection, this._device, accessPoints[0].get_path(), null, null)
             }
         }
@@ -1162,9 +1175,10 @@ var NMDeviceWireless = new Lang.Class({
     Name: 'NMDeviceWireless',
     category: NMConnectionCategory.WIRELESS,
 
-    _init(client, device) {
+    _init(client, device, privateConnections) {
         this._client = client;
         this._device = device;
+        this._privateConnections = privateConnections;
 
         this._description = '';
 
@@ -1246,7 +1260,7 @@ var NMDeviceWireless = new Lang.Class({
     },
 
     _showDialog() {
-        this._dialog = new NMWirelessDialog(this._client, this._device);
+        this._dialog = new NMWirelessDialog(this._client, this._device, this._privateConnections);
         this._dialog.connect('closed', this._dialogClosed.bind(this));
         this._dialog.open();
     },
@@ -1632,6 +1646,19 @@ var NMApplet = new Lang.Class({
     _clientGot(obj, result) {
         this._client = NM.Client.new_finish(result);
 
+        // Check if newly created connections should be private or not
+        this._privateConnections = true;
+        let authority = Polkit.Authority.get_sync(null);
+        let credential = new Gio.Credentials();
+        let subject = new Polkit.UnixProcess({ pid: credential.get_unix_pid(), uid: credential.get_unix_user() });
+        let authResult = authority.check_authorization_sync(subject,
+                                                            'org.freedesktop.NetworkManager.settings.modify.system',
+                                                            null /* details */,
+                                                            Polkit.CheckAuthorizationFlags.NONE,
+                                                            null /* cancellable */);
+        if (authResult)
+            this._privateConnections = !authResult.get_is_authorized();
+
         this._activeConnections = [ ];
         this._connections = [ ];
         this._connectivityQueue = [ ];
@@ -1747,7 +1774,7 @@ var NMApplet = new Lang.Class({
 
         let wrapperClass = this._dtypes[device.get_device_type()];
         if (wrapperClass) {
-            let wrapper = new wrapperClass(this._client, device);
+            let wrapper = new wrapperClass(this._client, device, this._privateConnections);
             device._delegate = wrapper;
             this._addDeviceWrapper(wrapper);