Overview

File NM-add-wifi-scan-polkit-rule.patch of Package NetworkManager.12638

From e491ef1692b71f3b540a86ea99034139c438275b Mon Sep 17 00:00:00 2001
From: Jonathan Kang <jonathankang@gnome.org>
Date: Fri, 25 Jan 2019 15:29:10 +0800
Subject: [PATCH] Add polkit action for Wi-Fi scans

Previously, Wi-Fi scans uses polkit action
"org.freedesktop.NetworkManager.network-control". This is introduced
in commit 5e3e19d0. But in a system with restrict polkit rules, for
example "org.freedesktop.NetworkManager.network-control" was set as
auth_admin. When you open the network panel of GNOME Control Center, a
polkit dialog will keep showing up asking for admin password, as GNOME
Control Center scans the Wi-Fi list every 15 seconds.

Fix that by adding a new polkit action
"org.freedesktop.NetworkManager.wifi.scan" so that distributions can
add specific rule to allow Wi-Fi scans.
---
 clients/cli/general.c                         |  2 ++
 ...rg.freedesktop.NetworkManager.policy.in.in | 10 +++++++
 libnm-glib/nm-client.c                        |  2 ++
 libnm-glib/nm-client.h                        | 24 +++++++++--------
 libnm/nm-client.h                             | 26 ++++++++++---------
 libnm/nm-manager.c                            |  2 ++
 shared/nm-common-macros.h                     |  1 +
 src/devices/wifi/nm-device-iwd.c              |  2 +-
 src/devices/wifi/nm-device-wifi.c             |  2 +-
 9 files changed, 46 insertions(+), 25 deletions(-)

Index: NetworkManager-1.10.6/clients/cli/general.c
===================================================================
--- NetworkManager-1.10.6.orig/clients/cli/general.c
+++ NetworkManager-1.10.6/clients/cli/general.c
@@ -142,6 +142,8 @@ permission_to_string (NMClientPermission
 		return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
 	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK:
 		return NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
+	case NM_CLIENT_PERMISSION_WIFI_SCAN:
+		return NM_AUTH_PERMISSION_WIFI_SCAN;
 	default:
 		return _("unknown");
 	}
Index: NetworkManager-1.10.6/data/org.freedesktop.NetworkManager.policy.in.in
===================================================================
--- NetworkManager-1.10.6.orig/data/org.freedesktop.NetworkManager.policy.in.in
+++ NetworkManager-1.10.6/data/org.freedesktop.NetworkManager.policy.in.in
@@ -73,6 +73,16 @@
       <allow_active>yes</allow_active>
     </defaults>
   </action>
+ 
+  <action id="org.freedesktop.NetworkManager.wifi.scan">
+    <_description>Allow control of Wi-Fi scans</_description>
+    <_message>System policy prevents Wi-Fi scans</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
 
   <action id="org.freedesktop.NetworkManager.wifi.share.protected">
     <_description>Connection sharing via a protected WiFi network</_description>
Index: NetworkManager-1.10.6/libnm/nm-client.h
===================================================================
--- NetworkManager-1.10.6.orig/libnm/nm-client.h
+++ NetworkManager-1.10.6/libnm/nm-client.h
@@ -107,6 +107,7 @@ G_BEGIN_DECLS
  *  statistics can be globally enabled or disabled
  * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
  *  connectivity check can be enabled or disabled
+ * @NM_CLIENT_PERMISSION_WIFI_SCAN: controls whether wifi scans can be performed
  * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
  *
  * #NMClientPermission values indicate various permissions that NetworkManager
@@ -130,8 +131,9 @@ typedef enum {
 	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
 	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
 	NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
+	NM_CLIENT_PERMISSION_WIFI_SCAN = 17,
 
-	NM_CLIENT_PERMISSION_LAST = 16,
+	NM_CLIENT_PERMISSION_LAST = 17,
 } NMClientPermission;
 
 /**
Index: NetworkManager-1.10.6/libnm/nm-manager.c
===================================================================
--- NetworkManager-1.10.6.orig/libnm/nm-manager.c
+++ NetworkManager-1.10.6/libnm/nm-manager.c
@@ -241,6 +241,8 @@ nm_permission_to_client (const char *nm)
 		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
 	else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK))
 		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SCAN))
+		return NM_CLIENT_PERMISSION_WIFI_SCAN;
 
 	return NM_CLIENT_PERMISSION_NONE;
 }
Index: NetworkManager-1.10.6/shared/nm-common-macros.h
===================================================================
--- NetworkManager-1.10.6.orig/shared/nm-common-macros.h
+++ NetworkManager-1.10.6/shared/nm-common-macros.h
@@ -40,6 +40,7 @@
 #define NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK        "org.freedesktop.NetworkManager.checkpoint-rollback"
 #define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS  "org.freedesktop.NetworkManager.enable-disable-statistics"
 #define NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK "org.freedesktop.NetworkManager.enable-disable-connectivity-check"
+#define NM_AUTH_PERMISSION_WIFI_SCAN                  "org.freedesktop.NetworkManager.wifi.scan"
 
 #define NM_CLONED_MAC_PRESERVE                          "preserve"
 #define NM_CLONED_MAC_PERMANENT                         "permanent"
Index: NetworkManager-1.10.6/src/devices/wifi/nm-device-wifi.c
===================================================================
--- NetworkManager-1.10.6.orig/src/devices/wifi/nm-device-wifi.c
+++ NetworkManager-1.10.6/src/devices/wifi/nm-device-wifi.c
@@ -1326,7 +1326,7 @@ impl_device_wifi_request_scan (NMDeviceW
 	                       NM_DEVICE_AUTH_REQUEST,
 	                       context,
 	                       NULL,
-	                       NM_AUTH_PERMISSION_NETWORK_CONTROL,
+	                       NM_AUTH_PERMISSION_WIFI_SCAN,
 	                       TRUE,
 	                       dbus_request_scan_cb,
 	                       options ? g_variant_ref (options) : NULL);
openSUSE Build Service is sponsored by
Places