[meta-oe] polkit: add udisks2 rule

Message ID	20220512073540.3020016-1-uvv.mail@gmail.com
State	Under Review
Headers	show Return-Path: <uvv.mail@gmail.com> ip: 209.85.221.49, mailfrom: uvv.mail@gmail.com) From: Vyacheslav Yurkov <uvv.mail@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: Vyacheslav Yurkov <v.yurkov@precitec.de> Subject: [meta-oe][PATCH] polkit: add udisks2 rule Date: Thu, 12 May 2022 09:35:40 +0200 Message-Id: <20220512073540.3020016-1-uvv.mail@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe] polkit: add udisks2 rule \| expand [meta-oe] polkit: add udisks2 rule

Message ID

20220512073540.3020016-1-uvv.mail@gmail.com

State

Under Review

Headers

From: Vyacheslav Yurkov <uvv.mail@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Vyacheslav Yurkov <v.yurkov@precitec.de>
Subject: [meta-oe][PATCH] polkit: add udisks2 rule
Date: Thu, 12 May 2022 09:35:40 +0200
Message-Id: <20220512073540.3020016-1-uvv.mail@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe] polkit: add udisks2 rule | expand

Commit Message

Vyacheslav Yurkov May 12, 2022, 7:35 a.m. UTC

From: Vyacheslav Yurkov <v.yurkov@precitec.de>

The rule allows non-priviledged users from plugdev group to
mount/unmount block devices

Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de>
---
 .../files/50-org.freedesktop.udiskie.rules    | 24 +++++++++++++++++++
 .../polkit/polkit-group-rule-udisks2.bb       | 17 +++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules
 create mode 100644 meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb

diff --git a/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules
new file mode 100644
index 0000000000..2ffa4087a8
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules
@@ -0,0 +1,24 @@ 
+polkit.addRule(function(action, subject) {
+  var YES = polkit.Result.YES;
+  var permission = {
+    // required for udisks1:
+    "org.freedesktop.udisks.filesystem-mount": YES,
+    "org.freedesktop.udisks.luks-unlock": YES,
+    "org.freedesktop.udisks.drive-eject": YES,
+    "org.freedesktop.udisks.drive-detach": YES,
+    // required for udisks2:
+    "org.freedesktop.udisks2.filesystem-mount": YES,
+    "org.freedesktop.udisks2.encrypted-unlock": YES,
+    "org.freedesktop.udisks2.eject-media": YES,
+    "org.freedesktop.udisks2.power-off-drive": YES,
+    // required for udisks2 if using udiskie from another seat (e.g. systemd):
+    "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+    "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+    "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+    "org.freedesktop.udisks2.eject-media-other-seat": YES,
+    "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+  };
+  if (subject.isInGroup("plugdev")) {
+    return permission[action.id];
+  }
+});
diff --git a/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb
new file mode 100644
index 0000000000..ae024d0328
--- /dev/null
+++ b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb
@@ -0,0 +1,17 @@ 
+DESCRIPTION = "Polkit rule to allow non-priviledged users mount/umount block devices via udisks2"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+require polkit-group-rule.inc
+
+# The file originates from https://github.com/coldfix/udiskie/wiki/Permissions
+SRC_URI = "file://50-org.freedesktop.udiskie.rules"
+
+RDEPENDS_${PN} += "udisks2"
+
+do_install() {
+    install -m 0755 ${WORKDIR}/50-org.freedesktop.udiskie.rules ${D}${sysconfdir}/polkit-1/rules.d
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system plugdev"

[meta-oe] polkit: add udisks2 rule

Commit Message

Patch