From de69ff074de0afb740ba035ba3054af244bca824 Mon Sep 17 00:00:00 2001 From: librewish Date: Thu, 4 Feb 2021 13:19:38 +0530 Subject: [PATCH] add polkit rules to not ask password for certain apps --- etc/polkit-1/rules.d/99-garuda.rules | 70 +++++++++++++++++++ .../autostart/initial-user-setup.desktop | 2 +- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 etc/polkit-1/rules.d/99-garuda.rules diff --git a/etc/polkit-1/rules.d/99-garuda.rules b/etc/polkit-1/rules.d/99-garuda.rules new file mode 100644 index 0000000..484b68e --- /dev/null +++ b/etc/polkit-1/rules.d/99-garuda.rules @@ -0,0 +1,70 @@ +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); + +// Allow udisks2 to mount devices without authentication +// for users in the "wheel" group. +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" || + action.id == "org.freedesktop.udisks2.filesystem-mount" || + action id == "org.freedesktop.udisks2.filesystem-mount-other-seat" || + action.id == "org.freedesktop.udisks.filesystem-fstab") && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); + +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" || + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.hibernate" || + action.id == "org.freedesktop.login1.hibernate-multiple-sessions" || + action.id == "org.freedesktop.login1.suspend" || + action.id == "org.freedesktop.login1.suspend-multiple-sessions") { + return polkit.Result.YES; + } +}); + +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.upower.hibernate" || + action.id == "org.freedesktop.upower.suspend") { + return polkit.Result.YES; + } +}); + +/* Allow users of network group to use blueman feature requiring root without authentication */ +polkit.addRule(function(action, subject) { + if ((action.id == "org.blueman.network.setup" || + action.id == "org.blueman.dhcp.client" || + action.id == "org.blueman.rfkill.setstate" || + action.id == "org.blueman.pppd.pppconnect") && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); + +/* Allow members of the wheel group to execute the defined actions + * without password authentication, similar to "sudo NOPASSWD:" + */ +polkit.addRule(function(action, subject) { + if ((action.id == "org.archlinux.pkexec.gparted" || + action.id == "org.libvirt.unix.manage") && + subject.isInGroup("wheel")) + { + return polkit.Result.YES; + } +}); + +polkit.addRule(function(action, subject) { + if ((action.id == "org.corectrl.helper.init" || + action.id == "org.corectrl.helperkiller.init") && + subject.local == true && + subject.active == true && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); diff --git a/etc/skel/.config/autostart/initial-user-setup.desktop b/etc/skel/.config/autostart/initial-user-setup.desktop index d73db27..cff28f8 100755 --- a/etc/skel/.config/autostart/initial-user-setup.desktop +++ b/etc/skel/.config/autostart/initial-user-setup.desktop @@ -1,7 +1,7 @@ [Desktop Entry] Categories=System;Monitor; Comment=Does the initial user setup -Exec=systemctl --user enable --now psd pulseaudio-bluetooth-autoconnect precached-trigger;libinput-gestures-setup autostart;libinput-gestures-setup start;setup_dxvk install;rm ~/.config/autostart/initial-user-setup.desktop +Exec=systemctl --user enable --now psd;systemctl --user enable --now pulseaudio-bluetooth-autoconnect;systemctl --user enable --now gamemoded;libinput-gestures-setup autostart;libinput-gestures-setup start;setup_dxvk install;rm ~/.config/autostart/initial-user-setup.desktop Icon=setup Name=Initial user setup StartupNotify=false