build: new strict & permissive polkit policies in '--with-polkit'

The '--with-polkit' configure switch now supports more options than just yes
or no:

 * strict: Active user needs to explicitly authenticate when peforming an
   operation defined in the Device.Control, Messaging, Location or Contacts
   interfaces. Polkit policy is set to 'auth_self_keep'.

 * permissive: Active user doesn't need to explicitly authenticate when
   peforming an operation defined in the Device.Control, Messaging, Location or
   Contacts interfaces. Polkit policy is set to 'yes'.

 * none: don't use polkit.

If '--with-polkit' is not given, usage will be automatically decided based on
the presence of the Polkit headers in the system (if headers found, strict
policy will be applied, otherwise none).

Also:
 * '--with-polkit' is equivalent to '--with-polkit=strict'
 * '--with-polkit=yes' is equivalent to '--with-polkit=strict'
 * '--with-polkit=no' is equivalent to '--with-polkit=none'
 * '--without-polkit' is equivalent to '--with-polkit=none'

By default, ModemManager will always apply the strict policy, in order to
protect the user from unwanted operations in the modem (e.g. getting the PIN
locked forever after wrong PIN/PUK unlock attempts).

https://bugzilla.gnome.org/show_bug.cgi?id=701740

2 files changed, 9 insertions, 8 deletions

diff --git a/data/Makefile.am b/data/Makefile.am
index fceb1b4a..0e0c391e 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -58,10 +58,10 @@ diagrams = \
 
 
 # Polkit
-dist_polkit_policy_in_files = org.freedesktop.ModemManager1.policy.in
+polkit_policy_in_in_files = org.freedesktop.ModemManager1.policy.in.in
 if WITH_POLKIT
 polkit_policydir = $(datadir)/polkit-1/actions
-dist_polkit_policy_DATA = $(dist_polkit_policy_in_files:.policy.in=.policy)
+polkit_policy_DATA = $(polkit_policy_in_in_files:.policy.in.in=.policy)
 @INTLTOOL_POLICY_RULE@
 endif
 
@@ -75,7 +75,8 @@ pkgconfig_DATA = \
 
 DISTCLEANFILES = \
 	$(dbusactivation_DATA) \
-	$(dbusservice_DATA)
+	$(dbusservice_DATA) \
+	$(polkit_policy_DATA)
 
 if HAVE_SYSTEMD
 DISTCLEANFILES += $(systemdsystemunit_DATA)
@@ -88,6 +89,6 @@ EXTRA_DIST = \
 	$(dbusservice_file_polkit) \
 	$(dbusservice_file_nopolkit) \
 	$(icon_DATA) \
-	$(dist_polkit_policy_in_files) \
+	$(polkit_policy_in_in_files) \
 	$(logos) \
 	$(diagrams)
diff --git a/data/org.freedesktop.ModemManager1.policy.in b/data/org.freedesktop.ModemManager1.policy.in.in
index 9f58e6a0..7b3a22a3 100644
--- a/data/org.freedesktop.ModemManager1.policy.in
+++ b/data/org.freedesktop.ModemManager1.policy.in.in
@@ -23,7 +23,7 @@
     <_message>System policy prevents unlocking or controlling the mobile broadband device.</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
     </defaults>
   </action>
 
@@ -32,7 +32,7 @@
     <_message>System policy prevents adding, modifying, or deleting this device's contacts.</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
     </defaults>
   </action>
 
@@ -41,7 +41,7 @@
     <_message>System policy prevents sending or maniuplating this device's text messages.</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
     </defaults>
   </action>
 
@@ -50,7 +50,7 @@
     <_message>System policy prevents enabling or viewing geographic location information.</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
     </defaults>
   </action>