polkit,time: protect GetNetworkTime() with a new 'Time' policy rule

2 files changed, 16 insertions, 0 deletions

diff --git a/data/org.freedesktop.ModemManager1.conf.polkit b/data/org.freedesktop.ModemManager1.conf.polkit
index e6ba8710..311883fe 100644
--- a/data/org.freedesktop.ModemManager1.conf.polkit
+++ b/data/org.freedesktop.ModemManager1.conf.polkit
@@ -299,6 +299,13 @@
            send_interface="org.freedesktop.ModemManager1.Modem.Signal"
            send_member="Setup"/>
 
+    <!-- org.freedesktop.ModemManager1.Modem.Time.xml -->
+
+    <!-- Protected by the Time policy rule -->
+    <allow send_destination="org.freedesktop.ModemManager1"
+           send_interface="org.freedesktop.ModemManager1.Modem.Time"
+           send_member="GetNetworkTime"/>
+
   </policy>
 
   <policy user="root">
diff --git a/data/org.freedesktop.ModemManager1.policy.in.in b/data/org.freedesktop.ModemManager1.policy.in.in
index 7edb20c7..235affd7 100644
--- a/data/org.freedesktop.ModemManager1.policy.in.in
+++ b/data/org.freedesktop.ModemManager1.policy.in.in
@@ -54,6 +54,15 @@
     </defaults>
   </action>
 
+  <action id="org.freedesktop.ModemManager1.Time">
+    <description>Query network time and timezone information</description>
+    <message>System policy prevents querying network time information.</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>@MM_DEFAULT_USER_POLICY@</allow_active>
+    </defaults>
+  </action>
+
   <action id="org.freedesktop.ModemManager1.Location">
     <description>Enable and view geographic location and positioning information</description>
     <message>System policy prevents enabling or viewing geographic location information.</message>