Add option to tweak privileged group in polkit rules

Signed-off-by: Sergey Shatunov <me@prok.pw>

accounts-service/com.endlessm.ParentalControls.rules.in

@@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) {
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
         subject.active && subject.local &&
-        subject.isInGroup("sudo")) {
+        subject.isInGroup("@PRIVILEGED_GROUP@")) {
             return polkit.Result.YES;
     }
 

accounts-service/meson.build

@@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces
     join_paths(accountsserviceinterfacesdir, filename))
 endforeach
 
-install_data('com.endlessm.ParentalControls.rules',
-  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
+polkit_conf = configuration_data()
+polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group'))
+configure_file(
+  input: 'com.endlessm.ParentalControls.rules.in',
+  output: 'com.endlessm.ParentalControls.rules',
+  configuration: polkit_conf,
+  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')
+)

meson_options.txt

@@ -21,3 +21,9 @@ option(
   value: false,
   description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle'
 )
+option(
+  'privileged_group',
+  type: 'string',
+  value: 'wheel',
+  description: 'name of group that has elevated permissions'
+)