Merge branch 'privileged_group' into 'master'

Add option to tweak privileged group in polkit rules

Closes #22

See merge request pwithnall/malcontent!76

.gitlab-ci.yml

@@ -22,7 +22,7 @@ debian:
   except:
     - tags
   script:
-    - meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true _build .
+    - meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true -Dprivileged_group=sudo _build .
     - meson test -C _build
     # FIXME: lcov doesn't support gcc9 yet:
     # https://github.com/linux-test-project/lcov/issues/58

accounts-service/com.endlessm.ParentalControls.rules.in

@@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) {
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
         subject.active && subject.local &&
-        subject.isInGroup("sudo")) {
+        subject.isInGroup("@PRIVILEGED_GROUP@")) {
             return polkit.Result.YES;
     }
 

accounts-service/meson.build

@@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces
     join_paths(accountsserviceinterfacesdir, filename))
 endforeach
 
-install_data('com.endlessm.ParentalControls.rules',
+polkit_conf = configuration_data()
-  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
+polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group'))
+configure_file(
+  input: 'com.endlessm.ParentalControls.rules.in',
+  output: 'com.endlessm.ParentalControls.rules',
+  configuration: polkit_conf,
+  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')
+)

meson_options.txt

@@ -21,3 +21,9 @@ option(
   value: false,
   description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle'
 )
+option(
+  'privileged_group',
+  type: 'string',
+  value: 'wheel',
+  description: 'name of group that has elevated permissions'
+)