From cebcf2a4d29f01061dedf8714db2842b9582900c Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Tue, 8 Jun 2021 20:45:00 +0200

Subject: [PATCH 1/3] data: Disable network configuration on login screen

---

 data/meson.build            | 10 ++++++++++

 data/org.gnome.gdm.rules.in |  8 ++++++++

 2 files changed, 18 insertions(+)

 create mode 100644 data/org.gnome.gdm.rules.in

diff --git a/data/meson.build b/data/meson.build

index 23e2d7f9f..cbd6a6a21 100644

--- a/data/meson.build

+++ b/data/meson.build

@@ -131,60 +131,70 @@ pam_data_files_map = {

   'arch': [

     'gdm-autologin',

     'gdm-launch-environment',

     'gdm-fingerprint',

     'gdm-smartcard',

     'gdm-password',

     'gdm-pin',

   ],

   'none': [],

   # We should no longer have 'autodetect' at this point

 }

 pam_data_files = pam_data_files_map[default_pam_config]

 pam_prefix = (get_option('pam-prefix') != '')? get_option('pam-prefix') : get_option('sysconfdir')

 foreach _pam_filename : pam_data_files

   install_data('pam-@0@/@1@.pam'.format(default_pam_config, _pam_filename),

     rename: _pam_filename,

     install_dir: pam_prefix / 'pam.d',

   )

 endforeach

 gdm_rules = configure_file(

   input: '61-gdm.rules.in',

   output: '@BASENAME@',

   configuration: {

     'libexecdir': gdm_prefix / get_option('libexecdir'),

   },

   install_dir: udev_dir,

 )

+# Polkit rules

+polkit_rules = configure_file(

+  input: 'org.gnome.gdm.rules.in',

+  output: '@BASENAME@',

+  configuration: {

+    'GDM_USERNAME': get_option('user'),

+  },

+  install_dir: get_option('datadir') / 'polkit-1' / 'rules.d',

+)

+

 # DBus service files

 service_config = configuration_data()

 service_config.set('sbindir', gdm_prefix / get_option('sbindir'))

 service_config.set('GDM_INITIAL_VT', get_option('initial-vt'))

 service_config.set('LANG_CONFIG_FILE', lang_config_file)

 if plymouth_dep.found()

   service_config.set('PLYMOUTH_QUIT_SERVICE', 'plymouth-quit.service')

 else

   service_config.set('PLYMOUTH_QUIT_SERVICE', '')

 endif

 if get_option('systemdsystemunitdir') != ''

   systemd_systemunitdir = get_option('systemdsystemunitdir')

 else

   systemd_systemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')

 endif

 if get_option('systemduserunitdir') != ''

   systemd_userunitdir = get_option('systemduserunitdir')

 else

   systemd_userunitdir = systemd_dep.get_pkgconfig_variable('systemduserunitdir',

                                                            define_variable: ['prefix', get_option('prefix')])

 endif

 configure_file(

   input: 'gdm.service.in',

   output: '@BASENAME@',

   configuration: service_config,

   install_dir: systemd_systemunitdir,

   format: 'cmake'

diff --git a/data/org.gnome.gdm.rules.in b/data/org.gnome.gdm.rules.in

new file mode 100644

index 000000000..09544f11e

--- /dev/null

+++ b/data/org.gnome.gdm.rules.in

@@ -0,0 +1,8 @@

+polkit.addRule(function(action, subject) {

+    if (action.id == "org.freedesktop.NetworkManager.network-control" &&

+        subject.user == "@GDM_USERNAME@") {

+            return polkit.Result.NO;

+    }

+

+    return polkit.Result.NOT_HANDLED;

+});

-- 

2.30.1