From ab0a06e0c34f49234ff93b184e3a836b3706dcbe Mon Sep 17 00:00:00 2001
From: mirkobrombin <send@mirko.pm>
Date: Wed, 3 Jan 2024 00:02:07 +0100
Subject: [PATCH] feat[close #33]: Add polkit rules for Apx (dbox and podman)

---
 .../polkit-1/actions/org.vanillaos.vso.policy | 25 +++++++++++++++++--
 .../polkit-1/rules.d/org.vanillaos.vso.rules  |  6 ++++-
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy b/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy
index 7859b39..0ce9ea3 100644
--- a/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy
+++ b/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy
@@ -6,7 +6,6 @@
   <vendor>Vanilla OS</vendor>
   <vendor_url>https://www.vanillaos.org/</vendor_url>
   <icon_name>package-x-generic</icon_name>
-
   <action id="org.vanillaos.vso.sys-upgrade">
     <description>Check for system package updates</description>
     <message>Authentication is required to check for updates</message>
@@ -19,4 +18,26 @@
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/vso</annotate>
     <annotate key="org.freedesktop.policykit.exec.argv1">sys-upgrade</annotate>
   </action>
-</policyconfig>
+  <action id="org.vanillaos.vso.distrobox">
+    <description>Manager privileged containers</description>
+    <message>Authentication is required to manage privileged containers</message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/share/apx/distrobox/distrobox</annotate>
+  </action>
+  <action id="org.vanillaos.vso.podman">
+    <description>Manager privileged containers</description>
+    <message>Authentication is required to manage privileged containers</message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/podman</annotate>
+  </action>
+</policyconfig>
\ No newline at end of file
diff --git a/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules b/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules
index 6b94c5b..259dc74 100644
--- a/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules
+++ b/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules
@@ -1,6 +1,10 @@
 polkit.addRule(function (action, subject) {
   if (
-    action.id == "org.vanillaos.vso.sys-upgrade" &&
+    (
+      action.id == "org.vanillaos.vso.sys-upgrade" ||
+      action.id == "org.vanillaos.vso.distrobox" ||
+      action.id == "org.vanillaos.vso.podman"
+    ) &&
     subject.isInGroup("sudo")
   ) {
     polkit.log("action=" + action);