From 299ab139e4058da7f89defc148940e0a67b9a90e Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Wed, 2 Jun 2010 02:23:51 -0700
Subject: [PATCH] core: add policy for overall network control

Allows for locking down connections completely and disallowing
certain users from touching networking at all.
---
 policy/org.freedesktop.NetworkManager.policy.in | 9 +++++++++
 src/nm-manager-auth.h                           | 1 +
 src/nm-manager.c                                | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/policy/org.freedesktop.NetworkManager.policy.in b/policy/org.freedesktop.NetworkManager.policy.in
index a912872491..e6540655d4 100644
--- a/policy/org.freedesktop.NetworkManager.policy.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in
@@ -54,5 +54,14 @@
     </defaults>
   </action>
 
+  <action id="org.freedesktop.NetworkManager.network-control">
+    <_description>Allow control of network connections</_description>
+    <_message>System policy prevents control of network connections</_message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
 </policyconfig>
 
diff --git a/src/nm-manager-auth.h b/src/nm-manager-auth.h
index 14e130115e..44bb309973 100644
--- a/src/nm-manager-auth.h
+++ b/src/nm-manager-auth.h
@@ -32,6 +32,7 @@
 #define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI    "org.freedesktop.NetworkManager.enable-disable-wifi"
 #define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN    "org.freedesktop.NetworkManager.enable-disable-wwan"
 #define NM_AUTH_PERMISSION_USE_USER_CONNECTIONS   "org.freedesktop.NetworkManager.use-user-connections"
+#define NM_AUTH_PERMISSION_NETWORK_CONTROL        "org.freedesktop.NetworkManager.network-control"
 
 
 typedef struct NMAuthChain NMAuthChain;
diff --git a/src/nm-manager.c b/src/nm-manager.c
index eaad533e45..874433a1e2 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -3076,6 +3076,7 @@ get_permissions_done_cb (NMAuthChain *chain,
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_USE_USER_CONNECTIONS);
+		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
 		dbus_g_method_return (context, results);
 		g_hash_table_destroy (results);
 	}
@@ -3110,6 +3111,7 @@ impl_manager_get_permissions (NMManager *self,
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_USE_USER_CONNECTIONS, FALSE);
+	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
 }
 
 /* Legacy 0.6 compatibility interface */