From e1019e9e84e8e45eb54b69fed975fc06fc4e81c9 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 12 Oct 2012 10:51:48 -0400
Subject: [PATCH] Only keep one polkit rules file

Just tweak it at build time depending on what polkit version we are
building for.
---
 .gitignore                                    |  1 +
 daemon/Makefile.am                            | 16 ++++---
 daemon/libvirtd.policy-0                      | 42 -------------------
 .../{libvirtd.policy-1 => libvirtd.policy.in} |  2 +-
 4 files changed, 13 insertions(+), 48 deletions(-)
 delete mode 100644 daemon/libvirtd.policy-0
 rename daemon/{libvirtd.policy-1 => libvirtd.policy.in} (96%)

diff --git a/.gitignore b/.gitignore
index 1cd2d45808..174209352b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,6 +54,7 @@
 /daemon/libvirtd.8.in
 /daemon/libvirtd.init
 /daemon/libvirtd.pod
+/daemon/libvirtd.policy
 /daemon/libvirtd.service
 /daemon/test_libvirtd.aug
 /docs/apibuild.py.stamp
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 1c7505b743..1643f3891e 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -35,8 +35,7 @@ EXTRA_DIST =						\
 	libvirtd.conf					\
 	libvirtd.init.in				\
 	libvirtd.upstart				\
-	libvirtd.policy-0				\
-	libvirtd.policy-1				\
+	libvirtd.policy.in				\
 	libvirtd.sasl					\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
@@ -173,13 +172,20 @@ libvirtd_LDADD += ../src/libvirt.la
 if HAVE_POLKIT
 if HAVE_POLKIT0
 policydir = $(datadir)/PolicyKit/policy
-policyfile = libvirtd.policy-0
+policyauth = auth_admin_keep_session
 else
 policydir = $(datadir)/polkit-1/actions
-policyfile = libvirtd.policy-1
+policyauth = auth_admin_keep
 endif
 endif
 
+libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
+	$(AM_V_GEN) sed \
+	    -e 's![@]authaction[@]!$(policyauth)!g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+BUILT_SOURCES += libvirtd.policy
+
 install-data-local: install-init-redhat install-init-systemd install-init-upstart \
 		install-data-sasl install-data-polkit \
 		install-logrotate install-sysctl
@@ -197,7 +203,7 @@ uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-up
 if HAVE_POLKIT
 install-data-polkit::
 	$(MKDIR_P) $(DESTDIR)$(policydir)
-	$(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 uninstall-data-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
diff --git a/daemon/libvirtd.policy-0 b/daemon/libvirtd.policy-0
deleted file mode 100644
index 5d6845c5c2..0000000000
--- a/daemon/libvirtd.policy-0
+++ /dev/null
@@ -1,42 +0,0 @@
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
-
-<!--
-Policy definitions for libvirt daemon
-
-Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
-
-libvirt is licensed to you under the GNU Lesser General Public License
-version 2. See COPYING for details.
-
-NOTE: If you make changes to this file, make sure to validate the file
-using the polkit-policy-file-validate(1) tool. Changes made to this
-file are instantly applied.
--->
-
-<policyconfig>
-    <action id="org.libvirt.unix.monitor">
-      <description>Monitor local virtualized systems</description>
-      <message>System policy prevents monitoring of local virtualized systems</message>
-      <defaults>
-        <!-- Any program can use libvirt in read-only mode for monitoring,
-             even if not part of a session -->
-        <allow_any>yes</allow_any>
-        <allow_inactive>yes</allow_inactive>
-        <allow_active>yes</allow_active>
-      </defaults>
-    </action>
-
-    <action id="org.libvirt.unix.manage">
-      <description>Manage local virtualized systems</description>
-      <message>System policy prevents management of local virtualized systems</message>
-      <defaults>
-        <!-- Only a program in the active host session can use libvirt in
-             read-write mode for management, and we require user password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
-        <allow_active>auth_admin_keep_session</allow_active>
-      </defaults>
-    </action>
-</policyconfig>
diff --git a/daemon/libvirtd.policy-1 b/daemon/libvirtd.policy.in
similarity index 96%
rename from daemon/libvirtd.policy-1
rename to daemon/libvirtd.policy.in
index c2bec1f2a7..45b0d799a5 100644
--- a/daemon/libvirtd.policy-1
+++ b/daemon/libvirtd.policy.in
@@ -36,7 +36,7 @@ file are instantly applied.
              read-write mode for management, and we require user password -->
         <allow_any>auth_admin</allow_any>
         <allow_inactive>auth_admin</allow_inactive>
-        <allow_active>auth_admin_keep</allow_active>
+        <allow_active>@authaction@</allow_active>
       </defaults>
     </action>
 </policyconfig>