- On every polkit_context_is_[caller|session]_authorized we load
all .policy XML files. This is bad. Dave Jones will kill us.
We should
1. Suggest that a single .policy file only contains actions
with a given name space com.example.MyApp. We do this
by printing a big fat WARNING in polkit-policy-file-validate(1)
if it isn't the case.
2. We make the policy cache smart and look for the right .policy
file when called from the is_*_authorized path. If it aint there
or if it doesn't contain the given action we load all the
.policy XML files.
3. When we break ABI (for 1.0 or sooner) we turn the WARNING
from 1. into an ERROR and drop the "Load all XML files"
from the is_*_authorized path. Of course, other paths
(iterate over all declared actions; find action by
annotation) will still need to load the bulk of the files.
But normally only polkit-auth(1) and polkit-action(1)
and other management tools will ever do this.
- Increase test suite coverage
- Finish up documentation; in particular how results from
config files, defaults and authorizations play together
- Potentially drop the glib dependency from polkit-grant
- Kill the config file
- Add support for granting authorizations to a) UNIX Groups; and
b) SELinux security contexts
- Add API and support in polkit-auth/polkit-action for maintaining
a list of entities for whom implicit authorizations do not apply.
(Typical example is that in a desktop OS one wants a UNIX group
for "Restricted Users". Another example is a guest account.)
- Add API and support in polkit-auth/polkit-action to define what
administrator auth means.
- Add k/v dictionaries to Actions; e.g. the Mechanism for dial-up
networking can attach the key/value pair
"phone_number" -> "555-123-4567"
The is a bit like Objects mentioned in the spec (and what we used
to have as PolKitResource) but a bit more blurry. They need to be
typed too for presentation in the UI
- Go to 1.0 soon
- Include the patch from Piter PUNK to optionally avoid the PAM
dependency (manually checks against /etc/shadow instead)
