From be056e232302d4c842fa28dc482d15603f650f8e Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@gmail.com>
Date: Tue, 23 Mar 2021 10:02:30 -0500
Subject: [PATCH] add polkit rule for admin users

---
 firewalld.spec                     |  8 +++++++-
 org.fedoraproject.FirewallD1.rules | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 org.fedoraproject.FirewallD1.rules

diff --git a/firewalld.spec b/firewalld.spec
index 83eb0cc..2ca3c85 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,12 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.9.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
+Source3: org.fedoraproject.FirewallD1.rules
 Patch0: firewalld-0.2.6-MDNS-default.patch
 BuildArch: noarch
 BuildRequires: autoconf
@@ -118,6 +119,7 @@ desktop-file-install --delete-original \
 install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
 install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
+install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules
 
 # standard firewalld.conf
 mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
@@ -193,6 +195,7 @@ fi
 %{_datadir}/bash-completion/completions/firewall-cmd
 %dir %{_datadir}/zsh/site-functions
 %{_datadir}/zsh/site-functions/_firewalld
+%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules
 %{_prefix}/lib/firewalld/icmptypes/*.xml
 %{_prefix}/lib/firewalld/ipsets/README
 %{_prefix}/lib/firewalld/policies/*.xml
@@ -278,6 +281,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Tue Mar 23 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.9.3-4
+- add polkit rule for admin users
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.9.3-3
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.
diff --git a/org.fedoraproject.FirewallD1.rules b/org.fedoraproject.FirewallD1.rules
new file mode 100644
index 0000000..883c600
--- /dev/null
+++ b/org.fedoraproject.FirewallD1.rules
@@ -0,0 +1,18 @@
+// firewalld authorizations/policy for the wheel group.
+//
+// DO NOT EDIT THIS FILE, it will be overwritten on update.
+//
+// Allow users in the wheel group to use firewalld without being 
+// interrupted by a password dialog
+
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.fedoraproject.FirewallD1.config" ||
+	 action.id == "org.fedoraproject.FirewallD1.direct" ||
+         action.id == "org.fedoraproject.FirewallD1.ipset" ||
+         action.id == "org.fedoraproject.FirewallD1.policy" ||
+         action.id == "org.fedoraproject.FirewallD1.zone") &&
+	 subject.active == true && subject.local == true &&
+         subject.isInGroup("wheel")) {
+         return polkit.Result.YES;
+    }
+});