The polkit interface provides daemons with the permission to use the polkit authorisation manager (polkitd) to make access control decisions for requests from unprivileged clients.
See Interface management and Supported interfaces for further details on how interfaces are used.
Developer details
Auto-connect: no
Super-privileged: yes
Attributes:
- action-prefix (plug, mandatory): indicate that all actions published by the snap are equal to the action prefix or match
${action-prefix}.*.
To perform polkit authorisation checks, a daemon needs to do two things:
- Install a .policy file to
$SNAP/meta/polkit/${plug_name}.*.policydescribing the actions it will use (codifying the type of administrative access a user might be granted). Snapd will install the policy file when the plug is connected. - Before performing administrative work on behalf of a client app, make a
CheckAuthorizationD-Bus call to polkitd to ask if they have access. The D-Bus call passes a string action ID describing the access, and a “subject” struct describing the client application.
There are two primary ways a daemon can describe the subject of the check:
- For D-Bus daemons they can use a
system-bus-namesubject, sending the unique bus name of the client app. - For non-D-Bus daemons, they can use a
unix-processsubject, sending the process ID (as retrieved throughSO_PEERCREDorSCM_CREDENTIALS).
See Proposal: add polkit and polkit-agent interfaces to snapd for the original interface proposal and reasoning.
Code examples
plugs:
polkit:
action-prefix: org.example.foo
apps:
app:
command: foo
plugs: [polkit]
The test code can be found in the snapd repository: snapd/interfaces/builtin/polkit_test.go at master · canonical/snapd · GitHub
The source code for the interface is in the snapd repository: snapd/interfaces/builtin/polkit.go at master · canonical/snapd · GitHub