The polkit interface
The polkit interface provides daemons with the permission to use the polkit authorisation manager (polkitd) to make access control decisions for requests from unprivileged clients.
Interface documentation: See Interface management and Supported interfaces for further details on how interfaces are used.
Developer details
Auto-connect: no
Attributes:
-
action-prefix (plug, mandatory): indicate that all actions published by the snap are equal to the action prefix or match
${action-prefix}.*.
To perform polkit authorisation checks, a daemon needs to do two things:
- Install a .policy file to
$SNAP/meta/polkit/${plug_name}.*/policydescribing the actions it will use (codifying the type of administrative access a user might be granted). Snapd will install the policy file when the plug is connected. - Before performing administrative work on behalf of a client app, make a
CheckAuthorizationD-Bus call to polkitd to ask if they have access. The D-Bus call passes a string action ID describing the access, and a “subject” struct describing the client application.
There are two primary ways a daemon can describe the subject of the check:
- For D-Bus daemons they can use a
system-bus-namesubject, sending the unique bus name of the client app. - For non-D-Bus daemons, they can use a
unix-processsubject, sending the process ID (as retrieved throughSO_PEERCREDorSCM_CREDENTIALS).
See Proposal: add polkit and polkit-agent interfaces to snapd for the original interface proposal and reasoning.
Code examples
plugs:
polkit:
action-prefix: org.example.foo
apps:
app:
command: foo
plugs: [polkit]
The test code can be found in the snapd repository: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/polkit.go
The source code for the interface is in the snapd repository: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/polkit.go
Last updated 1 year, 8 months ago.