polkit: allow checking if we already acquired some action

This adds a new helper that basically just wraps async_polkit_query_have_action() and allows calling this without actually triggering a PK authentication operation: it just checks if we aleady have acquired an action or not.
2026-04-14 16:37:19 +09:00 · 2024-02-28 17:06:11 +01:00
parent 95db87ffed
commit b9632ec42f
2 changed files with 37 additions and 4 deletions
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -388,6 +388,21 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
        return r;
 }

+static bool async_polkit_query_have_action(
+                AsyncPolkitQuery *q,
+                const char *action,
+                const char **details) {
+
+        assert(q);
+        assert(action);
+
+        LIST_FOREACH(authorized, a, q->authorized_actions)
+                if (streq(a->action, action) && strv_equal(a->details, (char**) details))
+                        return true;
+
+        return false;
+}
+
 static int async_polkit_query_check_action(
                AsyncPolkitQuery *q,
                const char *action,
@@ -397,9 +412,8 @@ static int async_polkit_query_check_action(
        assert(q);
        assert(action);

-        LIST_FOREACH(authorized, a, q->authorized_actions)
-                if (streq(a->action, action) && strv_equal(a->details, (char**) details))
-                        return 1; /* Allow! */
+        if (async_polkit_query_have_action(q, action, details))
+                return 1; /* Allow! */

        if (q->error_action && streq(q->error_action->action, action))
                return sd_bus_error_copy(ret_error, &q->error);
@@ -409,7 +423,6 @@ static int async_polkit_query_check_action(

        return 0;
 }
-
 #endif

 /* bus_verify_polkit_async() handles verification of D-Bus calls with polkit. Because the polkit API
@@ -820,3 +833,21 @@ int varlink_verify_polkit_async_full(

        return -EACCES;
 }
+
+bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry) {
+        assert(link);
+        assert(action);
+        assert(registry);
+
+        /* Checks if we already have acquired some action previously */
+
+#if ENABLE_POLKIT
+        AsyncPolkitQuery *q = hashmap_get(*registry, link);
+        if (!q)
+                return false;
+
+        return async_polkit_query_have_action(q, action, details);
+#else
+        return false;
+#endif
+}
--- a/src/shared/bus-polkit.h
+++ b/src/shared/bus-polkit.h
@@ -30,3 +30,5 @@ static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const
                .name = "allowInteractiveAuthentication",        \
                .type = JSON_VARIANT_BOOLEAN,                    \
        }
+
+bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry);