From 7e0468d0d424faabcd4a6922da507aed68cab4ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Thu, 14 Feb 2013 14:48:20 +0100
Subject: [PATCH] Use auth_admin* instead of auth_self* in examples

From time to time, application developers just copy example
configuration without examining it in details.  Because polkit is
typically used to control access to system-level operations, the policy
(and therefore the examples) should limit access to system
administrators only.
---
 docs/man/polkit.xml                                              | 2 +-
 docs/polkit/overview.xml                                         | 4 ++--
 src/examples/org.freedesktop.policykit.examples.pkexec.policy.in | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index aaac4f4..f8b4849 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -913,7 +913,7 @@ polkit.addRule(function(action, subject) {
 polkit.addRule(function(action, subject) {
     if (action.id == "org.freedesktop.policykit.exec" &&
         action.lookup("program") == "/usr/bin/cat") {
-        return polkit.Result.AUTH_SELF;
+        return polkit.Result.AUTH_ADMIN;
     }
 });
 ]]></programlisting>
diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
index 8d22570..fb14e50 100644
--- a/docs/polkit/overview.xml
+++ b/docs/polkit/overview.xml
@@ -261,8 +261,8 @@
         that can be used together with
         <ulink url="http://developer.gnome.org/gtk3/unstable/GtkLockButton.html"><type>GtkLockButton</type></ulink>.
         Note that for <type>GtkLockButton</type> to work well, the
-        polkit action backing it should use <literal>auth_self_keep</literal> or
-        <literal>auth_admin_keep</literal> for its implicit authorizations.
+        polkit action backing it should use <literal>auth_admin_keep</literal> or
+        <literal>auth_self_keep</literal> for its implicit authorizations.
         This is often used to implement an <ulink
         url="http://developer.gnome.org/hig-book/3.2/hig-book.html#windows-instant-apply">instant
         apply</ulink> paradigm whereby the user
diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
index 049c024..eab7729 100644
--- a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
+++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
@@ -13,7 +13,7 @@
     <defaults>
       <allow_any>no</allow_any>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>auth_admin_keep</allow_active>
     </defaults>
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
   </action>
-- 
1.8.1.2