summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2015-06-06 08:52:37 +0000
committerJason Zaman <perfinion@gentoo.org>2015-06-06 08:52:37 +0000
commit2c36e6ad8b02e18187696d1ed158b3f83e600324 (patch)
tree7bd07c9b9194fe47f18f21951906048fd4e2c3e4 /sys-auth
parentamd64 stable wrt bug #551350 (diff)
downloadhistorical-2c36e6ad8b02e18187696d1ed158b3f83e600324.tar.gz
historical-2c36e6ad8b02e18187696d1ed158b3f83e600324.tar.bz2
historical-2c36e6ad8b02e18187696d1ed158b3f83e600324.zip
fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
Package-Manager: portage-2.2.18/cvs/Linux x86_64 Manifest-Sign-Key: 0x7EF137EC935B0EAF
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/polkit/ChangeLog10
-rw-r--r--sys-auth/polkit/Manifest34
-rw-r--r--sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch106
-rw-r--r--sys-auth/polkit/polkit-0.112-r3.ebuild122
4 files changed, 256 insertions, 16 deletions
diff --git a/sys-auth/polkit/ChangeLog b/sys-auth/polkit/ChangeLog
index 49796e4a8ed7..e8b221c54763 100644
--- a/sys-auth/polkit/ChangeLog
+++ b/sys-auth/polkit/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-auth/polkit
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.192 2015/03/03 09:56:07 dlan Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.193 2015/06/06 08:52:19 perfinion Exp $
+
+*polkit-0.112-r3 (06 Jun 2015)
+
+ 06 Jun 2015; Jason Zaman <perfinion@gentoo.org> +files/polkit-0.112-0001-backe
+ nd-Handle-invalid-object-paths-in-RegisterAuthe.patch,
+ +polkit-0.112-r3.ebuild:
+ fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid
+ object path in RegisterAuthenticationAgent
03 Mar 2015; Yixun Lan <dlan@gentoo.org> polkit-0.110.ebuild:
add arm64 support, tested on A53 board
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 082cc4fd9288..343c3f7d23e1 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -2,28 +2,32 @@
Hash: SHA256
AUX polkit-0.110-W_define.patch 810 SHA256 75a47bbf04e328a8622996d40128752c6951ce434c404cca87ad3838b848874b SHA512 e17cb4867c0d16c04e4d68dfb95eb58f27cf64e1b8c6b36fa24c876c78bee990bb07a08bb7c335e333797075911639b8c6049909e7948bc86fd07e1abce2be88 WHIRLPOOL 74610ba53eb185f3963fe6dfdddcb2eb4aaa4bf23057939dcfde0d4ada296c7f904a2d45e470a0f0cdae9919c6f51512ee45ea7cb623eb3367439abeac2cb538
+AUX polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch 4368 SHA256 23a91c9cff2c702a2bf93e78a445e69bb42265bd837c8c543d5da3e0c78c3f1f SHA512 1db1da9f36e917ee2b93b9976de85f6c5b295ae76adb84c255f3f252f5e2c8c99ae1e0cd3e4d460638038b1e1beaddc0cde76ad83f08b5fddc5fa3cb2a0aea26 WHIRLPOOL 6624cdfc49e11382b1e53300193c57d74cf03985ae52d2240464a3c6016f2a52a2716ca2abfd6f154b525b1c740706cb7e99e92700655cd91e0bfb87c335e9eb
DIST polkit-0.110.tar.gz 1390215 SHA256 8e5c5044bb968643b7fa379f287fb10582615df760ad2f1cb84be6e19fafe6e8 SHA512 f2630a84c21216edfc69f56092ba1b127b7765dcf4fe29a7f2f81d7163c11c643a931b215847a3fc6434c482cf12a48fef2f0e2c007d587c8bbb2fbca74eda67 WHIRLPOOL 1a4928733cdab6c9dfa186643959f15d395f6d6cba0a3790a9716282d331ceed3e962e58dc39ed2c40474238fc4d4c9e54662b20d0055059c512d42eed85631b
DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a
EBUILD polkit-0.110.ebuild 3044 SHA256 0c3f874d5e05d324c620c8c6b05f239751a2db09a0c9a18eb2f7859460e67dcc SHA512 4d9f23df2bf2549f3c300740b729e85b9eeafc6e5f1456e413e3245d008585e1b5b970ca04971c1607c99e0c7081545e19589f5f6ecc953541414740632bb215 WHIRLPOOL a395e4c83e084b6cb917383987b7ef4136bf6a1093ae22508c98dae2917a7f1ceea5d621db1081b8ced34e551862d71f66b3d73e913f840a8a2cc92285dc9d60
EBUILD polkit-0.112-r1.ebuild 3144 SHA256 510e51bf8668577cdfd62fc3f59c32b16a34b2b509b3540c3c899d5e75222321 SHA512 68c07cd82551401ca7bfd476add920d0387a80685a8e3fc96e0f9dcdf38a1be7230a4449f7726a6ea3cd4f92634b8dd967c5e48cfb81cd2f56d7f273ad4de006 WHIRLPOOL f6f27f07bff4fe4d709f5314695e542888dd6e16c3e15416c535672603d34b9b4e3d7ace19de88a0e59261272ae8e3a28af6341cbbf869749b6c6fdbb63c0aae
EBUILD polkit-0.112-r2.ebuild 3367 SHA256 bb1aa4df5b18bcdfc4a8a23d88d32faa163e76d1440fa5f5eed8b12871ad3823 SHA512 8f99a61dd94e80c52d13d1c52847b75726e09406d996b439626f77e68006a013541eb998f21c15d3fbccb78b502ceca7b2969ba6984f85046f039e31b3e977ae WHIRLPOOL 3383d8b5dd15fcbc2ff10f96d0e5665a3715e4737089a4725f26dbf77cefe23e0a591d35c4ddd897b02ceb364071040cb5c78e15edaec5f1036bb5a06381e9ce
+EBUILD polkit-0.112-r3.ebuild 3488 SHA256 0eef359c4b2aa6f973acf6bb56427e72aeca5f589e0bed7e226bc56833cc3a8b SHA512 aaf204c2a4e5b70fd62891dd28d4b49657c56a329ae0d0f1f5e0aba001d7aeeca25c3be695d5d991c62e5bacba619216559ec9a9cb02e3483b78a264098b84cc WHIRLPOOL 91c5402f8912edca8abfe4f4f19a41bf6517cedc5f6e1f025a72ffd9d027f04fa6b62cb2767757f4cd36579002bb4f217cb75bdff3740f22bf7e3ae58e6703cc
EBUILD polkit-0.112.ebuild 2718 SHA256 ed56fdbb139eae6304b74d0057eed45cc1c9db8168d41e3b4a03363b03aecbb2 SHA512 3b3afb0f2662e75974f8a94f4cb52fc3ef78182570fd7d8cbd0e428d4865caf5cf6e74badaf8be5179348a4412932ab9420d615b03c28264631ca8becbc4845e WHIRLPOOL 1cf1ecf228d086e93e6237a779c2133024b127c5f9c5e0eaa25b226021836013d6e36b25b4fc3effad6c9e465abcd232fe9fe623e7b03811f6440e346e0f1903
-MISC ChangeLog 25911 SHA256 0e07b6b618b86e1db543005fa34de4dcf2eddb1d782861dcc9f4f8dbece87ac3 SHA512 fc158c28c5b020283e845ca96d1816d94662c6e38aba48163317031ea2c39105181415d83accd6534407bfa2e77d941fa1359a773cc75a57cf7cd4cd397e2594 WHIRLPOOL ce66bfa28833b46bbb6b362302bcd08fcf097f1aad7bfca8bfdeb64140718876cef237feeb65c502397f1c8707cba00520e949bd1d7ed3687f57a32fcbe6c03a
+MISC ChangeLog 26235 SHA256 f08a6959ba333f71241ab7b871a73a9c68902eb6a1e676333089bac9ccc2c400 SHA512 2ec56ce1bcecabc708f2eeb642f9c7b63f26369057527d76ec3baa05cd313ed4194a1ae16213cd3275467d16bb5f6f729058ca8cbc11c9de111ea645d62430a5 WHIRLPOOL 9d737c28ab0920f3586c76d4ee7c43e71c34a7f459e3dadea4a9d7b08301665e4dc77bf2d213a9a336c2fd9fc977e188b1c310cad8d34455f487be6f75e7ea2d
MISC metadata.xml 379 SHA256 ecde37fb639f16a58cccb842e5e1c5ab40359a62045c3d622f4960cd6c3da42b SHA512 6d0bfcbf0e5123e4f088b0d8b6f8558c7a5f62b0dde794b61c03466790d4064071dcb2b47350f197049f5c2e34aa762cf0f1829a2bb6de646c46f2f5bfb8264b WHIRLPOOL c457da71156bb08f89f6a0479334d1a665c011987d084f1a49a23b4b6109b929c75b1d29bfd149e22921de19f159c7d2fc46de6f2c94541f9b93b1d676e0a92a
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
+Version: GnuPG v2.0
-iQIcBAEBCAAGBQJU9RRcAAoJEJIMDbyqvv1VYF0P/iuctaksMcrT0u/T1xDn+ele
-IUQw3coH4MfTXvNZS16EKUxqmXUpwAYF/knphPYpXLOMbO7AHg5Zzf1q3sKNWuph
-8SBQ0KYzBDm/YebAleJTicQnwGMrsoDL0lZCme4TA3SnpLB5otekxQpkfa3w8Ndz
-wsp9TV0AQqz6DrBtdlknHDsQ5pm2Li1m0SE++W8+BmQbfQTJExqyWiK2qkpbV3hY
-pzMSdBab/luRz+5NmgiwW1wvXXk4f+sBKb89q5LnJzdDGn6Fm9SI3amd1bwrjCQi
-IUtX/ljDZExZEW5IejUoE8FRKJdQtSh5v3xsOXSm2ILP9vR3iWbkfG+VKzmsUNYw
-Qjm7kQ1Ohlv0fi4IroumBjoT0BVpG5O9dY1d714w252F11ROCCjdJEz8iKWp4g2K
-KU/xfj+O05S24iXhVrvq3tSqmRkh+WVxX4m+NkhNI4BtRRYn2jNN6aR31D9r559n
-QzsNvvlmhM3LsJ8njGIXxKn8SSTLbinAix9Epm53BvF86OfL3YoGeD6Bpskbs4tT
-Tpti/QPyitBBmx881n0BGyilkcbrL4IMvJWk0DzvifZWtjW4QvSabJw5TxcS8B73
-c/EFv6rKMkk9HjnvKKzF7Alsa25Jw2mrxXVhJCn2dUot9hkyd0gPntAeH1hSSRS6
-Okh0WI4ykNEvaZm9TnC6
-=j02Y
+iQJ8BAEBCABmBQJVcrTUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMTYyREVBRDFDQ0REMTEzRjA0QjNENDky
+QkJFRDlDQjFBNjhFRjU1AAoJECu+2csaaO9VzFcP/3ehv0WpzrvjId2fQ5faxoMr
+F7VoNyqKemQeAp60QLrWxsK3lI07vRV8ps7tV4TQfarRcYz/wBJIHDN7N/HO4/c6
+bnAf1jvQPSDvZU3T+yW85ubRTi/lcXKp1M4h08IT1sCTE7dMFJhKzWLysa9m/1TW
+TtMLMU+/xJ42/HOGSSd9TZ0GQiJxCImQgAVRAnDQJI7fKcMgcjTwOKnqtxdP6hLg
+sCAIGxvLCrhrYkV6P+RpMS2Ymqx8Hmx9MiODdWKuOhvgiCfv8U2APVy73WdufCPN
+BsaJb4iIcrL3J+5r9mmLHdEQNvAlC0iglv86bwv8owbOzwODhXtzlMQ5xwFSS6Eq
+8DVXN2zbnF/xFiWep0uQr24djzGcBs4XmPajve7dtYC+NTXY05zdPaRKFw7xsDrG
+qqvFEMw9jrrH8fQatUt/mcnx91f/rLjCmTAisPRuuQbKxD/cT3zaW6L7ea3QtW//
+U17KR4Kg/I7wSnOG0iKbtO8/Uw5eZ7qAnh0M92BTaY/3RfakiRvAqLSHt4aFIEIS
+BAsiXDjvcL4/jUezhO9tox+20MKdL/lEVoCLXqOrKtEuQBJ49N1wb/lqm6+5qRdf
+UG4G3Q4IzrRyBVcTcC4lLG+azRHHjKyiYi8Wy48CNWMDz/Ae9YkiCWDFaLGG5V/Q
+Eb/wtRlZSkkFZXZaVEKg
+=gtTF
-----END PGP SIGNATURE-----
diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
new file mode 100644
index 000000000000..5ceb2de5f9ed
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch
@@ -0,0 +1,106 @@
+From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Sat, 30 May 2015 09:06:23 -0400
+Subject: [PATCH] backend: Handle invalid object paths in
+ RegisterAuthenticationAgent
+
+Properly propagate the error, otherwise we dereference a `NULL`
+pointer. This is a local, authenticated DoS.
+
+Reported-by: Tavis Ormandy <taviso@google.com>
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ .../polkitbackendinteractiveauthority.c | 53 ++++++++++++----------
+ 1 file changed, 30 insertions(+), 23 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 59028d5..f45fdf1 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+- GVariant *registration_options)
++ GVariant *registration_options,
++ GError **error)
+ {
+ AuthenticationAgent *agent;
+- GError *error;
++ GDBusProxy *proxy;
+
+- agent = g_new0 (AuthenticationAgent, 1);
++ if (!g_variant_is_object_path (object_path))
++ {
++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++ "Invalid object path '%s'", object_path);
++ return NULL;
++ }
++
++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++ NULL, /* GDBusInterfaceInfo* */
++ unique_system_bus_name,
++ object_path,
++ "org.freedesktop.PolicyKit1.AuthenticationAgent",
++ NULL, /* GCancellable* */
++ error);
++ if (proxy == NULL)
++ {
++ g_prefix_error (error, "Failed to construct proxy for agent: " );
++ return NULL;
++ }
+
++ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+-
+- error = NULL;
+- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+- NULL, /* GDBusInterfaceInfo* */
+- agent->unique_system_bus_name,
+- agent->object_path,
+- "org.freedesktop.PolicyKit1.AuthenticationAgent",
+- NULL, /* GCancellable* */
+- &error);
+- if (agent->proxy == NULL)
+- {
+- g_warning ("Error constructing proxy for agent: %s", error->message);
+- g_error_free (error);
+- /* TODO: Make authentication_agent_new() return NULL and set a GError */
+- }
++ agent->proxy = proxy;
+
+ return agent;
+ }
+@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ caller_cmdline = NULL;
+ agent = NULL;
+
+- /* TODO: validate that object path is well-formed */
+-
+ interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+ priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+
+@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+- options);
++ options,
++ error);
++ if (!agent)
++ goto out;
+
+ g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+ g_object_ref (subject),
+--
+1.8.3.1
+
diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild
new file mode 100644
index 000000000000..cdd2932e9666
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.112-r3.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.112-r3.ebuild,v 1.1 2015/06/06 08:52:19 perfinion Exp $
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+
+CDEPEND="
+ ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+ !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
+ >=dev-libs/glib-2.32
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1 )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/intltool
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+ local m=''
+ # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
+ has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
+ # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
+ use hppa && m='mr'
+ use ia64 && m='mr'
+ use mips && m='mr'
+ [ -n "$m" ] && pax-mark ${m} ${f}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}