How to set a polkit rule to lock shutdown if a file exists?

Question

I'm writing an application to control the system shutdown if a pendrive is connected to the system.

When pendrive is connected, It writes its identifier in a file. If pendrive is disconnected, it remove its identifier of the file and, after this, if the file is empty, remove the file.

Then, I want to set a polkit rule to control the shutdown, using this file. The polkit rule detect the shutdown order and check if the file exists. If it exists, don't allow the shutdown, else allow it.

I try to set it as this form:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.consolekit.system.stop") ||
        action.id.indexOf("org.freedesktop.login1.power-off") == 0) 
    {

        try{    
            polkit.spawn(["/usr/bin/detect_pendrive.sh", subject.user]);        
            return polkit.Result.YES;

        }catch(error){
            return polkit.Result.NO;
        }
    }
});

The polkit rule use a helper, with a script that check the existence os the file

The detect_pendrive.sh is this:

#!/bin/bash
if ! test -e "/tmp/usbdevinfo" 
then
    exit 0
else
    exit 1
fi

I copy the rule in /usr/share/polkit-1/rules.d/. But, when I try to shutdown with a pendrive connected, the system simply poweroff and ignore the rule.

I tested it on Debian GNOME and Gentoo Cinnamon

Where can be the problem?

Answer 1

Your polkit.rule is ok on my OpenBSD 6.2 GENERIC.MP#134 amd64

I don't use consolekit but org.xfce.session.policy

My rule file :

polkit.addRule (function (action, subject) {
  if (action.id == "org.xfce.session.xfsm-shutdown-helper") {
    try {
      polkit.spawn(["/home/alain/polkitspawn.sh",subject.user]);
        return polkit.Result.YES; 
    }
    catch (error) {
      return "no";
    }
  }
});

Answer 2

Solution:

As @ferrybig previosly said, polkit rules don't runs in polkit < 0.106

Then, I solved this with a dual policy:

If polkit < 0.106, I created this .pkla file

[Shutdown]
Identity=unix-user:*
Action=org.freedesktop.consolekit.system.stop;org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.xfce.session.xfsm-shutdown-helper
ResultAny=no
ResultInactive=yes
ResultActive=no

To solve the problem, I use the same scripts linked to two udev rules to add and remove the rule. This scripts, furthermore to create and remove the file, add the .pkla file during the pendrive connection and, during the disconnection, if the file is empty, also remove .pkla file

In polkit >= 0.106, I simply use the initial rules file, adding a new action:

action.id == "org.freedesktop.login1.power-off-multiple-sessions"

The rules file will be as this:

polkit.addRule(function(action, subject) {
 if (action.id == "org.freedesktop.consolekit.system.stop" ||
    action.id == "org.freedesktop.login1.power-off" ||
    action.id == "org.freedesktop.login1.power-off-multiple-sessions" || 
    action.id == "org.xfce.session.xfsm-shutdown-helper")  
 {

    try{    
        polkit.spawn(["/usr/bin/pendrive-reminder/check_pendrive.sh", subject.user]);        
        return polkit.Result.YES;

    }catch(error){
        polkit.spawn(["/usr/bin/pendrive-reminder/send_notify.sh", subject.user]);
        return polkit.Result.NO;
    }
 }
});