On 02/24/2016 10:03 PM, Paul Wise wrote: > > I wonder if the solution is to use a phrase other than "Internal" that > actually indicates what this field is used for. You mentioned "the > Internal flag is only used to relax authentication checks on removable > devices" but I'm not clear on what exactly this means. Does it mean > that "Internal: True" devices need root/sudo access to update and > "Internal: False" any be updated by any locally present user? > PolicyKit modal dialogs are actually displayed in both cases. https://github.com/hughsie/fwupd/blob/master/src/fu-main.c#L778
These are the default policies: https://github.com/hughsie/fwupd/blob/master/policy/org.freedesktop.fwupd.policy.in The policies are actually the same between the two scenarios, but the Internal devices use a different phrasing (removable device). A special rule is installed that overrides policy to allow install under the following circumstances: * Internal device, upgrading (not downgrade) * Locally invoked * User in sudo/wheel. https://github.com/hughsie/fwupd/blob/master/policy/org.freedesktop.fwupd.rules