Package kit admx branch

BaseALT.admx

@@ -133,5 +133,8 @@
     <category name="ALT_Windows_Manager_Marco_Keyboard" displayName="$(string.ALT_Windows_Manager_Marco_Keyboard)" explainText="$(string.ALT_Windows_Manager_Marco_Keyboard_Help)">
       <parentCategory ref="ALT_Windows_Manager_Marco" />
     </category>
+    <category name="ALT_Polkit" displayName="$(string.ALT_Polkit)" explainText="$(string.ALT_Polkit_Help)">
+      <parentCategory ref="ALT_System" />
+    </category>
   </categories>
 </policyDefinitions>

BaseALTGroupPolicies.admx

@@ -330,5 +330,35 @@
         <decimal value="0"/>
       </disabledValue>
     </policy>
+    <policy class="Machine" displayName="$(string.gpupdate_yandex_browser_applier)" explainText="$(string.gpupdate_yandex_browser_applier_help)" key="Software\BaseALT\Policies\GPUpdate" name="YandexBrowserApplier" valueName="YandexBrowserApplier">
+      <parentCategory ref="ALT_GPUpdateAppliers"/>
+      <supportedOn ref="system:SUPPORTED_AltP10"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy class="Machine" displayName="$(string.RemovableStorageClasses_DenyAll_Access)" explainText="$(string.RemovableStorageClasses_DenyAll_Access_help)" key="Software\BaseALT\Policies\GPUpdate\RemovableStorageDevices" name="RemovableStorageClasses_DenyAll_Access" valueName="Deny_All">
+      <parentCategory ref="system:ALT_Mounting"/>
+      <supportedOn ref="system:SUPPORTED_AltP10"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy class="Machine" displayName="$(string.RemovableStorageClasses_DenyAll_User_Access)" explainText="$(string.RemovableStorageClasses_DenyAll_User_Access_help)" key="Software\BaseALT\Policies\GPUpdate\RemovableStorageDevices" name="RemovableStorageClasses_DenyAll_User_Access" valueName="Deny_All">
+      <parentCategory ref="system:ALT_Mounting"/>
+      <supportedOn ref="system:SUPPORTED_AltP10"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
   </policies>
 </policyDefinitions>

en-US/basealt.adml

@@ -58,6 +58,8 @@
       <string id="ALT_Windows_Manager_Marco_Help">Windows manager Marco settings</string>
       <string id="ALT_Windows_Manager_Marco_Keyboard">Keyboard settings</string>
       <string id="ALT_Windows_Manager_Marco_Keyboard_Help">Keyboard settings</string>
+      <string id="ALT_Polkit">Polkit rules</string>
+      <string id="ALT_Polkit_Help">Polkit rules</string>
     </stringTable>
   </resources>
 </policyDefinitionResources>

en-US/basealtgrouppolicies.adml

@@ -105,9 +105,28 @@
       <string id="gpupdate_scripts_applier">Script execution module for machine</string>
       <string id="gpupdate_scripts_applier_help">This policy enables disables the scripting group policy execution engine for computers.</string>
 
-      <string id="gpupdate_scripts_users_applier">Script execution module for users</string>
-      <string id="gpupdate_scripts_users_applier_help">This policy enables disables the scripting group policy execution engine for users.</string>
+      <string id="gpupdate_scripts_user_applier">Script execution module for users</string>
+      <string id="gpupdate_scripts_user_applier_help">This policy enables disables the scripting group policy execution engine for users.</string>
 
+      <string id="gpupdate_yandex_browser_applier">Yandex browser</string>
+      <string id="gpupdate_yandex_browser_applier_help">This policy enables group policy Yandex-browser applier feature.</string>
+
+      <string id="RemovableStorageClasses_DenyAll_Access">All Removable Storage classes: Deny all access</string>
+      <string id="RemovableStorageClasses_DenyAll_Access_help">Configure access to all removable storage classes.
+
+This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
+
+If you enable this policy setting, no access is allowed to any removable storage class.
+
+If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.</string>
+      <string id="RemovableStorageClasses_DenyAll_User_Access">All Removable Storage classes: Deny all access</string>
+      <string id="RemovableStorageClasses_DenyAll_User_Access_help">Configure access to all removable storage classes.
+
+This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
+
+If you enable this policy setting, no access is allowed to any removable storage class.
+
+If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.</string>
     </stringTable>
   </resources>
 </policyDefinitionResources>

en-US/basealtpolkit.adml

@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--  (c) 2020 BaseALT, Ltd.  -->
+<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions" revision="1.0" schemaVersion="1.0">
+  <displayName>ALT Group Policies definitions</displayName>
+  <description>This file contains the polkits policies definitions used by ALT operating system.</description>
+  <resources>
+    <stringTable>
+      <string id="org-freedesktop-udisks2-filesystem-mount">Permission to mount a file system</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount_help">Permission to mount a file system
+
+Disable/Not configured - permissions are determined by system settings - default settings for polkit actions;
+
+Enable - permission to mount with set rights;
+
+Possible values:
+
+«No» - Not authorized;
+
+«Yes» - Authorized;
+
+«Auth_self» - Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended;
+
+«Auth_admin» - Authentication by an administrative user is required;
+
+«Auth_self_keep» - Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise;
+
+«Auth_admin_keep» - Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).
+
+      </string>
+      <string id="org-freedesktop-udisks2-filesystem-mount_user">Permission to mount a file system</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount_user_help">Permission to mount a file system
+
+Disable/Not configured - permissions are determined by system settings - default settings for polkit actions;
+
+Enable - permission to mount with set rights;
+
+Possible values:
+
+«No» - Not authorized;
+
+«Yes» - Authorized;
+
+«Auth_self» - Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended;
+
+«Auth_admin» - Authentication by an administrative user is required;
+
+«Auth_self_keep» - Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise;
+
+«Auth_admin_keep» - Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).
+
+      </string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-other-seat">Permission to mount a file system from a device connected to another workstation</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-other-seat_help">Permission to mount a file system from a device connected to another workstation
+
+Disable/Not configured - permissions are determined by system settings - default settings for polkit actions;
+
+Enable - permission to mount with set rights;
+
+Possible values:
+
+«No» - Not authorized;
+
+«Yes» - Authorized;
+
+«Auth_self» - Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended;
+
+«Auth_admin» - Authentication by an administrative user is required;
+
+«Auth_self_keep» - Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise;
+
+«Auth_admin_keep» - Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).
+
+      </string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-system">Permission to mount a filesystem on a system device</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-system_help">Permission to mount a filesystem on a system device
+
+Disable/Not configured - permissions are determined by system settings - default settings for polkit actions;
+
+Enable - permission to mount with set rights;
+
+Possible values:
+
+«No» - Not authorized;
+
+«Yes» - Authorized;
+
+«Auth_self» - Authentication by the owner of the session that the client originates from is required. Note that this is not restrictive enough for most uses on multi-user systems; auth_admin* is generally recommended;
+
+«Auth_admin» - Authentication by an administrative user is required;
+
+«Auth_self_keep» - Like auth_self but the authorization is kept for a brief period (e.g. five minutes). The warning about auth_self above applies likewise;
+
+«Auth_admin_keep» - Like auth_admin but the authorization is kept for a brief period (e.g. five minutes).
+
+      </string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-No">No</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-Yes">Yes</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-Auth-self">Auth_self</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-Auth-admin">Auth_admin</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-Auth-self-keep">Auth_self_keep</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-Auth-admin-keep">Auth_admin_keep</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-all">general mount ban</string>
+      <string id="org-freedesktop-udisks2-filesystem-mount-all_Help">general mount ban</string>
+    </stringTable>
+    <presentationTable>
+      <presentation id="OrgFreedesktopUdisks2FileSystemMount-pr">
+       <dropdownList noSort="true" defaultItem="0" refId="OrgFreedesktopUdisks2FileSystemMount_setter">Restriction Options:</dropdownList>
+       <checkBox refId="OrgFreedesktopUdisks2FileSystemMount_blocker">Block</checkBox>
+        <text>Blocking changes to this setting by the user. Custom policies for this setting will be ignored.</text>
+      </presentation>
+      <presentation id="OrgFreedesktopUdisks2FileSystemMountUser-pr">
+       <dropdownList noSort="true" defaultItem="0" refId="OrgFreedesktopUdisks2FileSystemMount_setter">Restriction Options:</dropdownList>
+       <checkBox refId="OrgFreedesktopUdisks2FileSystemMount_blocker">Block</checkBox>
+        <text>locking changes to this setting by the user. Custom policies for this setting will be ignored.</text>
+      </presentation>
+    </presentationTable>
+  </resources>
+</policyDefinitionResources>

ru-RU/basealt.adml

@@ -58,6 +58,8 @@
       <string id="ALT_Windows_Manager_Marco_Help">Настройки оконного менеджера Marco</string>
       <string id="ALT_Windows_Manager_Marco_Keyboard">Настройки клавиатуры</string>
       <string id="ALT_Windows_Manager_Marco_Keyboard_Help">Настройки клавиатуры</string>
+      <string id="ALT_Polkit">Polkit правила</string>
+      <string id="ALT_Polkit_Help">Polkit правила</string>
     </stringTable>
   </resources>
 </policyDefinitionResources>

ru-RU/basealtgrouppolicies.adml

@@ -108,6 +108,25 @@
       <string id="gpupdate_scripts_user_applier">Модуль выполнения сценариев для пользователей</string>
       <string id="gpupdate_scripts_user_applier_help">Эта политика включает/отключает модуль выполнения групповых политик сценариев для пользователей.</string>
 
+      <string id="gpupdate_yandex_browser_applier">Настройка браузера Yandex</string>
+      <string id="gpupdate_yandex_browser_applier_help">Эта политика включает применение механизма групповых политик Yandex-браузера.</string>
+
+      <string id="RemovableStorageClasses_DenyAll_Access">Доступ к съемным запоминающим устройствам</string>
+      <string id="RemovableStorageClasses_DenyAll_Access_help">Настройте доступ ко всем классам съемных носителей.
+
+Этот параметр политики имеет приоритет над любыми отдельными параметрами политики съемных носителей. Для управления отдельными классами используйте параметры политики, доступные для каждого класса.
+
+Если вы включите этот параметр политики, доступ к любому классу съемных носителей будет запрещен.
+
+Если вы отключите или не настроите этот параметр политики, доступ на запись и чтение будет разрешен для всех классов съемных носителей.</string>
+      <string id="RemovableStorageClasses_DenyAll_User_Access">Доступ к съемным запоминающим устройствам</string>
+      <string id="RemovableStorageClasses_DenyAll_User_Access_help">Настройте доступ ко всем классам съемных носителей.
+
+Этот параметр политики имеет приоритет над любыми отдельными параметрами политики съемных носителей. Для управления отдельными классами используйте параметры политики, доступные для каждого класса.
+
+Если вы включите этот параметр политики, доступ к любому классу съемных носителей будет запрещен.
+
+Если вы отключите или не настроите этот параметр политики, доступ на запись и чтение будет разрешен для всех классов съемных носителей.</string>
     </stringTable>
   </resources>
 </policyDefinitionResources>