diff --git a/common/flatpak-dir-private.h b/common/flatpak-dir-private.h
index 871f40b6..ca000602 100644
--- a/common/flatpak-dir-private.h
+++ b/common/flatpak-dir-private.h
@@ -663,6 +663,7 @@ gboolean flatpak_dir_deploy (Fla
const char *checksum_or_latest,
const char * const *subpaths,
const char * const *previous_ids,
+ const char *parental_controls_action_id,
GCancellable *cancellable,
GError **error);
gboolean flatpak_dir_deploy_update (FlatpakDir *self,
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 20463af9..71688ddc 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -8551,6 +8551,7 @@ static gboolean
flatpak_dir_check_parental_controls (FlatpakDir *self,
const char *ref,
GBytes *deploy_data,
+ const char *action_id,
GCancellable *cancellable,
GError **error)
{
@@ -8677,7 +8678,7 @@ flatpak_dir_check_parental_controls (FlatpakDir *self,
if (!flatpak_dir_get_no_interaction (self))
polkit_flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
result = polkit_authority_check_authorization_sync (authority, subject,
- "org.freedesktop.Flatpak.override-parental-controls",
+ action_id,
NULL,
polkit_flags,
cancellable, error);
@@ -8722,6 +8723,7 @@ flatpak_dir_deploy (FlatpakDir *self,
const char *checksum_or_latest,
const char * const * subpaths,
const char * const * previous_ids,
+ const char *parental_controls_action_id,
GCancellable *cancellable,
GError **error)
{
@@ -9103,7 +9105,9 @@ flatpak_dir_deploy (FlatpakDir *self,
/* Check the app is actually allowed to be used by this user. This can block
* on getting authorisation. */
- if (!flatpak_dir_check_parental_controls (self, flatpak_decomposed_get_ref (ref), deploy_data, cancellable, error))
+ if (!flatpak_dir_check_parental_controls (self, flatpak_decomposed_get_ref (ref),
+ deploy_data, parental_controls_action_id,
+ cancellable, error))
return FALSE;
deploy_data_file = g_file_get_child (checkoutdir, "deploy");
@@ -9238,7 +9242,9 @@ flatpak_dir_deploy_install (FlatpakDir *self,
created_deploy_base = TRUE;
if (!flatpak_dir_deploy (self, origin, ref, NULL, (const char * const *) subpaths,
- previous_ids, cancellable, error))
+ previous_ids,
+ "org.freedesktop.Flatpak.override-parental-controls",
+ cancellable, error))
goto out;
if (flatpak_decomposed_is_app (ref))
@@ -9339,6 +9345,7 @@ flatpak_dir_deploy_update (FlatpakDir *self,
checksum_or_latest,
opt_subpaths ? opt_subpaths : old_subpaths,
(const char * const *) previous_ids_owned,
+ "org.freedesktop.Flatpak.override-parental-controls-update",
cancellable, error))
return FALSE;
diff --git a/system-helper/org.freedesktop.Flatpak.policy.in b/system-helper/org.freedesktop.Flatpak.policy.in
index ecbaccb5..64eb2e89 100644
--- a/system-helper/org.freedesktop.Flatpak.policy.in
+++ b/system-helper/org.freedesktop.Flatpak.policy.in
@@ -284,7 +284,7 @@
* Set the malcontent `is-system-installation-allowed` property of
all users’ parental controls policies to true.
-->
- Override parental controls
+ Override parental controls for installs
Authentication is required to install software which is restricted by your parental controls policy
package-x-generic
@@ -292,6 +292,32 @@
auth_admin
auth_admin
+ org.freedesktop.Flatpak.override-parental-controls-update
+
+
+
+
+ Override parental controls for updates
+ Authentication is required to update software which is restricted by your parental controls policy
+ package-x-generic
+
+ auth_admin
+ auth_admin
+ yes
+