From 0ed3ab4607fa115d53f578ad2bcec06dc13870af Mon Sep 17 00:00:00 2001
From: Justin Garrison <justinleegarrison@gmail.com>
Date: Mon, 12 Feb 2024 11:24:29 -0800
Subject: [PATCH] fix: add pcscd polkit rule for Yubikey access

Signed-off-by: Justin Garrison <justinleegarrison@gmail.com>
---
 .../org.debian.pcsc-lite.access_card.rules       | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 sys_files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules

diff --git a/sys_files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules b/sys_files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules
new file mode 100644
index 00000000..eae64542
--- /dev/null
+++ b/sys_files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules
@@ -0,0 +1,16 @@
+// allow members of the wheel group to access gpg cards via pcscd service
+// this is needed for access to yubikey devices
+// installation details from https://github.com/drduh/YubiKey-Guide/issues/376
+
+polkit.addRule(function(action, subject) {
+        if (action.id == "org.debian.pcsc-lite.access_card" &&
+                subject.isInGroup("wheel")) {
+                return polkit.Result.YES;
+        }
+});
+polkit.addRule(function(action, subject) {
+        if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
+                subject.isInGroup("wheel")) {
+                return polkit.Result.YES;
+        }
+});