polkit: add new POLKIT_ALWAYS_QUERY flag

When this flag is set we'll disable the local shortcut that skips polkit
checks for clients that are privileged, and assumes they are
authenticated.

Or in other words: if this flag is set, we'll query PK not matter what,
regardless if it's root we talk about or any other user.

src/shared/bus-polkit.c

@@ -539,11 +539,14 @@ int bus_verify_polkit_async_full(
         }
 #endif
 
-        r = sd_bus_query_sender_privilege(call, -1);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return 1;
+        if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+                /* Don't query PK if client is privileged */
+                r = sd_bus_query_sender_privilege(call, /* capability= */ -1);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        return 1;
+        }
 
 #if ENABLE_POLKIT
         bool interactive = FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE);
@@ -742,9 +745,11 @@ int varlink_verify_polkit_async_full(
         if (r != 0)
                 return r;
 
-        r = varlink_check_peer_privilege(link);
-        if (r != 0)
-                return r;
+        if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+                r = varlink_check_peer_privilege(link);
+                if (r != 0)
+                        return r;
+        }
 
 #if ENABLE_POLKIT
         _cleanup_(async_polkit_query_unrefp) AsyncPolkitQuery *q = NULL;

src/shared/bus-polkit.h

@@ -9,6 +9,7 @@
 
 typedef enum PolkitFLags {
         POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */
+        POLKIT_ALWAYS_QUERY      = 1 << 1, /* Query polkit even if client is privileged */
 } PolkitFlags;
 
 int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);