Polkit policy pkexec annotation contains ineffective argv2 specification #38
Description
Your repository contains a polkit policy file that defines a polkit annotation for org.freedesktop.policykit.exec.argv2. This annotation is found here.
In the course of doing a security review of polkit policies in SUSE Linux distributions I came across this usage in a couple of packages. It turns out that while specifying argv1, argv2, etc. restrictions feels natural it isn't supported by polkit. It only supports the specification of an argv1 and that's it. It was probably implemented as a special case to support script parameters for interpreters.
The polkit documentation only explicitly mentions argv1 and also the code only explicitly checks for this annotation.
I suggest to remove this annotation to avoid a false sense of security to developers or users/integrators of your project. In case of fbuild probably a wrapper script will be required to make the pkexec annotation work with only argv1.