org.freedesktop.pkexec.usbview.policy: fix a local root privilege escalation issue via pkexec (CVE-2022-23220).

The polkit policy allowed unprivileged users to run usbview as root with
arbitrary command line arguments, allowing a local root exploit.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Author: gregkh

org.freedesktop.pkexec.usbview.policy

@@ -8,8 +8,8 @@
     <message>Authentication is required to view USB bus</message>
     <icon_name>usbview_icon</icon_name>
     <defaults>
-      <allow_any>yes</allow_any>
-      <allow_inactive>yes</allow_inactive>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
       <allow_active>auth_admin_keep</allow_active>
     </defaults>
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/usbview</annotate>