Merge pull request #15 from endlessm/T24016-flatpak-apps
libeos-parental-controls: Support matching against flatpak app IDs
This commit is contained in:
commit
08e8f994c3
|
@ -150,7 +150,12 @@ def command_check(user, path, quiet=False, interactive=True):
|
|||
user_id = __lookup_user_id_or_error(user)
|
||||
app_filter = __get_app_filter_or_error(user_id, interactive)
|
||||
|
||||
if path.startswith('app/') or path.startswith('runtime/'):
|
||||
if path.startswith('app/') and path.count('/') < 3:
|
||||
# Flatpak app ID
|
||||
path = path[4:]
|
||||
is_allowed = app_filter.is_flatpak_app_allowed(path)
|
||||
noun = 'Flatpak app ID'
|
||||
elif path.startswith('app/') or path.startswith('runtime/'):
|
||||
# Flatpak ref
|
||||
is_allowed = app_filter.is_flatpak_ref_allowed(path)
|
||||
noun = 'Flatpak ref'
|
||||
|
|
|
@ -166,7 +166,7 @@ epc_app_filter_is_path_allowed (EpcAppFilter *filter,
|
|||
/**
|
||||
* epc_app_filter_is_flatpak_ref_allowed:
|
||||
* @filter: an #EpcAppFilter
|
||||
* @app_ref: flatpak ref for the app
|
||||
* @app_ref: flatpak ref for the app, for example `app/org.gnome.Builder/x86_64/master`
|
||||
*
|
||||
* Check whether the flatpak app with the given @app_ref is allowed to be run
|
||||
* according to this app filter.
|
||||
|
@ -197,6 +197,57 @@ epc_app_filter_is_flatpak_ref_allowed (EpcAppFilter *filter,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* epc_app_filter_is_flatpak_app_allowed:
|
||||
* @filter: an #EpcAppFilter
|
||||
* @app_id: flatpak ID for the app, for example `org.gnome.Builder`
|
||||
*
|
||||
* Check whether the flatpak app with the given @app_id is allowed to be run
|
||||
* according to this app filter. This is a globbing match, matching @app_id
|
||||
* against potentially multiple entries in the blacklist, as the blacklist
|
||||
* contains flatpak refs (for example, `app/org.gnome.Builder/x86_64/master`)
|
||||
* which contain architecture and branch information. App IDs (for example,
|
||||
* `org.gnome.Builder`) do not contain architecture or branch information.
|
||||
*
|
||||
* Returns: %TRUE if the user this @filter corresponds to is allowed to run the
|
||||
* flatpak called @app_id according to the @filter policy; %FALSE otherwise
|
||||
* Since: 0.1.0
|
||||
*/
|
||||
gboolean
|
||||
epc_app_filter_is_flatpak_app_allowed (EpcAppFilter *filter,
|
||||
const gchar *app_id)
|
||||
{
|
||||
g_return_val_if_fail (filter != NULL, FALSE);
|
||||
g_return_val_if_fail (filter->ref_count >= 1, FALSE);
|
||||
g_return_val_if_fail (app_id != NULL, FALSE);
|
||||
|
||||
gsize app_id_len = strlen (app_id);
|
||||
|
||||
gboolean id_in_list = FALSE;
|
||||
for (gsize i = 0; filter->app_list[i] != NULL; i++)
|
||||
{
|
||||
/* Avoid using flatpak_ref_parse() to avoid a dependency on libflatpak
|
||||
* just for that one function. */
|
||||
if (g_str_has_prefix (filter->app_list[i], "app/") &&
|
||||
strncmp (filter->app_list[i] + strlen ("app/"), app_id, app_id_len) == 0 &&
|
||||
filter->app_list[i][strlen ("app/") + app_id_len] == '/')
|
||||
{
|
||||
id_in_list = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
switch (filter->app_list_type)
|
||||
{
|
||||
case EPC_APP_FILTER_LIST_BLACKLIST:
|
||||
return !id_in_list;
|
||||
case EPC_APP_FILTER_LIST_WHITELIST:
|
||||
return id_in_list;
|
||||
default:
|
||||
g_assert_not_reached ();
|
||||
}
|
||||
}
|
||||
|
||||
static gint
|
||||
strcmp_cb (gconstpointer a,
|
||||
gconstpointer b)
|
||||
|
|
|
@ -102,6 +102,8 @@ gboolean epc_app_filter_is_path_allowed (EpcAppFilter *filter,
|
|||
const gchar *path);
|
||||
gboolean epc_app_filter_is_flatpak_ref_allowed (EpcAppFilter *filter,
|
||||
const gchar *app_ref);
|
||||
gboolean epc_app_filter_is_flatpak_app_allowed (EpcAppFilter *filter,
|
||||
const gchar *app_id);
|
||||
|
||||
const gchar **epc_app_filter_get_oars_sections (EpcAppFilter *filter);
|
||||
EpcAppFilterOarsValue epc_app_filter_get_oars_value (EpcAppFilter *filter,
|
||||
|
|
|
@ -135,8 +135,10 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
|
|||
|
||||
g_assert_true (epc_app_filter_is_flatpak_ref_allowed (filter,
|
||||
"app/org.gnome.Ponies/x86_64/master"));
|
||||
g_assert_true (epc_app_filter_is_flatpak_app_allowed (filter, "org.gnome.Ponies"));
|
||||
g_assert_false (epc_app_filter_is_flatpak_ref_allowed (filter,
|
||||
"app/org.doom.Doom/x86_64/master"));
|
||||
g_assert_false (epc_app_filter_is_flatpak_app_allowed (filter, "org.doom.Doom"));
|
||||
|
||||
g_assert_cmpint (epc_app_filter_get_oars_value (filter, "drugs-alcohol"), ==,
|
||||
EPC_APP_FILTER_OARS_VALUE_MILD);
|
||||
|
@ -168,8 +170,10 @@ test_app_filter_builder_empty (BuilderFixture *fixture,
|
|||
|
||||
g_assert_true (epc_app_filter_is_flatpak_ref_allowed (filter,
|
||||
"app/org.gnome.Ponies/x86_64/master"));
|
||||
g_assert_true (epc_app_filter_is_flatpak_app_allowed (filter, "org.gnome.Ponies"));
|
||||
g_assert_true (epc_app_filter_is_flatpak_ref_allowed (filter,
|
||||
"app/org.doom.Doom/x86_64/master"));
|
||||
g_assert_true (epc_app_filter_is_flatpak_app_allowed (filter, "org.doom.Doom"));
|
||||
|
||||
g_assert_cmpint (epc_app_filter_get_oars_value (filter, "drugs-alcohol"), ==,
|
||||
EPC_APP_FILTER_OARS_VALUE_UNKNOWN);
|
||||
|
|
Loading…
Reference in New Issue