accounts-service: Rename allow-app-installation to be system-specific

This is in preparation for adding a second boolean for the flatpak user
repository. Make the existing allow-app-installation boolean control
permissions for the flatpak system repository.

Having one boolean for each repository means we can allow users to
install to their user repository by default (subject to OARS ratings),
but not be allowed to install to the system repository.

While changing the name and semantics of the boolean, flip its default
value from True to False. Rather than letting any non-admin user install
new apps by default (subject to OARS restrictions), re-limit it to admin
users and users whose allow-system-installation key has been explicitly
set to True by the admin.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T24457

libeos-parental-controls/tests/app-filter.c

@@ -125,7 +125,7 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
                                          EPC_APP_FILTER_OARS_VALUE_MILD);
   epc_app_filter_builder_set_oars_value (fixture->builder, "language-humor",
                                          EPC_APP_FILTER_OARS_VALUE_MODERATE);
-  epc_app_filter_builder_set_allow_app_installation (fixture->builder, FALSE);
+  epc_app_filter_builder_set_allow_system_installation (fixture->builder, FALSE);
 
   filter = epc_app_filter_builder_end (fixture->builder);
 
@@ -151,7 +151,7 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
   const gchar * const expected_sections[] = { "drugs-alcohol", "language-humor", NULL };
   assert_strv_equal ((const gchar * const *) sections, expected_sections);
 
-  g_assert_false (epc_app_filter_is_app_installation_allowed (filter));
+  g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
 }
 
 /* Test building an empty #EpcAppFilter using an #EpcAppFilterBuilder. */
@@ -186,7 +186,7 @@ test_app_filter_builder_empty (BuilderFixture *fixture,
   const gchar * const expected_sections[] = { NULL };
   assert_strv_equal ((const gchar * const *) sections, expected_sections);
 
-  g_assert_true (epc_app_filter_is_app_installation_allowed (filter));
+  g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
 }
 
 /* Check that copying a cleared #EpcAppFilterBuilder works, and the copy can
@@ -208,7 +208,7 @@ test_app_filter_builder_copy_empty (void)
   g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
   g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
 
-  g_assert_true (epc_app_filter_is_app_installation_allowed (filter));
+  g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
 }
 
 /* Check that copying a filled #EpcAppFilterBuilder works, and the copy can be
@@ -221,13 +221,13 @@ test_app_filter_builder_copy_full (void)
   g_autoptr(EpcAppFilter) filter = NULL;
 
   epc_app_filter_builder_blacklist_path (builder, "/bin/true");
-  epc_app_filter_builder_set_allow_app_installation (builder, FALSE);
+  epc_app_filter_builder_set_allow_system_installation (builder, FALSE);
   builder_copy = epc_app_filter_builder_copy (builder);
   filter = epc_app_filter_builder_end (builder_copy);
 
   g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
   g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
-  g_assert_false (epc_app_filter_is_app_installation_allowed (filter));
+  g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
 }
 
 int