accounts-service: Rename allow-app-installation to be system-specific

This is in preparation for adding a second boolean for the flatpak user
repository. Make the existing allow-app-installation boolean control
permissions for the flatpak system repository.

Having one boolean for each repository means we can allow users to
install to their user repository by default (subject to OARS ratings),
but not be allowed to install to the system repository.

While changing the name and semantics of the boolean, flip its default
value from True to False. Rather than letting any non-admin user install
new apps by default (subject to OARS restrictions), re-limit it to admin
users and users whose allow-system-installation key has been explicitly
set to True by the admin.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T24457
This commit is contained in:
Philip Withnall 2018-11-28 16:39:39 +00:00
parent f2e7cbfd03
commit 3ec77740c7
5 changed files with 66 additions and 61 deletions

View File

@ -61,16 +61,18 @@
</property> </property>
<!-- <!--
allow-app-installation: allow-system-installation:
Whether app installation is allowed for the user at all. If this is true, Whether this user is allowed to install to the flatpak system repository.
the polkit check for allowing app installation succeeds, and the If this is true, and if the polkit check for allowing app installation
oars-filter does not restrict this app, app installation can proceed. succeeds, and if the oars-filter does not restrict this app, app
installation can proceed.
If this is false, the user is not allowed to install any apps. If this is false, the user is not allowed to install any apps or runtimes
to the flatpak system repository.
--> -->
<property name="allow-app-installation" type="b" access="readwrite"> <property name="allow-system-installation" type="b" access="readwrite">
<annotation name="org.freedesktop.Accounts.DefaultValue" value="true"/> <annotation name="org.freedesktop.Accounts.DefaultValue" value="false"/>
</property> </property>
</interface> </interface>
</node> </node>

View File

@ -138,10 +138,10 @@ def command_get(user, quiet=False, interactive=True):
if not sections: if not sections:
print(' (No OARS values)') print(' (No OARS values)')
if app_filter.is_app_installation_allowed(): if app_filter.is_system_installation_allowed():
print('App installation is allowed') print('App installation is allowed to system repository')
else: else:
print('App installation is disallowed') print('App installation is disallowed to system repository')
def command_check(user, path, quiet=False, interactive=True): def command_check(user, path, quiet=False, interactive=True):
@ -186,12 +186,12 @@ def command_oars_section(user, section, quiet=False, interactive=True):
section, user_id, __oars_value_to_string(value))) section, user_id, __oars_value_to_string(value)))
def command_set(user, allow_app_installation=True, app_filter_args=None, def command_set(user, allow_system_installation=False, app_filter_args=None,
quiet=False, interactive=True): quiet=False, interactive=True):
"""Set the app filter for the given user.""" """Set the app filter for the given user."""
user_id = __lookup_user_id_or_error(user) user_id = __lookup_user_id_or_error(user)
builder = EosParentalControls.AppFilterBuilder.new() builder = EosParentalControls.AppFilterBuilder.new()
builder.set_allow_app_installation(allow_app_installation) builder.set_allow_system_installation(allow_system_installation)
for arg in app_filter_args: for arg in app_filter_args:
if '=' in arg: if '=' in arg:
@ -277,17 +277,20 @@ def main():
parser_set.add_argument('user', default='', nargs='?', parser_set.add_argument('user', default='', nargs='?',
help='user ID or username to get the app filter ' help='user ID or username to get the app filter '
'for (default: current user)') 'for (default: current user)')
parser_set.add_argument('--allow-app-installation', parser_set.add_argument('--allow-system-installation',
dest='allow_app_installation', action='store_true', dest='allow_system_installation',
help='allow app installation in general') action='store_true',
parser_set.add_argument('--disallow-app-installation', help='allow installation to the system flatpak '
dest='allow_app_installation', 'repo in general')
parser_set.add_argument('--disallow-system-installation',
dest='allow_system_installation',
action='store_false', action='store_false',
help='unconditionally disallow app installation') help='unconditionally disallow installation to '
'the system flatpak repo')
parser_set.add_argument('app_filter_args', nargs='*', parser_set.add_argument('app_filter_args', nargs='*',
help='paths to blacklist and OARS section=value ' help='paths to blacklist and OARS section=value '
'pairs to store') 'pairs to store')
parser_set.set_defaults(allow_app_installation=True) parser_set.set_defaults(allow_system_installation=False)
# Parse the command line arguments and run the subcommand. # Parse the command line arguments and run the subcommand.
args = parser.parse_args() args = parser.parse_args()

View File

@ -59,7 +59,7 @@ struct _EpcAppFilter
EpcAppFilterListType app_list_type; EpcAppFilterListType app_list_type;
GVariant *oars_ratings; /* (type a{ss}) (owned non-floating) */ GVariant *oars_ratings; /* (type a{ss}) (owned non-floating) */
gboolean allow_app_installation; gboolean allow_system_installation;
}; };
G_DEFINE_BOXED_TYPE (EpcAppFilter, epc_app_filter, G_DEFINE_BOXED_TYPE (EpcAppFilter, epc_app_filter,
@ -376,7 +376,7 @@ epc_app_filter_get_oars_sections (EpcAppFilter *filter)
* section, inclusive. Any app with a more intense value for this section must * section, inclusive. Any app with a more intense value for this section must
* be hidden from the user whose @filter this is. * be hidden from the user whose @filter this is.
* *
* This does not factor in epc_app_filter_is_app_installation_allowed(). * This does not factor in epc_app_filter_is_system_installation_allowed().
* *
* Returns: an #EpcAppFilterOarsValue * Returns: an #EpcAppFilterOarsValue
* Since: 0.1.0 * Since: 0.1.0
@ -409,25 +409,25 @@ epc_app_filter_get_oars_value (EpcAppFilter *filter,
} }
/** /**
* epc_app_filter_is_app_installation_allowed: * epc_app_filter_is_system_installation_allowed:
* @filter: an #EpcAppFilter * @filter: an #EpcAppFilter
* *
* Get whether app installation is allowed at all for the user. This should be * Get whether the user is allowed to install to the flatpak system repository.
* queried in addition to the OARS values (epc_app_filter_get_oars_value()) if * This should be queried in addition to the OARS values
* it returns %FALSE, the OARS values should be ignored and app installation * (epc_app_filter_get_oars_value()) if it returns %FALSE, the OARS values
* should be unconditionally disallowed. * should be ignored and app installation should be unconditionally disallowed.
* *
* Returns: %TRUE if app installation is allowed in general for this user; * Returns: %TRUE if app installation is allowed to the system repository for
* %FALSE if it is unconditionally disallowed for this user * this user; %FALSE if it is unconditionally disallowed for this user
* Since: 0.1.0 * Since: 0.1.0
*/ */
gboolean gboolean
epc_app_filter_is_app_installation_allowed (EpcAppFilter *filter) epc_app_filter_is_system_installation_allowed (EpcAppFilter *filter)
{ {
g_return_val_if_fail (filter != NULL, FALSE); g_return_val_if_fail (filter != NULL, FALSE);
g_return_val_if_fail (filter->ref_count >= 1, FALSE); g_return_val_if_fail (filter->ref_count >= 1, FALSE);
return filter->allow_app_installation; return filter->allow_system_installation;
} }
/** /**
@ -566,7 +566,7 @@ epc_get_app_filter (GDBusConnection *connection,
const gchar *content_rating_kind; const gchar *content_rating_kind;
g_autoptr(GVariant) oars_variant = NULL; g_autoptr(GVariant) oars_variant = NULL;
g_autoptr(GHashTable) oars_map = NULL; g_autoptr(GHashTable) oars_map = NULL;
gboolean allow_app_installation; gboolean allow_system_installation;
g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), NULL); g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), NULL);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
@ -638,11 +638,11 @@ epc_get_app_filter (GDBusConnection *connection,
return NULL; return NULL;
} }
if (!g_variant_lookup (properties, "allow-app-installation", "b", if (!g_variant_lookup (properties, "allow-system-installation", "b",
&allow_app_installation)) &allow_system_installation))
{ {
/* Default value. */ /* Default value. */
allow_app_installation = TRUE; allow_system_installation = FALSE;
} }
/* Success. Create an #EpcAppFilter object to contain the results. */ /* Success. Create an #EpcAppFilter object to contain the results. */
@ -653,7 +653,7 @@ epc_get_app_filter (GDBusConnection *connection,
app_filter->app_list_type = app_filter->app_list_type =
is_whitelist ? EPC_APP_FILTER_LIST_WHITELIST : EPC_APP_FILTER_LIST_BLACKLIST; is_whitelist ? EPC_APP_FILTER_LIST_WHITELIST : EPC_APP_FILTER_LIST_BLACKLIST;
app_filter->oars_ratings = g_steal_pointer (&oars_variant); app_filter->oars_ratings = g_steal_pointer (&oars_variant);
app_filter->allow_app_installation = allow_app_installation; app_filter->allow_system_installation = allow_system_installation;
return g_steal_pointer (&app_filter); return g_steal_pointer (&app_filter);
} }
@ -798,10 +798,10 @@ epc_set_app_filter (GDBusConnection *connection,
g_autofree gchar *object_path = NULL; g_autofree gchar *object_path = NULL;
g_autoptr(GVariant) app_filter_variant = NULL; g_autoptr(GVariant) app_filter_variant = NULL;
g_autoptr(GVariant) oars_filter_variant = NULL; g_autoptr(GVariant) oars_filter_variant = NULL;
g_autoptr(GVariant) allow_app_installation_variant = NULL; g_autoptr(GVariant) allow_system_installation_variant = NULL;
g_autoptr(GVariant) app_filter_result_variant = NULL; g_autoptr(GVariant) app_filter_result_variant = NULL;
g_autoptr(GVariant) oars_filter_result_variant = NULL; g_autoptr(GVariant) oars_filter_result_variant = NULL;
g_autoptr(GVariant) allow_app_installation_result_variant = NULL; g_autoptr(GVariant) allow_system_installation_result_variant = NULL;
g_autoptr(GError) local_error = NULL; g_autoptr(GError) local_error = NULL;
g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), FALSE); g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), FALSE);
@ -824,7 +824,7 @@ epc_set_app_filter (GDBusConnection *connection,
app_filter_variant = _epc_app_filter_build_app_filter_variant (app_filter); app_filter_variant = _epc_app_filter_build_app_filter_variant (app_filter);
oars_filter_variant = g_variant_new ("(s@a{ss})", "oars-1.1", oars_filter_variant = g_variant_new ("(s@a{ss})", "oars-1.1",
app_filter->oars_ratings); app_filter->oars_ratings);
allow_app_installation_variant = g_variant_new_boolean (app_filter->allow_app_installation); allow_system_installation_variant = g_variant_new_boolean (app_filter->allow_system_installation);
app_filter_result_variant = app_filter_result_variant =
g_dbus_connection_call_sync (connection, g_dbus_connection_call_sync (connection,
@ -872,7 +872,7 @@ epc_set_app_filter (GDBusConnection *connection,
return FALSE; return FALSE;
} }
allow_app_installation_result_variant = allow_system_installation_result_variant =
g_dbus_connection_call_sync (connection, g_dbus_connection_call_sync (connection,
"org.freedesktop.Accounts", "org.freedesktop.Accounts",
object_path, object_path,
@ -880,8 +880,8 @@ epc_set_app_filter (GDBusConnection *connection,
"Set", "Set",
g_variant_new ("(ssv)", g_variant_new ("(ssv)",
"com.endlessm.ParentalControls.AppFilter", "com.endlessm.ParentalControls.AppFilter",
"allow-app-installation", "allow-system-installation",
g_steal_pointer (&allow_app_installation_variant)), g_steal_pointer (&allow_system_installation_variant)),
G_VARIANT_TYPE ("()"), G_VARIANT_TYPE ("()"),
allow_interactive_authorization allow_interactive_authorization
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION ? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
@ -1026,7 +1026,7 @@ typedef struct
{ {
GPtrArray *paths_blacklist; /* (nullable) (owned) (element-type filename) */ GPtrArray *paths_blacklist; /* (nullable) (owned) (element-type filename) */
GHashTable *oars; /* (nullable) (owned) (element-type utf8 EpcAppFilterOarsValue) */ GHashTable *oars; /* (nullable) (owned) (element-type utf8 EpcAppFilterOarsValue) */
gboolean allow_app_installation; gboolean allow_system_installation;
/*< private >*/ /*< private >*/
gpointer padding[2]; gpointer padding[2];
@ -1141,7 +1141,7 @@ epc_app_filter_builder_copy (EpcAppFilterBuilder *builder)
_copy->paths_blacklist = g_ptr_array_ref (_builder->paths_blacklist); _copy->paths_blacklist = g_ptr_array_ref (_builder->paths_blacklist);
if (_builder->oars != NULL) if (_builder->oars != NULL)
_copy->oars = g_hash_table_ref (_builder->oars); _copy->oars = g_hash_table_ref (_builder->oars);
_copy->allow_app_installation = _builder->allow_app_installation; _copy->allow_system_installation = _builder->allow_system_installation;
return g_steal_pointer (&copy); return g_steal_pointer (&copy);
} }
@ -1225,7 +1225,7 @@ epc_app_filter_builder_end (EpcAppFilterBuilder *builder)
app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->paths_blacklist), FALSE); app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->paths_blacklist), FALSE);
app_filter->app_list_type = EPC_APP_FILTER_LIST_BLACKLIST; app_filter->app_list_type = EPC_APP_FILTER_LIST_BLACKLIST;
app_filter->oars_ratings = g_steal_pointer (&oars_variant); app_filter->oars_ratings = g_steal_pointer (&oars_variant);
app_filter->allow_app_installation = _builder->allow_app_installation; app_filter->allow_system_installation = _builder->allow_system_installation;
epc_app_filter_builder_clear (builder); epc_app_filter_builder_clear (builder);
@ -1316,25 +1316,25 @@ epc_app_filter_builder_set_oars_value (EpcAppFilterBuilder *builder,
} }
/** /**
* epc_app_filter_builder_set_allow_app_installation: * epc_app_filter_builder_set_allow_system_installation:
* @builder: an initialised #EpcAppFilterBuilder * @builder: an initialised #EpcAppFilterBuilder
* @allow_app_installation: %TRUE to allow app installation; %FALSE to * @allow_system_installation: %TRUE to allow app installation; %FALSE to
* unconditionally disallow it * unconditionally disallow it
* *
* Set whether app installation is allowed in general for the user. If this is * Set whether the user is allowed to install to the flatpak system repository.
* %TRUE, app installation is still subject to the OARS values * If this is %TRUE, app installation is still subject to the OARS values
* (epc_app_filter_builder_set_oars_value()). If it is %FALSE, app installation * (epc_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
* is unconditionally disallowed for this user. * is unconditionally disallowed for this user.
* *
* Since: 0.1.0 * Since: 0.1.0
*/ */
void void
epc_app_filter_builder_set_allow_app_installation (EpcAppFilterBuilder *builder, epc_app_filter_builder_set_allow_system_installation (EpcAppFilterBuilder *builder,
gboolean allow_app_installation) gboolean allow_system_installation)
{ {
EpcAppFilterBuilderReal *_builder = (EpcAppFilterBuilderReal *) builder; EpcAppFilterBuilderReal *_builder = (EpcAppFilterBuilderReal *) builder;
g_return_if_fail (_builder != NULL); g_return_if_fail (_builder != NULL);
_builder->allow_app_installation = allow_app_installation; _builder->allow_system_installation = allow_system_installation;
} }

View File

@ -111,7 +111,7 @@ const gchar **epc_app_filter_get_oars_sections (EpcAppFilter *filter);
EpcAppFilterOarsValue epc_app_filter_get_oars_value (EpcAppFilter *filter, EpcAppFilterOarsValue epc_app_filter_get_oars_value (EpcAppFilter *filter,
const gchar *oars_section); const gchar *oars_section);
gboolean epc_app_filter_is_app_installation_allowed (EpcAppFilter *filter); gboolean epc_app_filter_is_system_installation_allowed (EpcAppFilter *filter);
EpcAppFilter *epc_get_app_filter (GDBusConnection *connection, EpcAppFilter *epc_get_app_filter (GDBusConnection *connection,
uid_t user_id, uid_t user_id,
@ -182,7 +182,7 @@ GType epc_app_filter_builder_get_type (void);
{ \ { \
g_ptr_array_new_with_free_func (g_free), \ g_ptr_array_new_with_free_func (g_free), \
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL), \ g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL), \
TRUE, \ FALSE, \
} }
void epc_app_filter_builder_init (EpcAppFilterBuilder *builder); void epc_app_filter_builder_init (EpcAppFilterBuilder *builder);
@ -207,7 +207,7 @@ void epc_app_filter_builder_set_oars_value (EpcAppFilterBuilder *builde
const gchar *oars_section, const gchar *oars_section,
EpcAppFilterOarsValue value); EpcAppFilterOarsValue value);
void epc_app_filter_builder_set_allow_app_installation (EpcAppFilterBuilder *builder, void epc_app_filter_builder_set_allow_system_installation (EpcAppFilterBuilder *builder,
gboolean allow_app_installation); gboolean allow_system_installation);
G_END_DECLS G_END_DECLS

View File

@ -125,7 +125,7 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
EPC_APP_FILTER_OARS_VALUE_MILD); EPC_APP_FILTER_OARS_VALUE_MILD);
epc_app_filter_builder_set_oars_value (fixture->builder, "language-humor", epc_app_filter_builder_set_oars_value (fixture->builder, "language-humor",
EPC_APP_FILTER_OARS_VALUE_MODERATE); EPC_APP_FILTER_OARS_VALUE_MODERATE);
epc_app_filter_builder_set_allow_app_installation (fixture->builder, FALSE); epc_app_filter_builder_set_allow_system_installation (fixture->builder, FALSE);
filter = epc_app_filter_builder_end (fixture->builder); filter = epc_app_filter_builder_end (fixture->builder);
@ -151,7 +151,7 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
const gchar * const expected_sections[] = { "drugs-alcohol", "language-humor", NULL }; const gchar * const expected_sections[] = { "drugs-alcohol", "language-humor", NULL };
assert_strv_equal ((const gchar * const *) sections, expected_sections); assert_strv_equal ((const gchar * const *) sections, expected_sections);
g_assert_false (epc_app_filter_is_app_installation_allowed (filter)); g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
} }
/* Test building an empty #EpcAppFilter using an #EpcAppFilterBuilder. */ /* Test building an empty #EpcAppFilter using an #EpcAppFilterBuilder. */
@ -186,7 +186,7 @@ test_app_filter_builder_empty (BuilderFixture *fixture,
const gchar * const expected_sections[] = { NULL }; const gchar * const expected_sections[] = { NULL };
assert_strv_equal ((const gchar * const *) sections, expected_sections); assert_strv_equal ((const gchar * const *) sections, expected_sections);
g_assert_true (epc_app_filter_is_app_installation_allowed (filter)); g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
} }
/* Check that copying a cleared #EpcAppFilterBuilder works, and the copy can /* Check that copying a cleared #EpcAppFilterBuilder works, and the copy can
@ -208,7 +208,7 @@ test_app_filter_builder_copy_empty (void)
g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false")); g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true")); g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
g_assert_true (epc_app_filter_is_app_installation_allowed (filter)); g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
} }
/* Check that copying a filled #EpcAppFilterBuilder works, and the copy can be /* Check that copying a filled #EpcAppFilterBuilder works, and the copy can be
@ -221,13 +221,13 @@ test_app_filter_builder_copy_full (void)
g_autoptr(EpcAppFilter) filter = NULL; g_autoptr(EpcAppFilter) filter = NULL;
epc_app_filter_builder_blacklist_path (builder, "/bin/true"); epc_app_filter_builder_blacklist_path (builder, "/bin/true");
epc_app_filter_builder_set_allow_app_installation (builder, FALSE); epc_app_filter_builder_set_allow_system_installation (builder, FALSE);
builder_copy = epc_app_filter_builder_copy (builder); builder_copy = epc_app_filter_builder_copy (builder);
filter = epc_app_filter_builder_end (builder_copy); filter = epc_app_filter_builder_end (builder_copy);
g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false")); g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true")); g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
g_assert_false (epc_app_filter_is_app_installation_allowed (filter)); g_assert_false (epc_app_filter_is_system_installation_allowed (filter));
} }
int int