Merge pull request #14 from endlessm/T24457-disable-installation
T24457 Add `allow-app-installation` key
This commit is contained in:
commit
49228974eb
|
@ -59,5 +59,18 @@
|
|||
<annotation name="org.freedesktop.Accounts.DefaultValue"
|
||||
value="('oars-1.1', @a{ss} {})"/>
|
||||
</property>
|
||||
|
||||
<!--
|
||||
allow-app-installation:
|
||||
|
||||
Whether app installation is allowed for the user at all. If this is true,
|
||||
the polkit check for allowing app installation succeeds, and the
|
||||
oars-filter does not restrict this app, app installation can proceed.
|
||||
|
||||
If this is false, the user is not allowed to install any apps.
|
||||
-->
|
||||
<property name="allow-app-installation" type="b" access="readwrite">
|
||||
<annotation name="org.freedesktop.Accounts.DefaultValue" value="true"/>
|
||||
</property>
|
||||
</interface>
|
||||
</node>
|
||||
|
|
|
@ -127,9 +127,21 @@ def __oars_value_from_string(value_str):
|
|||
def command_get(user, quiet=False, interactive=True):
|
||||
"""Get the app filter for the given user."""
|
||||
user_id = __lookup_user_id_or_error(user)
|
||||
__get_app_filter_or_error(user_id, interactive)
|
||||
app_filter = __get_app_filter_or_error(user_id, interactive)
|
||||
|
||||
print('App filter for user {} retrieved'.format(user_id))
|
||||
print('App filter for user {} retrieved:'.format(user_id))
|
||||
|
||||
sections = app_filter.get_oars_sections()
|
||||
for section in sections:
|
||||
value = app_filter.get_oars_value(section)
|
||||
print(' {}: {}'.format(section, oars_value_mapping[value]))
|
||||
if not sections:
|
||||
print(' (No OARS values)')
|
||||
|
||||
if app_filter.is_app_installation_allowed():
|
||||
print('App installation is allowed')
|
||||
else:
|
||||
print('App installation is disallowed')
|
||||
|
||||
|
||||
def command_check(user, path, quiet=False, interactive=True):
|
||||
|
@ -169,10 +181,12 @@ def command_oars_section(user, section, quiet=False, interactive=True):
|
|||
section, user_id, __oars_value_to_string(value)))
|
||||
|
||||
|
||||
def command_set(user, app_filter_args=None, quiet=False, interactive=True):
|
||||
def command_set(user, allow_app_installation=True, app_filter_args=None,
|
||||
quiet=False, interactive=True):
|
||||
"""Set the app filter for the given user."""
|
||||
user_id = __lookup_user_id_or_error(user)
|
||||
builder = EosParentalControls.AppFilterBuilder.new()
|
||||
builder.set_allow_app_installation(allow_app_installation)
|
||||
|
||||
for arg in app_filter_args:
|
||||
if '=' in arg:
|
||||
|
@ -258,9 +272,17 @@ def main():
|
|||
parser_set.add_argument('user', default='', nargs='?',
|
||||
help='user ID or username to get the app filter '
|
||||
'for (default: current user)')
|
||||
parser_set.add_argument('--allow-app-installation',
|
||||
dest='allow_app_installation', action='store_true',
|
||||
help='allow app installation in general')
|
||||
parser_set.add_argument('--disallow-app-installation',
|
||||
dest='allow_app_installation',
|
||||
action='store_false',
|
||||
help='unconditionally disallow app installation')
|
||||
parser_set.add_argument('app_filter_args', nargs='*',
|
||||
help='paths to blacklist and OARS section=value '
|
||||
'pairs to store')
|
||||
parser_set.set_defaults(allow_app_installation=True)
|
||||
|
||||
# Parse the command line arguments and run the subcommand.
|
||||
args = parser.parse_args()
|
||||
|
|
|
@ -58,6 +58,7 @@ struct _EpcAppFilter
|
|||
EpcAppFilterListType app_list_type;
|
||||
|
||||
GVariant *oars_ratings; /* (type a{ss}) (owned non-floating) */
|
||||
gboolean allow_app_installation;
|
||||
};
|
||||
|
||||
G_DEFINE_BOXED_TYPE (EpcAppFilter, epc_app_filter,
|
||||
|
@ -254,6 +255,8 @@ epc_app_filter_get_oars_sections (EpcAppFilter *filter)
|
|||
* section, inclusive. Any app with a more intense value for this section must
|
||||
* be hidden from the user whose @filter this is.
|
||||
*
|
||||
* This does not factor in epc_app_filter_is_app_installation_allowed().
|
||||
*
|
||||
* Returns: an #EpcAppFilterOarsValue
|
||||
* Since: 0.1.0
|
||||
*/
|
||||
|
@ -284,6 +287,28 @@ epc_app_filter_get_oars_value (EpcAppFilter *filter,
|
|||
return EPC_APP_FILTER_OARS_VALUE_UNKNOWN;
|
||||
}
|
||||
|
||||
/**
|
||||
* epc_app_filter_is_app_installation_allowed:
|
||||
* @filter: an #EpcAppFilter
|
||||
*
|
||||
* Get whether app installation is allowed at all for the user. This should be
|
||||
* queried in addition to the OARS values (epc_app_filter_get_oars_value()) — if
|
||||
* it returns %FALSE, the OARS values should be ignored and app installation
|
||||
* should be unconditionally disallowed.
|
||||
*
|
||||
* Returns: %TRUE if app installation is allowed in general for this user;
|
||||
* %FALSE if it is unconditionally disallowed for this user
|
||||
* Since: 0.1.0
|
||||
*/
|
||||
gboolean
|
||||
epc_app_filter_is_app_installation_allowed (EpcAppFilter *filter)
|
||||
{
|
||||
g_return_val_if_fail (filter != NULL, FALSE);
|
||||
g_return_val_if_fail (filter->ref_count >= 1, FALSE);
|
||||
|
||||
return filter->allow_app_installation;
|
||||
}
|
||||
|
||||
/**
|
||||
* _epc_app_filter_build_app_filter_variant:
|
||||
* @filter: an #EpcAppFilter
|
||||
|
@ -420,6 +445,7 @@ epc_get_app_filter (GDBusConnection *connection,
|
|||
const gchar *content_rating_kind;
|
||||
g_autoptr(GVariant) oars_variant = NULL;
|
||||
g_autoptr(GHashTable) oars_map = NULL;
|
||||
gboolean allow_app_installation;
|
||||
|
||||
g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), NULL);
|
||||
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
|
||||
|
@ -491,6 +517,13 @@ epc_get_app_filter (GDBusConnection *connection,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (!g_variant_lookup (properties, "allow-app-installation", "b",
|
||||
&allow_app_installation))
|
||||
{
|
||||
/* Default value. */
|
||||
allow_app_installation = TRUE;
|
||||
}
|
||||
|
||||
/* Success. Create an #EpcAppFilter object to contain the results. */
|
||||
app_filter = g_new0 (EpcAppFilter, 1);
|
||||
app_filter->ref_count = 1;
|
||||
|
@ -499,6 +532,7 @@ epc_get_app_filter (GDBusConnection *connection,
|
|||
app_filter->app_list_type =
|
||||
is_whitelist ? EPC_APP_FILTER_LIST_WHITELIST : EPC_APP_FILTER_LIST_BLACKLIST;
|
||||
app_filter->oars_ratings = g_steal_pointer (&oars_variant);
|
||||
app_filter->allow_app_installation = allow_app_installation;
|
||||
|
||||
return g_steal_pointer (&app_filter);
|
||||
}
|
||||
|
@ -643,8 +677,10 @@ epc_set_app_filter (GDBusConnection *connection,
|
|||
g_autofree gchar *object_path = NULL;
|
||||
g_autoptr(GVariant) app_filter_variant = NULL;
|
||||
g_autoptr(GVariant) oars_filter_variant = NULL;
|
||||
g_autoptr(GVariant) allow_app_installation_variant = NULL;
|
||||
g_autoptr(GVariant) app_filter_result_variant = NULL;
|
||||
g_autoptr(GVariant) oars_filter_result_variant = NULL;
|
||||
g_autoptr(GVariant) allow_app_installation_result_variant = NULL;
|
||||
g_autoptr(GError) local_error = NULL;
|
||||
|
||||
g_return_val_if_fail (connection == NULL || G_IS_DBUS_CONNECTION (connection), FALSE);
|
||||
|
@ -667,6 +703,7 @@ epc_set_app_filter (GDBusConnection *connection,
|
|||
app_filter_variant = _epc_app_filter_build_app_filter_variant (app_filter);
|
||||
oars_filter_variant = g_variant_new ("(s@a{ss})", "oars-1.1",
|
||||
app_filter->oars_ratings);
|
||||
allow_app_installation_variant = g_variant_new_boolean (app_filter->allow_app_installation);
|
||||
|
||||
app_filter_result_variant =
|
||||
g_dbus_connection_call_sync (connection,
|
||||
|
@ -714,6 +751,29 @@ epc_set_app_filter (GDBusConnection *connection,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
allow_app_installation_result_variant =
|
||||
g_dbus_connection_call_sync (connection,
|
||||
"org.freedesktop.Accounts",
|
||||
object_path,
|
||||
"org.freedesktop.DBus.Properties",
|
||||
"Set",
|
||||
g_variant_new ("(ssv)",
|
||||
"com.endlessm.ParentalControls.AppFilter",
|
||||
"allow-app-installation",
|
||||
g_steal_pointer (&allow_app_installation_variant)),
|
||||
G_VARIANT_TYPE ("()"),
|
||||
allow_interactive_authorization
|
||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||
: G_DBUS_CALL_FLAGS_NONE,
|
||||
-1, /* timeout, ms */
|
||||
cancellable,
|
||||
&local_error);
|
||||
if (local_error != NULL)
|
||||
{
|
||||
g_propagate_error (error, bus_error_to_app_filter_error (local_error, user_id));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -845,6 +905,7 @@ typedef struct
|
|||
{
|
||||
GPtrArray *paths_blacklist; /* (nullable) (owned) (element-type filename) */
|
||||
GHashTable *oars; /* (nullable) (owned) (element-type utf8 EpcAppFilterOarsValue) */
|
||||
gboolean allow_app_installation;
|
||||
|
||||
/*< private >*/
|
||||
gpointer padding[2];
|
||||
|
@ -959,6 +1020,7 @@ epc_app_filter_builder_copy (EpcAppFilterBuilder *builder)
|
|||
_copy->paths_blacklist = g_ptr_array_ref (_builder->paths_blacklist);
|
||||
if (_builder->oars != NULL)
|
||||
_copy->oars = g_hash_table_ref (_builder->oars);
|
||||
_copy->allow_app_installation = _builder->allow_app_installation;
|
||||
|
||||
return g_steal_pointer (©);
|
||||
}
|
||||
|
@ -1042,6 +1104,7 @@ epc_app_filter_builder_end (EpcAppFilterBuilder *builder)
|
|||
app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->paths_blacklist), FALSE);
|
||||
app_filter->app_list_type = EPC_APP_FILTER_LIST_BLACKLIST;
|
||||
app_filter->oars_ratings = g_steal_pointer (&oars_variant);
|
||||
app_filter->allow_app_installation = _builder->allow_app_installation;
|
||||
|
||||
epc_app_filter_builder_clear (builder);
|
||||
|
||||
|
@ -1130,3 +1193,27 @@ epc_app_filter_builder_set_oars_value (EpcAppFilterBuilder *builder,
|
|||
g_hash_table_insert (_builder->oars, g_strdup (oars_section),
|
||||
GUINT_TO_POINTER (value));
|
||||
}
|
||||
|
||||
/**
|
||||
* epc_app_filter_builder_set_allow_app_installation:
|
||||
* @builder: an initialised #EpcAppFilterBuilder
|
||||
* @allow_app_installation: %TRUE to allow app installation; %FALSE to
|
||||
* unconditionally disallow it
|
||||
*
|
||||
* Set whether app installation is allowed in general for the user. If this is
|
||||
* %TRUE, app installation is still subject to the OARS values
|
||||
* (epc_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
|
||||
* is unconditionally disallowed for this user.
|
||||
*
|
||||
* Since: 0.1.0
|
||||
*/
|
||||
void
|
||||
epc_app_filter_builder_set_allow_app_installation (EpcAppFilterBuilder *builder,
|
||||
gboolean allow_app_installation)
|
||||
{
|
||||
EpcAppFilterBuilderReal *_builder = (EpcAppFilterBuilderReal *) builder;
|
||||
|
||||
g_return_if_fail (_builder != NULL);
|
||||
|
||||
_builder->allow_app_installation = allow_app_installation;
|
||||
}
|
||||
|
|
|
@ -107,6 +107,8 @@ const gchar **epc_app_filter_get_oars_sections (EpcAppFilter *filter);
|
|||
EpcAppFilterOarsValue epc_app_filter_get_oars_value (EpcAppFilter *filter,
|
||||
const gchar *oars_section);
|
||||
|
||||
gboolean epc_app_filter_is_app_installation_allowed (EpcAppFilter *filter);
|
||||
|
||||
EpcAppFilter *epc_get_app_filter (GDBusConnection *connection,
|
||||
uid_t user_id,
|
||||
gboolean allow_interactive_authorization,
|
||||
|
@ -152,6 +154,7 @@ typedef struct
|
|||
/*< private >*/
|
||||
gpointer p0;
|
||||
gpointer p1;
|
||||
gboolean b0;
|
||||
gpointer p2;
|
||||
gpointer p3;
|
||||
} EpcAppFilterBuilder;
|
||||
|
@ -174,7 +177,8 @@ GType epc_app_filter_builder_get_type (void);
|
|||
#define EPC_APP_FILTER_BUILDER_INIT() \
|
||||
{ \
|
||||
g_ptr_array_new_with_free_func (g_free), \
|
||||
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL) \
|
||||
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL), \
|
||||
TRUE, \
|
||||
}
|
||||
|
||||
void epc_app_filter_builder_init (EpcAppFilterBuilder *builder);
|
||||
|
@ -199,4 +203,7 @@ void epc_app_filter_builder_set_oars_value (EpcAppFilterBuilder *builde
|
|||
const gchar *oars_section,
|
||||
EpcAppFilterOarsValue value);
|
||||
|
||||
void epc_app_filter_builder_set_allow_app_installation (EpcAppFilterBuilder *builder,
|
||||
gboolean allow_app_installation);
|
||||
|
||||
G_END_DECLS
|
||||
|
|
|
@ -125,6 +125,7 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
|
|||
EPC_APP_FILTER_OARS_VALUE_MILD);
|
||||
epc_app_filter_builder_set_oars_value (fixture->builder, "language-humor",
|
||||
EPC_APP_FILTER_OARS_VALUE_MODERATE);
|
||||
epc_app_filter_builder_set_allow_app_installation (fixture->builder, FALSE);
|
||||
|
||||
filter = epc_app_filter_builder_end (fixture->builder);
|
||||
|
||||
|
@ -147,6 +148,8 @@ test_app_filter_builder_non_empty (BuilderFixture *fixture,
|
|||
sections = epc_app_filter_get_oars_sections (filter);
|
||||
const gchar * const expected_sections[] = { "drugs-alcohol", "language-humor", NULL };
|
||||
assert_strv_equal ((const gchar * const *) sections, expected_sections);
|
||||
|
||||
g_assert_false (epc_app_filter_is_app_installation_allowed (filter));
|
||||
}
|
||||
|
||||
/* Test building an empty #EpcAppFilter using an #EpcAppFilterBuilder. */
|
||||
|
@ -178,6 +181,8 @@ test_app_filter_builder_empty (BuilderFixture *fixture,
|
|||
sections = epc_app_filter_get_oars_sections (filter);
|
||||
const gchar * const expected_sections[] = { NULL };
|
||||
assert_strv_equal ((const gchar * const *) sections, expected_sections);
|
||||
|
||||
g_assert_true (epc_app_filter_is_app_installation_allowed (filter));
|
||||
}
|
||||
|
||||
/* Check that copying a cleared #EpcAppFilterBuilder works, and the copy can
|
||||
|
@ -198,6 +203,8 @@ test_app_filter_builder_copy_empty (void)
|
|||
|
||||
g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
|
||||
g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
|
||||
|
||||
g_assert_true (epc_app_filter_is_app_installation_allowed (filter));
|
||||
}
|
||||
|
||||
/* Check that copying a filled #EpcAppFilterBuilder works, and the copy can be
|
||||
|
@ -210,11 +217,13 @@ test_app_filter_builder_copy_full (void)
|
|||
g_autoptr(EpcAppFilter) filter = NULL;
|
||||
|
||||
epc_app_filter_builder_blacklist_path (builder, "/bin/true");
|
||||
epc_app_filter_builder_set_allow_app_installation (builder, FALSE);
|
||||
builder_copy = epc_app_filter_builder_copy (builder);
|
||||
filter = epc_app_filter_builder_end (builder_copy);
|
||||
|
||||
g_assert_true (epc_app_filter_is_path_allowed (filter, "/bin/false"));
|
||||
g_assert_false (epc_app_filter_is_path_allowed (filter, "/bin/true"));
|
||||
g_assert_false (epc_app_filter_is_app_installation_allowed (filter));
|
||||
}
|
||||
|
||||
int
|
||||
|
|
Loading…
Reference in New Issue