matteo/malcontent
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity

accounts-service: Add accounts service vendor extension for app filter

Browse source 
Use accounts service’s vendor extension support for storing the app
filter per user, in a way that persists and which access to is
controlled by polkit (so writes can be restricted to administrators).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23858
This commit is contained in:
Philip Withnall 2018-09-24 15:36:41 +01:00
parent 311e9d1c08
commit 79a4c41eee
5 changed files with 127 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
accounts-service/com.endlessm.ParentalControls.AppFilter.xml Normal file
View file

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
<interface name="com.endlessm.ParentalControls.AppFilter">
<annotation name="org.freedesktop.Accounts.VendorExtension" value="true"/>
<annotation name="org.freedesktop.Accounts.Authentication.ChangeOwn"
value="com.endlessm.ParentalControls.AppFilter.ChangeOwn"/>
<annotation name="org.freedesktop.Accounts.Authentication.ReadOwn"
value="com.endlessm.ParentalControls.AppFilter.ReadOwn"/>
<annotation name="org.freedesktop.Accounts.Authentication.ChangeAny"
value="com.endlessm.ParentalControls.AppFilter.ChangeAny"/>
<annotation name="org.freedesktop.Accounts.Authentication.ReadAny"
value="com.endlessm.ParentalControls.AppFilter.ReadAny"/>
<!--
app-filter:
A filter for which applications and binaries the user can run. This is
intended to be set by administrators and read by users, rather than being
editable by the user themselves.
The string list contains flatpak application IDs (containing at least one
dot and no leading slash) and absolute binary paths (containing a leading
slash). The boolean value indicates whether this is a whitelist (true) or
blacklist (false).
-->
<property name="app-filter" type="(bas)" access="readwrite">
<annotation name="org.freedesktop.Accounts.DefaultValue"
value="(false, [])"/>
</property>
</interface>
</node>