accounts-service: Add accounts service vendor extension for app filter

Use accounts service’s vendor extension support for storing the app
filter per user, in a way that persists and which access to is
controlled by polkit (so writes can be restricted to administrators).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23858

accounts-service/com.endlessm.ParentalControls.AppFilter.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
+<node>
+  <interface name="com.endlessm.ParentalControls.AppFilter">
+
+    <annotation name="org.freedesktop.Accounts.VendorExtension" value="true"/>
+
+    <annotation name="org.freedesktop.Accounts.Authentication.ChangeOwn"
+      value="com.endlessm.ParentalControls.AppFilter.ChangeOwn"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ReadOwn"
+      value="com.endlessm.ParentalControls.AppFilter.ReadOwn"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ChangeAny"
+      value="com.endlessm.ParentalControls.AppFilter.ChangeAny"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ReadAny"
+      value="com.endlessm.ParentalControls.AppFilter.ReadAny"/>
+
+    <!--
+      app-filter:
+
+      A filter for which applications and binaries the user can run. This is
+      intended to be set by administrators and read by users, rather than being
+      editable by the user themselves.
+
+      The string list contains flatpak application IDs (containing at least one
+      dot and no leading slash) and absolute binary paths (containing a leading
+      slash). The boolean value indicates whether this is a whitelist (true) or
+      blacklist (false).
+    -->
+    <property name="app-filter" type="(bas)" access="readwrite">
+      <annotation name="org.freedesktop.Accounts.DefaultValue"
+        value="(false, [])"/>
+    </property>
+  </interface>
+</node>

accounts-service/com.endlessm.ParentalControls.policy

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<policyconfig>
+  <action id="com.endlessm.ParentalControls.AppFilter.ChangeOwn">
+    <description>Change your own app filter</description>
+    <message>Authentication is required to change your app filter.</message>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AppFilter.ReadOwn">
+    <description>Read your own app filter</description>
+    <message>Authentication is required to read your app filter.</message>
+    <defaults>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AppFilter.ChangeAny">
+    <description>Change another user’s app filter</description>
+    <message>Authentication is required to change another user’s app filter.</message>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AppFilter.ReadAny">
+    <description>Read another user’s app filter</description>
+    <message>Authentication is required to read another user’s app filter.</message>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+</policyconfig>

accounts-service/meson.build

@@ -0,0 +1,8 @@
+install_data('com.endlessm.ParentalControls.policy',
+  install_dir: polkitpolicydir)
+
+install_data('com.endlessm.ParentalControls.AppFilter.xml',
+  install_dir: dbusinterfacesdir)
+meson.add_install_script(meson_make_symlink,
+  join_paths(dbusinterfacesdir, 'com.endlessm.ParentalControls.AppFilter.xml'),
+  join_paths(accountsserviceinterfacesdir, 'com.endlessm.ParentalControls.AppFilter.xml'))

meson.build

@@ -0,0 +1,30 @@
+project('eos-parental-controls', 'c',
+  version : '0.1.0',
+  meson_version : '>= 0.47.0',
+  license: 'LGPLv2.1+',
+  default_options : [
+    'buildtype=debugoptimized',
+    'warning_level=2',
+    'c_std=gnu11',
+  ]
+)
+
+pkgconfig = import('pkgconfig')
+
+meson_make_symlink = join_paths(meson.source_root(), 'tools', 'meson-make-symlink.sh')
+
+prefix = get_option('prefix')
+datadir = join_paths(prefix, get_option('datadir'))
+
+# FIXME: This isn’t exposed in accountsservice.pc
+accountsserviceinterfacesdir = join_paths(datadir, 'accountsservice', 'interfaces')
+
+dbus = dependency('dbus-1')
+dbusinterfacesdir = dbus.get_pkgconfig_variable('interfaces_dir',
+  define_variable: ['datadir', datadir])
+
+polkit_gobject = dependency('polkit-gobject-1')
+polkitpolicydir = polkit_gobject.get_pkgconfig_variable('policydir',
+  define_variable: ['prefix', prefix])
+
+subdir('accounts-service')

tools/meson-make-symlink.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -eu
+
+# this is needed mostly because $DESTDIR is provided as a variable,
+# and we need to create the target directory...
+
+mkdir -vp "$(dirname "${DESTDIR:-}$2")"
+if [ "$(dirname $1)" = . ]; then
+        ln -vfs -T "$1" "${DESTDIR:-}$2"
+else
+        ln -vfs -T --relative "${DESTDIR:-}$1" "${DESTDIR:-}$2"
+fi