libeos-parental-controls: Add support for flatpak refs

As well as handling paths on the file system, we should allow flatpak refs to be explicitly handled in the app filter. Both refs and paths can be stored safely in the same app filter GStrv because paths are always absolute and refs always start with ‘app/’ or ‘runtime/’. Signed-off-by: Philip Withnall <withnall@endlessm.com> https://phabricator.endlessm.com/T24020
2018-10-12 17:59:04 +13:00 · 2018-10-12 17:59:04 +13:00 · c19b6a777f
commit c19b6a777f
parent da8884e7db
4 changed files with 103 additions and 16 deletions
--- a/eos-parental-controls-client/eos-parental-controls-client.py
+++ b/eos-parental-controls-client/eos-parental-controls-client.py
@ -171,20 +171,28 @@ def command_get(user, quiet=False, interactive=True):


 def command_check(user, path, quiet=False, interactive=True):
-    """Check the given path is runnable by the given user, according to their
-    app filter."""
+    """Check the given path or flatpak ref is runnable by the given user,
+    according to their app filter."""
    user_id = __lookup_user_id_or_error(user)
    app_filter = __get_app_filter_or_error(user_id, interactive)

-    path = os.path.abspath(path)
+    if path.startswith('app/') or path.startswith('runtime/'):
+        # Flatpak ref
+        is_allowed = app_filter.is_flatpak_ref_allowed(path)
+        noun = 'Flatpak ref'
+    else:
+        # File system path
+        path = os.path.abspath(path)
+        is_allowed = app_filter.is_path_allowed(path)
+        noun = 'Path'

-    if app_filter.is_path_allowed(path):
-        print('Path {} is allowed by app filter for user {}'.format(
-            path, user_id))
+    if is_allowed:
+        print('{} {} is allowed by app filter for user {}'.format(
+            noun, path, user_id))
        return
    else:
-        print('Path {} is not allowed by app filter for user {}'.format(
-            path, user_id))
+        print('{} {} is not allowed by app filter for user {}'.format(
+            noun, path, user_id))
        raise SystemExit(EXIT_PATH_NOT_ALLOWED)


@ -214,6 +222,8 @@ def command_set(user, app_filter_args=None, quiet=False, interactive=True):
                      file=sys.stderr)
                raise SystemExit(EXIT_INVALID_OPTION)
            builder.set_oars_value(section, value)
+        elif arg.startswith('app/') or arg.startswith('runtime/'):
+            builder.blacklist_flatpak_ref(arg)
        else:
            builder.blacklist_path(arg)
    app_filter = builder.end()