From affecd74b8a5e704bc768c9c7fcd9e5fcddf07e4 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Mon, 26 Nov 2018 14:48:45 +0000 Subject: [PATCH] libeos-parental-controls: Add epc_app_filter_is_appinfo_allowed() API This is a wrapper around the existing blacklist checking APIs which binds them to specific keys in a #GAppInfo. Signed-off-by: Philip Withnall https://phabricator.endlessm.com/T24017 --- libeos-parental-controls/app-filter.c | 70 +++++++++++++++++++++++++++ libeos-parental-controls/app-filter.h | 2 + libeos-parental-controls/meson.build | 6 ++- 3 files changed, 77 insertions(+), 1 deletion(-) diff --git a/libeos-parental-controls/app-filter.c b/libeos-parental-controls/app-filter.c index bd146da..43a939e 100644 --- a/libeos-parental-controls/app-filter.c +++ b/libeos-parental-controls/app-filter.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include @@ -248,6 +249,75 @@ epc_app_filter_is_flatpak_app_allowed (EpcAppFilter *filter, } } +/** + * epc_app_filter_is_appinfo_allowed: + * @filter: an #EpcAppFilter + * @app_info: (transfer none): application information + * + * Check whether the app with the given @app_info is allowed to be run + * according to this app filter. This matches on multiple keys potentially + * present in the #GAppInfo, including the path of the executable. + * + * Returns: %TRUE if the user this @filter corresponds to is allowed to run the + * app represented by @app_info according to the @filter policy; %FALSE + * otherwise + * Since: 0.1.0 + */ +gboolean +epc_app_filter_is_appinfo_allowed (EpcAppFilter *filter, + GAppInfo *app_info) +{ + g_autofree gchar *abs_path = NULL; + + g_return_val_if_fail (filter != NULL, FALSE); + g_return_val_if_fail (filter->ref_count >= 1, FALSE); + g_return_val_if_fail (G_IS_APP_INFO (app_info), FALSE); + + abs_path = g_find_program_in_path (g_app_info_get_executable (app_info)); + + if (abs_path != NULL && + !epc_app_filter_is_path_allowed (filter, abs_path)) + return FALSE; + + if (G_IS_DESKTOP_APP_INFO (app_info)) + { + g_autofree gchar *flatpak_app = NULL; + g_autofree gchar *old_flatpak_apps_str = NULL; + + /* This gives `org.gnome.Builder`. */ + flatpak_app = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak"); + if (flatpak_app != NULL) + flatpak_app = g_strstrip (flatpak_app); + + if (flatpak_app != NULL && + !epc_app_filter_is_flatpak_app_allowed (filter, flatpak_app)) + return FALSE; + + /* FIXME: This could do with the g_desktop_app_info_get_string_list() API + * from GLib 2.60. Gives `gimp.desktop;org.gimp.Gimp.desktop;`. */ + old_flatpak_apps_str = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak-RenamedFrom"); + if (old_flatpak_apps_str != NULL) + { + g_auto(GStrv) old_flatpak_apps = g_strsplit (old_flatpak_apps_str, ";", -1); + + for (gsize i = 0; old_flatpak_apps[i] != NULL; i++) + { + gchar *old_flatpak_app = g_strstrip (old_flatpak_app); + + if (g_str_has_suffix (old_flatpak_app, ".desktop")) + old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0'; + old_flatpak_app = g_strstrip (old_flatpak_app); + + if (*old_flatpak_app != '\0' && + !epc_app_filter_is_flatpak_app_allowed (filter, old_flatpak_app)) + return FALSE; + } + } + } + + return TRUE; +} + static gint strcmp_cb (gconstpointer a, gconstpointer b) diff --git a/libeos-parental-controls/app-filter.h b/libeos-parental-controls/app-filter.h index fbca57a..1f952ff 100644 --- a/libeos-parental-controls/app-filter.h +++ b/libeos-parental-controls/app-filter.h @@ -104,6 +104,8 @@ gboolean epc_app_filter_is_flatpak_ref_allowed (EpcAppFilter *filter, const gchar *app_ref); gboolean epc_app_filter_is_flatpak_app_allowed (EpcAppFilter *filter, const gchar *app_id); +gboolean epc_app_filter_is_appinfo_allowed (EpcAppFilter *filter, + GAppInfo *app_info); const gchar **epc_app_filter_get_oars_sections (EpcAppFilter *filter); EpcAppFilterOarsValue epc_app_filter_get_oars_value (EpcAppFilter *filter, diff --git a/libeos-parental-controls/meson.build b/libeos-parental-controls/meson.build index 1336742..f9b19fd 100644 --- a/libeos-parental-controls/meson.build +++ b/libeos-parental-controls/meson.build @@ -12,13 +12,16 @@ libeos_parental_controls_public_deps = [ dependency('glib-2.0', version: '>= 2.54.2'), dependency('gobject-2.0', version: '>= 2.54'), ] +libeos_parental_controls_private_deps = [ + dependency('gio-unix-2.0', version: '>= 2.36'), +] # FIXME: Would be good to use subdir here: https://github.com/mesonbuild/meson/issues/2969 libeos_parental_controls_include_subdir = join_paths(libeos_parental_controls_api_name, 'libeos-parental-controls') libeos_parental_controls = library(libeos_parental_controls_api_name, libeos_parental_controls_sources + libeos_parental_controls_headers, - dependencies: libeos_parental_controls_public_deps, + dependencies: libeos_parental_controls_public_deps + libeos_parental_controls_private_deps, include_directories: root_inc, install: true, version: meson.project_version(), @@ -42,6 +45,7 @@ pkgconfig.generate( filebase: libeos_parental_controls_api_name, description: 'Library providing access to parental control settings.', requires: libeos_parental_controls_public_deps, + requires_private: libeos_parental_controls_private_deps, ) gnome.generate_gir(libeos_parental_controls,