This is in preparation for adding a second boolean for the flatpak user
repository. Make the existing allow-app-installation boolean control
permissions for the flatpak system repository.
Having one boolean for each repository means we can allow users to
install to their user repository by default (subject to OARS ratings),
but not be allowed to install to the system repository.
While changing the name and semantics of the boolean, flip its default
value from True to False. Rather than letting any non-admin user install
new apps by default (subject to OARS restrictions), re-limit it to admin
users and users whose allow-system-installation key has been explicitly
set to True by the admin.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24457
These are the app-specific part of a flatpak ref, and are what’s
available when you have a .desktop file, via the X-Flatpak key in the
.desktop file. For example, for a flatpak ref
‘app/org.gnome.Builder/x86_64/master’, the app ID is
‘org.gnome.Builder’. It makes sense that we’d want to match against app
IDs in some situations, since the user probably doesn’t care about the
architecture or branch of the app they want to proscribe.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24016
Previously we just printed whether the filter was successfully
retrieved, since there weren’t any non-parameterised getter functions on
EpcAppFilter. Now we have some of them, we can print details of the app
filter.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24457
This should not introduce any functional changes, but does simplify the
code.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24024
As well as handling paths on the file system, we should allow flatpak
refs to be explicitly handled in the app filter.
Both refs and paths can be stored safely in the same app filter GStrv
because paths are always absolute and refs always start with ‘app/’ or
‘runtime/’.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24020
This allows the app filter to be set, using the new library API for it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24025
This allows the app filter to be set, using the new library API for it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T24025
This basic support will return the value of a given OARS section to the
caller.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T23999
This allows querying of the parental controls for a given user (or the
current user).
Includes documentation but no tests yet.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://phabricator.endlessm.com/T23859