Commit Graph

14 Commits

Author SHA1 Message Date
Philip Withnall b4a74b0fa4 accounts-service: Allow installation to the system repo by default
Note that this permissions check only concerns parental controls. If the
system flatpak polkit policy disallows installation to the system repo
(or requires an administrator password for it), this setting cannot
override that.

The default was previously to disallow installation, because the flatpak
polkit policy was previously overridden by these settings. How parental
controls are checked in flatpak has evolved since then, though.

See: https://github.com/flatpak/flatpak/issues/3995

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-09 16:08:52 +00:00
Sergey Shatunov 0114e4d965
Add option to tweak privileged group in polkit rules
Signed-off-by: Sergey Shatunov <me@prok.pw>
2020-06-18 03:35:36 +07:00
Matthew Leeds 15e8a74b21 tree-wide: Replace usages of whitelist/blacklist
Replace usages of the terms whitelist and blacklist with the more
inclusive and more precise terms allowlist and blocklist, which are
actually also more consistent with parts of the codebase, e.g.
mct_app_filter_is_content_type_allowed().

The only API break here is in libmalcontent/app-filter.h but the
relevant API is not used anywhere else in Endless OS beyond this repo,
nor to my knowledge in any other distribution. Also, per the README,
this project's API is not stable, so now is a good time to make this
change.
2020-06-09 15:35:21 -07:00
Philip Withnall 372d51a491 accounts-service: Add AccountInfo interface
This will store information about the user which is related to parental
controls. Currently, that’s just a boolean indicating that the user is a
parent, and hence that their account should be presented differently in
UIs.

See: https://gitlab.gnome.org/GNOME/gnome-initial-setup/issues/94

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-02-25 13:10:35 +00:00
Philip Withnall 5e49cb7831 libmalcontent: Add a SessionLimits interface for time-limited sessions
This is another extension interface on accountsservice which stores
information about time and usage limits on the user session. Currently,
only a ‘daily schedule’ limit (or no limit) is supported, but additional
types and combinations of limits can be supported in future.

The daily schedule limit allows using the computer between a certain
start time and end time each day (the same each day). The user will be
kicked out of their session when the end time is reached, if they
haven’t already logged out.

This includes the getters for the new data, polkit rules for accessing
it, and some documentation. Changes to `malcontent-client` to support
session limits, setters, and unit tests will all follow.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-01-16 13:17:45 +00:00
Philip Withnall f0bb0c9cb9 accounts-service: Add polkit .rules file to stop prompting admins
When logged in as an administrator, and editing other user accounts in
gnome-control-center, polkit keeps popping up authentication dialogues
to read or change other users’ parental controls data. That shouldn’t be
necessary since we’re an admin user, and it’s not a critical enough
action to need to prompt the admin to re-authenticate to make sure they
really want to make such changes.

Add a .rules file to squash the polkit prompts for reading other users’
parental controls. Keep the default policy of auth_admin_keep for
changing our/others’ parental controls, since that should be handled by
the ‘Unlock’ button in g-c-c.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23897
2019-01-07 15:33:18 +00:00
Philip Withnall b932f443d5 accounts-service: Rename D-Bus properties to CamelCase
That’s what’s more conventional for D-Bus properties, and we really
should have used CamelCase from the beginning.

See the advice on
https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties:
> Strictly speaking, D-Bus property names are not required to follow
> the same naming restrictions as member names, but D-Bus property
> names that would not be valid member names (in particular,
> GObject-style dash-separated property names) can cause
> interoperability problems and should be avoided.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-12-12 13:43:39 +00:00
Philip Withnall 222b436a61 accounts-service: Add allow-user-installation setting
This controls whether the user can install to their user repository at
all; if it’s true (the default), then installation of apps is still
subject to the OARS filter.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T24457
2018-11-29 21:16:36 +00:00
Philip Withnall 3ec77740c7 accounts-service: Rename allow-app-installation to be system-specific
This is in preparation for adding a second boolean for the flatpak user
repository. Make the existing allow-app-installation boolean control
permissions for the flatpak system repository.

Having one boolean for each repository means we can allow users to
install to their user repository by default (subject to OARS ratings),
but not be allowed to install to the system repository.

While changing the name and semantics of the boolean, flip its default
value from True to False. Rather than letting any non-admin user install
new apps by default (subject to OARS restrictions), re-limit it to admin
users and users whose allow-system-installation key has been explicitly
set to True by the admin.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T24457
2018-11-29 21:13:28 +00:00
Philip Withnall 60a938de0e libeos-parental-controls: Support disallowing app installation entirely
This is a boolean preference which overrides the OARS values entirely if
FALSE.

This change breaks ABI for EpcAppFilterBuilder, but since that hasn’t
been used in any code we’ve shipped yet, that should be OK.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T24457
2018-11-13 11:30:19 +00:00
Philip Withnall 1e3defccf2 accounts-service: Add support for oars-1.1
Even though I can’t find a single copy of the specification or how it
differs from oars-1.0; it allegedly exists.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23999
2018-10-11 15:15:46 +13:00
Philip Withnall d718d83c91 accounts-service: Add storage of OARS filter data
Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23999
2018-10-09 23:20:14 +13:00
Philip Withnall b97d101db6 po: Add basic translation support
The messages in the polkit policy file need translating.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23858
2018-09-28 10:12:53 +02:00
Philip Withnall 79a4c41eee accounts-service: Add accounts service vendor extension for app filter
Use accounts service’s vendor extension support for storing the app
filter per user, in a way that persists and which access to is
controlled by polkit (so writes can be restricted to administrators).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://phabricator.endlessm.com/T23858
2018-09-28 10:12:53 +02:00