matteo
/
malcontent
1
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

WIP: add DNS parental controls (Rust version) #2

Draft
matteo wants to merge 2 commits from feature/dns-nss-parental-controls-rust into main
pull from: feature/dns-nss-parental-controls-rust
merge into: matteo:main
Conversation 0 Commits 2 Files Changed 27 +84
4 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3beee1cf84 - Show all commits

41
accounts-service/com.endlessm.ParentalControls.Dns.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
<interface name="com.endlessm.ParentalControls.Dns">
<annotation name="org.freedesktop.Accounts.VendorExtension" value="true"/>
<annotation name="org.freedesktop.Accounts.Authentication.ChangeOwn"
value="com.endlessm.ParentalControls.SessionLimits.ChangeOwn"/>
<annotation name="org.freedesktop.Accounts.Authentication.ReadOwn"
value="com.endlessm.ParentalControls.SessionLimits.ReadOwn"/>
<annotation name="org.freedesktop.Accounts.Authentication.ChangeAny"
value="com.endlessm.ParentalControls.SessionLimits.ChangeAny"/>
<annotation name="org.freedesktop.Accounts.Authentication.ReadAny"
value="com.endlessm.ParentalControls.SessionLimits.ReadAny"/>
<!--
Dns:
A list of DNS server IP addresses to use for this user, in order of preference.
Each can be optionally qualified by a hashtag and the corresponding
hostname (if a TLS version is supported).
For instance: using "dns0.eu Kids" (https://www.dns0.eu/kids),
which offers a good number of blocked domains, would entail:
- `193.110.81.1#kids.dns0.eu`
- `2a0f:fc80::1#kids.dns0.eu`
- `185.253.5.1#kids.dns0.eu`
- `2a0f:fc81::1#kids.dns0.eu`
If the array is left empty, the globally-set system resolver
is used instead.
-->
<property name="Dns" type="as" access="readwrite">
<annotation name="org.freedesktop.Accounts.DefaultValue" value=""/>
</property>
</interface>
</node>

40
accounts-service/com.endlessm.ParentalControls.policy.in
View File

@ -40,6 +40,46 @@
</defaults> </defaults>
</action> </action>
<action id="com.endlessm.ParentalControls.Dns.ChangeOwn">
<description>Change your own DNS servers</description>
<message>Authentication is required to change your DNS servers.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="com.endlessm.ParentalControls.Dns.ReadOwn">
<description>Read your own DNS servers</description>
<message>Authentication is required to read your DNS servers.</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="com.endlessm.ParentalControls.Dns.ChangeAny">
<description>Change another users DNS servers</description>
<message>Authentication is required to change another users DNS servers.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="com.endlessm.ParentalControls.Dns.ReadAny">
<description>Read another users DNS servers</description>
<message>Authentication is required to read another users DNS servers.</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="com.endlessm.ParentalControls.SessionLimits.ChangeOwn"> <action id="com.endlessm.ParentalControls.SessionLimits.ChangeOwn">
<description>Change your own session limits</description> <description>Change your own session limits</description>
<message>Authentication is required to change your session limits.</message> <message>Authentication is required to change your session limits.</message>

2
accounts-service/com.endlessm.ParentalControls.rules.in
View File

@ -24,6 +24,8 @@ polkit.addRule(function(action, subject) {
* needing an additional polkit authorisation dialogue. */ * needing an additional polkit authorisation dialogue. */
if ((action.id == "com.endlessm.ParentalControls.AppFilter.ReadOwn" || if ((action.id == "com.endlessm.ParentalControls.AppFilter.ReadOwn" ||
action.id == "com.endlessm.ParentalControls.AppFilter.ReadAny" || action.id == "com.endlessm.ParentalControls.AppFilter.ReadAny" ||
action.id == "com.endlessm.ParentalControls.Dns.ReadOwn" ||
action.id == "com.endlessm.ParentalControls.Dns.ReadAny" ||
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" || action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") && action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
subject.active && subject.local && subject.active && subject.local &&

1
accounts-service/meson.build
View File

@ -9,6 +9,7 @@ i18n.merge_file(
dbus_interfaces = [ dbus_interfaces = [
'com.endlessm.ParentalControls.AccountInfo', 'com.endlessm.ParentalControls.AccountInfo',
'com.endlessm.ParentalControls.AppFilter', 'com.endlessm.ParentalControls.AppFilter',
'com.endlessm.ParentalControls.Dns',
'com.endlessm.ParentalControls.SessionLimits', 'com.endlessm.ParentalControls.SessionLimits',
] ]