Branch data Line data Source code
1 : : /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
2 : : *
3 : : * Copyright © 2018-2019 Endless Mobile, Inc.
4 : : *
5 : : * SPDX-License-Identifier: LGPL-2.1-or-later
6 : : *
7 : : * This library is free software; you can redistribute it and/or
8 : : * modify it under the terms of the GNU Lesser General Public
9 : : * License as published by the Free Software Foundation; either
10 : : * version 2.1 of the License, or (at your option) any later version.
11 : : *
12 : : * This library is distributed in the hope that it will be useful,
13 : : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 : : * Lesser General Public License for more details.
16 : : *
17 : : * You should have received a copy of the GNU Lesser General Public
18 : : * License along with this library; if not, write to the Free Software
19 : : * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 : : *
21 : : * Authors:
22 : : * - Philip Withnall <withnall@endlessm.com>
23 : : * - Andre Moreira Magalhaes <andre@endlessm.com>
24 : : */
25 : :
26 : : #include "config.h"
27 : :
28 : : #include <glib.h>
29 : : #include <glib-object.h>
30 : : #include <glib/gi18n-lib.h>
31 : : #include <gio/gdesktopappinfo.h>
32 : : #include <gio/gio.h>
33 : : #include <libmalcontent/app-filter.h>
34 : :
35 : : #include "libmalcontent/app-filter-private.h"
36 : :
37 : :
38 : : /* FIXME: Eventually deprecate these compatibility fallbacks. */
39 : : /**
40 : : * mct_app_filter_error_quark:
41 : : *
42 : : * Error quark aliased to [error@Malcontent.ManagerError].
43 : : *
44 : : * Returns: identifier for error domain
45 : : * Since: 0.2.0
46 : : */
47 : : GQuark
48 : 3 : mct_app_filter_error_quark (void)
49 : : {
50 : 3 : return mct_manager_error_quark ();
51 : : }
52 : :
53 : : /* struct _MctAppFilter is defined in app-filter-private.h */
54 : :
55 [ + + + - : 10 : G_DEFINE_BOXED_TYPE (MctAppFilter, mct_app_filter,
+ + ]
56 : : mct_app_filter_ref, mct_app_filter_unref)
57 : :
58 : : /**
59 : : * mct_app_filter_ref:
60 : : * @filter: (transfer none): an app filter
61 : : *
62 : : * Increment the reference count of @filter, and return the same pointer to it.
63 : : *
64 : : * Returns: (transfer full): the same pointer as @filter
65 : : * Since: 0.2.0
66 : : */
67 : : MctAppFilter *
68 : 4 : mct_app_filter_ref (MctAppFilter *filter)
69 : : {
70 : 4 : g_return_val_if_fail (filter != NULL, NULL);
71 : 4 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
72 : 4 : g_return_val_if_fail (filter->ref_count <= G_MAXINT - 1, NULL);
73 : :
74 : 4 : filter->ref_count++;
75 : 4 : return filter;
76 : : }
77 : :
78 : : /**
79 : : * mct_app_filter_unref:
80 : : * @filter: (transfer full): an app filter
81 : : *
82 : : * Decrement the reference count of @filter. If the reference count reaches
83 : : * zero, free the @filter and all its resources.
84 : : *
85 : : * Since: 0.2.0
86 : : */
87 : : void
88 : 94 : mct_app_filter_unref (MctAppFilter *filter)
89 : : {
90 : 94 : g_return_if_fail (filter != NULL);
91 : 94 : g_return_if_fail (filter->ref_count >= 1);
92 : :
93 : 94 : filter->ref_count--;
94 : :
95 [ + + ]: 94 : if (filter->ref_count <= 0)
96 : : {
97 : 90 : g_strfreev (filter->app_list);
98 : 90 : g_variant_unref (filter->oars_ratings);
99 : 90 : g_free (filter);
100 : : }
101 : : }
102 : :
103 : : /**
104 : : * mct_app_filter_get_user_id:
105 : : * @filter: an app filter
106 : : *
107 : : * Get the user ID of the user this app filter is for.
108 : : *
109 : : * Returns: user ID of the relevant user, or `(uid_t) -1` if unknown
110 : : * Since: 0.2.0
111 : : */
112 : : uid_t
113 : 5 : mct_app_filter_get_user_id (MctAppFilter *filter)
114 : : {
115 : 5 : g_return_val_if_fail (filter != NULL, FALSE);
116 : 5 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
117 : :
118 : 5 : return filter->user_id;
119 : : }
120 : :
121 : : static MctAppFilterOarsValue
122 : 38 : oars_str_to_enum (const gchar *value_str)
123 : : {
124 [ + + ]: 38 : if (g_str_equal (value_str, "none"))
125 : 4 : return MCT_APP_FILTER_OARS_VALUE_NONE;
126 [ + + ]: 34 : else if (g_str_equal (value_str, "mild"))
127 : 15 : return MCT_APP_FILTER_OARS_VALUE_MILD;
128 [ + + ]: 19 : else if (g_str_equal (value_str, "moderate"))
129 : 13 : return MCT_APP_FILTER_OARS_VALUE_MODERATE;
130 [ + + ]: 6 : else if (g_str_equal (value_str, "intense"))
131 : 3 : return MCT_APP_FILTER_OARS_VALUE_INTENSE;
132 : : else
133 : 3 : return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
134 : : }
135 : :
136 : : /**
137 : : * mct_app_filter_is_enabled:
138 : : * @filter: an app filter
139 : : *
140 : : * Check whether the app filter is enabled and is going to impose at least one
141 : : * restriction on the user.
142 : : *
143 : : * This gives a high level view of whether app filter parental controls are
144 : : * ‘enabled’ for the given user.
145 : : *
146 : : * Returns: true if the app filter contains at least one non-default value,
147 : : * false if it’s entirely default
148 : : * Since: 0.7.0
149 : : */
150 : : gboolean
151 : 51 : mct_app_filter_is_enabled (MctAppFilter *filter)
152 : : {
153 : : gboolean oars_ratings_all_intense_or_unknown;
154 : : GVariantIter iter;
155 : : const gchar *oars_value;
156 : :
157 : 51 : g_return_val_if_fail (filter != NULL, FALSE);
158 : 51 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
159 : :
160 : : /* The least restrictive OARS filter has all values as intense, or unknown. */
161 : 51 : oars_ratings_all_intense_or_unknown = TRUE;
162 : 51 : g_variant_iter_init (&iter, filter->oars_ratings);
163 : :
164 [ + + ]: 55 : while (g_variant_iter_loop (&iter, "{&s&s}", NULL, &oars_value))
165 : : {
166 : 21 : MctAppFilterOarsValue value = oars_str_to_enum (oars_value);
167 : :
168 [ + + + + ]: 21 : if (value != MCT_APP_FILTER_OARS_VALUE_UNKNOWN &&
169 : : value != MCT_APP_FILTER_OARS_VALUE_INTENSE)
170 : : {
171 : 17 : oars_ratings_all_intense_or_unknown = FALSE;
172 : 17 : break;
173 : : }
174 : : }
175 : :
176 : : /* Check all fields against their default values. Ignore
177 : : * `allow_system_installation` since it’s false by default, so the default
178 : : * value is already the most restrictive. */
179 : 99 : return ((filter->app_list_type == MCT_APP_FILTER_LIST_BLOCKLIST &&
180 [ + + ]: 48 : filter->app_list[0] != NULL) ||
181 [ + + + + ]: 37 : filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST ||
182 [ + + ]: 102 : !oars_ratings_all_intense_or_unknown ||
183 [ + + ]: 25 : !filter->allow_user_installation);
184 : : }
185 : :
186 : : /**
187 : : * mct_app_filter_is_path_allowed:
188 : : * @filter: an app filter
189 : : * @path: (type filename): absolute path of a program to check
190 : : *
191 : : * Check whether the program at @path is allowed to be run according to this
192 : : * app filter.
193 : : *
194 : : * @path will be canonicalised without doing any I/O.
195 : : *
196 : : * Returns: true if the user this @filter corresponds to is allowed to run the
197 : : * program at @path according to the @filter policy; false otherwise
198 : : * Since: 0.2.0
199 : : */
200 : : gboolean
201 : 66 : mct_app_filter_is_path_allowed (MctAppFilter *filter,
202 : : const gchar *path)
203 : : {
204 : 66 : g_return_val_if_fail (filter != NULL, FALSE);
205 : 66 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
206 : 66 : g_return_val_if_fail (path != NULL, FALSE);
207 : 66 : g_return_val_if_fail (g_path_is_absolute (path), FALSE);
208 : :
209 : 132 : g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
210 : 132 : g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
211 : : NULL, NULL, NULL);
212 : 66 : g_return_val_if_fail (canonical_path_utf8 != NULL, FALSE);
213 : :
214 : 66 : gboolean path_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
215 : : canonical_path_utf8);
216 : :
217 [ + + - ]: 66 : switch (filter->app_list_type)
218 : : {
219 : 64 : case MCT_APP_FILTER_LIST_BLOCKLIST:
220 : 64 : return !path_in_list;
221 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
222 : 2 : return path_in_list;
223 : 0 : default:
224 : : g_assert_not_reached ();
225 : : }
226 : : }
227 : :
228 : : /* Check whether a given @ref is a valid flatpak ref.
229 : : *
230 : : * For simplicity and to avoid duplicating the whole logic behind
231 : : * flatpak_ref_parse() this method will only check whether:
232 : : * - the @ref contains exactly 3 slash chars
233 : : * - the @ref starts with either app/ or runtime/
234 : : * - the name, arch and branch components of the @ref are not empty
235 : : *
236 : : * We avoid using flatpak_ref_parse() to allow for libflatpak
237 : : * to depend on malcontent without causing a cyclic dependency.
238 : : */
239 : : static gboolean
240 : 149 : is_valid_flatpak_ref (const gchar *ref)
241 : : {
242 : 149 : g_auto(GStrv) parts = NULL;
243 : :
244 [ - + ]: 149 : if (ref == NULL)
245 : 0 : return FALSE;
246 : :
247 : 149 : parts = g_strsplit (ref, "/", 0);
248 : 149 : return (g_strv_length (parts) == 4 &&
249 [ + + ]: 92 : (strcmp (parts[0], "app") == 0 ||
250 [ - + ]: 13 : strcmp (parts[0], "runtime") == 0) &&
251 [ + - ]: 79 : *parts[1] != '\0' &&
252 [ + + + - ]: 320 : *parts[2] != '\0' &&
253 [ + - ]: 79 : *parts[3] != '\0');
254 : : }
255 : :
256 : : /**
257 : : * mct_app_filter_is_flatpak_ref_allowed:
258 : : * @filter: an app filter
259 : : * @app_ref: flatpak ref for the app, for example
260 : : * `app/org.gnome.Builder/x86_64/master`
261 : : *
262 : : * Check whether the flatpak app with the given @app_ref is allowed to be run
263 : : * according to this app filter.
264 : : *
265 : : * Returns: true if the user this @filter corresponds to is allowed to run the
266 : : * flatpak called @app_ref according to the @filter policy; false otherwise
267 : : * Since: 0.2.0
268 : : */
269 : : gboolean
270 : 26 : mct_app_filter_is_flatpak_ref_allowed (MctAppFilter *filter,
271 : : const gchar *app_ref)
272 : : {
273 : 26 : g_return_val_if_fail (filter != NULL, FALSE);
274 : 26 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
275 : 26 : g_return_val_if_fail (app_ref != NULL, FALSE);
276 : 26 : g_return_val_if_fail (is_valid_flatpak_ref (app_ref), FALSE);
277 : :
278 : 26 : gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
279 : : app_ref);
280 : :
281 [ + + - ]: 26 : switch (filter->app_list_type)
282 : : {
283 : 24 : case MCT_APP_FILTER_LIST_BLOCKLIST:
284 : 24 : return !ref_in_list;
285 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
286 : 2 : return ref_in_list;
287 : 0 : default:
288 : : g_assert_not_reached ();
289 : : }
290 : : }
291 : :
292 : : /**
293 : : * mct_app_filter_is_flatpak_app_allowed:
294 : : * @filter: an app filter
295 : : * @app_id: flatpak ID for the app, for example `org.gnome.Builder`
296 : : *
297 : : * Check whether the flatpak app with the given @app_id is allowed to be run
298 : : * according to this app filter.
299 : : *
300 : : * This is a globbing match, matching @app_id against potentially multiple
301 : : * entries in the blocklist, as the blocklist contains flatpak refs (for
302 : : * example, `app/org.gnome.Builder/x86_64/master`) which contain architecture
303 : : * and branch information. App IDs (for example, `org.gnome.Builder`) do not
304 : : * contain architecture or branch information.
305 : : *
306 : : * Returns: true if the user this @filter corresponds to is allowed to run the
307 : : * flatpak called @app_id according to the @filter policy; false otherwise
308 : : * Since: 0.2.0
309 : : */
310 : : gboolean
311 : 53 : mct_app_filter_is_flatpak_app_allowed (MctAppFilter *filter,
312 : : const gchar *app_id)
313 : : {
314 : 53 : g_return_val_if_fail (filter != NULL, FALSE);
315 : 53 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
316 : 53 : g_return_val_if_fail (app_id != NULL, FALSE);
317 : :
318 : 53 : gsize app_id_len = strlen (app_id);
319 : :
320 : 53 : gboolean id_in_list = FALSE;
321 [ + + ]: 150 : for (gsize i = 0; filter->app_list[i] != NULL; i++)
322 : : {
323 [ + + ]: 113 : if (is_valid_flatpak_ref (filter->app_list[i]) &&
324 [ + - - + : 43 : g_str_has_prefix (filter->app_list[i], "app/") &&
+ - + - ]
325 [ + + ]: 43 : strncmp (filter->app_list[i] + strlen ("app/"), app_id, app_id_len) == 0 &&
326 [ + - ]: 16 : filter->app_list[i][strlen ("app/") + app_id_len] == '/')
327 : : {
328 : 16 : id_in_list = TRUE;
329 : 16 : break;
330 : : }
331 : : }
332 : :
333 [ + + - ]: 53 : switch (filter->app_list_type)
334 : : {
335 : 50 : case MCT_APP_FILTER_LIST_BLOCKLIST:
336 : 50 : return !id_in_list;
337 : 3 : case MCT_APP_FILTER_LIST_ALLOWLIST:
338 : 3 : return id_in_list;
339 : 0 : default:
340 : : g_assert_not_reached ();
341 : : }
342 : : }
343 : :
344 : : /* Implement folding of the results of applying the app filter to multiple keys
345 : : * of a #GAppInfo, including short circuiting. If the app filter is a blocklist,
346 : : * we want to short circuit return blocked on the first key which is blocked;
347 : : * otherwise continue to checking the next key. Similarly, if the app filter is
348 : : * an allowlist, we want to short circuit return *allowed* on the first key
349 : : * which is allowed; otherwise continue to checking the next key.
350 : : *
351 : : * @allowed is the result of an app filter check against a single key.
352 : : * The return value from this function indicates whether to short circuit, i.e.
353 : : * whether to return control flow immediately after this function returns. The
354 : : * result of the fold is returned as @allowed_out.
355 : : *
356 : : * The base case for if all keys have been checked and nothing has been allowed
357 : : * or blocked so far is filter_fold_base(). */
358 : : static gboolean
359 : 64 : filter_fold_should_short_circuit (MctAppFilter *filter,
360 : : gboolean allowed,
361 : : gboolean *allowed_out)
362 : : {
363 [ + - - ]: 64 : switch (filter->app_list_type)
364 : : {
365 : 64 : case MCT_APP_FILTER_LIST_BLOCKLIST:
366 [ + + ]: 64 : if (!allowed)
367 : : {
368 : 12 : *allowed_out = FALSE;
369 : 12 : return TRUE;
370 : : }
371 : 52 : break;
372 : 0 : case MCT_APP_FILTER_LIST_ALLOWLIST:
373 [ # # ]: 0 : if (allowed)
374 : : {
375 : 0 : *allowed_out = TRUE;
376 : 0 : return TRUE;
377 : : }
378 : 0 : break;
379 : 0 : default:
380 : : g_assert_not_reached ();
381 : : }
382 : :
383 : 52 : return FALSE;
384 : : }
385 : :
386 : : static gboolean
387 : 14 : filter_fold_base (MctAppFilter *filter)
388 : : {
389 [ + - - ]: 14 : switch (filter->app_list_type)
390 : : {
391 : 14 : case MCT_APP_FILTER_LIST_BLOCKLIST:
392 : 14 : return TRUE;
393 : 0 : case MCT_APP_FILTER_LIST_ALLOWLIST:
394 : 0 : return FALSE;
395 : 0 : default:
396 : : g_assert_not_reached ();
397 : : }
398 : : }
399 : :
400 : : /**
401 : : * mct_app_filter_is_appinfo_allowed:
402 : : * @filter: an app filter
403 : : * @app_info: (transfer none): application information
404 : : *
405 : : * Check whether the app with the given @app_info is allowed to be run
406 : : * according to this app filter.
407 : : *
408 : : * This matches on multiple keys potentially present in the [iface@Gio.AppInfo],
409 : : * including the path of the executable.
410 : : *
411 : : * If the app filter is a blocklist, the @app_info is blocked if any of its
412 : : * keys are blocked. If the app filter is an allowlist, the @app_info is allowed
413 : : * if any of its keys are allowed.
414 : : *
415 : : * Returns: true if the user this @filter corresponds to is allowed to run the
416 : : * app represented by @app_info according to the @filter policy; false
417 : : * otherwise
418 : : * Since: 0.2.0
419 : : */
420 : : gboolean
421 : 26 : mct_app_filter_is_appinfo_allowed (MctAppFilter *filter,
422 : : GAppInfo *app_info)
423 : : {
424 : : const char *exec;
425 : 26 : g_autofree gchar *abs_path = NULL;
426 : 26 : const gchar * const *types = NULL;
427 : 26 : gboolean retval = FALSE;
428 : :
429 : 26 : g_return_val_if_fail (filter != NULL, FALSE);
430 : 26 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
431 : 26 : g_return_val_if_fail (G_IS_APP_INFO (app_info), FALSE);
432 : :
433 : 26 : exec = g_app_info_get_executable (app_info);
434 [ + - ]: 26 : abs_path = (exec != NULL) ? g_find_program_in_path (exec) : NULL;
435 : :
436 [ + - + + ]: 52 : if (abs_path != NULL &&
437 : 26 : filter_fold_should_short_circuit (filter,
438 : : mct_app_filter_is_path_allowed (filter, abs_path),
439 : : &retval))
440 : 2 : return retval;
441 : :
442 : 24 : types = g_app_info_get_supported_types (app_info);
443 [ + + + + ]: 36 : for (gsize i = 0; types != NULL && types[i] != NULL; i++)
444 : : {
445 [ + + ]: 16 : if (filter_fold_should_short_circuit (filter,
446 : 16 : mct_app_filter_is_content_type_allowed (filter, types[i]),
447 : : &retval))
448 : 4 : return retval;
449 : : }
450 : :
451 [ - + + - : 20 : if (G_IS_DESKTOP_APP_INFO (app_info))
+ - + - ]
452 : : {
453 [ + + ]: 20 : g_autofree gchar *flatpak_app = NULL;
454 [ + + ]: 20 : g_autofree gchar *old_flatpak_apps_str = NULL;
455 : :
456 : : /* This gives `org.gnome.Builder`. */
457 : 20 : flatpak_app = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak");
458 [ + + ]: 20 : if (flatpak_app != NULL)
459 : 10 : flatpak_app = g_strstrip (flatpak_app);
460 : :
461 [ + + + + ]: 30 : if (flatpak_app != NULL &&
462 : 10 : filter_fold_should_short_circuit (filter,
463 : : mct_app_filter_is_flatpak_app_allowed (filter, flatpak_app),
464 : : &retval))
465 : 2 : return retval;
466 : :
467 : : /* FIXME: This could do with the g_desktop_app_info_get_string_list() API
468 : : * from GLib 2.60. Gives `gimp.desktop;org.gimp.Gimp.desktop;`. */
469 : 18 : old_flatpak_apps_str = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak-RenamedFrom");
470 [ + + ]: 18 : if (old_flatpak_apps_str != NULL)
471 : : {
472 [ + + ]: 24 : g_auto(GStrv) old_flatpak_apps = g_strsplit (old_flatpak_apps_str, ";", -1);
473 : :
474 [ + + ]: 26 : for (gsize i = 0; old_flatpak_apps[i] != NULL; i++)
475 : : {
476 : 18 : gchar *old_flatpak_app = g_strstrip (old_flatpak_apps[i]);
477 : :
478 [ + - - + : 18 : if (g_str_has_suffix (old_flatpak_app, ".desktop"))
+ + + + ]
479 : 4 : old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0';
480 : 18 : old_flatpak_app = g_strstrip (old_flatpak_app);
481 : :
482 [ + + + + ]: 30 : if (*old_flatpak_app != '\0' &&
483 : 12 : filter_fold_should_short_circuit (filter,
484 : : mct_app_filter_is_flatpak_app_allowed (filter, old_flatpak_app),
485 : : &retval))
486 : 4 : return retval;
487 : : }
488 : : }
489 : : }
490 : :
491 : 14 : return filter_fold_base (filter);
492 : : }
493 : :
494 : : /* Check whether a given @content_type is valid.
495 : : *
496 : : * For simplicity this method will only check whether:
497 : : * - the @content_type contains exactly 1 slash char
498 : : * - the @content_type does not start with a slash char
499 : : * - the type and subtype components of the @content_type are not empty
500 : : */
501 : : static gboolean
502 : 58 : is_valid_content_type (const gchar *content_type)
503 : : {
504 : 58 : g_auto(GStrv) parts = NULL;
505 : :
506 [ - + ]: 58 : if (content_type == NULL)
507 : 0 : return FALSE;
508 : :
509 : 58 : parts = g_strsplit (content_type, "/", 0);
510 : 58 : return (g_strv_length (parts) == 2 &&
511 [ + - + - ]: 116 : *parts[0] != '\0' &&
512 [ + - ]: 58 : *parts[1] != '\0');
513 : : }
514 : :
515 : : /**
516 : : * mct_app_filter_is_content_type_allowed:
517 : : * @filter: an app filter
518 : : * @content_type: content type to check
519 : : *
520 : : * Check whether apps handling the given @content_type are allowed to be run
521 : : * according to this app filter.
522 : : *
523 : : * Note that this method doesn’t match content subtypes. For example, if
524 : : * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
525 : : * a check for whether `application/xspf+xml` is blocklisted would return false.
526 : : *
527 : : * Returns: true if the user this @filter corresponds to is allowed to run
528 : : * programs handling @content_type according to the @filter policy; false
529 : : * otherwise
530 : : * Since: 0.4.0
531 : : */
532 : : gboolean
533 : 44 : mct_app_filter_is_content_type_allowed (MctAppFilter *filter,
534 : : const gchar *content_type)
535 : : {
536 : 44 : g_return_val_if_fail (filter != NULL, FALSE);
537 : 44 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
538 : 44 : g_return_val_if_fail (content_type != NULL, FALSE);
539 : 44 : g_return_val_if_fail (is_valid_content_type (content_type), FALSE);
540 : :
541 : 44 : gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
542 : : content_type);
543 : :
544 [ + + - ]: 44 : switch (filter->app_list_type)
545 : : {
546 : 42 : case MCT_APP_FILTER_LIST_BLOCKLIST:
547 : 42 : return !ref_in_list;
548 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
549 : 2 : return ref_in_list;
550 : 0 : default:
551 : : g_assert_not_reached ();
552 : : }
553 : : }
554 : :
555 : : static gint
556 : 6 : strcmp_cb (gconstpointer a,
557 : : gconstpointer b)
558 : : {
559 : 6 : const gchar *str_a = *((const gchar * const *) a);
560 : 6 : const gchar *str_b = *((const gchar * const *) b);
561 : :
562 : 6 : return g_strcmp0 (str_a, str_b);
563 : : }
564 : :
565 : : /**
566 : : * mct_app_filter_get_oars_sections:
567 : : * @filter: an app filter
568 : : *
569 : : * List the OARS sections present in this app filter.
570 : : *
571 : : * The sections are returned in lexicographic order. A section will be listed
572 : : * even if its stored value is [enum@Malcontent.AppFilterOarsValue.UNKNOWN]. The
573 : : * returned list may be empty.
574 : : *
575 : : * Returns: (transfer container) (array zero-terminated=1): `NULL`-terminated
576 : : * array of OARS sections
577 : : * Since: 0.2.0
578 : : */
579 : : const gchar **
580 : 13 : mct_app_filter_get_oars_sections (MctAppFilter *filter)
581 : : {
582 : 26 : g_autoptr(GPtrArray) sections = g_ptr_array_new_with_free_func (NULL);
583 : : GVariantIter iter;
584 : : const gchar *oars_section;
585 : :
586 : 13 : g_return_val_if_fail (filter != NULL, NULL);
587 : 13 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
588 : :
589 : 13 : g_variant_iter_init (&iter, filter->oars_ratings);
590 : :
591 [ + + ]: 25 : while (g_variant_iter_loop (&iter, "{&s&s}", &oars_section, NULL))
592 : 12 : g_ptr_array_add (sections, (gpointer) oars_section);
593 : :
594 : : /* Sort alphabetically for easier comparisons later. */
595 : 13 : g_ptr_array_sort (sections, strcmp_cb);
596 : :
597 : 13 : g_ptr_array_add (sections, NULL); /* NULL terminator */
598 : :
599 : 13 : return (const gchar **) g_ptr_array_free (g_steal_pointer (§ions), FALSE);
600 : : }
601 : :
602 : : /**
603 : : * mct_app_filter_get_oars_value:
604 : : * @filter: an app filter
605 : : * @oars_section: name of the OARS section to get the value from
606 : : *
607 : : * Get the value assigned to the given @oars_section in the OARS filter stored
608 : : * within @filter.
609 : : *
610 : : * If that section has no value explicitly defined,
611 : : * [enum@Malcontent.AppFilterOarsValue.UNKNOWN] is returned.
612 : : *
613 : : * This value is the most intense value allowed for apps to have in this
614 : : * section, inclusive. Any app with a more intense value for this section must
615 : : * be hidden from the user whose @filter this is.
616 : : *
617 : : * This does not factor in
618 : : * [method@Malcontent.AppFilter.is_system_installation_allowed].
619 : : *
620 : : * Returns: an OARS value
621 : : * Since: 0.2.0
622 : : */
623 : : MctAppFilterOarsValue
624 : 43 : mct_app_filter_get_oars_value (MctAppFilter *filter,
625 : : const gchar *oars_section)
626 : : {
627 : : const gchar *value_str;
628 : :
629 : 43 : g_return_val_if_fail (filter != NULL, MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
630 : 43 : g_return_val_if_fail (filter->ref_count >= 1,
631 : : MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
632 : 43 : g_return_val_if_fail (oars_section != NULL && *oars_section != '\0',
633 : : MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
634 : :
635 [ + + ]: 43 : if (!g_variant_lookup (filter->oars_ratings, oars_section, "&s", &value_str))
636 : 26 : return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
637 : :
638 : 17 : return oars_str_to_enum (value_str);
639 : : }
640 : :
641 : : /**
642 : : * mct_app_filter_is_user_installation_allowed:
643 : : * @filter: an app filter
644 : : *
645 : : * Get whether the user is allowed to install to their flatpak user repository.
646 : : *
647 : : * This should be queried in addition to the OARS values
648 : : * ([method@Malcontent.AppFilter.get_oars_value]) — if it returns false, the
649 : : * OARS values should be ignored and app installation should be unconditionally
650 : : * disallowed.
651 : : *
652 : : * Returns: true if app installation is allowed to the user repository for
653 : : * this user; false if it is unconditionally disallowed for this user
654 : : * Since: 0.2.0
655 : : */
656 : : gboolean
657 : 17 : mct_app_filter_is_user_installation_allowed (MctAppFilter *filter)
658 : : {
659 : 17 : g_return_val_if_fail (filter != NULL, FALSE);
660 : 17 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
661 : :
662 : 17 : return filter->allow_user_installation;
663 : : }
664 : :
665 : : /**
666 : : * mct_app_filter_is_system_installation_allowed:
667 : : * @filter: an app filter
668 : : *
669 : : * Get whether the user is allowed to install to the flatpak system repository.
670 : : *
671 : : * This should be queried in addition to the OARS values
672 : : * ([method@Malcontent.AppFilter.get_oars_value]) — if it returns %FALSE, the
673 : : * OARS values should be ignored and app installation should be unconditionally
674 : : * disallowed.
675 : : *
676 : : * Returns: true if app installation is allowed to the system repository for
677 : : * this user; false if it is unconditionally disallowed for this user
678 : : * Since: 0.2.0
679 : : */
680 : : gboolean
681 : 17 : mct_app_filter_is_system_installation_allowed (MctAppFilter *filter)
682 : : {
683 : 17 : g_return_val_if_fail (filter != NULL, FALSE);
684 : 17 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
685 : :
686 : 17 : return filter->allow_system_installation;
687 : : }
688 : :
689 : : /**
690 : : * _mct_app_filter_build_app_filter_variant:
691 : : * @filter: an app filter
692 : : *
693 : : * Build a [struct@GLib.Variant] which contains the app filter from @filter, in
694 : : * the format used for storing it in AccountsService.
695 : : *
696 : : * Returns: (transfer floating): a new, floating [struct@GLib.Variant]
697 : : * containing the app filter
698 : : */
699 : : static GVariant *
700 : 11 : _mct_app_filter_build_app_filter_variant (MctAppFilter *filter)
701 : : {
702 : 22 : g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("(bas)"));
703 : :
704 : 11 : g_return_val_if_fail (filter != NULL, NULL);
705 : 11 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
706 : :
707 : 11 : g_variant_builder_add (&builder, "b",
708 : 11 : (filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST));
709 : 11 : g_variant_builder_open (&builder, G_VARIANT_TYPE ("as"));
710 : :
711 [ + + ]: 19 : for (gsize i = 0; filter->app_list[i] != NULL; i++)
712 : 8 : g_variant_builder_add (&builder, "s", filter->app_list[i]);
713 : :
714 : 11 : g_variant_builder_close (&builder);
715 : :
716 : 11 : return g_variant_builder_end (&builder);
717 : : }
718 : :
719 : : /**
720 : : * mct_app_filter_serialize:
721 : : * @filter: an app filter
722 : : *
723 : : * Build a [struct@GLib.Variant] which contains the app filter from @filter, in
724 : : * an opaque variant format.
725 : : *
726 : : * This format may change in future, but [func@Malcontent.AppFilter.deserialize]
727 : : * is guaranteed to always be able to load any variant produced by the current
728 : : * or any previous version of [method@Malcontent.AppFilter.serialize].
729 : : *
730 : : * Returns: (transfer floating): a new, floating [struct@GLib.Variant]
731 : : * containing the app filter
732 : : * Since: 0.7.0
733 : : */
734 : : GVariant *
735 : 11 : mct_app_filter_serialize (MctAppFilter *filter)
736 : : {
737 : 22 : g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{sv}"));
738 : :
739 : 11 : g_return_val_if_fail (filter != NULL, NULL);
740 : 11 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
741 : :
742 : : /* The serialisation format is exactly the
743 : : * `com.endlessm.ParentalControls.AppFilter` D-Bus interface. */
744 : 11 : g_variant_builder_add (&builder, "{sv}", "AppFilter",
745 : : _mct_app_filter_build_app_filter_variant (filter));
746 : 11 : g_variant_builder_add (&builder, "{sv}", "OarsFilter",
747 : : g_variant_new ("(s@a{ss})", "oars-1.1",
748 : : filter->oars_ratings));
749 : 11 : g_variant_builder_add (&builder, "{sv}", "AllowUserInstallation",
750 : : g_variant_new_boolean (filter->allow_user_installation));
751 : 11 : g_variant_builder_add (&builder, "{sv}", "AllowSystemInstallation",
752 : : g_variant_new_boolean (filter->allow_system_installation));
753 : :
754 : 11 : return g_variant_builder_end (&builder);
755 : : }
756 : :
757 : : /**
758 : : * mct_app_filter_deserialize:
759 : : * @variant: a serialized app filter variant
760 : : * @user_id: the ID of the user the app filter relates to
761 : : * @error: return location for a [type@GLib.Error], or `NULL`
762 : : *
763 : : * Deserialize an app filter previously serialized with
764 : : * [method@Malcontent.AppFilter.serialize].
765 : : *
766 : : * This function guarantees to be able to deserialize any serialized form from
767 : : * this version or older versions of libmalcontent.
768 : : *
769 : : * If deserialization fails, [error@Malcontent.ManagerError.INVALID_DATA] will
770 : : * be returned.
771 : : *
772 : : * Returns: (transfer full): deserialized app filter
773 : : * Since: 0.7.0
774 : : */
775 : : MctAppFilter *
776 : 61 : mct_app_filter_deserialize (GVariant *variant,
777 : : uid_t user_id,
778 : : GError **error)
779 : : {
780 : : gboolean is_allowlist;
781 : 61 : g_auto(GStrv) app_list = NULL;
782 : : const gchar *content_rating_kind;
783 : 61 : g_autoptr(GVariant) oars_variant = NULL;
784 : : gboolean allow_user_installation;
785 : : gboolean allow_system_installation;
786 : 61 : g_autoptr(MctAppFilter) app_filter = NULL;
787 : :
788 : 61 : g_return_val_if_fail (variant != NULL, NULL);
789 : 61 : g_return_val_if_fail (error == NULL || *error == NULL, NULL);
790 : :
791 : : /* Check the overall type. */
792 [ + + ]: 61 : if (!g_variant_is_of_type (variant, G_VARIANT_TYPE ("a{sv}")))
793 : : {
794 : 4 : g_set_error (error, MCT_MANAGER_ERROR,
795 : : MCT_MANAGER_ERROR_INVALID_DATA,
796 : : _("App filter for user %u was in an unrecognized format"),
797 : : (guint) user_id);
798 : 4 : return NULL;
799 : : }
800 : :
801 : : /* Extract the properties we care about. The default values here should be
802 : : * kept in sync with those in the `com.endlessm.ParentalControls.AppFilter`
803 : : * D-Bus interface. */
804 [ + + ]: 57 : if (!g_variant_lookup (variant, "AppFilter", "(b^as)",
805 : : &is_allowlist, &app_list))
806 : : {
807 : : /* Default value. */
808 : 40 : is_allowlist = FALSE;
809 : 40 : app_list = g_new0 (gchar *, 1);
810 : : }
811 : :
812 [ + + ]: 57 : if (!g_variant_lookup (variant, "OarsFilter", "(&s@a{ss})",
813 : : &content_rating_kind, &oars_variant))
814 : : {
815 : : /* Default value. */
816 : 33 : content_rating_kind = "oars-1.1";
817 : 33 : oars_variant = g_variant_new ("a{ss}", NULL);
818 : : }
819 : :
820 : : /* Check that the OARS filter is in a format we support. Currently, that’s
821 : : * only oars-1.0 and oars-1.1. */
822 [ + - ]: 57 : if (!g_str_equal (content_rating_kind, "oars-1.0") &&
823 [ + + ]: 57 : !g_str_equal (content_rating_kind, "oars-1.1"))
824 : : {
825 : 2 : g_set_error (error, MCT_MANAGER_ERROR,
826 : : MCT_MANAGER_ERROR_INVALID_DATA,
827 : : _("OARS filter for user %u has an unrecognized kind ‘%s’"),
828 : : (guint) user_id, content_rating_kind);
829 : 2 : return NULL;
830 : : }
831 : :
832 [ + + ]: 55 : if (!g_variant_lookup (variant, "AllowUserInstallation", "b",
833 : : &allow_user_installation))
834 : : {
835 : : /* Default value. */
836 : 43 : allow_user_installation = TRUE;
837 : : }
838 : :
839 [ + + ]: 55 : if (!g_variant_lookup (variant, "AllowSystemInstallation", "b",
840 : : &allow_system_installation))
841 : : {
842 : : /* Default value. */
843 : 43 : allow_system_installation = FALSE;
844 : : }
845 : :
846 : : /* Success. Create an `MctAppFilter` object to contain the results. */
847 : 55 : app_filter = g_new0 (MctAppFilter, 1);
848 : 55 : app_filter->ref_count = 1;
849 : 55 : app_filter->user_id = user_id;
850 : 55 : app_filter->app_list = g_steal_pointer (&app_list);
851 : 55 : app_filter->app_list_type =
852 : 55 : is_allowlist ? MCT_APP_FILTER_LIST_ALLOWLIST : MCT_APP_FILTER_LIST_BLOCKLIST;
853 : 55 : app_filter->oars_ratings = g_steal_pointer (&oars_variant);
854 : 55 : app_filter->allow_user_installation = allow_user_installation;
855 : 55 : app_filter->allow_system_installation = allow_system_installation;
856 : :
857 : 55 : return g_steal_pointer (&app_filter);
858 : : }
859 : :
860 : : /**
861 : : * mct_app_filter_equal:
862 : : * @a: (not nullable): an app filter
863 : : * @b: (not nullable): another app filter
864 : : *
865 : : * Check whether app filters @a and @b are equal.
866 : : *
867 : : * Returns: true if @a and @b are equal, false otherwise
868 : : * Since: 0.10.0
869 : : */
870 : : gboolean
871 : 78 : mct_app_filter_equal (MctAppFilter *a,
872 : : MctAppFilter *b)
873 : : {
874 : 78 : g_return_val_if_fail (a != NULL, FALSE);
875 : 78 : g_return_val_if_fail (a->ref_count >= 1, FALSE);
876 : 78 : g_return_val_if_fail (b != NULL, FALSE);
877 : 78 : g_return_val_if_fail (b->ref_count >= 1, FALSE);
878 : :
879 : 136 : return (a->user_id == b->user_id &&
880 [ + + ]: 58 : a->app_list_type == b->app_list_type &&
881 [ + - ]: 42 : a->allow_user_installation == b->allow_user_installation &&
882 [ + + + + ]: 72 : a->allow_system_installation == b->allow_system_installation &&
883 [ + + + + ]: 166 : g_strv_equal ((const gchar * const *) a->app_list, (const gchar * const *) b->app_list) &&
884 : 22 : g_variant_equal (a->oars_ratings, b->oars_ratings));
885 : : }
886 : :
887 : : /*
888 : : * Actual implementation of `MctAppFilterBuilder`.
889 : : *
890 : : * All members are `NULL` if un-initialised, cleared, or ended.
891 : : */
892 : : typedef struct
893 : : {
894 : : GPtrArray *blocklist; /* (nullable) (owned) (element-type utf8) */
895 : : GHashTable *oars; /* (nullable) (owned) (element-type utf8 MctAppFilterOarsValue) */
896 : : gboolean allow_user_installation;
897 : : gboolean allow_system_installation;
898 : :
899 : : /*< private >*/
900 : : gpointer padding[2];
901 : : } MctAppFilterBuilderReal;
902 : :
903 : : G_STATIC_ASSERT (sizeof (MctAppFilterBuilderReal) ==
904 : : sizeof (MctAppFilterBuilder));
905 : : G_STATIC_ASSERT (__alignof__ (MctAppFilterBuilderReal) ==
906 : : __alignof__ (MctAppFilterBuilder));
907 : :
908 [ + - + - : 6 : G_DEFINE_BOXED_TYPE (MctAppFilterBuilder, mct_app_filter_builder,
+ - ]
909 : : mct_app_filter_builder_copy, mct_app_filter_builder_free)
910 : :
911 : : /**
912 : : * mct_app_filter_builder_init:
913 : : * @builder: an uninitialised [struct@Malcontent.AppFilterBuilder]
914 : : *
915 : : * Initialise the given @builder so it can be used to construct a new
916 : : * [struct@Malcontent.AppFilter].
917 : : *
918 : : * @builder must have been allocated on the stack, and must not already be
919 : : * initialised.
920 : : *
921 : : * Construct the [struct@Malcontent.AppFilter] by calling methods on @builder,
922 : : * followed by [method@Malcontent.AppFilterBuilder.end]. To abort construction,
923 : : * use [method@Malcontent.AppFilterBuilder.clear].
924 : : *
925 : : * Since: 0.2.0
926 : : */
927 : : void
928 : 20 : mct_app_filter_builder_init (MctAppFilterBuilder *builder)
929 : : {
930 : 20 : MctAppFilterBuilder local_builder = MCT_APP_FILTER_BUILDER_INIT ();
931 : 20 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
932 : :
933 : 20 : g_return_if_fail (_builder != NULL);
934 : 20 : g_return_if_fail (_builder->blocklist == NULL);
935 : 20 : g_return_if_fail (_builder->oars == NULL);
936 : :
937 : 20 : memcpy (builder, &local_builder, sizeof (local_builder));
938 : : }
939 : :
940 : : /**
941 : : * mct_app_filter_builder_clear:
942 : : * @builder: an [struct@Malcontent.AppFilterBuilder]
943 : : *
944 : : * Clear @builder, freeing any internal state in it.
945 : : *
946 : : * This will not free the top-level storage for @builder itself, which is
947 : : * assumed to be allocated on the stack.
948 : : *
949 : : * If called on an already-cleared [struct@Malcontent.AppFilterBuilder], this
950 : : * function is idempotent.
951 : : *
952 : : * Since: 0.2.0
953 : : */
954 : : void
955 : 78 : mct_app_filter_builder_clear (MctAppFilterBuilder *builder)
956 : : {
957 : 78 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
958 : :
959 : 78 : g_return_if_fail (_builder != NULL);
960 : :
961 [ + + ]: 78 : g_clear_pointer (&_builder->blocklist, g_ptr_array_unref);
962 [ + + ]: 78 : g_clear_pointer (&_builder->oars, g_hash_table_unref);
963 : : }
964 : :
965 : : /**
966 : : * mct_app_filter_builder_new:
967 : : *
968 : : * Construct a new [struct@Malcontent.AppFilterBuilder] on the heap.
969 : : *
970 : : * This is intended for language bindings. The returned builder must eventually
971 : : * be freed with [method@Malcontent.AppFilterBuilder.free], but can be cleared
972 : : * zero or more times with [method@Malcontent.AppFilterBuilder.clear] first.
973 : : *
974 : : * Returns: (transfer full): a new heap-allocated
975 : : * [struct@Malcontent.AppFilterBuilder]
976 : : * Since: 0.2.0
977 : : */
978 : : MctAppFilterBuilder *
979 : 12 : mct_app_filter_builder_new (void)
980 : : {
981 : 12 : g_autoptr(MctAppFilterBuilder) builder = NULL;
982 : :
983 : 12 : builder = g_new0 (MctAppFilterBuilder, 1);
984 : 12 : mct_app_filter_builder_init (builder);
985 : :
986 : 12 : return g_steal_pointer (&builder);
987 : : }
988 : :
989 : : /**
990 : : * mct_app_filter_builder_copy:
991 : : * @builder: an [struct@Malcontent.AppFilterBuilder]
992 : : *
993 : : * Copy the given @builder to a newly-allocated
994 : : * [struct@Malcontent.AppFilterBuilder] on the heap.
995 : : *
996 : : * This is safe to use with cleared, stack-allocated
997 : : * [struct@Malcontent.AppFilterBuilder]s.
998 : : *
999 : : * Returns: (transfer full): a copy of @builder
1000 : : * Since: 0.2.0
1001 : : */
1002 : : MctAppFilterBuilder *
1003 : 4 : mct_app_filter_builder_copy (MctAppFilterBuilder *builder)
1004 : : {
1005 : 4 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1006 : 4 : g_autoptr(MctAppFilterBuilder) copy = NULL;
1007 : : MctAppFilterBuilderReal *_copy;
1008 : :
1009 : 4 : g_return_val_if_fail (builder != NULL, NULL);
1010 : :
1011 : 4 : copy = mct_app_filter_builder_new ();
1012 : 4 : _copy = (MctAppFilterBuilderReal *) copy;
1013 : :
1014 : 4 : mct_app_filter_builder_clear (copy);
1015 [ + + ]: 4 : if (_builder->blocklist != NULL)
1016 : 2 : _copy->blocklist = g_ptr_array_ref (_builder->blocklist);
1017 [ + + ]: 4 : if (_builder->oars != NULL)
1018 : 2 : _copy->oars = g_hash_table_ref (_builder->oars);
1019 : 4 : _copy->allow_user_installation = _builder->allow_user_installation;
1020 : 4 : _copy->allow_system_installation = _builder->allow_system_installation;
1021 : :
1022 : 4 : return g_steal_pointer (©);
1023 : : }
1024 : :
1025 : : /**
1026 : : * mct_app_filter_builder_free:
1027 : : * @builder: a heap-allocated [struct@Malcontent.AppFilterBuilder]
1028 : : *
1029 : : * Free an [struct@Malcontent.AppFilterBuilder] originally allocated using
1030 : : * [ctor@Malcontent.AppFilterBuilder.new].
1031 : : *
1032 : : * This must not be called on stack-allocated builders initialised using
1033 : : * [method@Malcontent.AppFilterBuilder.init].
1034 : : *
1035 : : * Since: 0.2.0
1036 : : */
1037 : : void
1038 : 12 : mct_app_filter_builder_free (MctAppFilterBuilder *builder)
1039 : : {
1040 : 12 : g_return_if_fail (builder != NULL);
1041 : :
1042 : 12 : mct_app_filter_builder_clear (builder);
1043 : 12 : g_free (builder);
1044 : : }
1045 : :
1046 : : /**
1047 : : * mct_app_filter_builder_end:
1048 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1049 : : *
1050 : : * Finish constructing an [struct@Malcontent.AppFilter] with the given @builder,
1051 : : * and return it.
1052 : : *
1053 : : * The [struct@Malcontent.AppFilterBuilder] will be cleared as if
1054 : : * [method@Malcontent.AppFilterBuilder.clear] had been called.
1055 : : *
1056 : : * Returns: (transfer full): a newly constructed [struct@Malcontent.AppFilter]
1057 : : * Since: 0.2.0
1058 : : */
1059 : : MctAppFilter *
1060 : 35 : mct_app_filter_builder_end (MctAppFilterBuilder *builder)
1061 : : {
1062 : 35 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1063 : 35 : g_autoptr(MctAppFilter) app_filter = NULL;
1064 : 70 : g_auto(GVariantBuilder) oars_builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{ss}"));
1065 : : GHashTableIter iter;
1066 : : gpointer key, value;
1067 : 35 : g_autoptr(GVariant) oars_variant = NULL;
1068 : :
1069 : 35 : g_return_val_if_fail (_builder != NULL, NULL);
1070 : 35 : g_return_val_if_fail (_builder->blocklist != NULL, NULL);
1071 : 35 : g_return_val_if_fail (_builder->oars != NULL, NULL);
1072 : :
1073 : : /* Ensure the paths list is `NULL`-terminated. */
1074 : 35 : g_ptr_array_add (_builder->blocklist, NULL);
1075 : :
1076 : : /* Build the OARS variant. */
1077 : 35 : g_hash_table_iter_init (&iter, _builder->oars);
1078 [ + + ]: 49 : while (g_hash_table_iter_next (&iter, &key, &value))
1079 : : {
1080 : 14 : const gchar *oars_section = key;
1081 : 14 : MctAppFilterOarsValue oars_value = GPOINTER_TO_INT (value);
1082 : 14 : const gchar *oars_value_strs[] =
1083 : : {
1084 : : NULL, /* MCT_APP_FILTER_OARS_VALUE_UNKNOWN */
1085 : : "none",
1086 : : "mild",
1087 : : "moderate",
1088 : : "intense",
1089 : : };
1090 : :
1091 : 14 : g_assert ((int) oars_value >= 0 &&
1092 : : (int) oars_value < (int) G_N_ELEMENTS (oars_value_strs));
1093 : :
1094 [ + - ]: 14 : if (oars_value_strs[oars_value] != NULL)
1095 : 14 : g_variant_builder_add (&oars_builder, "{ss}",
1096 : : oars_section, oars_value_strs[oars_value]);
1097 : : }
1098 : :
1099 : 35 : oars_variant = g_variant_ref_sink (g_variant_builder_end (&oars_builder));
1100 : :
1101 : : /* Build the `MctAppFilter`. */
1102 : 35 : app_filter = g_new0 (MctAppFilter, 1);
1103 : 35 : app_filter->ref_count = 1;
1104 : 35 : app_filter->user_id = -1;
1105 : 35 : app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->blocklist), FALSE);
1106 : 35 : app_filter->app_list_type = MCT_APP_FILTER_LIST_BLOCKLIST;
1107 : 35 : app_filter->oars_ratings = g_steal_pointer (&oars_variant);
1108 : 35 : app_filter->allow_user_installation = _builder->allow_user_installation;
1109 : 35 : app_filter->allow_system_installation = _builder->allow_system_installation;
1110 : :
1111 : 35 : mct_app_filter_builder_clear (builder);
1112 : :
1113 : 35 : return g_steal_pointer (&app_filter);
1114 : : }
1115 : :
1116 : : /**
1117 : : * mct_app_filter_builder_blocklist_path:
1118 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1119 : : * @path: (type filename): an absolute path to blocklist
1120 : : *
1121 : : * Add @path to the blocklist of app paths in the filter under construction.
1122 : : *
1123 : : * It will be canonicalised (without doing any I/O) before being added.
1124 : : * The canonicalised @path will not be added again if it’s already been added.
1125 : : *
1126 : : * Since: 0.2.0
1127 : : */
1128 : : void
1129 : 22 : mct_app_filter_builder_blocklist_path (MctAppFilterBuilder *builder,
1130 : : const gchar *path)
1131 : : {
1132 : 22 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1133 : :
1134 : 22 : g_return_if_fail (_builder != NULL);
1135 : 22 : g_return_if_fail (_builder->blocklist != NULL);
1136 : 22 : g_return_if_fail (path != NULL);
1137 : 22 : g_return_if_fail (g_path_is_absolute (path));
1138 : :
1139 [ + - ]: 44 : g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
1140 [ + - ]: 44 : g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
1141 : : NULL, NULL, NULL);
1142 : 22 : g_return_if_fail (canonical_path_utf8 != NULL);
1143 : :
1144 [ + - ]: 22 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1145 : : canonical_path_utf8, g_str_equal, NULL))
1146 : 22 : g_ptr_array_add (_builder->blocklist, g_steal_pointer (&canonical_path_utf8));
1147 : : }
1148 : :
1149 : : /**
1150 : : * mct_app_filter_builder_blocklist_flatpak_ref:
1151 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1152 : : * @app_ref: a flatpak app ref to blocklist
1153 : : *
1154 : : * Add @app_ref to the blocklist of flatpak refs in the filter under
1155 : : * construction.
1156 : : *
1157 : : * The @app_ref will not be added again if it’s already been added.
1158 : : *
1159 : : * Since: 0.2.0
1160 : : */
1161 : : void
1162 : 10 : mct_app_filter_builder_blocklist_flatpak_ref (MctAppFilterBuilder *builder,
1163 : : const gchar *app_ref)
1164 : : {
1165 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1166 : :
1167 : 10 : g_return_if_fail (_builder != NULL);
1168 : 10 : g_return_if_fail (_builder->blocklist != NULL);
1169 : 10 : g_return_if_fail (app_ref != NULL);
1170 : 10 : g_return_if_fail (is_valid_flatpak_ref (app_ref));
1171 : :
1172 [ + - ]: 10 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1173 : : app_ref, g_str_equal, NULL))
1174 : 10 : g_ptr_array_add (_builder->blocklist, g_strdup (app_ref));
1175 : : }
1176 : :
1177 : : /**
1178 : : * mct_app_filter_builder_blocklist_content_type:
1179 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1180 : : * @content_type: a content type to blocklist
1181 : : *
1182 : : * Add @content_type to the blocklist of content types in the filter under
1183 : : * construction.
1184 : : *
1185 : : * The @content_type will not be added again if it’s already been added.
1186 : : *
1187 : : * Note that this method doesn’t handle content subtypes. For example, if
1188 : : * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
1189 : : * a check for whether `application/xspf+xml` is blocklisted would return false.
1190 : : *
1191 : : * Since: 0.4.0
1192 : : */
1193 : : void
1194 : 14 : mct_app_filter_builder_blocklist_content_type (MctAppFilterBuilder *builder,
1195 : : const gchar *content_type)
1196 : : {
1197 : 14 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1198 : :
1199 : 14 : g_return_if_fail (_builder != NULL);
1200 : 14 : g_return_if_fail (_builder->blocklist != NULL);
1201 : 14 : g_return_if_fail (content_type != NULL);
1202 : 14 : g_return_if_fail (is_valid_content_type (content_type));
1203 : :
1204 [ + - ]: 14 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1205 : : content_type, g_str_equal, NULL))
1206 : 14 : g_ptr_array_add (_builder->blocklist, g_strdup (content_type));
1207 : : }
1208 : :
1209 : : /**
1210 : : * mct_app_filter_builder_set_oars_value:
1211 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1212 : : * @oars_section: name of the OARS section to set the value for
1213 : : * @value: value to set for the @oars_section
1214 : : *
1215 : : * Set the OARS value for the given @oars_section, indicating the intensity of
1216 : : * content covered by that section which the user is allowed to see (inclusive).
1217 : : *
1218 : : * Any apps which have more intense content in this section should not be usable
1219 : : * by the user.
1220 : : *
1221 : : * Since: 0.2.0
1222 : : */
1223 : : void
1224 : 14 : mct_app_filter_builder_set_oars_value (MctAppFilterBuilder *builder,
1225 : : const gchar *oars_section,
1226 : : MctAppFilterOarsValue value)
1227 : : {
1228 : 14 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1229 : :
1230 : 14 : g_return_if_fail (_builder != NULL);
1231 : 14 : g_return_if_fail (_builder->oars != NULL);
1232 : 14 : g_return_if_fail (oars_section != NULL && *oars_section != '\0');
1233 : :
1234 : 14 : g_hash_table_insert (_builder->oars, g_strdup (oars_section),
1235 : 14 : GUINT_TO_POINTER (value));
1236 : : }
1237 : :
1238 : : /**
1239 : : * mct_app_filter_builder_set_allow_user_installation:
1240 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1241 : : * @allow_user_installation: true to allow app installation; false to
1242 : : * unconditionally disallow it
1243 : : *
1244 : : * Set whether the user is allowed to install to their flatpak user repository.
1245 : : *
1246 : : * If this is true, app installation is still subject to the OARS values
1247 : : * ([method@Malcontent.AppFilterBuilder.set_oars_value]). If it is false, app
1248 : : * installation is unconditionally disallowed for this user.
1249 : : *
1250 : : * Since: 0.2.0
1251 : : */
1252 : : void
1253 : 10 : mct_app_filter_builder_set_allow_user_installation (MctAppFilterBuilder *builder,
1254 : : gboolean allow_user_installation)
1255 : : {
1256 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1257 : :
1258 : 10 : g_return_if_fail (_builder != NULL);
1259 : :
1260 : 10 : _builder->allow_user_installation = allow_user_installation;
1261 : : }
1262 : :
1263 : : /**
1264 : : * mct_app_filter_builder_set_allow_system_installation:
1265 : : * @builder: an initialised [struct@Malcontent.AppFilterBuilder]
1266 : : * @allow_system_installation: true to allow app installation; false to
1267 : : * unconditionally disallow it
1268 : : *
1269 : : * Set whether the user is allowed to install to the flatpak system repository.
1270 : : *
1271 : : * If this is true, app installation is still subject to the OARS values
1272 : : * ([method@Malcontent.AppFilterBuilder.set_oars_value]). If it is false, app
1273 : : * installation is unconditionally disallowed for this user.
1274 : : *
1275 : : * Since: 0.2.0
1276 : : */
1277 : : void
1278 : 10 : mct_app_filter_builder_set_allow_system_installation (MctAppFilterBuilder *builder,
1279 : : gboolean allow_system_installation)
1280 : : {
1281 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1282 : :
1283 : 10 : g_return_if_fail (_builder != NULL);
1284 : :
1285 : 10 : _builder->allow_system_installation = allow_system_installation;
1286 : : }
|
