Branch data Line data Source code
1 : : /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
2 : : *
3 : : * Copyright © 2018-2019 Endless Mobile, Inc.
4 : : *
5 : : * SPDX-License-Identifier: LGPL-2.1-or-later
6 : : *
7 : : * This library is free software; you can redistribute it and/or
8 : : * modify it under the terms of the GNU Lesser General Public
9 : : * License as published by the Free Software Foundation; either
10 : : * version 2.1 of the License, or (at your option) any later version.
11 : : *
12 : : * This library is distributed in the hope that it will be useful,
13 : : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 : : * Lesser General Public License for more details.
16 : : *
17 : : * You should have received a copy of the GNU Lesser General Public
18 : : * License along with this library; if not, write to the Free Software
19 : : * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 : : *
21 : : * Authors:
22 : : * - Philip Withnall <withnall@endlessm.com>
23 : : * - Andre Moreira Magalhaes <andre@endlessm.com>
24 : : */
25 : :
26 : : #include "config.h"
27 : :
28 : : #include <glib.h>
29 : : #include <glib-object.h>
30 : : #include <glib/gi18n-lib.h>
31 : : #include <gio/gdesktopappinfo.h>
32 : : #include <gio/gio.h>
33 : : #include <libmalcontent/app-filter.h>
34 : :
35 : : #include "libmalcontent/app-filter-private.h"
36 : :
37 : :
38 : : /* FIXME: Eventually deprecate these compatibility fallbacks. */
39 : : /**
40 : : * mct_app_filter_error_quark:
41 : : *
42 : : * Error quark aliased to [error@Malcontent.ManagerError].
43 : : *
44 : : * Returns: identifier for error domain
45 : : * Since: 0.2.0
46 : : */
47 : : GQuark
48 : 3 : mct_app_filter_error_quark (void)
49 : : {
50 : 3 : return mct_manager_error_quark ();
51 : : }
52 : :
53 : : /* struct _MctAppFilter is defined in app-filter-private.h */
54 : :
55 [ + + + - : 10 : G_DEFINE_BOXED_TYPE (MctAppFilter, mct_app_filter,
+ + ]
56 : : mct_app_filter_ref, mct_app_filter_unref)
57 : :
58 : : /**
59 : : * mct_app_filter_ref:
60 : : * @filter: (transfer none): an #MctAppFilter
61 : : *
62 : : * Increment the reference count of @filter, and return the same pointer to it.
63 : : *
64 : : * Returns: (transfer full): the same pointer as @filter
65 : : * Since: 0.2.0
66 : : */
67 : : MctAppFilter *
68 : 4 : mct_app_filter_ref (MctAppFilter *filter)
69 : : {
70 : 4 : g_return_val_if_fail (filter != NULL, NULL);
71 : 4 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
72 : 4 : g_return_val_if_fail (filter->ref_count <= G_MAXINT - 1, NULL);
73 : :
74 : 4 : filter->ref_count++;
75 : 4 : return filter;
76 : : }
77 : :
78 : : /**
79 : : * mct_app_filter_unref:
80 : : * @filter: (transfer full): an #MctAppFilter
81 : : *
82 : : * Decrement the reference count of @filter. If the reference count reaches
83 : : * zero, free the @filter and all its resources.
84 : : *
85 : : * Since: 0.2.0
86 : : */
87 : : void
88 : 94 : mct_app_filter_unref (MctAppFilter *filter)
89 : : {
90 : 94 : g_return_if_fail (filter != NULL);
91 : 94 : g_return_if_fail (filter->ref_count >= 1);
92 : :
93 : 94 : filter->ref_count--;
94 : :
95 [ + + ]: 94 : if (filter->ref_count <= 0)
96 : : {
97 : 90 : g_strfreev (filter->app_list);
98 : 90 : g_variant_unref (filter->oars_ratings);
99 : 90 : g_free (filter);
100 : : }
101 : : }
102 : :
103 : : /**
104 : : * mct_app_filter_get_user_id:
105 : : * @filter: an #MctAppFilter
106 : : *
107 : : * Get the user ID of the user this #MctAppFilter is for.
108 : : *
109 : : * Returns: user ID of the relevant user, or `(uid_t) -1` if unknown
110 : : * Since: 0.2.0
111 : : */
112 : : uid_t
113 : 5 : mct_app_filter_get_user_id (MctAppFilter *filter)
114 : : {
115 : 5 : g_return_val_if_fail (filter != NULL, FALSE);
116 : 5 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
117 : :
118 : 5 : return filter->user_id;
119 : : }
120 : :
121 : : static MctAppFilterOarsValue
122 : 38 : oars_str_to_enum (const gchar *value_str)
123 : : {
124 [ + + ]: 38 : if (g_str_equal (value_str, "none"))
125 : 4 : return MCT_APP_FILTER_OARS_VALUE_NONE;
126 [ + + ]: 34 : else if (g_str_equal (value_str, "mild"))
127 : 15 : return MCT_APP_FILTER_OARS_VALUE_MILD;
128 [ + + ]: 19 : else if (g_str_equal (value_str, "moderate"))
129 : 13 : return MCT_APP_FILTER_OARS_VALUE_MODERATE;
130 [ + + ]: 6 : else if (g_str_equal (value_str, "intense"))
131 : 3 : return MCT_APP_FILTER_OARS_VALUE_INTENSE;
132 : : else
133 : 3 : return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
134 : : }
135 : :
136 : : /**
137 : : * mct_app_filter_is_enabled:
138 : : * @filter: an #MctAppFilter
139 : : *
140 : : * Check whether the app filter is enabled and is going to impose at least one
141 : : * restriction on the user. This gives a high level view of whether app filter
142 : : * parental controls are ‘enabled’ for the given user.
143 : : *
144 : : * Returns: %TRUE if the app filter contains at least one non-default value,
145 : : * %FALSE if it’s entirely default
146 : : * Since: 0.7.0
147 : : */
148 : : gboolean
149 : 51 : mct_app_filter_is_enabled (MctAppFilter *filter)
150 : : {
151 : : gboolean oars_ratings_all_intense_or_unknown;
152 : : GVariantIter iter;
153 : : const gchar *oars_value;
154 : :
155 : 51 : g_return_val_if_fail (filter != NULL, FALSE);
156 : 51 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
157 : :
158 : : /* The least restrictive OARS filter has all values as intense, or unknown. */
159 : 51 : oars_ratings_all_intense_or_unknown = TRUE;
160 : 51 : g_variant_iter_init (&iter, filter->oars_ratings);
161 : :
162 [ + + ]: 55 : while (g_variant_iter_loop (&iter, "{&s&s}", NULL, &oars_value))
163 : : {
164 : 21 : MctAppFilterOarsValue value = oars_str_to_enum (oars_value);
165 : :
166 [ + + + + ]: 21 : if (value != MCT_APP_FILTER_OARS_VALUE_UNKNOWN &&
167 : : value != MCT_APP_FILTER_OARS_VALUE_INTENSE)
168 : : {
169 : 17 : oars_ratings_all_intense_or_unknown = FALSE;
170 : 17 : break;
171 : : }
172 : : }
173 : :
174 : : /* Check all fields against their default values. Ignore
175 : : * `allow_system_installation` since it’s false by default, so the default
176 : : * value is already the most restrictive. */
177 : 99 : return ((filter->app_list_type == MCT_APP_FILTER_LIST_BLOCKLIST &&
178 [ + + ]: 48 : filter->app_list[0] != NULL) ||
179 [ + + + + ]: 37 : filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST ||
180 [ + + ]: 102 : !oars_ratings_all_intense_or_unknown ||
181 [ + + ]: 25 : !filter->allow_user_installation);
182 : : }
183 : :
184 : : /**
185 : : * mct_app_filter_is_path_allowed:
186 : : * @filter: an #MctAppFilter
187 : : * @path: (type filename): absolute path of a program to check
188 : : *
189 : : * Check whether the program at @path is allowed to be run according to this
190 : : * app filter. @path will be canonicalised without doing any I/O.
191 : : *
192 : : * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
193 : : * program at @path according to the @filter policy; %FALSE otherwise
194 : : * Since: 0.2.0
195 : : */
196 : : gboolean
197 : 66 : mct_app_filter_is_path_allowed (MctAppFilter *filter,
198 : : const gchar *path)
199 : : {
200 : 66 : g_return_val_if_fail (filter != NULL, FALSE);
201 : 66 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
202 : 66 : g_return_val_if_fail (path != NULL, FALSE);
203 : 66 : g_return_val_if_fail (g_path_is_absolute (path), FALSE);
204 : :
205 : 132 : g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
206 : 132 : g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
207 : : NULL, NULL, NULL);
208 : 66 : g_return_val_if_fail (canonical_path_utf8 != NULL, FALSE);
209 : :
210 : 66 : gboolean path_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
211 : : canonical_path_utf8);
212 : :
213 [ + + - ]: 66 : switch (filter->app_list_type)
214 : : {
215 : 64 : case MCT_APP_FILTER_LIST_BLOCKLIST:
216 : 64 : return !path_in_list;
217 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
218 : 2 : return path_in_list;
219 : 0 : default:
220 : : g_assert_not_reached ();
221 : : }
222 : : }
223 : :
224 : : /* Check whether a given @ref is a valid flatpak ref.
225 : : *
226 : : * For simplicity and to avoid duplicating the whole logic behind
227 : : * flatpak_ref_parse() this method will only check whether:
228 : : * - the @ref contains exactly 3 slash chars
229 : : * - the @ref starts with either app/ or runtime/
230 : : * - the name, arch and branch components of the @ref are not empty
231 : : *
232 : : * We avoid using flatpak_ref_parse() to allow for libflatpak
233 : : * to depend on malcontent without causing a cyclic dependency.
234 : : */
235 : : static gboolean
236 : 149 : is_valid_flatpak_ref (const gchar *ref)
237 : : {
238 : 149 : g_auto(GStrv) parts = NULL;
239 : :
240 [ - + ]: 149 : if (ref == NULL)
241 : 0 : return FALSE;
242 : :
243 : 149 : parts = g_strsplit (ref, "/", 0);
244 : 149 : return (g_strv_length (parts) == 4 &&
245 [ + + ]: 92 : (strcmp (parts[0], "app") == 0 ||
246 [ - + ]: 13 : strcmp (parts[0], "runtime") == 0) &&
247 [ + - ]: 79 : *parts[1] != '\0' &&
248 [ + + + - ]: 320 : *parts[2] != '\0' &&
249 [ + - ]: 79 : *parts[3] != '\0');
250 : : }
251 : :
252 : : /**
253 : : * mct_app_filter_is_flatpak_ref_allowed:
254 : : * @filter: an #MctAppFilter
255 : : * @app_ref: flatpak ref for the app, for example `app/org.gnome.Builder/x86_64/master`
256 : : *
257 : : * Check whether the flatpak app with the given @app_ref is allowed to be run
258 : : * according to this app filter.
259 : : *
260 : : * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
261 : : * flatpak called @app_ref according to the @filter policy; %FALSE otherwise
262 : : * Since: 0.2.0
263 : : */
264 : : gboolean
265 : 26 : mct_app_filter_is_flatpak_ref_allowed (MctAppFilter *filter,
266 : : const gchar *app_ref)
267 : : {
268 : 26 : g_return_val_if_fail (filter != NULL, FALSE);
269 : 26 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
270 : 26 : g_return_val_if_fail (app_ref != NULL, FALSE);
271 : 26 : g_return_val_if_fail (is_valid_flatpak_ref (app_ref), FALSE);
272 : :
273 : 26 : gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
274 : : app_ref);
275 : :
276 [ + + - ]: 26 : switch (filter->app_list_type)
277 : : {
278 : 24 : case MCT_APP_FILTER_LIST_BLOCKLIST:
279 : 24 : return !ref_in_list;
280 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
281 : 2 : return ref_in_list;
282 : 0 : default:
283 : : g_assert_not_reached ();
284 : : }
285 : : }
286 : :
287 : : /**
288 : : * mct_app_filter_is_flatpak_app_allowed:
289 : : * @filter: an #MctAppFilter
290 : : * @app_id: flatpak ID for the app, for example `org.gnome.Builder`
291 : : *
292 : : * Check whether the flatpak app with the given @app_id is allowed to be run
293 : : * according to this app filter. This is a globbing match, matching @app_id
294 : : * against potentially multiple entries in the blocklist, as the blocklist
295 : : * contains flatpak refs (for example, `app/org.gnome.Builder/x86_64/master`)
296 : : * which contain architecture and branch information. App IDs (for example,
297 : : * `org.gnome.Builder`) do not contain architecture or branch information.
298 : : *
299 : : * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
300 : : * flatpak called @app_id according to the @filter policy; %FALSE otherwise
301 : : * Since: 0.2.0
302 : : */
303 : : gboolean
304 : 53 : mct_app_filter_is_flatpak_app_allowed (MctAppFilter *filter,
305 : : const gchar *app_id)
306 : : {
307 : 53 : g_return_val_if_fail (filter != NULL, FALSE);
308 : 53 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
309 : 53 : g_return_val_if_fail (app_id != NULL, FALSE);
310 : :
311 : 53 : gsize app_id_len = strlen (app_id);
312 : :
313 : 53 : gboolean id_in_list = FALSE;
314 [ + + ]: 150 : for (gsize i = 0; filter->app_list[i] != NULL; i++)
315 : : {
316 [ + + ]: 113 : if (is_valid_flatpak_ref (filter->app_list[i]) &&
317 [ + - - + : 43 : g_str_has_prefix (filter->app_list[i], "app/") &&
+ - + - ]
318 [ + + ]: 43 : strncmp (filter->app_list[i] + strlen ("app/"), app_id, app_id_len) == 0 &&
319 [ + - ]: 16 : filter->app_list[i][strlen ("app/") + app_id_len] == '/')
320 : : {
321 : 16 : id_in_list = TRUE;
322 : 16 : break;
323 : : }
324 : : }
325 : :
326 [ + + - ]: 53 : switch (filter->app_list_type)
327 : : {
328 : 50 : case MCT_APP_FILTER_LIST_BLOCKLIST:
329 : 50 : return !id_in_list;
330 : 3 : case MCT_APP_FILTER_LIST_ALLOWLIST:
331 : 3 : return id_in_list;
332 : 0 : default:
333 : : g_assert_not_reached ();
334 : : }
335 : : }
336 : :
337 : : /* Implement folding of the results of applying the app filter to multiple keys
338 : : * of a #GAppInfo, including short circuiting. If the app filter is a blocklist,
339 : : * we want to short circuit return blocked on the first key which is blocked;
340 : : * otherwise continue to checking the next key. Similarly, if the app filter is
341 : : * an allowlist, we want to short circuit return *allowed* on the first key
342 : : * which is allowed; otherwise continue to checking the next key.
343 : : *
344 : : * @allowed is the result of an app filter check against a single key.
345 : : * The return value from this function indicates whether to short circuit, i.e.
346 : : * whether to return control flow immediately after this function returns. The
347 : : * result of the fold is returned as @allowed_out.
348 : : *
349 : : * The base case for if all keys have been checked and nothing has been allowed
350 : : * or blocked so far is filter_fold_base(). */
351 : : static gboolean
352 : 64 : filter_fold_should_short_circuit (MctAppFilter *filter,
353 : : gboolean allowed,
354 : : gboolean *allowed_out)
355 : : {
356 [ + - - ]: 64 : switch (filter->app_list_type)
357 : : {
358 : 64 : case MCT_APP_FILTER_LIST_BLOCKLIST:
359 [ + + ]: 64 : if (!allowed)
360 : : {
361 : 12 : *allowed_out = FALSE;
362 : 12 : return TRUE;
363 : : }
364 : 52 : break;
365 : 0 : case MCT_APP_FILTER_LIST_ALLOWLIST:
366 [ # # ]: 0 : if (allowed)
367 : : {
368 : 0 : *allowed_out = TRUE;
369 : 0 : return TRUE;
370 : : }
371 : 0 : break;
372 : 0 : default:
373 : : g_assert_not_reached ();
374 : : }
375 : :
376 : 52 : return FALSE;
377 : : }
378 : :
379 : : static gboolean
380 : 14 : filter_fold_base (MctAppFilter *filter)
381 : : {
382 [ + - - ]: 14 : switch (filter->app_list_type)
383 : : {
384 : 14 : case MCT_APP_FILTER_LIST_BLOCKLIST:
385 : 14 : return TRUE;
386 : 0 : case MCT_APP_FILTER_LIST_ALLOWLIST:
387 : 0 : return FALSE;
388 : 0 : default:
389 : : g_assert_not_reached ();
390 : : }
391 : : }
392 : :
393 : : /**
394 : : * mct_app_filter_is_appinfo_allowed:
395 : : * @filter: an #MctAppFilter
396 : : * @app_info: (transfer none): application information
397 : : *
398 : : * Check whether the app with the given @app_info is allowed to be run
399 : : * according to this app filter. This matches on multiple keys potentially
400 : : * present in the #GAppInfo, including the path of the executable.
401 : : *
402 : : * If the appfilter is a blocklist, the @app_info is blocked if any of its
403 : : * keys are blocked. If the appfilter is an allowlist, the @app_info is allowed
404 : : * if any of its keys are allowed.
405 : : *
406 : : * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
407 : : * app represented by @app_info according to the @filter policy; %FALSE
408 : : * otherwise
409 : : * Since: 0.2.0
410 : : */
411 : : gboolean
412 : 26 : mct_app_filter_is_appinfo_allowed (MctAppFilter *filter,
413 : : GAppInfo *app_info)
414 : : {
415 : : const char *exec;
416 : 26 : g_autofree gchar *abs_path = NULL;
417 : 26 : const gchar * const *types = NULL;
418 : 26 : gboolean retval = FALSE;
419 : :
420 : 26 : g_return_val_if_fail (filter != NULL, FALSE);
421 : 26 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
422 : 26 : g_return_val_if_fail (G_IS_APP_INFO (app_info), FALSE);
423 : :
424 : 26 : exec = g_app_info_get_executable (app_info);
425 [ + - ]: 26 : abs_path = (exec != NULL) ? g_find_program_in_path (exec) : NULL;
426 : :
427 [ + - + + ]: 52 : if (abs_path != NULL &&
428 : 26 : filter_fold_should_short_circuit (filter,
429 : : mct_app_filter_is_path_allowed (filter, abs_path),
430 : : &retval))
431 : 2 : return retval;
432 : :
433 : 24 : types = g_app_info_get_supported_types (app_info);
434 [ + + + + ]: 36 : for (gsize i = 0; types != NULL && types[i] != NULL; i++)
435 : : {
436 [ + + ]: 16 : if (filter_fold_should_short_circuit (filter,
437 : 16 : mct_app_filter_is_content_type_allowed (filter, types[i]),
438 : : &retval))
439 : 4 : return retval;
440 : : }
441 : :
442 [ - + + - : 20 : if (G_IS_DESKTOP_APP_INFO (app_info))
+ - + - ]
443 : : {
444 [ + + ]: 20 : g_autofree gchar *flatpak_app = NULL;
445 [ + + ]: 20 : g_autofree gchar *old_flatpak_apps_str = NULL;
446 : :
447 : : /* This gives `org.gnome.Builder`. */
448 : 20 : flatpak_app = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak");
449 [ + + ]: 20 : if (flatpak_app != NULL)
450 : 10 : flatpak_app = g_strstrip (flatpak_app);
451 : :
452 [ + + + + ]: 30 : if (flatpak_app != NULL &&
453 : 10 : filter_fold_should_short_circuit (filter,
454 : : mct_app_filter_is_flatpak_app_allowed (filter, flatpak_app),
455 : : &retval))
456 : 2 : return retval;
457 : :
458 : : /* FIXME: This could do with the g_desktop_app_info_get_string_list() API
459 : : * from GLib 2.60. Gives `gimp.desktop;org.gimp.Gimp.desktop;`. */
460 : 18 : old_flatpak_apps_str = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak-RenamedFrom");
461 [ + + ]: 18 : if (old_flatpak_apps_str != NULL)
462 : : {
463 [ + + ]: 24 : g_auto(GStrv) old_flatpak_apps = g_strsplit (old_flatpak_apps_str, ";", -1);
464 : :
465 [ + + ]: 26 : for (gsize i = 0; old_flatpak_apps[i] != NULL; i++)
466 : : {
467 : 18 : gchar *old_flatpak_app = g_strstrip (old_flatpak_apps[i]);
468 : :
469 [ + - - + : 18 : if (g_str_has_suffix (old_flatpak_app, ".desktop"))
+ + + + ]
470 : 4 : old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0';
471 : 18 : old_flatpak_app = g_strstrip (old_flatpak_app);
472 : :
473 [ + + + + ]: 30 : if (*old_flatpak_app != '\0' &&
474 : 12 : filter_fold_should_short_circuit (filter,
475 : : mct_app_filter_is_flatpak_app_allowed (filter, old_flatpak_app),
476 : : &retval))
477 : 4 : return retval;
478 : : }
479 : : }
480 : : }
481 : :
482 : 14 : return filter_fold_base (filter);
483 : : }
484 : :
485 : : /* Check whether a given @content_type is valid.
486 : : *
487 : : * For simplicity this method will only check whether:
488 : : * - the @content_type contains exactly 1 slash char
489 : : * - the @content_type does not start with a slash char
490 : : * - the type and subtype components of the @content_type are not empty
491 : : */
492 : : static gboolean
493 : 58 : is_valid_content_type (const gchar *content_type)
494 : : {
495 : 58 : g_auto(GStrv) parts = NULL;
496 : :
497 [ - + ]: 58 : if (content_type == NULL)
498 : 0 : return FALSE;
499 : :
500 : 58 : parts = g_strsplit (content_type, "/", 0);
501 : 58 : return (g_strv_length (parts) == 2 &&
502 [ + - + - ]: 116 : *parts[0] != '\0' &&
503 [ + - ]: 58 : *parts[1] != '\0');
504 : : }
505 : :
506 : : /**
507 : : * mct_app_filter_is_content_type_allowed:
508 : : * @filter: an #MctAppFilter
509 : : * @content_type: content type to check
510 : : *
511 : : * Check whether apps handling the given @content_type are allowed to be run
512 : : * according to this app filter.
513 : : *
514 : : * Note that this method doesn’t match content subtypes. For example, if
515 : : * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
516 : : * a check for whether `application/xspf+xml` is blocklisted would return false.
517 : : *
518 : : * Returns: %TRUE if the user this @filter corresponds to is allowed to run
519 : : * programs handling @content_type according to the @filter policy;
520 : : * %FALSE otherwise
521 : : * Since: 0.4.0
522 : : */
523 : : gboolean
524 : 44 : mct_app_filter_is_content_type_allowed (MctAppFilter *filter,
525 : : const gchar *content_type)
526 : : {
527 : 44 : g_return_val_if_fail (filter != NULL, FALSE);
528 : 44 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
529 : 44 : g_return_val_if_fail (content_type != NULL, FALSE);
530 : 44 : g_return_val_if_fail (is_valid_content_type (content_type), FALSE);
531 : :
532 : 44 : gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
533 : : content_type);
534 : :
535 [ + + - ]: 44 : switch (filter->app_list_type)
536 : : {
537 : 42 : case MCT_APP_FILTER_LIST_BLOCKLIST:
538 : 42 : return !ref_in_list;
539 : 2 : case MCT_APP_FILTER_LIST_ALLOWLIST:
540 : 2 : return ref_in_list;
541 : 0 : default:
542 : : g_assert_not_reached ();
543 : : }
544 : : }
545 : :
546 : : static gint
547 : 6 : strcmp_cb (gconstpointer a,
548 : : gconstpointer b)
549 : : {
550 : 6 : const gchar *str_a = *((const gchar * const *) a);
551 : 6 : const gchar *str_b = *((const gchar * const *) b);
552 : :
553 : 6 : return g_strcmp0 (str_a, str_b);
554 : : }
555 : :
556 : : /**
557 : : * mct_app_filter_get_oars_sections:
558 : : * @filter: an #MctAppFilter
559 : : *
560 : : * List the OARS sections present in this app filter. The sections are returned
561 : : * in lexicographic order. A section will be listed even if its stored value is
562 : : * %MCT_APP_FILTER_OARS_VALUE_UNKNOWN. The returned list may be empty.
563 : : *
564 : : * Returns: (transfer container) (array zero-terminated=1): %NULL-terminated
565 : : * array of OARS sections
566 : : * Since: 0.2.0
567 : : */
568 : : const gchar **
569 : 13 : mct_app_filter_get_oars_sections (MctAppFilter *filter)
570 : : {
571 : 26 : g_autoptr(GPtrArray) sections = g_ptr_array_new_with_free_func (NULL);
572 : : GVariantIter iter;
573 : : const gchar *oars_section;
574 : :
575 : 13 : g_return_val_if_fail (filter != NULL, NULL);
576 : 13 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
577 : :
578 : 13 : g_variant_iter_init (&iter, filter->oars_ratings);
579 : :
580 [ + + ]: 25 : while (g_variant_iter_loop (&iter, "{&s&s}", &oars_section, NULL))
581 : 12 : g_ptr_array_add (sections, (gpointer) oars_section);
582 : :
583 : : /* Sort alphabetically for easier comparisons later. */
584 : 13 : g_ptr_array_sort (sections, strcmp_cb);
585 : :
586 : 13 : g_ptr_array_add (sections, NULL); /* NULL terminator */
587 : :
588 : 13 : return (const gchar **) g_ptr_array_free (g_steal_pointer (§ions), FALSE);
589 : : }
590 : :
591 : : /**
592 : : * mct_app_filter_get_oars_value:
593 : : * @filter: an #MctAppFilter
594 : : * @oars_section: name of the OARS section to get the value from
595 : : *
596 : : * Get the value assigned to the given @oars_section in the OARS filter stored
597 : : * within @filter. If that section has no value explicitly defined,
598 : : * %MCT_APP_FILTER_OARS_VALUE_UNKNOWN is returned.
599 : : *
600 : : * This value is the most intense value allowed for apps to have in this
601 : : * section, inclusive. Any app with a more intense value for this section must
602 : : * be hidden from the user whose @filter this is.
603 : : *
604 : : * This does not factor in mct_app_filter_is_system_installation_allowed().
605 : : *
606 : : * Returns: an #MctAppFilterOarsValue
607 : : * Since: 0.2.0
608 : : */
609 : : MctAppFilterOarsValue
610 : 43 : mct_app_filter_get_oars_value (MctAppFilter *filter,
611 : : const gchar *oars_section)
612 : : {
613 : : const gchar *value_str;
614 : :
615 : 43 : g_return_val_if_fail (filter != NULL, MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
616 : 43 : g_return_val_if_fail (filter->ref_count >= 1,
617 : : MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
618 : 43 : g_return_val_if_fail (oars_section != NULL && *oars_section != '\0',
619 : : MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
620 : :
621 [ + + ]: 43 : if (!g_variant_lookup (filter->oars_ratings, oars_section, "&s", &value_str))
622 : 26 : return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
623 : :
624 : 17 : return oars_str_to_enum (value_str);
625 : : }
626 : :
627 : : /**
628 : : * mct_app_filter_is_user_installation_allowed:
629 : : * @filter: an #MctAppFilter
630 : : *
631 : : * Get whether the user is allowed to install to their flatpak user repository.
632 : : * This should be queried in addition to the OARS values
633 : : * (mct_app_filter_get_oars_value()) — if it returns %FALSE, the OARS values
634 : : * should be ignored and app installation should be unconditionally disallowed.
635 : : *
636 : : * Returns: %TRUE if app installation is allowed to the user repository for
637 : : * this user; %FALSE if it is unconditionally disallowed for this user
638 : : * Since: 0.2.0
639 : : */
640 : : gboolean
641 : 17 : mct_app_filter_is_user_installation_allowed (MctAppFilter *filter)
642 : : {
643 : 17 : g_return_val_if_fail (filter != NULL, FALSE);
644 : 17 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
645 : :
646 : 17 : return filter->allow_user_installation;
647 : : }
648 : :
649 : : /**
650 : : * mct_app_filter_is_system_installation_allowed:
651 : : * @filter: an #MctAppFilter
652 : : *
653 : : * Get whether the user is allowed to install to the flatpak system repository.
654 : : * This should be queried in addition to the OARS values
655 : : * (mct_app_filter_get_oars_value()) — if it returns %FALSE, the OARS values
656 : : * should be ignored and app installation should be unconditionally disallowed.
657 : : *
658 : : * Returns: %TRUE if app installation is allowed to the system repository for
659 : : * this user; %FALSE if it is unconditionally disallowed for this user
660 : : * Since: 0.2.0
661 : : */
662 : : gboolean
663 : 17 : mct_app_filter_is_system_installation_allowed (MctAppFilter *filter)
664 : : {
665 : 17 : g_return_val_if_fail (filter != NULL, FALSE);
666 : 17 : g_return_val_if_fail (filter->ref_count >= 1, FALSE);
667 : :
668 : 17 : return filter->allow_system_installation;
669 : : }
670 : :
671 : : /**
672 : : * _mct_app_filter_build_app_filter_variant:
673 : : * @filter: an #MctAppFilter
674 : : *
675 : : * Build a #GVariant which contains the app filter from @filter, in the format
676 : : * used for storing it in AccountsService.
677 : : *
678 : : * Returns: (transfer floating): a new, floating #GVariant containing the app
679 : : * filter
680 : : */
681 : : static GVariant *
682 : 11 : _mct_app_filter_build_app_filter_variant (MctAppFilter *filter)
683 : : {
684 : 22 : g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("(bas)"));
685 : :
686 : 11 : g_return_val_if_fail (filter != NULL, NULL);
687 : 11 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
688 : :
689 : 11 : g_variant_builder_add (&builder, "b",
690 : 11 : (filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST));
691 : 11 : g_variant_builder_open (&builder, G_VARIANT_TYPE ("as"));
692 : :
693 [ + + ]: 19 : for (gsize i = 0; filter->app_list[i] != NULL; i++)
694 : 8 : g_variant_builder_add (&builder, "s", filter->app_list[i]);
695 : :
696 : 11 : g_variant_builder_close (&builder);
697 : :
698 : 11 : return g_variant_builder_end (&builder);
699 : : }
700 : :
701 : : /**
702 : : * mct_app_filter_serialize:
703 : : * @filter: an #MctAppFilter
704 : : *
705 : : * Build a #GVariant which contains the app filter from @filter, in an opaque
706 : : * variant format. This format may change in future, but
707 : : * mct_app_filter_deserialize() is guaranteed to always be able to load any
708 : : * variant produced by the current or any previous version of
709 : : * mct_app_filter_serialize().
710 : : *
711 : : * Returns: (transfer floating): a new, floating #GVariant containing the app
712 : : * filter
713 : : * Since: 0.7.0
714 : : */
715 : : GVariant *
716 : 11 : mct_app_filter_serialize (MctAppFilter *filter)
717 : : {
718 : 22 : g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{sv}"));
719 : :
720 : 11 : g_return_val_if_fail (filter != NULL, NULL);
721 : 11 : g_return_val_if_fail (filter->ref_count >= 1, NULL);
722 : :
723 : : /* The serialisation format is exactly the
724 : : * `com.endlessm.ParentalControls.AppFilter` D-Bus interface. */
725 : 11 : g_variant_builder_add (&builder, "{sv}", "AppFilter",
726 : : _mct_app_filter_build_app_filter_variant (filter));
727 : 11 : g_variant_builder_add (&builder, "{sv}", "OarsFilter",
728 : : g_variant_new ("(s@a{ss})", "oars-1.1",
729 : : filter->oars_ratings));
730 : 11 : g_variant_builder_add (&builder, "{sv}", "AllowUserInstallation",
731 : : g_variant_new_boolean (filter->allow_user_installation));
732 : 11 : g_variant_builder_add (&builder, "{sv}", "AllowSystemInstallation",
733 : : g_variant_new_boolean (filter->allow_system_installation));
734 : :
735 : 11 : return g_variant_builder_end (&builder);
736 : : }
737 : :
738 : : /**
739 : : * mct_app_filter_deserialize:
740 : : * @variant: a serialized app filter variant
741 : : * @user_id: the ID of the user the app filter relates to
742 : : * @error: return location for a #GError, or %NULL
743 : : *
744 : : * Deserialize an app filter previously serialized with
745 : : * mct_app_filter_serialize(). This function guarantees to be able to
746 : : * deserialize any serialized form from this version or older versions of
747 : : * libmalcontent.
748 : : *
749 : : * If deserialization fails, %MCT_MANAGER_ERROR_INVALID_DATA will be returned.
750 : : *
751 : : * Returns: (transfer full): deserialized app filter
752 : : * Since: 0.7.0
753 : : */
754 : : MctAppFilter *
755 : 61 : mct_app_filter_deserialize (GVariant *variant,
756 : : uid_t user_id,
757 : : GError **error)
758 : : {
759 : : gboolean is_allowlist;
760 : 61 : g_auto(GStrv) app_list = NULL;
761 : : const gchar *content_rating_kind;
762 : 61 : g_autoptr(GVariant) oars_variant = NULL;
763 : : gboolean allow_user_installation;
764 : : gboolean allow_system_installation;
765 : 61 : g_autoptr(MctAppFilter) app_filter = NULL;
766 : :
767 : 61 : g_return_val_if_fail (variant != NULL, NULL);
768 : 61 : g_return_val_if_fail (error == NULL || *error == NULL, NULL);
769 : :
770 : : /* Check the overall type. */
771 [ + + ]: 61 : if (!g_variant_is_of_type (variant, G_VARIANT_TYPE ("a{sv}")))
772 : : {
773 : 4 : g_set_error (error, MCT_MANAGER_ERROR,
774 : : MCT_MANAGER_ERROR_INVALID_DATA,
775 : : _("App filter for user %u was in an unrecognized format"),
776 : : (guint) user_id);
777 : 4 : return NULL;
778 : : }
779 : :
780 : : /* Extract the properties we care about. The default values here should be
781 : : * kept in sync with those in the `com.endlessm.ParentalControls.AppFilter`
782 : : * D-Bus interface. */
783 [ + + ]: 57 : if (!g_variant_lookup (variant, "AppFilter", "(b^as)",
784 : : &is_allowlist, &app_list))
785 : : {
786 : : /* Default value. */
787 : 40 : is_allowlist = FALSE;
788 : 40 : app_list = g_new0 (gchar *, 1);
789 : : }
790 : :
791 [ + + ]: 57 : if (!g_variant_lookup (variant, "OarsFilter", "(&s@a{ss})",
792 : : &content_rating_kind, &oars_variant))
793 : : {
794 : : /* Default value. */
795 : 33 : content_rating_kind = "oars-1.1";
796 : 33 : oars_variant = g_variant_new ("a{ss}", NULL);
797 : : }
798 : :
799 : : /* Check that the OARS filter is in a format we support. Currently, that’s
800 : : * only oars-1.0 and oars-1.1. */
801 [ + - ]: 57 : if (!g_str_equal (content_rating_kind, "oars-1.0") &&
802 [ + + ]: 57 : !g_str_equal (content_rating_kind, "oars-1.1"))
803 : : {
804 : 2 : g_set_error (error, MCT_MANAGER_ERROR,
805 : : MCT_MANAGER_ERROR_INVALID_DATA,
806 : : _("OARS filter for user %u has an unrecognized kind ‘%s’"),
807 : : (guint) user_id, content_rating_kind);
808 : 2 : return NULL;
809 : : }
810 : :
811 [ + + ]: 55 : if (!g_variant_lookup (variant, "AllowUserInstallation", "b",
812 : : &allow_user_installation))
813 : : {
814 : : /* Default value. */
815 : 43 : allow_user_installation = TRUE;
816 : : }
817 : :
818 [ + + ]: 55 : if (!g_variant_lookup (variant, "AllowSystemInstallation", "b",
819 : : &allow_system_installation))
820 : : {
821 : : /* Default value. */
822 : 43 : allow_system_installation = FALSE;
823 : : }
824 : :
825 : : /* Success. Create an #MctAppFilter object to contain the results. */
826 : 55 : app_filter = g_new0 (MctAppFilter, 1);
827 : 55 : app_filter->ref_count = 1;
828 : 55 : app_filter->user_id = user_id;
829 : 55 : app_filter->app_list = g_steal_pointer (&app_list);
830 : 55 : app_filter->app_list_type =
831 : 55 : is_allowlist ? MCT_APP_FILTER_LIST_ALLOWLIST : MCT_APP_FILTER_LIST_BLOCKLIST;
832 : 55 : app_filter->oars_ratings = g_steal_pointer (&oars_variant);
833 : 55 : app_filter->allow_user_installation = allow_user_installation;
834 : 55 : app_filter->allow_system_installation = allow_system_installation;
835 : :
836 : 55 : return g_steal_pointer (&app_filter);
837 : : }
838 : :
839 : : /**
840 : : * mct_app_filter_equal:
841 : : * @a: (not nullable): an #MctAppFilter
842 : : * @b: (not nullable): an #MctAppFilter
843 : : *
844 : : * Check whether app filters @a and @b are equal.
845 : : *
846 : : * Returns: %TRUE if @a and @b are equal, %FALSE otherwise
847 : : * Since: 0.10.0
848 : : */
849 : : gboolean
850 : 78 : mct_app_filter_equal (MctAppFilter *a,
851 : : MctAppFilter *b)
852 : : {
853 : 78 : g_return_val_if_fail (a != NULL, FALSE);
854 : 78 : g_return_val_if_fail (a->ref_count >= 1, FALSE);
855 : 78 : g_return_val_if_fail (b != NULL, FALSE);
856 : 78 : g_return_val_if_fail (b->ref_count >= 1, FALSE);
857 : :
858 : 136 : return (a->user_id == b->user_id &&
859 [ + + ]: 58 : a->app_list_type == b->app_list_type &&
860 [ + - ]: 42 : a->allow_user_installation == b->allow_user_installation &&
861 [ + + + + ]: 72 : a->allow_system_installation == b->allow_system_installation &&
862 [ + + + + ]: 166 : g_strv_equal ((const gchar * const *) a->app_list, (const gchar * const *) b->app_list) &&
863 : 22 : g_variant_equal (a->oars_ratings, b->oars_ratings));
864 : : }
865 : :
866 : : /*
867 : : * Actual implementation of #MctAppFilterBuilder.
868 : : *
869 : : * All members are %NULL if un-initialised, cleared, or ended.
870 : : */
871 : : typedef struct
872 : : {
873 : : GPtrArray *blocklist; /* (nullable) (owned) (element-type utf8) */
874 : : GHashTable *oars; /* (nullable) (owned) (element-type utf8 MctAppFilterOarsValue) */
875 : : gboolean allow_user_installation;
876 : : gboolean allow_system_installation;
877 : :
878 : : /*< private >*/
879 : : gpointer padding[2];
880 : : } MctAppFilterBuilderReal;
881 : :
882 : : G_STATIC_ASSERT (sizeof (MctAppFilterBuilderReal) ==
883 : : sizeof (MctAppFilterBuilder));
884 : : G_STATIC_ASSERT (__alignof__ (MctAppFilterBuilderReal) ==
885 : : __alignof__ (MctAppFilterBuilder));
886 : :
887 [ + - + - : 6 : G_DEFINE_BOXED_TYPE (MctAppFilterBuilder, mct_app_filter_builder,
+ - ]
888 : : mct_app_filter_builder_copy, mct_app_filter_builder_free)
889 : :
890 : : /**
891 : : * mct_app_filter_builder_init:
892 : : * @builder: an uninitialised #MctAppFilterBuilder
893 : : *
894 : : * Initialise the given @builder so it can be used to construct a new
895 : : * #MctAppFilter. @builder must have been allocated on the stack, and must not
896 : : * already be initialised.
897 : : *
898 : : * Construct the #MctAppFilter by calling methods on @builder, followed by
899 : : * mct_app_filter_builder_end(). To abort construction, use
900 : : * mct_app_filter_builder_clear().
901 : : *
902 : : * Since: 0.2.0
903 : : */
904 : : void
905 : 20 : mct_app_filter_builder_init (MctAppFilterBuilder *builder)
906 : : {
907 : 20 : MctAppFilterBuilder local_builder = MCT_APP_FILTER_BUILDER_INIT ();
908 : 20 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
909 : :
910 : 20 : g_return_if_fail (_builder != NULL);
911 : 20 : g_return_if_fail (_builder->blocklist == NULL);
912 : 20 : g_return_if_fail (_builder->oars == NULL);
913 : :
914 : 20 : memcpy (builder, &local_builder, sizeof (local_builder));
915 : : }
916 : :
917 : : /**
918 : : * mct_app_filter_builder_clear:
919 : : * @builder: an #MctAppFilterBuilder
920 : : *
921 : : * Clear @builder, freeing any internal state in it. This will not free the
922 : : * top-level storage for @builder itself, which is assumed to be allocated on
923 : : * the stack.
924 : : *
925 : : * If called on an already-cleared #MctAppFilterBuilder, this function is
926 : : * idempotent.
927 : : *
928 : : * Since: 0.2.0
929 : : */
930 : : void
931 : 78 : mct_app_filter_builder_clear (MctAppFilterBuilder *builder)
932 : : {
933 : 78 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
934 : :
935 : 78 : g_return_if_fail (_builder != NULL);
936 : :
937 [ + + ]: 78 : g_clear_pointer (&_builder->blocklist, g_ptr_array_unref);
938 [ + + ]: 78 : g_clear_pointer (&_builder->oars, g_hash_table_unref);
939 : : }
940 : :
941 : : /**
942 : : * mct_app_filter_builder_new:
943 : : *
944 : : * Construct a new #MctAppFilterBuilder on the heap. This is intended for
945 : : * language bindings. The returned builder must eventually be freed with
946 : : * mct_app_filter_builder_free(), but can be cleared zero or more times with
947 : : * mct_app_filter_builder_clear() first.
948 : : *
949 : : * Returns: (transfer full): a new heap-allocated #MctAppFilterBuilder
950 : : * Since: 0.2.0
951 : : */
952 : : MctAppFilterBuilder *
953 : 12 : mct_app_filter_builder_new (void)
954 : : {
955 : 12 : g_autoptr(MctAppFilterBuilder) builder = NULL;
956 : :
957 : 12 : builder = g_new0 (MctAppFilterBuilder, 1);
958 : 12 : mct_app_filter_builder_init (builder);
959 : :
960 : 12 : return g_steal_pointer (&builder);
961 : : }
962 : :
963 : : /**
964 : : * mct_app_filter_builder_copy:
965 : : * @builder: an #MctAppFilterBuilder
966 : : *
967 : : * Copy the given @builder to a newly-allocated #MctAppFilterBuilder on the
968 : : * heap. This is safe to use with cleared, stack-allocated
969 : : * #MctAppFilterBuilders.
970 : : *
971 : : * Returns: (transfer full): a copy of @builder
972 : : * Since: 0.2.0
973 : : */
974 : : MctAppFilterBuilder *
975 : 4 : mct_app_filter_builder_copy (MctAppFilterBuilder *builder)
976 : : {
977 : 4 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
978 : 4 : g_autoptr(MctAppFilterBuilder) copy = NULL;
979 : : MctAppFilterBuilderReal *_copy;
980 : :
981 : 4 : g_return_val_if_fail (builder != NULL, NULL);
982 : :
983 : 4 : copy = mct_app_filter_builder_new ();
984 : 4 : _copy = (MctAppFilterBuilderReal *) copy;
985 : :
986 : 4 : mct_app_filter_builder_clear (copy);
987 [ + + ]: 4 : if (_builder->blocklist != NULL)
988 : 2 : _copy->blocklist = g_ptr_array_ref (_builder->blocklist);
989 [ + + ]: 4 : if (_builder->oars != NULL)
990 : 2 : _copy->oars = g_hash_table_ref (_builder->oars);
991 : 4 : _copy->allow_user_installation = _builder->allow_user_installation;
992 : 4 : _copy->allow_system_installation = _builder->allow_system_installation;
993 : :
994 : 4 : return g_steal_pointer (©);
995 : : }
996 : :
997 : : /**
998 : : * mct_app_filter_builder_free:
999 : : * @builder: a heap-allocated #MctAppFilterBuilder
1000 : : *
1001 : : * Free an #MctAppFilterBuilder originally allocated using
1002 : : * mct_app_filter_builder_new(). This must not be called on stack-allocated
1003 : : * builders initialised using mct_app_filter_builder_init().
1004 : : *
1005 : : * Since: 0.2.0
1006 : : */
1007 : : void
1008 : 12 : mct_app_filter_builder_free (MctAppFilterBuilder *builder)
1009 : : {
1010 : 12 : g_return_if_fail (builder != NULL);
1011 : :
1012 : 12 : mct_app_filter_builder_clear (builder);
1013 : 12 : g_free (builder);
1014 : : }
1015 : :
1016 : : /**
1017 : : * mct_app_filter_builder_end:
1018 : : * @builder: an initialised #MctAppFilterBuilder
1019 : : *
1020 : : * Finish constructing an #MctAppFilter with the given @builder, and return it.
1021 : : * The #MctAppFilterBuilder will be cleared as if mct_app_filter_builder_clear()
1022 : : * had been called.
1023 : : *
1024 : : * Returns: (transfer full): a newly constructed #MctAppFilter
1025 : : * Since: 0.2.0
1026 : : */
1027 : : MctAppFilter *
1028 : 35 : mct_app_filter_builder_end (MctAppFilterBuilder *builder)
1029 : : {
1030 : 35 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1031 : 35 : g_autoptr(MctAppFilter) app_filter = NULL;
1032 : 70 : g_auto(GVariantBuilder) oars_builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{ss}"));
1033 : : GHashTableIter iter;
1034 : : gpointer key, value;
1035 : 35 : g_autoptr(GVariant) oars_variant = NULL;
1036 : :
1037 : 35 : g_return_val_if_fail (_builder != NULL, NULL);
1038 : 35 : g_return_val_if_fail (_builder->blocklist != NULL, NULL);
1039 : 35 : g_return_val_if_fail (_builder->oars != NULL, NULL);
1040 : :
1041 : : /* Ensure the paths list is %NULL-terminated. */
1042 : 35 : g_ptr_array_add (_builder->blocklist, NULL);
1043 : :
1044 : : /* Build the OARS variant. */
1045 : 35 : g_hash_table_iter_init (&iter, _builder->oars);
1046 [ + + ]: 49 : while (g_hash_table_iter_next (&iter, &key, &value))
1047 : : {
1048 : 14 : const gchar *oars_section = key;
1049 : 14 : MctAppFilterOarsValue oars_value = GPOINTER_TO_INT (value);
1050 : 14 : const gchar *oars_value_strs[] =
1051 : : {
1052 : : NULL, /* MCT_APP_FILTER_OARS_VALUE_UNKNOWN */
1053 : : "none",
1054 : : "mild",
1055 : : "moderate",
1056 : : "intense",
1057 : : };
1058 : :
1059 : 14 : g_assert ((int) oars_value >= 0 &&
1060 : : (int) oars_value < (int) G_N_ELEMENTS (oars_value_strs));
1061 : :
1062 [ + - ]: 14 : if (oars_value_strs[oars_value] != NULL)
1063 : 14 : g_variant_builder_add (&oars_builder, "{ss}",
1064 : : oars_section, oars_value_strs[oars_value]);
1065 : : }
1066 : :
1067 : 35 : oars_variant = g_variant_ref_sink (g_variant_builder_end (&oars_builder));
1068 : :
1069 : : /* Build the #MctAppFilter. */
1070 : 35 : app_filter = g_new0 (MctAppFilter, 1);
1071 : 35 : app_filter->ref_count = 1;
1072 : 35 : app_filter->user_id = -1;
1073 : 35 : app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->blocklist), FALSE);
1074 : 35 : app_filter->app_list_type = MCT_APP_FILTER_LIST_BLOCKLIST;
1075 : 35 : app_filter->oars_ratings = g_steal_pointer (&oars_variant);
1076 : 35 : app_filter->allow_user_installation = _builder->allow_user_installation;
1077 : 35 : app_filter->allow_system_installation = _builder->allow_system_installation;
1078 : :
1079 : 35 : mct_app_filter_builder_clear (builder);
1080 : :
1081 : 35 : return g_steal_pointer (&app_filter);
1082 : : }
1083 : :
1084 : : /**
1085 : : * mct_app_filter_builder_blocklist_path:
1086 : : * @builder: an initialised #MctAppFilterBuilder
1087 : : * @path: (type filename): an absolute path to blocklist
1088 : : *
1089 : : * Add @path to the blocklist of app paths in the filter under construction. It
1090 : : * will be canonicalised (without doing any I/O) before being added.
1091 : : * The canonicalised @path will not be added again if it’s already been added.
1092 : : *
1093 : : * Since: 0.2.0
1094 : : */
1095 : : void
1096 : 22 : mct_app_filter_builder_blocklist_path (MctAppFilterBuilder *builder,
1097 : : const gchar *path)
1098 : : {
1099 : 22 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1100 : :
1101 : 22 : g_return_if_fail (_builder != NULL);
1102 : 22 : g_return_if_fail (_builder->blocklist != NULL);
1103 : 22 : g_return_if_fail (path != NULL);
1104 : 22 : g_return_if_fail (g_path_is_absolute (path));
1105 : :
1106 [ + - ]: 44 : g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
1107 [ + - ]: 44 : g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
1108 : : NULL, NULL, NULL);
1109 : 22 : g_return_if_fail (canonical_path_utf8 != NULL);
1110 : :
1111 [ + - ]: 22 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1112 : : canonical_path_utf8, g_str_equal, NULL))
1113 : 22 : g_ptr_array_add (_builder->blocklist, g_steal_pointer (&canonical_path_utf8));
1114 : : }
1115 : :
1116 : : /**
1117 : : * mct_app_filter_builder_blocklist_flatpak_ref:
1118 : : * @builder: an initialised #MctAppFilterBuilder
1119 : : * @app_ref: a flatpak app ref to blocklist
1120 : : *
1121 : : * Add @app_ref to the blocklist of flatpak refs in the filter under
1122 : : * construction. The @app_ref will not be added again if it’s already been
1123 : : * added.
1124 : : *
1125 : : * Since: 0.2.0
1126 : : */
1127 : : void
1128 : 10 : mct_app_filter_builder_blocklist_flatpak_ref (MctAppFilterBuilder *builder,
1129 : : const gchar *app_ref)
1130 : : {
1131 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1132 : :
1133 : 10 : g_return_if_fail (_builder != NULL);
1134 : 10 : g_return_if_fail (_builder->blocklist != NULL);
1135 : 10 : g_return_if_fail (app_ref != NULL);
1136 : 10 : g_return_if_fail (is_valid_flatpak_ref (app_ref));
1137 : :
1138 [ + - ]: 10 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1139 : : app_ref, g_str_equal, NULL))
1140 : 10 : g_ptr_array_add (_builder->blocklist, g_strdup (app_ref));
1141 : : }
1142 : :
1143 : : /**
1144 : : * mct_app_filter_builder_blocklist_content_type:
1145 : : * @builder: an initialised #MctAppFilterBuilder
1146 : : * @content_type: a content type to blocklist
1147 : : *
1148 : : * Add @content_type to the blocklist of content types in the filter under
1149 : : * construction. The @content_type will not be added again if it’s already been
1150 : : * added.
1151 : : *
1152 : : * Note that this method doesn’t handle content subtypes. For example, if
1153 : : * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
1154 : : * a check for whether `application/xspf+xml` is blocklisted would return false.
1155 : : *
1156 : : * Since: 0.4.0
1157 : : */
1158 : : void
1159 : 14 : mct_app_filter_builder_blocklist_content_type (MctAppFilterBuilder *builder,
1160 : : const gchar *content_type)
1161 : : {
1162 : 14 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1163 : :
1164 : 14 : g_return_if_fail (_builder != NULL);
1165 : 14 : g_return_if_fail (_builder->blocklist != NULL);
1166 : 14 : g_return_if_fail (content_type != NULL);
1167 : 14 : g_return_if_fail (is_valid_content_type (content_type));
1168 : :
1169 [ + - ]: 14 : if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
1170 : : content_type, g_str_equal, NULL))
1171 : 14 : g_ptr_array_add (_builder->blocklist, g_strdup (content_type));
1172 : : }
1173 : :
1174 : : /**
1175 : : * mct_app_filter_builder_set_oars_value:
1176 : : * @builder: an initialised #MctAppFilterBuilder
1177 : : * @oars_section: name of the OARS section to set the value for
1178 : : * @value: value to set for the @oars_section
1179 : : *
1180 : : * Set the OARS value for the given @oars_section, indicating the intensity of
1181 : : * content covered by that section which the user is allowed to see (inclusive).
1182 : : * Any apps which have more intense content in this section should not be usable
1183 : : * by the user.
1184 : : *
1185 : : * Since: 0.2.0
1186 : : */
1187 : : void
1188 : 14 : mct_app_filter_builder_set_oars_value (MctAppFilterBuilder *builder,
1189 : : const gchar *oars_section,
1190 : : MctAppFilterOarsValue value)
1191 : : {
1192 : 14 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1193 : :
1194 : 14 : g_return_if_fail (_builder != NULL);
1195 : 14 : g_return_if_fail (_builder->oars != NULL);
1196 : 14 : g_return_if_fail (oars_section != NULL && *oars_section != '\0');
1197 : :
1198 : 14 : g_hash_table_insert (_builder->oars, g_strdup (oars_section),
1199 : 14 : GUINT_TO_POINTER (value));
1200 : : }
1201 : :
1202 : : /**
1203 : : * mct_app_filter_builder_set_allow_user_installation:
1204 : : * @builder: an initialised #MctAppFilterBuilder
1205 : : * @allow_user_installation: %TRUE to allow app installation; %FALSE to
1206 : : * unconditionally disallow it
1207 : : *
1208 : : * Set whether the user is allowed to install to their flatpak user repository.
1209 : : * If this is %TRUE, app installation is still subject to the OARS values
1210 : : * (mct_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
1211 : : * is unconditionally disallowed for this user.
1212 : : *
1213 : : * Since: 0.2.0
1214 : : */
1215 : : void
1216 : 10 : mct_app_filter_builder_set_allow_user_installation (MctAppFilterBuilder *builder,
1217 : : gboolean allow_user_installation)
1218 : : {
1219 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1220 : :
1221 : 10 : g_return_if_fail (_builder != NULL);
1222 : :
1223 : 10 : _builder->allow_user_installation = allow_user_installation;
1224 : : }
1225 : :
1226 : : /**
1227 : : * mct_app_filter_builder_set_allow_system_installation:
1228 : : * @builder: an initialised #MctAppFilterBuilder
1229 : : * @allow_system_installation: %TRUE to allow app installation; %FALSE to
1230 : : * unconditionally disallow it
1231 : : *
1232 : : * Set whether the user is allowed to install to the flatpak system repository.
1233 : : * If this is %TRUE, app installation is still subject to the OARS values
1234 : : * (mct_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
1235 : : * is unconditionally disallowed for this user.
1236 : : *
1237 : : * Since: 0.2.0
1238 : : */
1239 : : void
1240 : 10 : mct_app_filter_builder_set_allow_system_installation (MctAppFilterBuilder *builder,
1241 : : gboolean allow_system_installation)
1242 : : {
1243 : 10 : MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
1244 : :
1245 : 10 : g_return_if_fail (_builder != NULL);
1246 : :
1247 : 10 : _builder->allow_system_installation = allow_system_installation;
1248 : : }
|