LCOV - code coverage report
Current view: top level - libmalcontent - app-filter.c (source / functions) Hit Total Coverage
Test: unnamed Lines: 351 357 98.3 %
Date: 2021-08-30 11:28:58 Functions: 38 38 100.0 %
Branches: 144 176 81.8 %

           Branch data     Line data    Source code
       1                 :            : /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
       2                 :            :  *
       3                 :            :  * Copyright © 2018-2019 Endless Mobile, Inc.
       4                 :            :  *
       5                 :            :  * This library is free software; you can redistribute it and/or
       6                 :            :  * modify it under the terms of the GNU Lesser General Public
       7                 :            :  * License as published by the Free Software Foundation; either
       8                 :            :  * version 2.1 of the License, or (at your option) any later version.
       9                 :            :  *
      10                 :            :  * This library is distributed in the hope that it will be useful,
      11                 :            :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      12                 :            :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      13                 :            :  * Lesser General Public License for more details.
      14                 :            :  *
      15                 :            :  * You should have received a copy of the GNU Lesser General Public
      16                 :            :  * License along with this library; if not, write to the Free Software
      17                 :            :  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
      18                 :            :  *
      19                 :            :  * Authors:
      20                 :            :  *  - Philip Withnall <withnall@endlessm.com>
      21                 :            :  *  - Andre Moreira Magalhaes <andre@endlessm.com>
      22                 :            :  */
      23                 :            : 
      24                 :            : #include "config.h"
      25                 :            : 
      26                 :            : #include <glib.h>
      27                 :            : #include <glib-object.h>
      28                 :            : #include <glib/gi18n-lib.h>
      29                 :            : #include <gio/gdesktopappinfo.h>
      30                 :            : #include <gio/gio.h>
      31                 :            : #include <libmalcontent/app-filter.h>
      32                 :            : 
      33                 :            : #include "libmalcontent/app-filter-private.h"
      34                 :            : 
      35                 :            : 
      36                 :            : /* FIXME: Eventually deprecate these compatibility fallbacks. */
      37                 :            : GQuark
      38                 :          3 : mct_app_filter_error_quark (void)
      39                 :            : {
      40                 :          3 :   return mct_manager_error_quark ();
      41                 :            : }
      42                 :            : 
      43                 :            : /* struct _MctAppFilter is defined in app-filter-private.h */
      44                 :            : 
      45   [ +  +  +  -  :         10 : G_DEFINE_BOXED_TYPE (MctAppFilter, mct_app_filter,
                   +  + ]
      46                 :            :                      mct_app_filter_ref, mct_app_filter_unref)
      47                 :            : 
      48                 :            : /**
      49                 :            :  * mct_app_filter_ref:
      50                 :            :  * @filter: (transfer none): an #MctAppFilter
      51                 :            :  *
      52                 :            :  * Increment the reference count of @filter, and return the same pointer to it.
      53                 :            :  *
      54                 :            :  * Returns: (transfer full): the same pointer as @filter
      55                 :            :  * Since: 0.2.0
      56                 :            :  */
      57                 :            : MctAppFilter *
      58                 :          4 : mct_app_filter_ref (MctAppFilter *filter)
      59                 :            : {
      60                 :          4 :   g_return_val_if_fail (filter != NULL, NULL);
      61                 :          4 :   g_return_val_if_fail (filter->ref_count >= 1, NULL);
      62                 :          4 :   g_return_val_if_fail (filter->ref_count <= G_MAXINT - 1, NULL);
      63                 :            : 
      64                 :          4 :   filter->ref_count++;
      65                 :          4 :   return filter;
      66                 :            : }
      67                 :            : 
      68                 :            : /**
      69                 :            :  * mct_app_filter_unref:
      70                 :            :  * @filter: (transfer full): an #MctAppFilter
      71                 :            :  *
      72                 :            :  * Decrement the reference count of @filter. If the reference count reaches
      73                 :            :  * zero, free the @filter and all its resources.
      74                 :            :  *
      75                 :            :  * Since: 0.2.0
      76                 :            :  */
      77                 :            : void
      78                 :         94 : mct_app_filter_unref (MctAppFilter *filter)
      79                 :            : {
      80                 :         94 :   g_return_if_fail (filter != NULL);
      81                 :         94 :   g_return_if_fail (filter->ref_count >= 1);
      82                 :            : 
      83                 :         94 :   filter->ref_count--;
      84                 :            : 
      85         [ +  + ]:         94 :   if (filter->ref_count <= 0)
      86                 :            :     {
      87                 :         90 :       g_strfreev (filter->app_list);
      88                 :         90 :       g_variant_unref (filter->oars_ratings);
      89                 :         90 :       g_free (filter);
      90                 :            :     }
      91                 :            : }
      92                 :            : 
      93                 :            : /**
      94                 :            :  * mct_app_filter_get_user_id:
      95                 :            :  * @filter: an #MctAppFilter
      96                 :            :  *
      97                 :            :  * Get the user ID of the user this #MctAppFilter is for.
      98                 :            :  *
      99                 :            :  * Returns: user ID of the relevant user, or `(uid_t) -1` if unknown
     100                 :            :  * Since: 0.2.0
     101                 :            :  */
     102                 :            : uid_t
     103                 :          5 : mct_app_filter_get_user_id (MctAppFilter *filter)
     104                 :            : {
     105                 :          5 :   g_return_val_if_fail (filter != NULL, FALSE);
     106                 :          5 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     107                 :            : 
     108                 :          5 :   return filter->user_id;
     109                 :            : }
     110                 :            : 
     111                 :            : static MctAppFilterOarsValue
     112                 :         38 : oars_str_to_enum (const gchar *value_str)
     113                 :            : {
     114         [ +  + ]:         38 :   if (g_str_equal (value_str, "none"))
     115                 :          4 :     return MCT_APP_FILTER_OARS_VALUE_NONE;
     116         [ +  + ]:         34 :   else if (g_str_equal (value_str, "mild"))
     117                 :         15 :     return MCT_APP_FILTER_OARS_VALUE_MILD;
     118         [ +  + ]:         19 :   else if (g_str_equal (value_str, "moderate"))
     119                 :         13 :     return MCT_APP_FILTER_OARS_VALUE_MODERATE;
     120         [ +  + ]:          6 :   else if (g_str_equal (value_str, "intense"))
     121                 :          3 :     return MCT_APP_FILTER_OARS_VALUE_INTENSE;
     122                 :            :   else
     123                 :          3 :     return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
     124                 :            : }
     125                 :            : 
     126                 :            : /**
     127                 :            :  * mct_app_filter_is_enabled:
     128                 :            :  * @filter: an #MctAppFilter
     129                 :            :  *
     130                 :            :  * Check whether the app filter is enabled and is going to impose at least one
     131                 :            :  * restriction on the user. This gives a high level view of whether app filter
     132                 :            :  * parental controls are ‘enabled’ for the given user.
     133                 :            :  *
     134                 :            :  * Returns: %TRUE if the app filter contains at least one non-default value,
     135                 :            :  *    %FALSE if it’s entirely default
     136                 :            :  * Since: 0.7.0
     137                 :            :  */
     138                 :            : gboolean
     139                 :         51 : mct_app_filter_is_enabled (MctAppFilter *filter)
     140                 :            : {
     141                 :            :   gboolean oars_ratings_all_intense_or_unknown;
     142                 :            :   GVariantIter iter;
     143                 :            :   const gchar *oars_value;
     144                 :            : 
     145                 :         51 :   g_return_val_if_fail (filter != NULL, FALSE);
     146                 :         51 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     147                 :            : 
     148                 :            :   /* The least restrictive OARS filter has all values as intense, or unknown. */
     149                 :         51 :   oars_ratings_all_intense_or_unknown = TRUE;
     150                 :         51 :   g_variant_iter_init (&iter, filter->oars_ratings);
     151                 :            : 
     152         [ +  + ]:         55 :   while (g_variant_iter_loop (&iter, "{&s&s}", NULL, &oars_value))
     153                 :            :     {
     154                 :         21 :       MctAppFilterOarsValue value = oars_str_to_enum (oars_value);
     155                 :            : 
     156   [ +  +  +  + ]:         21 :       if (value != MCT_APP_FILTER_OARS_VALUE_UNKNOWN &&
     157                 :            :           value != MCT_APP_FILTER_OARS_VALUE_INTENSE)
     158                 :            :         {
     159                 :         17 :           oars_ratings_all_intense_or_unknown = FALSE;
     160                 :         17 :           break;
     161                 :            :         }
     162                 :            :     }
     163                 :            : 
     164                 :            :   /* Check all fields against their default values. Ignore
     165                 :            :    * `allow_system_installation` since it’s false by default, so the default
     166                 :            :    * value is already the most restrictive. */
     167                 :         99 :   return ((filter->app_list_type == MCT_APP_FILTER_LIST_BLOCKLIST &&
     168         [ +  + ]:         48 :            filter->app_list[0] != NULL) ||
     169   [ +  +  +  + ]:         37 :           filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST ||
     170         [ +  + ]:        102 :           !oars_ratings_all_intense_or_unknown ||
     171         [ +  + ]:         25 :           !filter->allow_user_installation);
     172                 :            : }
     173                 :            : 
     174                 :            : /**
     175                 :            :  * mct_app_filter_is_path_allowed:
     176                 :            :  * @filter: an #MctAppFilter
     177                 :            :  * @path: (type filename): absolute path of a program to check
     178                 :            :  *
     179                 :            :  * Check whether the program at @path is allowed to be run according to this
     180                 :            :  * app filter. @path will be canonicalised without doing any I/O.
     181                 :            :  *
     182                 :            :  * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
     183                 :            :  *    program at @path according to the @filter policy; %FALSE otherwise
     184                 :            :  * Since: 0.2.0
     185                 :            :  */
     186                 :            : gboolean
     187                 :         66 : mct_app_filter_is_path_allowed (MctAppFilter *filter,
     188                 :            :                                 const gchar  *path)
     189                 :            : {
     190                 :         66 :   g_return_val_if_fail (filter != NULL, FALSE);
     191                 :         66 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     192                 :         66 :   g_return_val_if_fail (path != NULL, FALSE);
     193                 :         66 :   g_return_val_if_fail (g_path_is_absolute (path), FALSE);
     194                 :            : 
     195                 :        132 :   g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
     196                 :        132 :   g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
     197                 :            :                                                               NULL, NULL, NULL);
     198                 :         66 :   g_return_val_if_fail (canonical_path_utf8 != NULL, FALSE);
     199                 :            : 
     200                 :         66 :   gboolean path_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
     201                 :            :                                            canonical_path_utf8);
     202                 :            : 
     203      [ +  +  - ]:         66 :   switch (filter->app_list_type)
     204                 :            :     {
     205                 :         64 :     case MCT_APP_FILTER_LIST_BLOCKLIST:
     206                 :         64 :       return !path_in_list;
     207                 :          2 :     case MCT_APP_FILTER_LIST_ALLOWLIST:
     208                 :          2 :       return path_in_list;
     209                 :          0 :     default:
     210                 :            :       g_assert_not_reached ();
     211                 :            :     }
     212                 :            : }
     213                 :            : 
     214                 :            : /* Check whether a given @ref is a valid flatpak ref.
     215                 :            :  *
     216                 :            :  * For simplicity and to avoid duplicating the whole logic behind
     217                 :            :  * flatpak_ref_parse() this method will only check whether:
     218                 :            :  * - the @ref contains exactly 3 slash chars
     219                 :            :  * - the @ref starts with either app/ or runtime/
     220                 :            :  * - the name, arch and branch components of the @ref are not empty
     221                 :            :  *
     222                 :            :  * We avoid using flatpak_ref_parse() to allow for libflatpak
     223                 :            :  * to depend on malcontent without causing a cyclic dependency.
     224                 :            :  */
     225                 :            : static gboolean
     226                 :        149 : is_valid_flatpak_ref (const gchar *ref)
     227                 :            : {
     228                 :        149 :   g_auto(GStrv) parts = NULL;
     229                 :            : 
     230         [ -  + ]:        149 :   if (ref == NULL)
     231                 :          0 :     return FALSE;
     232                 :            : 
     233                 :        149 :   parts = g_strsplit (ref, "/", 0);
     234                 :        149 :   return (g_strv_length (parts) == 4 &&
     235         [ +  + ]:         92 :           (strcmp (parts[0], "app") == 0 ||
     236         [ -  + ]:         13 :            strcmp (parts[0], "runtime") == 0) &&
     237         [ +  - ]:         79 :           *parts[1] != '\0' &&
     238   [ +  +  +  - ]:        320 :           *parts[2] != '\0' &&
     239         [ +  - ]:         79 :           *parts[3] != '\0');
     240                 :            : }
     241                 :            : 
     242                 :            : /**
     243                 :            :  * mct_app_filter_is_flatpak_ref_allowed:
     244                 :            :  * @filter: an #MctAppFilter
     245                 :            :  * @app_ref: flatpak ref for the app, for example `app/org.gnome.Builder/x86_64/master`
     246                 :            :  *
     247                 :            :  * Check whether the flatpak app with the given @app_ref is allowed to be run
     248                 :            :  * according to this app filter.
     249                 :            :  *
     250                 :            :  * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
     251                 :            :  *    flatpak called @app_ref according to the @filter policy; %FALSE otherwise
     252                 :            :  * Since: 0.2.0
     253                 :            :  */
     254                 :            : gboolean
     255                 :         26 : mct_app_filter_is_flatpak_ref_allowed (MctAppFilter *filter,
     256                 :            :                                        const gchar  *app_ref)
     257                 :            : {
     258                 :         26 :   g_return_val_if_fail (filter != NULL, FALSE);
     259                 :         26 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     260                 :         26 :   g_return_val_if_fail (app_ref != NULL, FALSE);
     261                 :         26 :   g_return_val_if_fail (is_valid_flatpak_ref (app_ref), FALSE);
     262                 :            : 
     263                 :         26 :   gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
     264                 :            :                                           app_ref);
     265                 :            : 
     266      [ +  +  - ]:         26 :   switch (filter->app_list_type)
     267                 :            :     {
     268                 :         24 :     case MCT_APP_FILTER_LIST_BLOCKLIST:
     269                 :         24 :       return !ref_in_list;
     270                 :          2 :     case MCT_APP_FILTER_LIST_ALLOWLIST:
     271                 :          2 :       return ref_in_list;
     272                 :          0 :     default:
     273                 :            :       g_assert_not_reached ();
     274                 :            :     }
     275                 :            : }
     276                 :            : 
     277                 :            : /**
     278                 :            :  * mct_app_filter_is_flatpak_app_allowed:
     279                 :            :  * @filter: an #MctAppFilter
     280                 :            :  * @app_id: flatpak ID for the app, for example `org.gnome.Builder`
     281                 :            :  *
     282                 :            :  * Check whether the flatpak app with the given @app_id is allowed to be run
     283                 :            :  * according to this app filter. This is a globbing match, matching @app_id
     284                 :            :  * against potentially multiple entries in the blocklist, as the blocklist
     285                 :            :  * contains flatpak refs (for example, `app/org.gnome.Builder/x86_64/master`)
     286                 :            :  * which contain architecture and branch information. App IDs (for example,
     287                 :            :  * `org.gnome.Builder`) do not contain architecture or branch information.
     288                 :            :  *
     289                 :            :  * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
     290                 :            :  *    flatpak called @app_id according to the @filter policy; %FALSE otherwise
     291                 :            :  * Since: 0.2.0
     292                 :            :  */
     293                 :            : gboolean
     294                 :         53 : mct_app_filter_is_flatpak_app_allowed (MctAppFilter *filter,
     295                 :            :                                        const gchar  *app_id)
     296                 :            : {
     297                 :         53 :   g_return_val_if_fail (filter != NULL, FALSE);
     298                 :         53 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     299                 :         53 :   g_return_val_if_fail (app_id != NULL, FALSE);
     300                 :            : 
     301                 :         53 :   gsize app_id_len = strlen (app_id);
     302                 :            : 
     303                 :         53 :   gboolean id_in_list = FALSE;
     304         [ +  + ]:        150 :   for (gsize i = 0; filter->app_list[i] != NULL; i++)
     305                 :            :     {
     306   [ +  +  +  - ]:        156 :       if (is_valid_flatpak_ref (filter->app_list[i]) &&
     307                 :         43 :           g_str_has_prefix (filter->app_list[i], "app/") &&
     308         [ +  + ]:         43 :           strncmp (filter->app_list[i] + strlen ("app/"), app_id, app_id_len) == 0 &&
     309         [ +  - ]:         16 :           filter->app_list[i][strlen ("app/") + app_id_len] == '/')
     310                 :            :         {
     311                 :         16 :           id_in_list = TRUE;
     312                 :         16 :           break;
     313                 :            :         }
     314                 :            :     }
     315                 :            : 
     316      [ +  +  - ]:         53 :   switch (filter->app_list_type)
     317                 :            :     {
     318                 :         50 :     case MCT_APP_FILTER_LIST_BLOCKLIST:
     319                 :         50 :       return !id_in_list;
     320                 :          3 :     case MCT_APP_FILTER_LIST_ALLOWLIST:
     321                 :          3 :       return id_in_list;
     322                 :          0 :     default:
     323                 :            :       g_assert_not_reached ();
     324                 :            :     }
     325                 :            : }
     326                 :            : 
     327                 :            : /**
     328                 :            :  * mct_app_filter_is_appinfo_allowed:
     329                 :            :  * @filter: an #MctAppFilter
     330                 :            :  * @app_info: (transfer none): application information
     331                 :            :  *
     332                 :            :  * Check whether the app with the given @app_info is allowed to be run
     333                 :            :  * according to this app filter. This matches on multiple keys potentially
     334                 :            :  * present in the #GAppInfo, including the path of the executable.
     335                 :            :  *
     336                 :            :  * Returns: %TRUE if the user this @filter corresponds to is allowed to run the
     337                 :            :  *    app represented by @app_info according to the @filter policy; %FALSE
     338                 :            :  *    otherwise
     339                 :            :  * Since: 0.2.0
     340                 :            :  */
     341                 :            : gboolean
     342                 :         26 : mct_app_filter_is_appinfo_allowed (MctAppFilter *filter,
     343                 :            :                                    GAppInfo     *app_info)
     344                 :            : {
     345                 :         26 :   g_autofree gchar *abs_path = NULL;
     346                 :         26 :   const gchar * const *types = NULL;
     347                 :            : 
     348                 :         26 :   g_return_val_if_fail (filter != NULL, FALSE);
     349                 :         26 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     350                 :         26 :   g_return_val_if_fail (G_IS_APP_INFO (app_info), FALSE);
     351                 :            : 
     352                 :         26 :   abs_path = g_find_program_in_path (g_app_info_get_executable (app_info));
     353                 :            : 
     354   [ +  -  +  + ]:         52 :   if (abs_path != NULL &&
     355                 :         26 :       !mct_app_filter_is_path_allowed (filter, abs_path))
     356                 :          2 :     return FALSE;
     357                 :            : 
     358                 :         24 :   types = g_app_info_get_supported_types (app_info);
     359   [ +  +  +  + ]:         36 :   for (gsize i = 0; types != NULL && types[i] != NULL; i++)
     360                 :            :     {
     361         [ +  + ]:         16 :       if (!mct_app_filter_is_content_type_allowed (filter, types[i]))
     362                 :          4 :         return FALSE;
     363                 :            :     }
     364                 :            : 
     365   [ -  +  +  -  :         20 :   if (G_IS_DESKTOP_APP_INFO (app_info))
             +  -  +  - ]
     366                 :            :     {
     367         [ +  + ]:         20 :       g_autofree gchar *flatpak_app = NULL;
     368         [ +  + ]:         20 :       g_autofree gchar *old_flatpak_apps_str = NULL;
     369                 :            : 
     370                 :            :       /* This gives `org.gnome.Builder`. */
     371                 :         20 :       flatpak_app = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak");
     372         [ +  + ]:         20 :       if (flatpak_app != NULL)
     373                 :         10 :         flatpak_app = g_strstrip (flatpak_app);
     374                 :            : 
     375   [ +  +  +  + ]:         30 :       if (flatpak_app != NULL &&
     376                 :         10 :           !mct_app_filter_is_flatpak_app_allowed (filter, flatpak_app))
     377                 :          2 :         return FALSE;
     378                 :            : 
     379                 :            :       /* FIXME: This could do with the g_desktop_app_info_get_string_list() API
     380                 :            :        * from GLib 2.60. Gives `gimp.desktop;org.gimp.Gimp.desktop;`. */
     381                 :         18 :       old_flatpak_apps_str = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app_info), "X-Flatpak-RenamedFrom");
     382         [ +  + ]:         18 :       if (old_flatpak_apps_str != NULL)
     383                 :            :         {
     384         [ +  + ]:         24 :           g_auto(GStrv) old_flatpak_apps = g_strsplit (old_flatpak_apps_str, ";", -1);
     385                 :            : 
     386         [ +  + ]:         26 :           for (gsize i = 0; old_flatpak_apps[i] != NULL; i++)
     387                 :            :             {
     388                 :         18 :               gchar *old_flatpak_app = g_strstrip (old_flatpak_apps[i]);
     389                 :            : 
     390         [ +  + ]:         18 :               if (g_str_has_suffix (old_flatpak_app, ".desktop"))
     391                 :          4 :                 old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0';
     392                 :         18 :               old_flatpak_app = g_strstrip (old_flatpak_app);
     393                 :            : 
     394   [ +  +  +  + ]:         30 :               if (*old_flatpak_app != '\0' &&
     395                 :         12 :                   !mct_app_filter_is_flatpak_app_allowed (filter, old_flatpak_app))
     396                 :          4 :                 return FALSE;
     397                 :            :             }
     398                 :            :         }
     399                 :            :     }
     400                 :            : 
     401                 :         14 :   return TRUE;
     402                 :            : }
     403                 :            : 
     404                 :            : /* Check whether a given @content_type is valid.
     405                 :            :  *
     406                 :            :  * For simplicity this method will only check whether:
     407                 :            :  * - the @content_type contains exactly 1 slash char
     408                 :            :  * - the @content_type does not start with a slash char
     409                 :            :  * - the type and subtype components of the @content_type are not empty
     410                 :            :  */
     411                 :            : static gboolean
     412                 :         58 : is_valid_content_type (const gchar *content_type)
     413                 :            : {
     414                 :         58 :   g_auto(GStrv) parts = NULL;
     415                 :            : 
     416         [ -  + ]:         58 :   if (content_type == NULL)
     417                 :          0 :     return FALSE;
     418                 :            : 
     419                 :         58 :   parts = g_strsplit (content_type, "/", 0);
     420                 :         58 :   return (g_strv_length (parts) == 2 &&
     421   [ +  -  +  - ]:        116 :           *parts[0] != '\0' &&
     422         [ +  - ]:         58 :           *parts[1] != '\0');
     423                 :            : }
     424                 :            : 
     425                 :            : /**
     426                 :            :  * mct_app_filter_is_content_type_allowed:
     427                 :            :  * @filter: an #MctAppFilter
     428                 :            :  * @content_type: content type to check
     429                 :            :  *
     430                 :            :  * Check whether apps handling the given @content_type are allowed to be run
     431                 :            :  * according to this app filter.
     432                 :            :  *
     433                 :            :  * Note that this method doesn’t match content subtypes. For example, if
     434                 :            :  * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
     435                 :            :  * a check for whether `application/xspf+xml` is blocklisted would return false.
     436                 :            :  *
     437                 :            :  * Returns: %TRUE if the user this @filter corresponds to is allowed to run
     438                 :            :  *    programs handling @content_type according to the @filter policy;
     439                 :            :  *    %FALSE otherwise
     440                 :            :  * Since: 0.4.0
     441                 :            :  */
     442                 :            : gboolean
     443                 :         44 : mct_app_filter_is_content_type_allowed (MctAppFilter *filter,
     444                 :            :                                         const gchar  *content_type)
     445                 :            : {
     446                 :         44 :   g_return_val_if_fail (filter != NULL, FALSE);
     447                 :         44 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     448                 :         44 :   g_return_val_if_fail (content_type != NULL, FALSE);
     449                 :         44 :   g_return_val_if_fail (is_valid_content_type (content_type), FALSE);
     450                 :            : 
     451                 :         44 :   gboolean ref_in_list = g_strv_contains ((const gchar * const *) filter->app_list,
     452                 :            :                                           content_type);
     453                 :            : 
     454      [ +  +  - ]:         44 :   switch (filter->app_list_type)
     455                 :            :     {
     456                 :         42 :     case MCT_APP_FILTER_LIST_BLOCKLIST:
     457                 :         42 :       return !ref_in_list;
     458                 :          2 :     case MCT_APP_FILTER_LIST_ALLOWLIST:
     459                 :          2 :       return ref_in_list;
     460                 :          0 :     default:
     461                 :            :       g_assert_not_reached ();
     462                 :            :     }
     463                 :            : }
     464                 :            : 
     465                 :            : static gint
     466                 :          6 : strcmp_cb (gconstpointer a,
     467                 :            :            gconstpointer b)
     468                 :            : {
     469                 :          6 :   const gchar *str_a = *((const gchar * const *) a);
     470                 :          6 :   const gchar *str_b = *((const gchar * const *) b);
     471                 :            : 
     472                 :          6 :   return g_strcmp0 (str_a, str_b);
     473                 :            : }
     474                 :            : 
     475                 :            : /**
     476                 :            :  * mct_app_filter_get_oars_sections:
     477                 :            :  * @filter: an #MctAppFilter
     478                 :            :  *
     479                 :            :  * List the OARS sections present in this app filter. The sections are returned
     480                 :            :  * in lexicographic order. A section will be listed even if its stored value is
     481                 :            :  * %MCT_APP_FILTER_OARS_VALUE_UNKNOWN. The returned list may be empty.
     482                 :            :  *
     483                 :            :  * Returns: (transfer container) (array zero-terminated=1): %NULL-terminated
     484                 :            :  *    array of OARS sections
     485                 :            :  * Since: 0.2.0
     486                 :            :  */
     487                 :            : const gchar **
     488                 :         13 : mct_app_filter_get_oars_sections (MctAppFilter *filter)
     489                 :            : {
     490                 :         26 :   g_autoptr(GPtrArray) sections = g_ptr_array_new_with_free_func (NULL);
     491                 :            :   GVariantIter iter;
     492                 :            :   const gchar *oars_section;
     493                 :            : 
     494                 :         13 :   g_return_val_if_fail (filter != NULL, NULL);
     495                 :         13 :   g_return_val_if_fail (filter->ref_count >= 1, NULL);
     496                 :            : 
     497                 :         13 :   g_variant_iter_init (&iter, filter->oars_ratings);
     498                 :            : 
     499         [ +  + ]:         25 :   while (g_variant_iter_loop (&iter, "{&s&s}", &oars_section, NULL))
     500                 :         12 :     g_ptr_array_add (sections, (gpointer) oars_section);
     501                 :            : 
     502                 :            :   /* Sort alphabetically for easier comparisons later. */
     503                 :         13 :   g_ptr_array_sort (sections, strcmp_cb);
     504                 :            : 
     505                 :         13 :   g_ptr_array_add (sections, NULL);  /* NULL terminator */
     506                 :            : 
     507                 :         13 :   return (const gchar **) g_ptr_array_free (g_steal_pointer (&sections), FALSE);
     508                 :            : }
     509                 :            : 
     510                 :            : /**
     511                 :            :  * mct_app_filter_get_oars_value:
     512                 :            :  * @filter: an #MctAppFilter
     513                 :            :  * @oars_section: name of the OARS section to get the value from
     514                 :            :  *
     515                 :            :  * Get the value assigned to the given @oars_section in the OARS filter stored
     516                 :            :  * within @filter. If that section has no value explicitly defined,
     517                 :            :  * %MCT_APP_FILTER_OARS_VALUE_UNKNOWN is returned.
     518                 :            :  *
     519                 :            :  * This value is the most intense value allowed for apps to have in this
     520                 :            :  * section, inclusive. Any app with a more intense value for this section must
     521                 :            :  * be hidden from the user whose @filter this is.
     522                 :            :  *
     523                 :            :  * This does not factor in mct_app_filter_is_system_installation_allowed().
     524                 :            :  *
     525                 :            :  * Returns: an #MctAppFilterOarsValue
     526                 :            :  * Since: 0.2.0
     527                 :            :  */
     528                 :            : MctAppFilterOarsValue
     529                 :         43 : mct_app_filter_get_oars_value (MctAppFilter *filter,
     530                 :            :                                const gchar  *oars_section)
     531                 :            : {
     532                 :            :   const gchar *value_str;
     533                 :            : 
     534                 :         43 :   g_return_val_if_fail (filter != NULL, MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
     535                 :         43 :   g_return_val_if_fail (filter->ref_count >= 1,
     536                 :            :                         MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
     537                 :         43 :   g_return_val_if_fail (oars_section != NULL && *oars_section != '\0',
     538                 :            :                         MCT_APP_FILTER_OARS_VALUE_UNKNOWN);
     539                 :            : 
     540         [ +  + ]:         43 :   if (!g_variant_lookup (filter->oars_ratings, oars_section, "&s", &value_str))
     541                 :         26 :     return MCT_APP_FILTER_OARS_VALUE_UNKNOWN;
     542                 :            : 
     543                 :         17 :   return oars_str_to_enum (value_str);
     544                 :            : }
     545                 :            : 
     546                 :            : /**
     547                 :            :  * mct_app_filter_is_user_installation_allowed:
     548                 :            :  * @filter: an #MctAppFilter
     549                 :            :  *
     550                 :            :  * Get whether the user is allowed to install to their flatpak user repository.
     551                 :            :  * This should be queried in addition to the OARS values
     552                 :            :  * (mct_app_filter_get_oars_value()) — if it returns %FALSE, the OARS values
     553                 :            :  * should be ignored and app installation should be unconditionally disallowed.
     554                 :            :  *
     555                 :            :  * Returns: %TRUE if app installation is allowed to the user repository for
     556                 :            :  *    this user; %FALSE if it is unconditionally disallowed for this user
     557                 :            :  * Since: 0.2.0
     558                 :            :  */
     559                 :            : gboolean
     560                 :         17 : mct_app_filter_is_user_installation_allowed (MctAppFilter *filter)
     561                 :            : {
     562                 :         17 :   g_return_val_if_fail (filter != NULL, FALSE);
     563                 :         17 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     564                 :            : 
     565                 :         17 :   return filter->allow_user_installation;
     566                 :            : }
     567                 :            : 
     568                 :            : /**
     569                 :            :  * mct_app_filter_is_system_installation_allowed:
     570                 :            :  * @filter: an #MctAppFilter
     571                 :            :  *
     572                 :            :  * Get whether the user is allowed to install to the flatpak system repository.
     573                 :            :  * This should be queried in addition to the OARS values
     574                 :            :  * (mct_app_filter_get_oars_value()) — if it returns %FALSE, the OARS values
     575                 :            :  * should be ignored and app installation should be unconditionally disallowed.
     576                 :            :  *
     577                 :            :  * Returns: %TRUE if app installation is allowed to the system repository for
     578                 :            :  *    this user; %FALSE if it is unconditionally disallowed for this user
     579                 :            :  * Since: 0.2.0
     580                 :            :  */
     581                 :            : gboolean
     582                 :         17 : mct_app_filter_is_system_installation_allowed (MctAppFilter *filter)
     583                 :            : {
     584                 :         17 :   g_return_val_if_fail (filter != NULL, FALSE);
     585                 :         17 :   g_return_val_if_fail (filter->ref_count >= 1, FALSE);
     586                 :            : 
     587                 :         17 :   return filter->allow_system_installation;
     588                 :            : }
     589                 :            : 
     590                 :            : /**
     591                 :            :  * _mct_app_filter_build_app_filter_variant:
     592                 :            :  * @filter: an #MctAppFilter
     593                 :            :  *
     594                 :            :  * Build a #GVariant which contains the app filter from @filter, in the format
     595                 :            :  * used for storing it in AccountsService.
     596                 :            :  *
     597                 :            :  * Returns: (transfer floating): a new, floating #GVariant containing the app
     598                 :            :  *    filter
     599                 :            :  */
     600                 :            : static GVariant *
     601                 :         10 : _mct_app_filter_build_app_filter_variant (MctAppFilter *filter)
     602                 :            : {
     603                 :         20 :   g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("(bas)"));
     604                 :            : 
     605                 :         10 :   g_return_val_if_fail (filter != NULL, NULL);
     606                 :         10 :   g_return_val_if_fail (filter->ref_count >= 1, NULL);
     607                 :            : 
     608                 :         10 :   g_variant_builder_add (&builder, "b",
     609                 :         10 :                          (filter->app_list_type == MCT_APP_FILTER_LIST_ALLOWLIST));
     610                 :         10 :   g_variant_builder_open (&builder, G_VARIANT_TYPE ("as"));
     611                 :            : 
     612         [ +  + ]:         18 :   for (gsize i = 0; filter->app_list[i] != NULL; i++)
     613                 :          8 :     g_variant_builder_add (&builder, "s", filter->app_list[i]);
     614                 :            : 
     615                 :         10 :   g_variant_builder_close (&builder);
     616                 :            : 
     617                 :         10 :   return g_variant_builder_end (&builder);
     618                 :            : }
     619                 :            : 
     620                 :            : /**
     621                 :            :  * mct_app_filter_serialize:
     622                 :            :  * @filter: an #MctAppFilter
     623                 :            :  *
     624                 :            :  * Build a #GVariant which contains the app filter from @filter, in an opaque
     625                 :            :  * variant format. This format may change in future, but
     626                 :            :  * mct_app_filter_deserialize() is guaranteed to always be able to load any
     627                 :            :  * variant produced by the current or any previous version of
     628                 :            :  * mct_app_filter_serialize().
     629                 :            :  *
     630                 :            :  * Returns: (transfer floating): a new, floating #GVariant containing the app
     631                 :            :  *    filter
     632                 :            :  * Since: 0.7.0
     633                 :            :  */
     634                 :            : GVariant *
     635                 :         10 : mct_app_filter_serialize (MctAppFilter *filter)
     636                 :            : {
     637                 :         20 :   g_auto(GVariantBuilder) builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{sv}"));
     638                 :            : 
     639                 :         10 :   g_return_val_if_fail (filter != NULL, NULL);
     640                 :         10 :   g_return_val_if_fail (filter->ref_count >= 1, NULL);
     641                 :            : 
     642                 :            :   /* The serialisation format is exactly the
     643                 :            :    * `com.endlessm.ParentalControls.AppFilter` D-Bus interface. */
     644                 :         10 :   g_variant_builder_add (&builder, "{sv}", "AppFilter",
     645                 :            :                          _mct_app_filter_build_app_filter_variant (filter));
     646                 :         10 :   g_variant_builder_add (&builder, "{sv}", "OarsFilter",
     647                 :            :                          g_variant_new ("(s@a{ss})", "oars-1.1",
     648                 :            :                                         filter->oars_ratings));
     649                 :         10 :   g_variant_builder_add (&builder, "{sv}", "AllowUserInstallation",
     650                 :            :                          g_variant_new_boolean (filter->allow_user_installation));
     651                 :         10 :   g_variant_builder_add (&builder, "{sv}", "AllowSystemInstallation",
     652                 :            :                          g_variant_new_boolean (filter->allow_system_installation));
     653                 :            : 
     654                 :         10 :   return g_variant_builder_end (&builder);
     655                 :            : }
     656                 :            : 
     657                 :            : /**
     658                 :            :  * mct_app_filter_deserialize:
     659                 :            :  * @variant: a serialized app filter variant
     660                 :            :  * @user_id: the ID of the user the app filter relates to
     661                 :            :  * @error: return location for a #GError, or %NULL
     662                 :            :  *
     663                 :            :  * Deserialize an app filter previously serialized with
     664                 :            :  * mct_app_filter_serialize(). This function guarantees to be able to
     665                 :            :  * deserialize any serialized form from this version or older versions of
     666                 :            :  * libmalcontent.
     667                 :            :  *
     668                 :            :  * If deserialization fails, %MCT_MANAGER_ERROR_INVALID_DATA will be returned.
     669                 :            :  *
     670                 :            :  * Returns: (transfer full): deserialized app filter
     671                 :            :  * Since: 0.7.0
     672                 :            :  */
     673                 :            : MctAppFilter *
     674                 :         61 : mct_app_filter_deserialize (GVariant  *variant,
     675                 :            :                             uid_t      user_id,
     676                 :            :                             GError   **error)
     677                 :            : {
     678                 :            :   gboolean is_allowlist;
     679                 :         61 :   g_auto(GStrv) app_list = NULL;
     680                 :            :   const gchar *content_rating_kind;
     681                 :         61 :   g_autoptr(GVariant) oars_variant = NULL;
     682                 :            :   gboolean allow_user_installation;
     683                 :            :   gboolean allow_system_installation;
     684                 :         61 :   g_autoptr(MctAppFilter) app_filter = NULL;
     685                 :            : 
     686                 :         61 :   g_return_val_if_fail (variant != NULL, NULL);
     687                 :         61 :   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
     688                 :            : 
     689                 :            :   /* Check the overall type. */
     690         [ +  + ]:         61 :   if (!g_variant_is_of_type (variant, G_VARIANT_TYPE ("a{sv}")))
     691                 :            :     {
     692                 :          4 :       g_set_error (error, MCT_MANAGER_ERROR,
     693                 :            :                    MCT_MANAGER_ERROR_INVALID_DATA,
     694                 :            :                    _("App filter for user %u was in an unrecognized format"),
     695                 :            :                    (guint) user_id);
     696                 :          4 :       return NULL;
     697                 :            :     }
     698                 :            : 
     699                 :            :   /* Extract the properties we care about. The default values here should be
     700                 :            :    * kept in sync with those in the `com.endlessm.ParentalControls.AppFilter`
     701                 :            :    * D-Bus interface. */
     702         [ +  + ]:         57 :   if (!g_variant_lookup (variant, "AppFilter", "(b^as)",
     703                 :            :                          &is_allowlist, &app_list))
     704                 :            :     {
     705                 :            :       /* Default value. */
     706                 :         40 :       is_allowlist = FALSE;
     707                 :         40 :       app_list = g_new0 (gchar *, 1);
     708                 :            :     }
     709                 :            : 
     710         [ +  + ]:         57 :   if (!g_variant_lookup (variant, "OarsFilter", "(&s@a{ss})",
     711                 :            :                          &content_rating_kind, &oars_variant))
     712                 :            :     {
     713                 :            :       /* Default value. */
     714                 :         33 :       content_rating_kind = "oars-1.1";
     715                 :         33 :       oars_variant = g_variant_new ("a{ss}", NULL);
     716                 :            :     }
     717                 :            : 
     718                 :            :   /* Check that the OARS filter is in a format we support. Currently, that’s
     719                 :            :    * only oars-1.0 and oars-1.1. */
     720   [ +  -  +  + ]:        114 :   if (!g_str_equal (content_rating_kind, "oars-1.0") &&
     721                 :         57 :       !g_str_equal (content_rating_kind, "oars-1.1"))
     722                 :            :     {
     723                 :          2 :       g_set_error (error, MCT_MANAGER_ERROR,
     724                 :            :                    MCT_MANAGER_ERROR_INVALID_DATA,
     725                 :            :                    _("OARS filter for user %u has an unrecognized kind ‘%s’"),
     726                 :            :                    (guint) user_id, content_rating_kind);
     727                 :          2 :       return NULL;
     728                 :            :     }
     729                 :            : 
     730         [ +  + ]:         55 :   if (!g_variant_lookup (variant, "AllowUserInstallation", "b",
     731                 :            :                          &allow_user_installation))
     732                 :            :     {
     733                 :            :       /* Default value. */
     734                 :         43 :       allow_user_installation = TRUE;
     735                 :            :     }
     736                 :            : 
     737         [ +  + ]:         55 :   if (!g_variant_lookup (variant, "AllowSystemInstallation", "b",
     738                 :            :                          &allow_system_installation))
     739                 :            :     {
     740                 :            :       /* Default value. */
     741                 :         43 :       allow_system_installation = FALSE;
     742                 :            :     }
     743                 :            : 
     744                 :            :   /* Success. Create an #MctAppFilter object to contain the results. */
     745                 :         55 :   app_filter = g_new0 (MctAppFilter, 1);
     746                 :         55 :   app_filter->ref_count = 1;
     747                 :         55 :   app_filter->user_id = user_id;
     748                 :         55 :   app_filter->app_list = g_steal_pointer (&app_list);
     749                 :         55 :   app_filter->app_list_type =
     750                 :         55 :     is_allowlist ? MCT_APP_FILTER_LIST_ALLOWLIST : MCT_APP_FILTER_LIST_BLOCKLIST;
     751                 :         55 :   app_filter->oars_ratings = g_steal_pointer (&oars_variant);
     752                 :         55 :   app_filter->allow_user_installation = allow_user_installation;
     753                 :         55 :   app_filter->allow_system_installation = allow_system_installation;
     754                 :            : 
     755                 :         55 :   return g_steal_pointer (&app_filter);
     756                 :            : }
     757                 :            : 
     758                 :            : /**
     759                 :            :  * mct_app_filter_equal:
     760                 :            :  * @a: (not nullable): an #MctAppFilter
     761                 :            :  * @b: (not nullable): an #MctAppFilter
     762                 :            :  *
     763                 :            :  * Check whether app filters @a and @b are equal.
     764                 :            :  *
     765                 :            :  * Returns: %TRUE if @a and @b are equal, %FALSE otherwise
     766                 :            :  * Since: 0.10.0
     767                 :            :  */
     768                 :            : gboolean
     769                 :         78 : mct_app_filter_equal (MctAppFilter *a,
     770                 :            :                       MctAppFilter *b)
     771                 :            : {
     772                 :         78 :   g_return_val_if_fail (a != NULL, FALSE);
     773                 :         78 :   g_return_val_if_fail (a->ref_count >= 1, FALSE);
     774                 :         78 :   g_return_val_if_fail (b != NULL, FALSE);
     775                 :         78 :   g_return_val_if_fail (b->ref_count >= 1, FALSE);
     776                 :            : 
     777                 :        136 :   return (a->user_id == b->user_id &&
     778         [ +  + ]:         58 :           a->app_list_type == b->app_list_type &&
     779         [ +  - ]:         42 :           a->allow_user_installation == b->allow_user_installation &&
     780   [ +  +  +  + ]:         72 :           a->allow_system_installation == b->allow_system_installation &&
     781   [ +  +  +  + ]:        166 :           g_strv_equal ((const gchar * const *) a->app_list, (const gchar * const *) b->app_list) &&
     782                 :         22 :           g_variant_equal (a->oars_ratings, b->oars_ratings));
     783                 :            : }
     784                 :            : 
     785                 :            : /*
     786                 :            :  * Actual implementation of #MctAppFilterBuilder.
     787                 :            :  *
     788                 :            :  * All members are %NULL if un-initialised, cleared, or ended.
     789                 :            :  */
     790                 :            : typedef struct
     791                 :            : {
     792                 :            :   GPtrArray *blocklist;  /* (nullable) (owned) (element-type utf8) */
     793                 :            :   GHashTable *oars;  /* (nullable) (owned) (element-type utf8 MctAppFilterOarsValue) */
     794                 :            :   gboolean allow_user_installation;
     795                 :            :   gboolean allow_system_installation;
     796                 :            : 
     797                 :            :   /*< private >*/
     798                 :            :   gpointer padding[2];
     799                 :            : } MctAppFilterBuilderReal;
     800                 :            : 
     801                 :            : G_STATIC_ASSERT (sizeof (MctAppFilterBuilderReal) ==
     802                 :            :                  sizeof (MctAppFilterBuilder));
     803                 :            : G_STATIC_ASSERT (__alignof__ (MctAppFilterBuilderReal) ==
     804                 :            :                  __alignof__ (MctAppFilterBuilder));
     805                 :            : 
     806   [ +  -  +  -  :          6 : G_DEFINE_BOXED_TYPE (MctAppFilterBuilder, mct_app_filter_builder,
                   +  - ]
     807                 :            :                      mct_app_filter_builder_copy, mct_app_filter_builder_free)
     808                 :            : 
     809                 :            : /**
     810                 :            :  * mct_app_filter_builder_init:
     811                 :            :  * @builder: an uninitialised #MctAppFilterBuilder
     812                 :            :  *
     813                 :            :  * Initialise the given @builder so it can be used to construct a new
     814                 :            :  * #MctAppFilter. @builder must have been allocated on the stack, and must not
     815                 :            :  * already be initialised.
     816                 :            :  *
     817                 :            :  * Construct the #MctAppFilter by calling methods on @builder, followed by
     818                 :            :  * mct_app_filter_builder_end(). To abort construction, use
     819                 :            :  * mct_app_filter_builder_clear().
     820                 :            :  *
     821                 :            :  * Since: 0.2.0
     822                 :            :  */
     823                 :            : void
     824                 :         20 : mct_app_filter_builder_init (MctAppFilterBuilder *builder)
     825                 :            : {
     826                 :         20 :   MctAppFilterBuilder local_builder = MCT_APP_FILTER_BUILDER_INIT ();
     827                 :         20 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
     828                 :            : 
     829                 :         20 :   g_return_if_fail (_builder != NULL);
     830                 :         20 :   g_return_if_fail (_builder->blocklist == NULL);
     831                 :         20 :   g_return_if_fail (_builder->oars == NULL);
     832                 :            : 
     833                 :         20 :   memcpy (builder, &local_builder, sizeof (local_builder));
     834                 :            : }
     835                 :            : 
     836                 :            : /**
     837                 :            :  * mct_app_filter_builder_clear:
     838                 :            :  * @builder: an #MctAppFilterBuilder
     839                 :            :  *
     840                 :            :  * Clear @builder, freeing any internal state in it. This will not free the
     841                 :            :  * top-level storage for @builder itself, which is assumed to be allocated on
     842                 :            :  * the stack.
     843                 :            :  *
     844                 :            :  * If called on an already-cleared #MctAppFilterBuilder, this function is
     845                 :            :  * idempotent.
     846                 :            :  *
     847                 :            :  * Since: 0.2.0
     848                 :            :  */
     849                 :            : void
     850                 :         78 : mct_app_filter_builder_clear (MctAppFilterBuilder *builder)
     851                 :            : {
     852                 :         78 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
     853                 :            : 
     854                 :         78 :   g_return_if_fail (_builder != NULL);
     855                 :            : 
     856         [ +  + ]:         78 :   g_clear_pointer (&_builder->blocklist, g_ptr_array_unref);
     857         [ +  + ]:         78 :   g_clear_pointer (&_builder->oars, g_hash_table_unref);
     858                 :            : }
     859                 :            : 
     860                 :            : /**
     861                 :            :  * mct_app_filter_builder_new:
     862                 :            :  *
     863                 :            :  * Construct a new #MctAppFilterBuilder on the heap. This is intended for
     864                 :            :  * language bindings. The returned builder must eventually be freed with
     865                 :            :  * mct_app_filter_builder_free(), but can be cleared zero or more times with
     866                 :            :  * mct_app_filter_builder_clear() first.
     867                 :            :  *
     868                 :            :  * Returns: (transfer full): a new heap-allocated #MctAppFilterBuilder
     869                 :            :  * Since: 0.2.0
     870                 :            :  */
     871                 :            : MctAppFilterBuilder *
     872                 :         12 : mct_app_filter_builder_new (void)
     873                 :            : {
     874                 :         12 :   g_autoptr(MctAppFilterBuilder) builder = NULL;
     875                 :            : 
     876                 :         12 :   builder = g_new0 (MctAppFilterBuilder, 1);
     877                 :         12 :   mct_app_filter_builder_init (builder);
     878                 :            : 
     879                 :         12 :   return g_steal_pointer (&builder);
     880                 :            : }
     881                 :            : 
     882                 :            : /**
     883                 :            :  * mct_app_filter_builder_copy:
     884                 :            :  * @builder: an #MctAppFilterBuilder
     885                 :            :  *
     886                 :            :  * Copy the given @builder to a newly-allocated #MctAppFilterBuilder on the
     887                 :            :  * heap. This is safe to use with cleared, stack-allocated
     888                 :            :  * #MctAppFilterBuilders.
     889                 :            :  *
     890                 :            :  * Returns: (transfer full): a copy of @builder
     891                 :            :  * Since: 0.2.0
     892                 :            :  */
     893                 :            : MctAppFilterBuilder *
     894                 :          4 : mct_app_filter_builder_copy (MctAppFilterBuilder *builder)
     895                 :            : {
     896                 :          4 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
     897                 :          4 :   g_autoptr(MctAppFilterBuilder) copy = NULL;
     898                 :            :   MctAppFilterBuilderReal *_copy;
     899                 :            : 
     900                 :          4 :   g_return_val_if_fail (builder != NULL, NULL);
     901                 :            : 
     902                 :          4 :   copy = mct_app_filter_builder_new ();
     903                 :          4 :   _copy = (MctAppFilterBuilderReal *) copy;
     904                 :            : 
     905                 :          4 :   mct_app_filter_builder_clear (copy);
     906         [ +  + ]:          4 :   if (_builder->blocklist != NULL)
     907                 :          2 :     _copy->blocklist = g_ptr_array_ref (_builder->blocklist);
     908         [ +  + ]:          4 :   if (_builder->oars != NULL)
     909                 :          2 :     _copy->oars = g_hash_table_ref (_builder->oars);
     910                 :          4 :   _copy->allow_user_installation = _builder->allow_user_installation;
     911                 :          4 :   _copy->allow_system_installation = _builder->allow_system_installation;
     912                 :            : 
     913                 :          4 :   return g_steal_pointer (&copy);
     914                 :            : }
     915                 :            : 
     916                 :            : /**
     917                 :            :  * mct_app_filter_builder_free:
     918                 :            :  * @builder: a heap-allocated #MctAppFilterBuilder
     919                 :            :  *
     920                 :            :  * Free an #MctAppFilterBuilder originally allocated using
     921                 :            :  * mct_app_filter_builder_new(). This must not be called on stack-allocated
     922                 :            :  * builders initialised using mct_app_filter_builder_init().
     923                 :            :  *
     924                 :            :  * Since: 0.2.0
     925                 :            :  */
     926                 :            : void
     927                 :         12 : mct_app_filter_builder_free (MctAppFilterBuilder *builder)
     928                 :            : {
     929                 :         12 :   g_return_if_fail (builder != NULL);
     930                 :            : 
     931                 :         12 :   mct_app_filter_builder_clear (builder);
     932                 :         12 :   g_free (builder);
     933                 :            : }
     934                 :            : 
     935                 :            : /**
     936                 :            :  * mct_app_filter_builder_end:
     937                 :            :  * @builder: an initialised #MctAppFilterBuilder
     938                 :            :  *
     939                 :            :  * Finish constructing an #MctAppFilter with the given @builder, and return it.
     940                 :            :  * The #MctAppFilterBuilder will be cleared as if mct_app_filter_builder_clear()
     941                 :            :  * had been called.
     942                 :            :  *
     943                 :            :  * Returns: (transfer full): a newly constructed #MctAppFilter
     944                 :            :  * Since: 0.2.0
     945                 :            :  */
     946                 :            : MctAppFilter *
     947                 :         35 : mct_app_filter_builder_end (MctAppFilterBuilder *builder)
     948                 :            : {
     949                 :         35 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
     950                 :         35 :   g_autoptr(MctAppFilter) app_filter = NULL;
     951                 :         70 :   g_auto(GVariantBuilder) oars_builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE ("a{ss}"));
     952                 :            :   GHashTableIter iter;
     953                 :            :   gpointer key, value;
     954                 :         35 :   g_autoptr(GVariant) oars_variant = NULL;
     955                 :            : 
     956                 :         35 :   g_return_val_if_fail (_builder != NULL, NULL);
     957                 :         35 :   g_return_val_if_fail (_builder->blocklist != NULL, NULL);
     958                 :         35 :   g_return_val_if_fail (_builder->oars != NULL, NULL);
     959                 :            : 
     960                 :            :   /* Ensure the paths list is %NULL-terminated. */
     961                 :         35 :   g_ptr_array_add (_builder->blocklist, NULL);
     962                 :            : 
     963                 :            :   /* Build the OARS variant. */
     964                 :         35 :   g_hash_table_iter_init (&iter, _builder->oars);
     965         [ +  + ]:         49 :   while (g_hash_table_iter_next (&iter, &key, &value))
     966                 :            :     {
     967                 :         14 :       const gchar *oars_section = key;
     968                 :         14 :       MctAppFilterOarsValue oars_value = GPOINTER_TO_INT (value);
     969                 :         14 :       const gchar *oars_value_strs[] =
     970                 :            :         {
     971                 :            :           NULL,  /* MCT_APP_FILTER_OARS_VALUE_UNKNOWN */
     972                 :            :           "none",
     973                 :            :           "mild",
     974                 :            :           "moderate",
     975                 :            :           "intense",
     976                 :            :         };
     977                 :            : 
     978                 :         14 :       g_assert ((int) oars_value >= 0 &&
     979                 :            :                 (int) oars_value < (int) G_N_ELEMENTS (oars_value_strs));
     980                 :            : 
     981         [ +  - ]:         14 :       if (oars_value_strs[oars_value] != NULL)
     982                 :         14 :         g_variant_builder_add (&oars_builder, "{ss}",
     983                 :            :                                oars_section, oars_value_strs[oars_value]);
     984                 :            :     }
     985                 :            : 
     986                 :         35 :   oars_variant = g_variant_ref_sink (g_variant_builder_end (&oars_builder));
     987                 :            : 
     988                 :            :   /* Build the #MctAppFilter. */
     989                 :         35 :   app_filter = g_new0 (MctAppFilter, 1);
     990                 :         35 :   app_filter->ref_count = 1;
     991                 :         35 :   app_filter->user_id = -1;
     992                 :         35 :   app_filter->app_list = (gchar **) g_ptr_array_free (g_steal_pointer (&_builder->blocklist), FALSE);
     993                 :         35 :   app_filter->app_list_type = MCT_APP_FILTER_LIST_BLOCKLIST;
     994                 :         35 :   app_filter->oars_ratings = g_steal_pointer (&oars_variant);
     995                 :         35 :   app_filter->allow_user_installation = _builder->allow_user_installation;
     996                 :         35 :   app_filter->allow_system_installation = _builder->allow_system_installation;
     997                 :            : 
     998                 :         35 :   mct_app_filter_builder_clear (builder);
     999                 :            : 
    1000                 :         35 :   return g_steal_pointer (&app_filter);
    1001                 :            : }
    1002                 :            : 
    1003                 :            : /**
    1004                 :            :  * mct_app_filter_builder_blocklist_path:
    1005                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1006                 :            :  * @path: (type filename): an absolute path to blocklist
    1007                 :            :  *
    1008                 :            :  * Add @path to the blocklist of app paths in the filter under construction. It
    1009                 :            :  * will be canonicalised (without doing any I/O) before being added.
    1010                 :            :  * The canonicalised @path will not be added again if it’s already been added.
    1011                 :            :  *
    1012                 :            :  * Since: 0.2.0
    1013                 :            :  */
    1014                 :            : void
    1015                 :         22 : mct_app_filter_builder_blocklist_path (MctAppFilterBuilder *builder,
    1016                 :            :                                        const gchar         *path)
    1017                 :            : {
    1018                 :         22 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1019                 :            : 
    1020                 :         22 :   g_return_if_fail (_builder != NULL);
    1021                 :         22 :   g_return_if_fail (_builder->blocklist != NULL);
    1022                 :         22 :   g_return_if_fail (path != NULL);
    1023                 :         22 :   g_return_if_fail (g_path_is_absolute (path));
    1024                 :            : 
    1025         [ +  - ]:         44 :   g_autofree gchar *canonical_path = g_canonicalize_filename (path, "/");
    1026         [ +  - ]:         44 :   g_autofree gchar *canonical_path_utf8 = g_filename_to_utf8 (canonical_path, -1,
    1027                 :            :                                                               NULL, NULL, NULL);
    1028                 :         22 :   g_return_if_fail (canonical_path_utf8 != NULL);
    1029                 :            : 
    1030         [ +  - ]:         22 :   if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
    1031                 :            :                                          canonical_path_utf8, g_str_equal, NULL))
    1032                 :         22 :     g_ptr_array_add (_builder->blocklist, g_steal_pointer (&canonical_path_utf8));
    1033                 :            : }
    1034                 :            : 
    1035                 :            : /**
    1036                 :            :  * mct_app_filter_builder_blocklist_flatpak_ref:
    1037                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1038                 :            :  * @app_ref: a flatpak app ref to blocklist
    1039                 :            :  *
    1040                 :            :  * Add @app_ref to the blocklist of flatpak refs in the filter under
    1041                 :            :  * construction. The @app_ref will not be added again if it’s already been
    1042                 :            :  * added.
    1043                 :            :  *
    1044                 :            :  * Since: 0.2.0
    1045                 :            :  */
    1046                 :            : void
    1047                 :         10 : mct_app_filter_builder_blocklist_flatpak_ref (MctAppFilterBuilder *builder,
    1048                 :            :                                               const gchar         *app_ref)
    1049                 :            : {
    1050                 :         10 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1051                 :            : 
    1052                 :         10 :   g_return_if_fail (_builder != NULL);
    1053                 :         10 :   g_return_if_fail (_builder->blocklist != NULL);
    1054                 :         10 :   g_return_if_fail (app_ref != NULL);
    1055                 :         10 :   g_return_if_fail (is_valid_flatpak_ref (app_ref));
    1056                 :            : 
    1057         [ +  - ]:         10 :   if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
    1058                 :            :                                          app_ref, g_str_equal, NULL))
    1059                 :         10 :     g_ptr_array_add (_builder->blocklist, g_strdup (app_ref));
    1060                 :            : }
    1061                 :            : 
    1062                 :            : /**
    1063                 :            :  * mct_app_filter_builder_blocklist_content_type:
    1064                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1065                 :            :  * @content_type: a content type to blocklist
    1066                 :            :  *
    1067                 :            :  * Add @content_type to the blocklist of content types in the filter under
    1068                 :            :  * construction. The @content_type will not be added again if it’s already been
    1069                 :            :  * added.
    1070                 :            :  *
    1071                 :            :  * Note that this method doesn’t handle content subtypes. For example, if
    1072                 :            :  * `application/xml` is added to the blocklist but `application/xspf+xml` is not,
    1073                 :            :  * a check for whether `application/xspf+xml` is blocklisted would return false.
    1074                 :            :  *
    1075                 :            :  * Since: 0.4.0
    1076                 :            :  */
    1077                 :            : void
    1078                 :         14 : mct_app_filter_builder_blocklist_content_type (MctAppFilterBuilder *builder,
    1079                 :            :                                                const gchar         *content_type)
    1080                 :            : {
    1081                 :         14 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1082                 :            : 
    1083                 :         14 :   g_return_if_fail (_builder != NULL);
    1084                 :         14 :   g_return_if_fail (_builder->blocklist != NULL);
    1085                 :         14 :   g_return_if_fail (content_type != NULL);
    1086                 :         14 :   g_return_if_fail (is_valid_content_type (content_type));
    1087                 :            : 
    1088         [ +  - ]:         14 :   if (!g_ptr_array_find_with_equal_func (_builder->blocklist,
    1089                 :            :                                          content_type, g_str_equal, NULL))
    1090                 :         14 :     g_ptr_array_add (_builder->blocklist, g_strdup (content_type));
    1091                 :            : }
    1092                 :            : 
    1093                 :            : /**
    1094                 :            :  * mct_app_filter_builder_set_oars_value:
    1095                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1096                 :            :  * @oars_section: name of the OARS section to set the value for
    1097                 :            :  * @value: value to set for the @oars_section
    1098                 :            :  *
    1099                 :            :  * Set the OARS value for the given @oars_section, indicating the intensity of
    1100                 :            :  * content covered by that section which the user is allowed to see (inclusive).
    1101                 :            :  * Any apps which have more intense content in this section should not be usable
    1102                 :            :  * by the user.
    1103                 :            :  *
    1104                 :            :  * Since: 0.2.0
    1105                 :            :  */
    1106                 :            : void
    1107                 :         14 : mct_app_filter_builder_set_oars_value (MctAppFilterBuilder   *builder,
    1108                 :            :                                        const gchar           *oars_section,
    1109                 :            :                                        MctAppFilterOarsValue  value)
    1110                 :            : {
    1111                 :         14 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1112                 :            : 
    1113                 :         14 :   g_return_if_fail (_builder != NULL);
    1114                 :         14 :   g_return_if_fail (_builder->oars != NULL);
    1115                 :         14 :   g_return_if_fail (oars_section != NULL && *oars_section != '\0');
    1116                 :            : 
    1117                 :         14 :   g_hash_table_insert (_builder->oars, g_strdup (oars_section),
    1118                 :         14 :                        GUINT_TO_POINTER (value));
    1119                 :            : }
    1120                 :            : 
    1121                 :            : /**
    1122                 :            :  * mct_app_filter_builder_set_allow_user_installation:
    1123                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1124                 :            :  * @allow_user_installation: %TRUE to allow app installation; %FALSE to
    1125                 :            :  *    unconditionally disallow it
    1126                 :            :  *
    1127                 :            :  * Set whether the user is allowed to install to their flatpak user repository.
    1128                 :            :  * If this is %TRUE, app installation is still subject to the OARS values
    1129                 :            :  * (mct_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
    1130                 :            :  * is unconditionally disallowed for this user.
    1131                 :            :  *
    1132                 :            :  * Since: 0.2.0
    1133                 :            :  */
    1134                 :            : void
    1135                 :         10 : mct_app_filter_builder_set_allow_user_installation (MctAppFilterBuilder *builder,
    1136                 :            :                                                     gboolean             allow_user_installation)
    1137                 :            : {
    1138                 :         10 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1139                 :            : 
    1140                 :         10 :   g_return_if_fail (_builder != NULL);
    1141                 :            : 
    1142                 :         10 :   _builder->allow_user_installation = allow_user_installation;
    1143                 :            : }
    1144                 :            : 
    1145                 :            : /**
    1146                 :            :  * mct_app_filter_builder_set_allow_system_installation:
    1147                 :            :  * @builder: an initialised #MctAppFilterBuilder
    1148                 :            :  * @allow_system_installation: %TRUE to allow app installation; %FALSE to
    1149                 :            :  *    unconditionally disallow it
    1150                 :            :  *
    1151                 :            :  * Set whether the user is allowed to install to the flatpak system repository.
    1152                 :            :  * If this is %TRUE, app installation is still subject to the OARS values
    1153                 :            :  * (mct_app_filter_builder_set_oars_value()). If it is %FALSE, app installation
    1154                 :            :  * is unconditionally disallowed for this user.
    1155                 :            :  *
    1156                 :            :  * Since: 0.2.0
    1157                 :            :  */
    1158                 :            : void
    1159                 :         10 : mct_app_filter_builder_set_allow_system_installation (MctAppFilterBuilder *builder,
    1160                 :            :                                                       gboolean             allow_system_installation)
    1161                 :            : {
    1162                 :         10 :   MctAppFilterBuilderReal *_builder = (MctAppFilterBuilderReal *) builder;
    1163                 :            : 
    1164                 :         10 :   g_return_if_fail (_builder != NULL);
    1165                 :            : 
    1166                 :         10 :   _builder->allow_system_installation = allow_system_installation;
    1167                 :            : }

Generated by: LCOV version 1.14