mirror of
https://github.com/flatpak/flatpak.git
synced 2026-01-26 14:13:26 +00:00
2ae9cfd950
Currently, app installs and updates are treated the same from the point of view of the parental controls permissions checks. This was intended so that parents have to re-check each app update to make sure it’s still appropriate for their children. In practice, though, parents are not that hands-on, and there are a lot of regular app updates. The tradeoff between app updates (which bring security fixes and features) and not changing so much in apps that a parent’s initial assessment of their suitability for their child is probably skewed the wrong way. We should be preferring updates (in particular, so we get security updates), and assuming that if an app is OK to begin with, it’s probably not going to change so radically as to become unsuitable for a child with an update. As a data point, Google Play’s parental controls will allow apps to be automatically updated even if a child account can’t install new apps. So, implement this by splitting the existing `org.freedesktop.Flatpak.override-parental-controls` polkit action in two: the existing action for _installs_, and a new `org.freedesktop.Flatpak.override-parental-controls-update` action for _updates_. `FlatpakDir` is changed to use the appropriate action depending on whether an app is being installed from scratch or updated. The default policies for the two actions differ. Users/Distros who disagree with the new default policy can provide their own polkit rules to change the behaviour of `override-parental-controls-update` so that it matches `override-parental-controls`, to bring back the old behaviour. Signed-off-by: Philip Withnall <pwithnall@gnome.org> Fixes: https://github.com/flatpak/flatpak/issues/5552