/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
 * vi:set noexpandtab tabstop=8 shiftwidth=8:
 *
 * Copyright (C) 2022 Red Hat <www.redhat.com>
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#pragma once

#include <glib.h>
#include <glib-object.h>

G_BEGIN_DECLS

/**
 * GsAppPermissionsFlags:
 * @GS_APP_PERMISSIONS_FLAGS_SYSTEM_BUS: App has unfiltered access to the D-Bus
 *    system bus (i.e. can talk to and own any name on it).
 * @GS_APP_PERMISSIONS_FLAGS_SESSION_BUS: App has unfiltered access to the D-Bus
 *    session bus (i.e. can talk to and own any name on it).
 * @GS_APP_PERMISSIONS_FLAGS_DEVICES: App can access general purpose devices
 *   such as webcams or gaming controllers.
 * @GS_APP_PERMISSIONS_FLAGS_SYSTEM_DEVICES: App can access non-physical
 *   privileged system devices, such as `/dev/shm` or `/dev/kvm` (Since: 44)
 * @GS_APP_PERMISSIONS_FLAGS_SCREEN: App can access screen contents
 *   without asking, e.g. by reading Pipewire ScreenCast streams (Since: 46)
 * @GS_APP_PERMISSIONS_FLAGS_INPUT_DEVICES: App can access input devices, under `/dev/input` (Since: 46)
 * @GS_APP_PERMISSIONS_FLAGS_AUDIO_DEVICES: App can access audio devices (such as microphones and speakers) from PulseAudio and pipewire directly (Since: 48)
 *
 * Flags to indicate what permissions an app requires, at a high level.
 */
typedef enum {
	GS_APP_PERMISSIONS_FLAGS_NONE			= 0,
	GS_APP_PERMISSIONS_FLAGS_NETWORK 		= 1 << 1,
	GS_APP_PERMISSIONS_FLAGS_SYSTEM_BUS   		= 1 << 2,
	GS_APP_PERMISSIONS_FLAGS_SESSION_BUS		= 1 << 3,
	GS_APP_PERMISSIONS_FLAGS_DEVICES 		= 1 << 4,
	GS_APP_PERMISSIONS_FLAGS_HOME_FULL 		= 1 << 5,
	GS_APP_PERMISSIONS_FLAGS_HOME_READ		= 1 << 6,
	GS_APP_PERMISSIONS_FLAGS_FILESYSTEM_FULL	= 1 << 7,
	GS_APP_PERMISSIONS_FLAGS_FILESYSTEM_READ	= 1 << 8,
	GS_APP_PERMISSIONS_FLAGS_DOWNLOADS_FULL 	= 1 << 9,
	GS_APP_PERMISSIONS_FLAGS_DOWNLOADS_READ		= 1 << 10,
	GS_APP_PERMISSIONS_FLAGS_SETTINGS		= 1 << 11,
	GS_APP_PERMISSIONS_FLAGS_X11			= 1 << 12,
	GS_APP_PERMISSIONS_FLAGS_ESCAPE_SANDBOX		= 1 << 13,
	GS_APP_PERMISSIONS_FLAGS_FILESYSTEM_OTHER	= 1 << 14,
	GS_APP_PERMISSIONS_FLAGS_SYSTEM_DEVICES		= 1 << 15,
	GS_APP_PERMISSIONS_FLAGS_SCREEN			= 1 << 16,
	GS_APP_PERMISSIONS_FLAGS_INPUT_DEVICES		= 1 << 17,
	GS_APP_PERMISSIONS_FLAGS_AUDIO_DEVICES		= 1 << 18,
	GS_APP_PERMISSIONS_FLAGS_LAST  /*< skip >*/
} GsAppPermissionsFlags;

#define LIMITED_PERMISSIONS (GS_APP_PERMISSIONS_FLAGS_SETTINGS | \
			GS_APP_PERMISSIONS_FLAGS_NETWORK | \
			GS_APP_PERMISSIONS_FLAGS_DOWNLOADS_READ | \
			GS_APP_PERMISSIONS_FLAGS_DOWNLOADS_FULL)
#define MEDIUM_PERMISSIONS (LIMITED_PERMISSIONS | \
			GS_APP_PERMISSIONS_FLAGS_X11)

/**
 * GsBusPolicyPermission:
 * @GS_BUS_POLICY_PERMISSION_NONE: No permissions. The bus name is invisible to the app.
 * @GS_BUS_POLICY_PERMISSION_SEE: The bus name can be enumerated by the app.
 * @GS_BUS_POLICY_PERMISSION_TALK: The app can exchange messages with the bus name.
 * @GS_BUS_POLICY_PERMISSION_OWN: The app can own the bus name.
 * @GS_BUS_POLICY_PERMISSION_UNKNOWN: Permissions are unknown.
 *
 * Permissions for app interactions with services on a D-Bus bus.
 *
 * These are in strictly ascending order of what they allow (so each enum member
 * allows all of what the lower-valued members allow). It follows exactly the
 * same semantics as [flatpak](man:flatpak-metadata(5)).
 *
 * Since: 48
 */
typedef enum {
	GS_BUS_POLICY_PERMISSION_NONE = 0,
	GS_BUS_POLICY_PERMISSION_SEE,
	GS_BUS_POLICY_PERMISSION_TALK,
	GS_BUS_POLICY_PERMISSION_OWN,
	GS_BUS_POLICY_PERMISSION_UNKNOWN,
} GsBusPolicyPermission;

#define GS_TYPE_APP_PERMISSIONS (gs_app_permissions_get_type ())

G_DECLARE_FINAL_TYPE (GsAppPermissions, gs_app_permissions, GS, APP_PERMISSIONS, GObject)

GsAppPermissions	*gs_app_permissions_new		(void);
void			 gs_app_permissions_seal	(GsAppPermissions	*self);
gboolean		 gs_app_permissions_is_sealed	(GsAppPermissions	*self);

gboolean		 gs_app_permissions_is_empty	(GsAppPermissions	*self);
GsAppPermissions	*gs_app_permissions_diff	(GsAppPermissions	*self,
							 GsAppPermissions	*other);

void			 gs_app_permissions_set_flags	(GsAppPermissions	*self,
							 GsAppPermissionsFlags	 flags);
GsAppPermissionsFlags	 gs_app_permissions_get_flags	(GsAppPermissions	*self);
void			 gs_app_permissions_add_flag	(GsAppPermissions	*self,
							 GsAppPermissionsFlags	 flags);
void			 gs_app_permissions_remove_flag	(GsAppPermissions	*self,
							 GsAppPermissionsFlags	 flags);
void			 gs_app_permissions_add_filesystem_read
							(GsAppPermissions	*self,
							 const gchar		*filename);
const GPtrArray		*gs_app_permissions_get_filesystem_read
							(GsAppPermissions	*self);
gboolean		 gs_app_permissions_contains_filesystem_read
							(GsAppPermissions *self,
							 const gchar *filename);
void			 gs_app_permissions_add_filesystem_full
							(GsAppPermissions	*self,
							 const gchar		*filename);
const GPtrArray		*gs_app_permissions_get_filesystem_full
							(GsAppPermissions	*self);
gboolean		 gs_app_permissions_contains_filesystem_full
							(GsAppPermissions *self,
							 const gchar *filename);

G_END_DECLS