feat: add privacy configuration for control center

[mhduiy]

Added a new privacy configuration file for the control center module. This configuration defines a permission blacklist setting that allows the system to manage and cache restricted permissions. The setting includes support for Chinese localization and is marked as private with read-write permissions for authorized access.

Log: Added privacy configuration with permission blacklist support

Influence:

1. Verify the configuration file is properly loaded by the control center
2. Test that the permission blacklist setting can be read and written correctly
3. Check Chinese localization displays properly in the UI
4. Ensure private visibility restricts unauthorized access to the setting
5. Validate that the configuration structure follows the expected dsg format

feat: 为控制中心添加隐私配置文件

新增控制中心模块的隐私配置文件。此配置定义了一个权限黑名单设置，允许系统
管理和缓存受限权限。该设置包含中文本地化支持，并标记为私有，仅允许授权访
问的读写权限。

Log: 新增支持权限黑名单的隐私配置

Influence:

1. 验证控制中心是否正确加载配置文件
2. 测试权限黑名单设置能否正确读写
3. 检查中文本地化在界面中是否正确显示
4. 确保私有可见性限制了对该设置的未授权访问
5. 验证配置结构是否符合预期的 dsg 格式

Summary by Sourcery

Add a new privacy configuration for the control center module to define and manage a permission blacklist setting with proper visibility and localization.

New Features:

• Introduce a privacy configuration file for the control center defining a permission blacklist setting with caching support.
• Add Chinese-localized metadata for the new privacy setting to display correctly in the UI.

Enhancements:

• Restrict access to the new permission blacklist setting via private visibility with read-write access for authorized consumers.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds a new privacy configuration JSON for the control center module, defining a private, read‑write permission blacklist setting with Chinese localization and ensuring it follows the expected DSG configuration format.

File-Level Changes

Change	Details	Files
Introduce a privacy configuration JSON defining a permission blacklist setting for the control center.	Add a DSG-format privacy config file for the control center module Define a permission blacklist key used to manage and cache restricted permissions Mark the setting as private with controlled read-write access semantics Include Chinese-localized display strings/labels for the setting	misc/configs/org.deepin.dde.control-center.privacy.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• Compare the new org.deepin.dde.control-center.privacy.json structure and key naming with existing privacy config JSONs to ensure the dsg schema, field names, and types are fully consistent across modules.
• Verify that the permission blacklist’s default value and scope (e.g., whether it starts empty or pre-populated) match the intended behavior of the control center so that enabling this config doesn’t unexpectedly block existing permissions.
• Check that all localized fields (including descriptions, categories, and any help text) are provided both in Chinese and other supported locales, and that the localization keys follow the same pattern as other privacy settings.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Compare the new org.deepin.dde.control-center.privacy.json structure and key naming with existing privacy config JSONs to ensure the dsg schema, field names, and types are fully consistent across modules.
- Verify that the permission blacklist’s default value and scope (e.g., whether it starts empty or pre-populated) match the intended behavior of the control center so that enabling this config doesn’t unexpectedly block existing permissions.
- Check that all localized fields (including descriptions, categories, and any help text) are provided both in Chinese and other supported locales, and that the localization keys follow the same pattern as other privacy settings.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

这是一个关于 DDE (Deepin Desktop Environment) 控制中心隐私配置的 JSON 配置文件 diff。该文件用于定义一个新的配置项 permissionBlacklist。

以下是对该文件的审查意见，分为语法逻辑、代码质量、代码性能和代码安全四个方面：

1. 语法逻辑

• JSON 格式正确：文件结构符合 JSON 标准，键值对格式正确，括号闭合无误。
• 结构一致性：该结构符合 Deepin DSG (DDE Settings Generator) 的配置元数据规范，包含 magic、version 和 contents 等标准字段。
• 默认值逻辑：
  • "value": ""：将默认值设为空字符串。这通常意味着该配置项用于存储字符串列表或路径列表。如果该配置项预期存储的是列表（如 JSON 数组字符串），默认值为空字符串是合理的，但需确保后续代码能正确处理空字符串与空列表的区别。

2. 代码质量

• 国际化 (i18n) 不完整：
  • 文件中仅包含 name[zh_CN] 和 description[zh_CN]（中文翻译）。
  • 改进建议：为了支持国际化，应补充通用的 name 和 description（通常为英文），以及其他可能需要的语言（如 en_US）。目前 description 为空，这在 UI 展示或日志记录时可能不够友好。
• 字段命名规范：
  • JSON 键 permissionBlacklist 使用驼峰命名法，而 name 字段值 permission_blacklist 使用下划线命名法。这可能是为了适配后端存储键名的习惯，但在代码审查中应确认后端读取该配置时使用的具体键名，避免因命名不一致导致读取失败。
• 文档性：description 字段为空。建议添加简短的描述，说明该黑名单的具体用途（例如："Cache for storing application permission blacklists"），方便其他开发者维护。

3. 代码性能

• 数据存储方式：
  • 当前 value 类型为字符串。如果黑名单包含大量条目，每次读取都需要进行字符串解析（如 JSON 解析）。
  • 改进建议：如果 DSG 框架支持数组类型，且该配置项逻辑上是一个列表，建议直接使用数组类型（如果框架元数据支持）。如果必须使用字符串存储（例如存储序列化后的 JSON），需确保解析逻辑在主线程之外进行，或者数据量极小，以免阻塞 UI。

4. 代码安全

• 权限控制：
  • "permissions": "readwrite"：配置为可读写。由于这是隐私相关的配置，需确认是否有必要允许所有有权限访问该配置文件的进程进行修改。
  • "visibility": "private"：设置为私有可见。这是一个好的做法，限制了该配置项在公共 API 中的暴露范围，减少了被恶意第三方程序随意读取或修改的风险。
• 注入风险：
  • 由于 value 是字符串，如果该字符串的内容（如文件路径或命令）后续会被系统执行或解析，务必在使用该配置值的地方进行严格的校验和转义，防止命令注入或路径遍历攻击。
• 数据敏感性：
  • 黑名单数据本身可能涉及用户隐私。虽然配置文件通常存储在用户目录下，但仍需确保该配置文件本身的文件权限设置正确（例如仅限所有者读写），防止同组或其他用户读取。

总结与建议修改

该配置文件整体结构合规，但在国际化和描述完整性上有所欠缺。建议修改如下：

{
    "magic": "dsg.config.meta",
    "version": "1.0",
    "contents": {
        "permissionBlacklist": {
            "value": "",
            "serial": 0,
            "flags": [],
            "name": "permission_blacklist",
            "name[zh_CN]": "权限黑名单",
            "name": "Permission Blacklist", 
            "description[zh_CN]": "用于缓存应用程序权限黑名单",
            "description": "Cache for storing application permission blacklists",
            "permissions": "readwrite",
            "visibility": "private"
        }
    }
}

主要变更点：

1. 补充了英文的 name。
2. 补充了中英文的 description，明确了用途。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mhduiy, yixinshark

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mhduiy]

/forcemerge

[deepin-bot]

This pr force merged! (status: blocked)