We can use setfacl command line utility to set specific permissions only for a specific user. This should remove the the need for the C kernel communication code and also all the code that's responsible for handling opening a restricted application. Showing the admin or error dialog should be then just handled by Slingshot and Plank themselves. The restricted application won't be accessible from either bash and file manager since the executable will have the right permissions set for that.
We can use
setfaclcommand line utility to set specific permissions only for a specific user. This should remove the the need for the C kernel communication code and also all the code that's responsible for handling opening a restricted application. Showing the admin or error dialog should be then just handled by Slingshot and Plank themselves. The restricted application won't be accessible from either bash and file manager since the executable will have the right permissions set for that.