Created attachment 157078 [details] `flatpak info --show-permissions org.chromium.Chromium` [Flatpak Permissions cannot read system-level permission profiles] The new flatpak privilege management in kde does not read the configuration file in "/var/lib/flatpak/overrides". But actually the command to check with flatpak is overwritten and the specific use is in effect.
I guess it's because current code relied on only two sources: app's inherent metadata, and per-user installation per-application overrides file. Thus, we are potentially missing 3 other sources: - system-wide installation's global overrides, - system-wide installation's per-app overrides, and - per-user installation's global overrides. IMHO if the KCM only ever operates on per-user installation's per-app overrides file for writing, then it should at least load all the others and treat them as new default values. However, that kinda complicates things, as now we'd have "default" and "really really the default" states for permissions/resources. For example, I'm was going to implement orange highlighting for changed preferences, and this issue changes semantics of such feature from "differs from default" to "differs from all the rest combined except the very last link in the chain". A bit difficult to comprehend, especially if a user explicitly wants to force-set some certain permission regardless of volatile mid-level overrides.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/flatpak-kcm/-/merge_requests/115
Git commit bce3fa5baaaa6fe2ca2ce3d24f6571bf16062c41 by ivan tkachenko. Committed on 12/06/2023 at 12:26. Pushed by ratijas into branch 'master'. FlatpakPermissionModel: Merge defaults from a list of overrides The model now takes a list of all permissions files (metadata + every override except the very last one which we operate on), and merges them one by one into an in-memory KConfig object. The rest is unchanged. While loading default values, we are not interested in keeping or processing unknown/unparsable entries in any way, which simplifies code a bit comparing to loadCurrentValues() method. A +16 -0 autotests/fixtures/metadata/com.example.cascade.metadata A +12 -0 autotests/fixtures/overrides.in/com.example.cascade.system-global A +16 -0 autotests/fixtures/overrides.in/com.example.cascade.user-app A +9 -0 autotests/fixtures/overrides.in/com.example.cascade.user-global A +19 -0 autotests/fixtures/overrides.out/com.example.cascade.final M +266 -9 autotests/flatpakpermissiontest.cpp M +139 -13 flatpakpermission.cpp M +13 -0 flatpakpermission.h https://invent.kde.org/plasma/flatpak-kcm/-/commit/bce3fa5baaaa6fe2ca2ce3d24f6571bf16062c41
Git commit 6c0616c12632952c66fc0b8100b3ae40913634b4 by ivan tkachenko. Committed on 12/06/2023 at 12:55. Pushed by ratijas into branch 'Plasma/5.27'. FlatpakPermissionModel: Merge defaults from a list of overrides The model now takes a list of all permissions files (metadata + every override except the very last one which we operate on), and merges them one by one into an in-memory KConfig object. The rest is unchanged. While loading default values, we are not interested in keeping or processing unknown/unparsable entries in any way, which simplifies code a bit comparing to loadCurrentValues() method. (cherry picked from commit bce3fa5baaaa6fe2ca2ce3d24f6571bf16062c41) A +16 -0 autotests/fixtures/metadata/com.example.cascade.metadata A +12 -0 autotests/fixtures/overrides.in/com.example.cascade.system-global A +16 -0 autotests/fixtures/overrides.in/com.example.cascade.user-app A +9 -0 autotests/fixtures/overrides.in/com.example.cascade.user-global A +19 -0 autotests/fixtures/overrides.out/com.example.cascade.final M +266 -9 autotests/flatpakpermissiontest.cpp M +139 -13 flatpakpermission.cpp M +13 -0 flatpakpermission.h https://invent.kde.org/plasma/flatpak-kcm/-/commit/6c0616c12632952c66fc0b8100b3ae40913634b4