473871 – Change permission to directories that are needed

Bug 473871 - Change permission to directories that are needed

Summary: Change permission to directories that are needed

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Elisa
Classification:	Applications
Component:	general (show other bugs)
Version:	23.04.3
Platform:	Flatpak Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Matthieu Gallien

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-08-28 22:55 UTC by Henning
Modified:	2023-08-30 16:16 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Henning 2023-08-28 22:55:17 UTC

This is a big general Flatpak apps issue: If apps are supposed to open files "located everywhere" they get the host permission.

This is not sandboxed really, and having
- ~/
- /run
- /media
- /mnt
- ...

Should be enough and address the problem. Maybe some more directories, but these should be set instead of host, at least.

From a security perspective it would be best to have no permissions at all and just use portals. But this is lots of work, not needed probably too.

Comment 1 Nate Graham 2023-08-29 20:01:49 UTC

Unfortunately Elisa cannot use portals for this because portal-granted filesystem permissions are temporary, not permanent. So if the user went into Elisa's settings window and clicked "Add new location" and was prompted by the portal to choose a new location to find their music in, then Elisa would have access to that location only until it's quit, and then it would not have access to it anymore next time it's launched.

New APIs would need to be added upstream before such a thing would be possible.

Comment 2 Henning 2023-08-29 20:23:54 UTC

hmm... okay so this may be necessary to implement in the portals? A way to permanently keep that symlink?

Comment 3 Nate Graham 2023-08-29 21:15:42 UTC

It's something that would need upstream support... and lots of discussion, and also most likely some lecturing about why it's a bad idea and fundamentally violates the Flatpak security model.

Comment 4 Henning 2023-08-29 21:45:13 UTC

I am not sure how the Portal on Android works, but currently that is in many parts my way to go, its pretty awesome.

But yes, I think to have a good UX about all this, Apps needing to manage things, it would require one privileged app, like a KDE portal UI, to manage the filesystem overrides. A dream of Apps launching systemsettings pages or even popups, and setting that seperately in a GUI.

Comment 5 Nate Graham 2023-08-30 16:16:42 UTC

Yes, that would probably be better from a UX perspective: ask the user for permissions at runtime as they are needed, and remember the user's responses until revoked later.

Unfortunately that's now how the portal system works right now: by design, the permissions grantable at runtime are not remembered. It would need to be changed upstream to a fundamentally different design. I think such a design would be better, but that's not everyone's view.