Page MenuHomePhabricator

add permissions+handling for sandbox gadgets
Open, TODOPublic

Description

this should probably function similarly to phone apps where the user has to approve access to things or else the gadget cannot be placed

  • add permissions needed to gadget's .desktop file
  • by default block all permissions

permissions can include:

  • filesystem
  • network
  • dbus

???

Related Objects

zmike created this task.Nov 3 2017, 11:12 AM

Do you also have in mind how to deny the access to the restricted permissions on gadget runtime?
Otherwise a malignus gadget can just lie in the .desktop file to workaround the system you described.

zmike added a project: Restricted Project.Nov 21 2017, 10:56 AM

I don't understand the question? Naturally any permissions which have not been approved would not be granted to the gadget and so these features would be unavailable.