Page MenuHomePhabricator

add permissions+handling for sandbox gadgets
Open, TODOPublic


this should probably function similarly to phone apps where the user has to approve access to things or else the gadget cannot be placed

  • add permissions needed to gadget's .desktop file
  • by default block all permissions

permissions can include:

  • filesystem
  • network
  • dbus


Related Objects

zmike created this task.Nov 3 2017, 11:12 AM

Do you also have in mind how to deny the access to the restricted permissions on gadget runtime?
Otherwise a malignus gadget can just lie in the .desktop file to workaround the system you described.

zmike added a project: Restricted Project.Nov 21 2017, 10:56 AM

I don't understand the question? Naturally any permissions which have not been approved would not be granted to the gadget and so these features would be unavailable.