Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: Only grant permission once for unidentified apps #1600

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

RFC: Only grant permission once for unidentified apps #1600

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 13 additions & 10 deletions src/screenshot.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,17 +206,23 @@ handle_screenshot_in_thread_func (GTask *task,
gboolean interactive;
const char *parent_window;
const char *app_id;
gboolean store_permission;

REQUEST_AUTOLOCK (request);

app_id = xdp_app_info_get_id (request->app_info);
parent_window = ((const char *)g_object_get_data (G_OBJECT (request), "parent-window"));
options = ((GVariant *)g_object_get_data (G_OBJECT (request), "options"));

/* Only memorize the permission for applications that can be uniquely
* identified by their app ID.
*/
store_permission = g_strcmp0 (app_id, "") != 0;

if (xdp_dbus_impl_screenshot_get_version (impl) < 2)
goto query_impl;

permission = xdp_get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID);
permission = store_permission ? xdp_get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID) : XDP_PERMISSION_UNSET;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a upgrade path, so that if we previously had stored a permission for app_id="" we will stop honouring it from now on.


if (!g_variant_lookup (options, "interactive", "b", &interactive))
interactive = FALSE;
Expand Down Expand Up @@ -244,7 +250,7 @@ handle_screenshot_in_thread_func (GTask *task,
g_variant_builder_add (&access_opt_builder, "{sv}",
"icon", g_variant_new_string ("applets-screenshooter-symbolic"));

if (g_strcmp0 (app_id, "") != 0)
if (store_permission)
{
g_autoptr(GDesktopAppInfo) info = NULL;
g_autofree gchar *id = NULL;
Expand All @@ -260,19 +266,16 @@ handle_screenshot_in_thread_func (GTask *task,

title = g_strdup_printf (_("Allow %s to Take Screenshots?"), name);
subtitle = g_strdup_printf (_("%s wants to be able to take screenshots at any time."), name);
body = _("This permission can be changed at any time from the privacy settings.");
}
else
{
/* Note: this will set the wallpaper permission for all unsandboxed
* apps for which an app ID can't be determined.
*/
g_assert (xdp_app_info_is_host (request->app_info));
title = g_strdup (_("Allow Applications to Take Screenshots?"));
subtitle = g_strdup (_("An application wants to be able to take screenshots at any time."));
title = g_strdup (_("Allow Screenshot?"));
subtitle = g_strdup (_("An unknown application wants to take a screenshot."));
body = _("This permission will only be granted once. The application will have to request permission again in the future.");
}

body = _("This permission can be changed at any time from the privacy settings.");

if (!xdp_dbus_impl_access_call_access_dialog_sync (access_impl,
request->id,
app_id,
Expand All @@ -291,7 +294,7 @@ handle_screenshot_in_thread_func (GTask *task,
return;
}

if (permission == XDP_PERMISSION_UNSET)
if (store_permission && permission == XDP_PERMISSION_UNSET)
xdp_set_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID, access_response == 0 ? XDP_PERMISSION_YES : XDP_PERMISSION_NO);

if (access_response != 0)
Expand Down
Loading