RFC: Only grant permission once for unidentified apps #1600
Conversation
|
I've only made changes to the screenshot portal, but the idea would be to replicate the same changes to other interfaces which involve the PermissionStore |
The status-quo is problematic because: * It is not comunicated well enough that granting the permission would also grant it for any other unidentified program. That includes all programs started from a terminal, without a systemd scope. * It is not true, or not true for all Desktops, that "This permission can be changed at any time from the privacy settings." because the "privacy settings" app would need to have a section dedicated to unidentified apps, which gnome-control-center for example does not have. Both problems could be addressed differently, but I believe this is a better solution overall: I propose we don't use the PermissionStore for unidentified apps, at all. It is generally unsensible to grant such a wide permission, and I don't think we should allow it. Instead, such unidentified apps will always prompt whenever they want to take a privileged action.
aleasto
force-pushed
the
unidentified-app
branch
from
7025412 to
f4aff86
Compare
| if (xdp_dbus_impl_screenshot_get_version (impl) < 2) | ||
| goto query_impl; | ||
|
|
||
| permission = xdp_get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID); | ||
| permission = store_permission ? xdp_get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID) : XDP_PERMISSION_UNSET; |
There was a problem hiding this comment.
This is a upgrade path, so that if we previously had stored a permission for app_id="" we will stop honouring it from now on.
|
As a self-critique to the change: it would get annoying if one or more unidentified apps keep requesting bogus permissions that the user does not intend on granting, because we don't memorize the preference. It would obviously be the application's fault, and I would say that one should uninstall such application. On the other hand, if we can't identify the app we can't also provide the user with the info about which application to uninstall. I would appreciate to hear your thoughts and some actionable steps to mitigate this, if you feel that is is necessary. |
aleasto
changed the title
|
I like the idea that requests from unidentified apps ( |
|
I still don't understand why host apps should display a prompt, especially if no permission would be stored, because it is assumed that they are not "safe." Furthermore, what is this proposal to inform about uninstalling an app? |
That is obviously not what I intended. My point is that if an unidentified application keeps asking for some permission but we don't show the name of the app (because we don't know it), then the user wouldn't know how to take action. |
|
No need to tell the user to take an action if no permission prompt is shown, at least for Allow/Deny permissions... (and if the unidentified app is an host app) |
|
I have a draft change locally that would add an "ask always" checkbox to the dialog via the EDIT patch: Sodivad@795a3a9 |
The status-quo is problematic because:
Both problems could be addressed differently, but I believe this is a better solution overall:
I propose we don't use the PermissionStore for unidentified apps, at all. It is generally unsensible to grant such a wide permission, and I don't think we should allow it.
Instead, such unidentified apps will always prompt whenever they want to take a privileged action.