What if your app actually needs access to the internet?
Or actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…
There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
Portal.
There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.
Oh come on, what modern program actually needs to communicate or access the file system?
Download the internet along with it!
I’m self-hosting the entire internet. I hope you guys are enjoying yourselves.
That’s super cool. I bookmarked it. Thanks!
Lol
Thanks for having us on your server… when can I get out again though?
I just unplugged you. Give it a minute or two and no more pain.
Thank you, good… bye
Jane
I remember in 1995-ish or something when I used the internet for the first time using the Netscape browser… And I was asking a friend if he had tried all the web sites yet. Just got a weird look back… :) I didn’t know what the internet was back then at first.
The app can then declare the network permission and it will still be marked as safe.
I like how the app name is blacked out so as not to dox the flathub app.
Sanboxed from prying eyes, it’s completely safe.
Likes like Hello World is ready to ship.
With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).
You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.
You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.
Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that’s still safe.
Does all of this require flatpack specific APIs?
Yes in the sense that the APIs were made because of flatpak, but not in the sense that devs would need to keep two separate code paths for flatpak vs non-flatpak - portals work everywhere.
Does it work with snapcraft?
There is no need to downvote someone over a question.
I haven’t done that, lemmy.one doesn’t even have downvotes
This kind of thing could work for a few apps, say a color picker utility or a QR code generator etc.
Looking at the docs, it isn’t clear if apps can write to their own namespace (instead of writing to user folders directly), but if they can, we could expand the scope to games like supertuxkart, 2048 etc, which would then be able to save user milestones and progress in their own area - a bit like how Android apps do it
https://docs.flatpak.org/en/latest/sandbox-permissions.html
It’s a great start IMO, although admittedly there is still work to do. Flatpak atm bridges the gap with allowing new apps, requiring new libs, to run on older stable/LTS distros
It’s nice to see good app security being praised. Sometimes it feels like some people on lemmy (and the fediverse) throw security to the wind.
Like one time I had heard someone over on Mastodon say that they thought that HTTPS was too overused and shouldn’t have been everywhere because it makes older apps unable to access sites and also made adblocking just ever so slightly harder.
Which yeah, I love adblockers, but I’m definitely not comfortable with all traffic having to go unencrypted just for it.
But my 1998 Windows CE device that’s made obsolete by those meddling modern security practices!
What is this? A solitaire game?
This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.
Does it have to be sandboxed?
An app should not be able to access stuff the user did not consent to letting access.
Isn’t that what file system permissions are for?
The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
Still not worth dependency hell.
Relevance?
Cool