search

canonical / desktop-security-center

GNU General Public License v3.0
12 stars 4 forks source link

Implement the snap permissions back-end #26

Closed nteodosio closed 2 months ago

nteodosio commented 6 months ago

As communicated in that thread, authorized calls to that endpoint will be implemented. While this doesn't happen, we will use Polkit.

nteodosio commented 6 months ago

Tested all RPCs, they work. But RemoveAppPermission might be a bit weird. It requires passing the exact path as given by /v2/interfaces/requests/rules. For example, given such a response from the API:

{
  "type": "sync",
  "status-code": 200,
  "status": "OK",
  "result": [
    {
      "id": "C6YQI6T42G4F6===",
      "timestamp": "C6YQJJZPV5L2C===",
      "user": 1000,
      "snap": "firefox",
      "app": "firefox",
      "interface": "home",
      "path-pattern": "/home/ubuntu/Downloads/**",
      "outcome": "allow",
      "lifespan": "forever",
      "expiration": "",
      "permissions": [
        "read",
        "write",
        "execute",
        "create",
        "append",
        "chmod"
      ]
    }
  ]
}

To remove it one must call this back-end's RemoveAppPermissions with

{"removepath":"/home/ubuntu/Documents/**","removesnap":"firefox"}