Closed TingPing closed 10 months ago
If you're worrying about the org.kde.* permission maybe you better to support #114 then? So no one will be able to use this dangerous permission.
Well, it's where you have to choose between security and functionality. Just like with Drag'n'Drop.
We don't have to choose. Simply removing this rule would allow the security fix without breaking existing functionality.
It will still be broken, you can't have multiple Electron applications with tray icon...
"without breaking EXISTING functionality."
you can't have multiple Electron applications with tray icon...
That's a separate issue, not solved by the rule discussed here.
There is no explanation for its presence in 0dc7f80,
Apparently they knew Qt is fixed and Electron wasn't affected back then. So this wasn't a problem for anyone.
Nobody knew Qt is fixed and surely Electron apps did use tray half year ago. Virtually everyone switched to org.kde.*
which was semi-official solution. It would take at least several months before all apps start using fixed electron version after something is done there.
Thanks @bbhtt, I will go ahead and drop that error.
The
finish-args-broken-kde-tray-permission
forbids anything withorg.kde.StatusNotifierItem
at the beginning, however this isn't correct.As you can see in knotification: https://github.com/KDE/knotifications/blob/7fb8c5b3130646845efb0483fc1cf3c7769c5830/src/kstatusnotifieritemdbus_p.cpp#L134
This is a unchanging format. In flatpak it will always be the same value for the same pid for the same item number.
Now this is very broken inside of flatpak but it is the correct permission to say
--own-name=org.kde.StatusNotifierItem-2-1
because you know your values will always be the same. Fixing it means patching KDE libraries but that's a discussion for other people.