LUA Client permissions
This MR removes the old client-permissions module and implements 2 access lua scripts:
-
access-flatpak.lua: always gives
RandXpermissions to anyflatpakclient -
access-portal.lua: gives
R,WandXpermissions toportalclients only if their portal permissions store entry of thedevicestable and idcamerais set toyes.
The portal access LUA script can be easily tested by running the forked video-play app from my gnome gitlab account with flatpak (https://gitlab.gnome.org/julianbouzas/video-play).
To do so, first make sure xdg-desktop-portal.service systemd service is running:
systemctl --user status xdg-desktop-portal.serviceThen, use the following manifest json file (org.flatpak.Videoplay.json) to build the video-play with flatpak:
{
"app-id": "org.flatpak.Videoplay",
"runtime": "org.gnome.Platform",
"runtime-version": "master",
"sdk": "org.gnome.Sdk",
"command": "video-play",
"build-options": {
"build-args": [ "--share=network" ]
},
"modules": [
{
"name": "libportal",
"buildsystem": "meson",
"sources": [
{
"type": "git",
"url": "https://github.com/flatpak/libportal.git"
}
]
},
{
"name": "video-play",
"buildsystem": "meson",
"builddir": true,
"sources": [
{
"type": "git",
"url": "https://gitlab.gnome.org/julianbouzas/video-play.git"
}
]
}
]
}And build it with flatpak-builder:
$ flatpak-builder --user --install build-dir org.flatpak.Videoplay.jsonAfter that, check if the application can be launched successfully:
$ flatpak run --socket=x11 org.flatpak.VideoplayNote that by default, the camera portal permission is set to no, so you won't be able to access the camera device if you click on the "Camera" button.
You can enable camera permissions for the video-play app in the portal permission store with the following command:
$ flatpak permission-set devices camera org.flatpak.Videoplay yesRe-run again the application and the camera device should be shown when clicking on the "Camera" button.