Remove unsafe permissions and add dialog (#985)

Fixes #915

Author: sonnyp

build-aux/re.sonny.Workbench.Devel.json

@@ -20,9 +20,7 @@
     "--share=ipc",
     "--socket=fallback-x11",
     "--socket=wayland",
-    "--device=dri",
-    "--share=network",
-    "--socket=pulseaudio"
+    "--device=dri"
   ],
   "cleanup": [
     "#/include",

build-aux/re.sonny.Workbench.json

@@ -20,9 +20,7 @@
     "--share=ipc",
     "--socket=fallback-x11",
     "--socket=wayland",
-    "--device=dri",
-    "--share=network",
-    "--socket=pulseaudio"
+    "--device=dri"
   ],
   "cleanup": [
     "#/include",

build-aux/wip/run.js

@@ -164,6 +164,14 @@ async function runCommand(argv) {
       "--allow=devel",
       `--bind-mount=/run/user/1000/doc=/run/user/1000/doc/by-app/${flatpak_id}`,
       ...manifest["finish-args"],
+
+      // Non default permissions
+      // see Permissions.js
+      // consider getting installed overrides instead
+      "--share=network",
+      "--socket=pulseaudio",
+      "--device=input",
+
       "--talk-name=org.freedesktop.portal.*",
       "--talk-name=org.a11y.Bus",
       "--bind-mount=/run/flatpak/at-spi-bus=/run/user/1000/at-spi/bus",

src/Library/Library.blp

@@ -63,11 +63,13 @@ Adw.Window window {
 
               DropDown dropdown_language {
                 valign: end;
+
                 model: Gtk.StringList {};
               }
 
               DropDown dropdown_category {
                 valign: end;
+
                 model: Gtk.StringList {};
               }
             }
@@ -105,7 +107,10 @@ Adw.Window window {
               Button button_reset {
                 label: _("Reset filters");
                 halign: center;
-                styles ["pill"]
+
+                styles [
+                  "pill"
+                ]
               }
             }
 

src/Library/Library.js

@@ -17,6 +17,10 @@ import illustration from "./library.svg";
 import { gettext as _ } from "gettext";
 
 import { build } from "../../troll/src/builder.js";
+import {
+  needsAdditionalPermissions,
+  showPermissionsDialog,
+} from "../Permissions/Permissions.js";
 
 export default function Library({ application }) {
   const objects = build(resource);
@@ -204,9 +208,17 @@ async function openDemo({ application, demo_name, language }) {
     );
   }
 
-  const { load, runCode } = Window({ application, session });
+  const { load, runCode, window } = Window({
+    application,
+    session,
+  });
   await load();
 
+  if (needsAdditionalPermissions({ demo })) {
+    showPermissionsDialog({ window });
+    return;
+  }
+
   const code_language = session.getCodeLanguage();
   const run = autorun && code_language.id === "javascript";
   if (run) {

src/Permissions/Permissions.blp

@@ -0,0 +1,155 @@
+using Gtk 4.0;
+using Adw 1;
+
+Adw.Dialog dialog {
+  content-height: 750;
+  content-width: 600;
+
+  Adw.ToolbarView {
+    [top]
+    Adw.HeaderBar {}
+
+    content: ScrolledWindow {
+      hscrollbar-policy: never;
+
+      Adw.Clamp {
+        maximum-size: 520;
+        tightening-threshold: 400;
+        margin-start: 12;
+        margin-end: 12;
+        margin-bottom: 24;
+
+        Box {
+          orientation: vertical;
+          halign: fill;
+          spacing: 24;
+          // Gtk.Picture needs to be wrapped in a box to behave properly
+          Box {
+            halign: center;
+
+            Picture picture_illustration {
+              can-shrink: false;
+              margin-bottom: 24;
+            }
+          }
+
+          Label {
+            label: _("Permissions Needed");
+
+            styles [
+              "title-1"
+            ]
+          }
+
+          Label {
+            label: _("Workbench needs additional permissions. Please run the following command in a terminal and restart the app.");
+            wrap: true;
+            justify: center;
+          }
+
+          Label label_command {
+            use-markup: true;
+            wrap: true;
+            wrap-mode: word_char;
+            selectable: true;
+            xalign: 0;
+
+            styles [
+              "command_snippet"
+            ]
+          }
+
+          Box {
+            orientation: vertical;
+
+            Box {
+              margin-bottom: 6;
+
+              Label {
+                label: _("What it does");
+                halign: start;
+                hexpand: true;
+
+                styles [
+                  "heading"
+                ]
+              }
+
+              Button button_info {
+                icon-name: "re.sonny.Workbench-external-link-symbolic";
+
+                styles [
+                  "flat"
+                ]
+              }
+            }
+
+            ListBox {
+              selection-mode: none;
+
+              styles [
+                "boxed-list"
+              ]
+
+              Adw.ActionRow {
+                [prefix]
+                Image {
+                  icon-name: "re.sonny.Workbench-person-symbolic";
+                }
+
+                title: _("--user");
+                subtitle: _("Grant for your account only");
+
+                styles [
+                  "property"
+                ]
+              }
+
+              Adw.ActionRow {
+                [prefix]
+                Image {
+                  icon-name: "re.sonny.Workbench-network-wireless-symbolic";
+                }
+
+                title: _("--share-network");
+                subtitle: _("Network access");
+
+                styles [
+                  "property"
+                ]
+              }
+
+              Adw.ActionRow {
+                [prefix]
+                Image {
+                  icon-name: "re.sonny.Workbench-speakers-symbolic";
+                }
+
+                title: _("--socket=pulseaudio");
+                subtitle: _("Record and play audio");
+
+                styles [
+                  "property"
+                ]
+              }
+
+              Adw.ActionRow {
+                [prefix]
+                Image {
+                  icon-name: "re.sonny.Workbench-gamepad-symbolic";
+                }
+
+                title: _("--device=input");
+                subtitle: _("Access to input device such as gamepads");
+
+                styles [
+                  "property"
+                ]
+              }
+            }
+          }
+        }
+      }
+    };
+  }
+}

src/Permissions/Permissions.js

@@ -0,0 +1,62 @@
+import Gio from "gi://Gio";
+import GLib from "gi://GLib";
+import Gtk from "gi://Gtk";
+
+import { build } from "../../troll/src/main.js";
+
+import Interface from "./Permissions.blp" with { type: "uri" };
+
+import illustration from "./permissions.svg";
+
+import { getFlatpakInfo } from "../util.js";
+
+const action_permissions = new Gio.SimpleAction({
+  name: "permissions",
+  parameter_type: null,
+});
+
+export function Permissions({ window }) {
+  const { dialog, picture_illustration, label_command, button_info } =
+    build(Interface);
+
+  picture_illustration.set_resource(illustration);
+  label_command.label = `flatpak override --user --share=network --socket=pulseaudio --device=input ${GLib.getenv(
+    "FLATPAK_ID",
+  )}`;
+
+  button_info.connect("clicked", () => {
+    new Gtk.UriLauncher({
+      uri: "https://docs.flatpak.org/en/latest/sandbox-permissions.html",
+    })
+      .launch(window, null)
+      .catch(console.error);
+  });
+
+  action_permissions.connect("activate", () => {
+    dialog.present(window);
+  });
+
+  window.add_action(action_permissions);
+}
+
+const missing_permissions = (() => {
+  const flatpak_info = getFlatpakInfo();
+  const shared = flatpak_info.get_string_list("Context", "shared");
+  const sockets = flatpak_info.get_string_list("Context", "sockets");
+  const devices = flatpak_info.get_string_list("Context", "devices");
+
+  return (
+    !shared.includes("network") ||
+    !sockets.includes("pulseaudio") ||
+    !devices.includes("all")
+  );
+})();
+
+export function needsAdditionalPermissions({ demo }) {
+  if (!demo["flatpak-finish-args"]) return false;
+  return missing_permissions;
+}
+
+export function showPermissionsDialog({ window }) {
+  window.activate_action("permissions", null);
+}