How does flatpak ensure that the portals mechanism isn't abused by malicious programs?

Question

Take Discord package permissions:

$ flatpak info --show-permissions com.discordapp.Discord 
[Context]
shared=network;ipc;
sockets=x11;wayland;pulseaudio;
devices=all;
filesystems=xdg-download;xdg-pictures:ro;xdg-videos:ro;xdg-run/speech-dispatcher;
[Session Bus Policy]
org.kde.StatusNotifierWatcher=talk
com.canonical.AppMenu.Registrar=talk
org.freedesktop.ScreenSaver=talk
com.canonical.indicator.application=talk
com.canonical.Unity=talk
[System Bus Policy]
org.freedesktop.UPower=talk
[Environment]
XCURSOR_PATH=/run/host/user-share/icons:/run/host/share/icons
ELECTRON_TRASH=gio

Looking at the filesystems line, my understanding is this program is not able to access files in /tmp/ $HOME/ or / for that matter. So the fact I can add file attachments in Discord from said paths must be due to xdg-portals.

How does flatpak ensure that the portals mechanism isn't abused by malicious programs?

Answer 1

How does flatpak ensure that the portals mechanism isn't abused by malicious programs?

It doesn't. Malicious programs can request portal-based permissions, and Flatpak will not stop you from approving those permissions.

But the idea of portals is that they 1) present a user interface, 2) present a user interface that runs on the host side of the boundary, out of control of the sandboxed app, and 3) if possible, provide access using some kind of "capability-based" mechanism, like passing a file descriptor.

• For example, if a program calls the "file access" portal, then the portal – not the app – will show a file picker where you must select some file, and the program cannot automate that file picker.

  And once the file is selected, only that file becomes accessible through a special FUSE filesystem (the app receives a special "/run/user/..." path).

• Similarly, the "screensharing" portal shows a window select dialog and then provides the app with a pre-configured PipeWire stream that only captures the selected window, rather than allowing the app do its own cropping.

Mostly, it works just like the Android/iOS permission prompts (e.g. the media picker where you "attach single a photo" using the system UI). It's also a bit like Windows UAC in the sense of the UI being beyond the program's control.

(This is one of the reasons Wayland is generally pushed by Flatpak – by design it doesn't let sandboxed apps inject a fake mouse click into such a dialog box, whereas X11 by default does.)