implement a secondary permission system
interactive permission prompts are nice and all, but sometimes users need to authorize access to resources non-interactively
e.g. consider these use cases:
-
an advanced users SSHs home to their computer and wants to enable RDP. they will need to authorize the RDP server from the terminal without GUI interaction
-
a user likes to play games remotely which require access to input devices but xwayland doesn't persist authorization, nor does it have an app_id
to solve this we now have a bespoke permission table 'kde-authorized' in the XDP permission store. Inside this table the user may store pre-authorization to bypass the interactive workflow.
To authorize a well-known application a user can pass the app_id to the set command:
flatpak permission-set kde-authorized remote-desktop org.kde.krdpserver yes
To authorize a host application without app_id, an empty app_id may be provided.
flatpak permission-set kde-authorized remote-desktop "" yes
Usually the app_id gets obtained from flatpak/snap metadata.
For host applications it gets obtained from the systemd unit name: For applications that get started by Plasma those will be set up correctly. For manually created units the https://systemd.io/DESKTOP_ENVIRONMENTS/ spec should be followed (i.e. name the unit app-org.kde.appname.service).