Document Flatpak's threat model

[strugee]

Flatpak's documentation should explicitly document what the threat model is, particularly for updates. For example, AFAICT:

• Flatpak's local sandbox assumes that a malicious or otherwise compromised application cannot exploit a security vulnerability in the monolithic Linux kernel to break out of the sandbox
• Flatpak's update system does not protect against an adversary who is able to compromise repository signing keys and perform network interception on the connection to the repository (for example, to present a specifically targeted user a modified view of the repo)
• Flatpak is unable to prevent denial-of-service attacks where users are prevented from contacting the repo to receive (security) updates
• Etc. (https://theupdateframework.io/ has thought through and written about a lot of these scenarios)

[TheHooly]

Seeing how this is still open, here are my observations of what is evidently NOT in Flatpak's threat model:

• Actively malicious repos
• Benevolent, but compromised repos
• Actively malicious apps that declared filesystem=home/host, device=all, etc.
• Benevolent but vulnerable apps that declared the above permissions
• Malicious or vulnerable apps with the socket=x11 or network permission while a Flatpak with the above permissions, or an unconfined app that is using X11 is running simultaneously (regardless of whether X11 or Wayland is used for the desktop)
• Users using Flatpak under an X11 session
• Users using Flatpak with the PulseAudio sound server
• Apps snooping on the microphone via PulseAudio, regardless of whether PulseAudio or PipeWire is being used