[Feature request]: One-Time File Access

[svin24]

Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Suggestion

For a lot of applications, specifically messaging applications it is very common for people (and by people i mean the general population that has no idea how computers work) to share files from directories that are not permitted for the application to touch on its own.

Problem with this then the application will probably throw an error since it does not know what is actually going on(See for example discord). So my thought was what if there was a way for the user to make a one time exception allow the application to actually load the file ~/restricted_directory/picture_of_cat.jpg without giving an application the ability to actually look at other files in the folder like ~/restricted_directory/picture_of_dog.jpg

Benefits of said approach:

1. So easy my dad can use it
2. Its still secure since the application has no idea what is going on in the restricted directory.

Issues:

1. applications will probably have to implement it because i can't see how this can work with current implementations.

[rusty-snake]

How does this differ from the document portal?

[smcv]

So my thought was what if there was a way for the user to make a one time exception allow the application to actually load the file ~/restricted_directory/picture_of_cat.jpg without giving an application the ability to actually look at other files in the folder like ~/restricted_directory/picture_of_dog.jpg

Yes, this is what the document portal is for. Typical GTK and Qt applications use it transparently and automatically for "File -> Open..." and "File -> Save As..." dialogs.

Strictly speaking, it is not actually one-time file access: as currently implemented, if you give an app access to ~/restricted_directory/picture_of_cat.jpg, then it will have access to that one specific filename, forever (unless you specifically remove that access with flatpak document-unexport, or a higher-level/more friendly user interface to the same functionality).

But otherwise it's like you said, and in particular, it can't access an adjacent file that happens to be in the same directory, like ~/restricted_directory/picture_of_dog.jpg.

flatpak/xdg-desktop-portal-gtk#429 is about making it more obvious to the user what's going on here.

applications will probably have to implement it because i can't see how this can work with current implementations

Yes, unfortunately, applications that don't use a typical library like GTK or Qt, and have not been adapted to be portal-friendly, will need to have specific code to make use of that feature.

As a workaround for not using the portal, applications that can't easily use it will usually be given --filesystem=... permissions, which are not fine-grained in the way you are asking for. These are generally non-sandbox-friendly applications which need to be given more access than they should, and the fact that they are given these permissions is a workaround to make them available/usable at all.