Certain files and directories are protected on SailfishOS. This was done on < 4.0 using
privileges (see !122 (merged)), and since 4.0 there's the experimental SailJail. I previously believed that we needed this, but the privileges system work perfectly fine. This MR serves as a demo of SailJail for WF.
- Rebase when !122 (merged) is merged
Sailfish 3.4 compatibility
This is the main issue. To enter the jail, we need to launch Whisperfish through
/usr/bin/sailjail, which doesn't exist on 3.4. I see two options here: either the SailfishOS 3.4 community provides some sailjail-compat package, that just executes the arguments to
/usr/bin/sailjail without actually jailing anything, or we provide two different Whisperfish versions that ship different
.desktop files depending on
< 3.4 vs
>= 4.0. We can also (but holy
harbour-whisperfish a script that decides on whether to jail itself or not.
- Decide on the compat strategy -> We go with a shell script for now, maybe transpose that into separate builds some day later.
- Implement the compat strategy
Add the necessary permissions to the
- Still needs something to access pictures/gallery for sending attachments.
- Start Whisperfish jailed
- Remove privileges after !122 (merged) is merged (revert 96095c00)
- If still relevant, make sure translatables for the custom permission(s) are there.
- Figure out what happened to notifications.