flatpak
Feature request: Allow to remap service names
It would often be useful for dbus services to reliably know which app they are talking to. For example, the keychain service on iOS only allows access to a secret for the app that created that secret. As far as I know, this is currently not possible on linux/dbus because there is no reliable way to identify apps (whatever that might be exactly). A service could use GetConnectionUnixProcessID and then check /proc/{pid}/exe, but that often ends up being bash or python, which is not really useful.
A way something like this could be implemented is that the service acquires a separate name for each app, e.g. org.freedesktop.Secret.MyApp and then we could use xdg-dbus-proxy to remap that name to org.freedesktop.Secret within the sandbox. Of course this would still require changes in the services, but not to the dbus interface specs.
For syntax, I imaging something like this:
xdg-dbus-proxy unix:path=/run/usr/1000/bus /run/usr/1000/bus-proxy --filter \
--talk=org.freedesktop.Secret.MyApp:org.freedesktop.Secret
Maybe this approach could also be used to solve issues like #15 and #18.
I could try to work on the implementation. But before I get into that I wanted to check if you interested at all?
I think people are more interested in getting rid of xdg-dbus-proxy than adding more features to it. I do like the idea of the broker being able to make a specific bus name additional available under another name.
Maybe the dbus reference impl (https://gitlab.freedesktop.org/dbus/dbus/) is the better place to bring this up.
Can you point me to any discussions why people want to get rid of xdg-dbus-proxy and what could be used instead? I am a bit hesitant about bringing this up at dbus without knowing more context.
This is the general issue about upstreaming the sandboxing concepts https://gitlab.freedesktop.org/dbus/dbus/-/issues/171
