[Feature Request]: Mark possible sandbox escape with `org.freedesktop.Flatpak` separate from dbus

[waffshappen]

Like with:

https://github.com/flatpak/flatpak/issues/5161

a total sandbox escape is possible with applications spawning and controlling host process when they have the very-not-scary-looking org.freedesktop.Flatpak dbus permission.

This could be listed either with a bigger warning in flatseal or as a toggle with "Allow complete Sandbox escape with flatpak spawn".

As per the docs: https://www.mankier.com/1/flatpak-spawn#--host

[rusty-snake]

I agree with you that highlighting dangerous permissions (relates to #163) is good. And that org.freedesktop.Flatpak as a sandbox escape API is a dangerous permissions. However, this could give users a false sense of security ("I removed org.freedesktop.Flatpak, now I'm safe") with leaving all the other (D-Bus based) escapes open.

• org.freedesktop.Notifications: A lot implementations expose other, dangerous, interfaces on this name as well.
• ca.desrt.dconf: Just change the default command of e.g. gnome-terminal.
• org.freedesktop.FileManager1: Some filemanagers expose other interfaces that allow to copy/move files i.e. cp ~/.var/app/com.example.Bad/evil ~/.bashrc
• org.kde.StatusNotifierWatcher: Some implementations expose other, dangerous, interfaces on this name as well.
• org.kde.*=own: Obvious

Maybe every D-Bus access should be marked as (possible) dangerous.