1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
<!DOCTYPE node PUBLIC
"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<!--
Copyright (C) 2015 Red Hat, Inc.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General
Public License along with this library; if not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
Author: Alexander Larsson <alexl@redhat.com>
-->
<node name="/" xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd">
<!--
org.freedesktop.portal.Documents:
@short_description: Document portal
The document portal allows to make files from the outside world
available to sandboxed applications in a controlled way.
Exported files will be made accessible to the application via
a fuse filesystem that gets mounted at /run/user/$UID/doc/. The
filesystem gets mounted both outside and inside the sandbox, but
the view inside the sandbox is restricted to just those files
that the application is allowed to access.
Individual files will appear at /run/user/$UID/doc/$DOC_ID/filename,
where $DOC_ID is the ID of the file in the document store. It is
returned by the org.freedesktop.portal.Documents.Add() and
org.freedesktop.portal.Documents.AddNamed() calls.
The permissions that the application has for a document store entry
(see org.freedesktop.portal.Documents.GrantPermissions()) are reflected
in the POSIX mode bits in the fuse filesystem.
The D-Bus interface for the document portal is available under the
bus name org.freedesktop.portal.Documents and the object path
/org/freedesktop/portal/documents.
This documentation describes version 3 of this interface.
-->
<interface name='org.freedesktop.portal.Documents'>
<property name="version" type="u" access="read"/>
<!--
GetMountPoint:
@path: the path at which the fuse filesystem is mounted
Returns the path at which the document store fuse filesystem
is mounted. This will typically be /run/user/$UID/doc/.
-->
<method name="GetMountPoint">
<arg type='ay' name='path' direction='out'/>
</method>
<!--
Add:
@o_path_fd: open file descriptor for the file to add
@reuse_existing: whether to reuse an existing document store entry for the file
@persistent: whether to add the file only for this session or permanently
@doc_id: the ID of the file in the document store
Adds a file to the document store. The file is passed in the
form of an open file descriptor to prove that the caller has
access to the file.
-->
<method name="Add">
<annotation name="org.gtk.GDBus.C.UnixFD" value="true"/>
<arg type='h' name='o_path_fd' direction='in'/>
<arg type='b' name='reuse_existing' direction='in'/>
<arg type='b' name='persistent' direction='in'/>
<arg type='s' name='doc_id' direction='out'/>
</method>
<!--
AddNamed:
@o_path_parent_fd: open file descriptor for the parent directory
@filename: the basename for the file
@reuse_existing: whether to reuse an existing document store entry for the file
@persistent: whether to add the file only for this session or permanently
@doc_id: the ID of the file in the document store
Creates an entry in the document store for writing a new file.
-->
<method name="AddNamed">
<annotation name="org.gtk.GDBus.C.UnixFD" value="true"/>
<arg type='h' name='o_path_parent_fd' direction='in'/>
<arg type='ay' name='filename' direction='in'/>
<arg type='b' name='reuse_existing' direction='in'/>
<arg type='b' name='persistent' direction='in'/>
<arg type='s' name='doc_id' direction='out'/>
</method>
<!--
AddFull:
@o_path_fds: open file descriptors for the files to export
@flags: flags, 1 == reuse_existing, 2 == persistent, 4 == as-needed-by-app
@app_id: an application ID, or empty string
@permissions: the permissions to grant, possible values are 'read', 'write', 'grant-permissions' and 'delete'
@doc_ids: the IDs of the files in the document store
@extra_info: Extra info returned
Adds multiple files to the document store. The file is passed in the
form of an open file descriptor to prove that the caller has
access to the file.
If the as-needed-by-app flag is given, files will only be added to
the document store if the application does not already have access to them.
For files that are not added to the document store, the doc_ids array will
contain an empty string.
Additionally, if app_id is specified, it will be given the permissions
listed in GrantPermission.
The method also returns some extra info that can be used to avoid
multiple roundtrips. For now it only contains as "mountpoint", the
fuse mountpoint of the document portal.
This method was added in version 2 of the org.freedesktop.portal.Documents interface.
-->
<method name="AddFull">
<annotation name="org.gtk.GDBus.C.UnixFD" value="true"/>
<arg type='ah' name='o_path_fds' direction='in'/>
<arg type='u' name='flags' direction='in'/>
<arg type='s' name='app_id' direction='in'/>
<arg type='as' name='permissions' direction='in'/>
<arg type='as' name='doc_ids' direction='out'/>
<arg type='a{sv}' name='extra_out' direction='out'/>
</method>
<!--
AddNamedFull:
@o_path_fds: open file descriptor for the parent directory
@filename: the basename for the file
@flags: flags, 1 == reuse_existing, 2 == persistent, 4 == as-needed-by-app
@app_id: an application ID, or empty string
@permissions: the permissions to grant, possible values are 'read', 'write', 'grant-permissions' and 'delete'
@doc_id: the ID of the file in the document store
@extra_info: Extra info returned
Creates an entry in the document store for writing a new file.
If the as-needed-by-app flag is given, file will only be added to
the document store if the application does not already have access to it.
For file that is not added to the document store, the doc_id will
contain an empty string.
Additionally, if app_id is specified, it will be given the permissions
listed in GrantPermission.
The method also returns some extra info that can be used to avoid
multiple roundtrips. For now it only contains as "mountpoint", the
fuse mountpoint of the document portal.
This method was added in version 3 of the org.freedesktop.portal.Documents interface.
-->
<method name="AddNamedFull">
<annotation name="org.gtk.GDBus.C.UnixFD" value="true"/>
<arg type='h' name='o_path_fd' direction='in'/>
<arg type='ay' name='filename' direction='in'/>
<arg type='u' name='flags' direction='in'/>
<arg type='s' name='app_id' direction='in'/>
<arg type='as' name='permissions' direction='in'/>
<arg type='s' name='doc_id' direction='out'/>
<arg type='a{sv}' name='extra_out' direction='out'/>
</method>
<!--
GrantPermissions:
@doc_id: the ID of the file in the document store
@app_id: the ID of the application to which permissions are granted
@permissions: the permissions to grant, possible values are 'read', 'write', 'grant-permissions' and 'delete'
Grants access permissions for a file in the document store
to an application.
This call is available inside the sandbox if the application
has the 'grant-permissions' permission for the document.
-->
<method name="GrantPermissions">
<arg type='s' name='doc_id' direction='in'/>
<arg type='s' name='app_id' direction='in'/>
<arg type='as' name='permissions' direction='in'/>
</method>
<!--
RevokePermissions:
@doc_id: the ID of the file in the document store
@app_id: the ID of the application from which permissions are revoked
@permissions: the permissions to revoke, possible values are 'read', 'write', 'grant-permissions' and 'delete'
Revokes access permissions for a file in the document store
from an application.
This call is available inside the sandbox if the application
has the 'grant-permissions' permission for the document.
-->
<method name="RevokePermissions">
<arg type='s' name='doc_id' direction='in'/>
<arg type='s' name='app_id' direction='in'/>
<arg type='as' name='permissions' direction='in'/>
</method>
<!--
Delete:
@doc_id: the ID of the file in the document store
Removes an entry from the document store. The file itself is
not deleted.
This call is available inside the sandbox if the application
has the 'delete' permission for the document.
-->
<method name="Delete">
<arg type='s' name='doc_id' direction='in'/>
</method>
<!--
Lookup:
@filename: a path in the host filesystem
@doc_id: the ID of the file in the document store, or '' if the file is not in the document store
Looks up the document ID for a file.
This call is not available inside the sandbox.
-->
<method name="Lookup">
<arg type='ay' name='filename' direction='in'/>
<arg type='s' name='doc_id' direction='out'/>
</method>
<!--
Info:
@doc_id: the ID of the file in the document store
@path: the path for the file in the host filesystem
@apps: a dictionary mapping application IDs to the permissions for that application
Gets the filesystem path and application permissions for a document store
entry.
This call is not available inside the sandbox.
-->
<method name="Info">
<arg type='s' name='doc_id' direction='in'/>
<arg type='ay' name='path' direction='out'/>
<arg type='a{sas}' name='apps' direction='out'/>
</method>
<!--
List:
@app_id: an application ID, or '' to list all documents
@docs: a dictionary mapping document IDs to their filesystem path
Lists documents in the document store for an application (or for
all applications).
This call is not available inside the sandbox.
-->
<method name="List">
<arg type='s' name='app_id' direction='in'/>
<arg type='a{say}' name='docs' direction='out'/>
</method>
</interface>
</node>
|