From 932c2fe648e3661117b4f4cda8319e623b92cc0e Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 25 Feb 2025 23:32:34 +0000 Subject: [PATCH] doc: Improve formatting and clarity of bus policy section of docs Signed-off-by: Philip Withnall --- doc/flatpak-metadata.xml | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/doc/flatpak-metadata.xml b/doc/flatpak-metadata.xml index 01373fb1..d30d30c7 100644 --- a/doc/flatpak-metadata.xml +++ b/doc/flatpak-metadata.xml @@ -728,13 +728,14 @@ The default policy for the session bus only allows the application to own its own application ID, its - subnames and its own application id as a subname of - "org.mpris.MediaPlayer2". For instance if the app is called - "org.my.App", it can only own "org.my.App", "org.my.App.*" - and "org.mpris.MediaPlayer2.org.my.App". + subnames and its own application ID as a subname of + . For instance if the app is called + , it can only own , + + and . It is only allowed to talk to names matching those patterns, plus - the bus itself (org.freedesktop.DBus) - and the portal APIs (bus names of the form org.freedesktop.portal.*). + the bus itself () + and the portal APIs (bus names of the form ). Additionally the app is always allowed to reply to @@ -743,44 +744,44 @@ are allowed to talk to your app. - If the [Session Bus Policy] group is present, it provides + If the group is present, it provides policy for session bus access. Each key in this group has the form of a D-Bus bus name or prefix thereof, for example - or + or . - The possible values for entry are, in increasing order or - access: + The possible values for an entry are the following, in increasing order of + access. Each value implies all the access from any lower values: - The bus name or names in question is invisible to the application. + The bus name is invisible to the application. Available since 0.2. - The bus name or names can be enumerated by the application. + The bus name can be enumerated by the application. Available since 0.2. - The application can send messages/ and receive replies and signals from the bus name or names. + The application can send messages to, and receive replies and signals from, the bus name. Available since 0.2. - The application can own the bus name or names (as well as all the above). + The application can own the bus name. Available since 0.2. @@ -791,11 +792,12 @@ If the key is not allowing full access to the D-Bus system bus, then flatpak does not make the system - bus available unless the [System Bus Policy] group is present + bus available unless the group is present and provides a policy for filtered access. Available since 0.2. - Entries in this group have the same form as for the [Session Bus Policy] group. + Entries in this group have the same form as for the + group. However, the app has no permissions by default.