From dfce43b81b814525f07ad578b0a176a526d21e3e Mon Sep 17 00:00:00 2001
From: Koala Yeung <koalay@gmail.com>
Date: Fri, 18 Mar 2022 00:13:34 +0800
Subject: [PATCH] Flatpak: limit the access to local files

* Instead of allowing access to the whole user folder, limit the
  sandboxed app to only access general user content folders (e.g.
  Downloads, Documents, Videos, Pictures). Deny app's access to
  user settings or other sensitive folders.
---
 build-aux/com.gigitux.youp.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/build-aux/com.gigitux.youp.json b/build-aux/com.gigitux.youp.json
index 1d35793..b188bc0 100644
--- a/build-aux/com.gigitux.youp.json
+++ b/build-aux/com.gigitux.youp.json
@@ -13,7 +13,13 @@
     "--socket=session-bus",
     "--device=dri",
     "--socket=pulseaudio",
-    "--filesystem=home",
+    "--filesystem=xdg-desktop",
+    "--filesystem=xdg-documents",
+    "--filesystem=xdg-download",
+    "--filesystem=xdg-music",
+    "--filesystem=xdg-pictures",
+    "--filesystem=xdg-public-share",
+    "--filesystem=xdg-videos",
     "--talk-name=org.kde.StatusNotifierWatcher"
   ],
   "build-options": {