Apparmor rule request - .hidden file

.hidden’s should be allowed to be read by any app confined to users’s home.

This way file picker dialog in confined apps will be able to hide unneeded thing.

I don’t think there is a security threat in doing so, so why not?

Something like this should be enough:

# allow reading .hidden files
owner @{HOME}/**/.hidden r,
owner @{HOME}/.hidden r,

There is a personal files interface you can use.

Note that the home interface will grant access to most .hidden files apart from ~/.hidden (i.e. the one directly in the user’s home directory).

If the aim is to present a file chooser consistent with unconfined apps on the host system, it’s probably better to rely on xdg-desktop-portal though: access to ~/.hidden is just one of the many differences.

while you may be able to see the hidden files with the file picker you will get permission denied if you try to open one. I’m running into this issue with my app.