The desktop team is looking into making it possible to install GNOME Shell search providers as snaps.
Search providers are DBus-activatable applications that implement the
org.gnome.Shell.SearchProvider2 DBus interface.
For this to work, each provider needs to install an ini-file that describes the provider (desktop ID, bus name and object path) in a well-known place (e.g.
/var/lib/snapd/desktop/gnome-shell/search-providers/), and a DBus service file in a place where DBus will find it (e.g.
This means we need hooks in snapd, similar to the one that handles rewriting and installing desktop files in
/var/lib/snapd/desktop/applications/. One would rewrite the ini file (
DesktopId key) describing the provider and install it in
/var/lib/snapd/desktop/gnome-shell/search-providers/. A second hook (or maybe just the same one, that’s an implementation detail) would rewrite the DBus service file (
Exec key) and install it in
Does this sound like a reasonable proposal? Are there potential security concerns (an unconfined desktop session would be allowed to activate a DBus service in a snap)?
Before we go any further with a proof of concept implementation, we would very much appreciate opinions and feedback from the snapd and security teams. Thanks!