I was thinking about an idea regarding access to the $HOME/.local/share/applications folder, but I don’t know if it’s possible or if it would be too complex to add.
My idea is to allow the creation of .desktop files that follow certain patterns, such as the .desktop file name and/or the Exec= field.
For example, if this function existed, Zordeer could create, edit, and remove any .desktop file whose name started with “invocation-” and whose Exec= field began with “zordeer” or “snap run zordeer”.
This wouldn’t apply to all apps, but I imagine it would be easier to trust access to more apps, since all created .desktop files would only execute something that reviewers have confirmed is not malicious.
Another idea is that if the .desktop files of a Snap app follow the filename and/or command pattern of the Exec= field, and the .desktop file is created in the $SNAP_USER_COMMON/.local/share/applications or $SNAP_USER_DATA/.local/share/applications folder, a link to the .desktop file could be created in the $SNAP_REAL_HOME/.local/share/applications folder.
However, I imagine that this would require storing information about the created links so that they can be deleted if the Snap app is removed.
Thus, snapd would access the $SNAP_REAL_HOME/.local/share/applications folder instead of granting access to the Snap apps themselves.
