Suggestion: android/ios/windows like permission manager

Could snapd/snapcraft maybe support an android/ios/windows like permission manager where the application could also interactively request permissions/interfaces to be granted either temporarilly or pernamently. I am aware you can connect interfaces and I can see some parallels which mostly seem to cater to pernament granting of permissions.

Sometimes applications, just need be able do an infrequent or one-off task could normally invole an restricted interface connection. I think it would benefit system security, if application don’t always have to be designed to preemptively aquire the broadest set of priviledges, but also have an option to aquire it on-demand when actually needed.

A different use-case could be when you have a plugin system, plugins could require some kind of interfaces to function, plugin’s often run in the address space of their host therefor the the host should have the sum of interfaces of all plugins so it would be nice for example if you have a bluetooth plugin for an application, that maybe bluetooth permissions could be granted to plugin-snap and automatically used or requested on demand by the consumer of the plugin.

The new Security Center is similar to what you are describing, although in its current state all it supports is file system access permission prompts.

@tsugu-sk are there any active plans to make do more of the functionality that i outlined, or will it stay limited to file system?

I heard there are plans to include more functionality to have a permission system like on Android. Whether it’s a priority right now that I don’t know.

There is work going on in the snap prompting client that will eventually get you similar popup messages like you get on android/IOS when an app tries to access some resource for the first time… This is being ongoing since years already but requires a lot of integration work even with the kernel, so it isn’t a fast thing when doing it right…