Further restrict permissions

2026-02-07 04:03:29 +00:00 · 2025-05-30 16:03:53 +02:00
parent 478e59207b
commit 55fcec88a6
2 changed files with 9 additions and 4 deletions
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -259,7 +259,12 @@
      {
        "personal-files": {
          "read": [],
-          "write": ["$HOME/.config/chromium", "$HOME/.config/google-chrome", "$HOME/.mozilla"]
+          "write": [
+            "$HOME/.config/chromium/NativeMessagingHosts/",
+            "$HOME/.config/microsoft-edge/NativeMessagingHosts/",
+            "$HOME/.config/google-chrome/NativeMessagingHosts",
+            "$HOME/.mozilla/"
+          ]
        }
      },
      "u2f-devices"
--- a/apps/desktop/resources/com.bitwarden.desktop.devel.yaml
+++ b/apps/desktop/resources/com.bitwarden.desktop.devel.yaml
@@ -29,9 +29,9 @@ finish-args:
  # Sockets are mounted in each app's directory
  #
  # Non-sandboxed
-  - --filesystem=xdg-config/google-chrome
-  - --filesystem=xdg-config/chromium
-  - --filesystem=xdg-config/microsoft-edge
+  - --filesystem=xdg-config/google-chrome/NativeMessagingHosts/
+  - --filesystem=xdg-config/chromium/NativeMessagingHosts/
+  - --filesystem=xdg-config/microsoft-edge/NativeMessagingHosts/
  - --filesystem=home/.mozilla
  # Flatpak-sandboxed
  - --filesystem=~/.var/app/org.chromium.Chromium/config/chromium/NativeMessagingHosts/