colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

gnome-calls: restrict dbus

Browse Source 
tested, can receive calls, it rings, notifies on missed call, notification can be clicked to call back, in-call audio works and mute button works (on lappy)
This commit is contained in:
Colin
2025-01-26 09:03:32 +00:00
parent 40e2cbec2c
commit 049011e7db
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/common/programs/calls.nix
View File

@@ -105,7 +105,12 @@ in
sandbox.mesaCacheDir = ".cache/calls/mesa"; sandbox.mesaCacheDir = ".cache/calls/mesa";
sandbox.net = "vpn.wg-home"; #< XXX(2024/07/05): my cell carrier seems to block RTP, so tunnel it. sandbox.net = "vpn.wg-home"; #< XXX(2024/07/05): my cell carrier seems to block RTP, so tunnel it.
sandbox.whitelistAudio = true; sandbox.whitelistAudio = true;
sandbox.whitelistDbus.user = true; #< TODO: reduce # necessary for secrets, at the minimum sandbox.whitelistDbus.user.call."org.freedesktop.secrets" = "*"; #< TODO: restrict to a subset of secrets
sandbox.whitelistDbus.user.call."org.mobian_project.CallAudio" = "*";
sandbox.whitelistDbus.user.call."org.sigxcpu.Feedback" = "*";
sandbox.whitelistDbus.user.call."org.gnome.evolution.dataserver.*" = "*"; #< TODO: reduce; only needs address book and maybe sources
sandbox.whitelistDbus.user.own = [ "org.gnome.Calls" ];
sandbox.whitelistSendNotifications = true; # for missed calls
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
persist.byStore.private = [ persist.byStore.private = [