Struct ashpd::documents::DocumentsProxy [−][src]
pub struct DocumentsProxy<'a>(_);
Expand description
The interface lets sandboxed applications make files from the outside world available to sandboxed applications in a controlled way.
Exported files will be made accessible to the application via a fuse
filesystem that gets mounted at /run/user/$UID/doc/
. The filesystem gets
mounted both outside and inside the sandbox, but the view inside the sandbox
is restricted to just those files that the application is allowed to access.
Individual files will appear at /run/user/$UID/doc/$DOC_ID/filename
,
where $DOC_ID
is the ID of the file in the document store.
It is returned by the DocumentsProxy::add
and DocumentsProxy::add_named
calls.
The permissions that the application has for a document store entry (see
DocumentsProxy::grant_permissions
) are reflected in the POSIX mode bits in the fuse
filesystem.
Implementations
Create a new instance of DocumentsProxy
.
Adds a file to the document store. The file is passed in the form of an open file descriptor to prove that the caller has access to the file.
Returns the ID of the file in the document store.
Arguments
o_path_fd
- Open file descriptor for the file to add.reuse_existing
- Whether to reuse an existing document store entry for the file.persistent
- Whether to add the file only for this session or permanently.
Adds multiple files to the document store. The files are passed in the form of an open file descriptor to prove that the caller has access to the file.
Returns the IDs of the files in the document store along with other extra info.
Arguments
o_path_fds
- Open file descriptors for the files to export.flags
- AFlags
.app_id
- An application ID, or empty string.permissions
- The permissions to grant.
Creates an entry in the document store for writing a new file.
Returns the ID of the file in the document store.
Arguments
o_path_parent_fd
- Open file descriptor for the parent directory.filename
- The basename for the file.reuse_existing
- Whether to reuse an existing document store entry for the file.persistent
- Whether to add the file only for this session or permanently.
Adds multiple files to the document store. The files are passed in the form of an open file descriptor to prove that the caller has access to the file.
Returns the ID of the file in the document store along with other extra info.
Arguments
o_path_fd
- Open file descriptor for the parent directory.filename
- The basename for the file.flags
- AFlags
.app_id
- An application ID, or empty string.permissions
- The permissions to grant.
Removes an entry from the document store. The file itself is not deleted. This call is available inside the sandbox if the application has the ‘delete’ permission for the document.
Arguments
doc_id
- The ID of the file in the document store.
Returns the path at which the document store fuse filesystem is mounted. This will typically be /run/user/$UID/doc/.
pub async fn grant_permissions(
&self,
doc_id: &str,
app_id: &str,
permissions: &[Permission]
) -> Result<(), Error>
pub async fn grant_permissions(
&self,
doc_id: &str,
app_id: &str,
permissions: &[Permission]
) -> Result<(), Error>
Grants access permissions for a file in the document store to an application. This call is available inside the sandbox if the application has the ‘grant-permissions’ permission for the document.
Arguments
doc_id
- The ID of the file in the document store.app_id
- The ID of the application to which permissions are granted.permissions
- The permissions to grant.
Gets the filesystem path and application permissions for a document store entry.
Returns the path of the file in the host filesystem along with the
Permissions
Arguments
doc_id
- The ID of the file in the document store.
Looks up the document ID for a file. This call is not available inside the sandbox.
Returns the ID of the file in the document store, or ‘’ if the file is not in the document store
Arguments
filename
- A path in the host filesystem.
pub async fn revoke_permissions(
&self,
doc_id: &str,
app_id: &str,
permissions: &[Permission]
) -> Result<(), Error>
pub async fn revoke_permissions(
&self,
doc_id: &str,
app_id: &str,
permissions: &[Permission]
) -> Result<(), Error>
Revokes access permissions for a file in the document store from an application. This call is available inside the sandbox if the application has the ‘grant-permissions’ permission for the document.
Arguments
doc_id
- The ID of the file in the document store.app_id
- The ID of the application from which permissions are revoked.permissions
- The permissions to revoke.
Trait Implementations
Auto Trait Implementations
impl<'a> !RefUnwindSafe for DocumentsProxy<'a>
impl<'a> Send for DocumentsProxy<'a>
impl<'a> Sync for DocumentsProxy<'a>
impl<'a> Unpin for DocumentsProxy<'a>
impl<'a> !UnwindSafe for DocumentsProxy<'a>