Be able to whitelist a binary to have access to the remote desktop portal without confirmation dialogue

Background

I’ve been using GitHub - Unrud/remote-touchpad: Control mouse and keyboard from a smartphone in order to access streaming services on a computer that is plugged into my TV without having to buy a remote keyboard that has a trackpad.

The problem

On wayland, this project uses the remote desktop portal, which works really well except for me having to use a physical mouse to click “Allow remote interaction” and “Share” every time that the computer is started.

My proposed solution

To fix this, the current “Allow remote interaction” checkbox could be changed to an option with the label “Allow APP_NAME_HERE remote interaction”, and 3 options:

  • “Don’t allow”
  • “Only this time”
  • “Anytime (revocable from settings)”

Then, I could create a script that starts remote-touchpad whenever gnome starts on the computer, and sets remote-touchpad to always use the same port, and password so that you can bookmark the URL on any mobile browser.

Security

There are 2 ways that I can think of to stop the binary from being edited to be malicious after a user has granted permision for the binary to access remote interaction whenever it wants:

  • The hash and time of last modification of the binary could be stored, and then only binaries with that hash and path and time of modification have access, or;
  • A user would only be able to give the binary permanent access if it is only writeable by root, and then only binaries with that path have access

This should already be implemented, at least in theory. There’s a setting that the app can opt into, where the portal will give the app a persistence token. The app can give this token back to the portal, and skip the prompt.

I checked out the app’s code, and at a quick glance it doesn’t look like the app handles this.

Documentation: Remote Desktop - XDG Desktop Portal documentation (see notes about persist_mode)