[Feature Request] Allow pre-populating permissions for apps that want to access portal APIs

[salmanmlk]

Today most of the portals require user interaction to grant permissions for an app to access the resources on the system. This security model makes sense when the user is present on the machine and can allow/deny whatever resources they deem appropriate but this is less than ideal for the case when the user is not directly present on the machine e.g. I am working on adding support in Chrome Remote Desktop (CRD) to access wayland based host using the screencast/remote desktop portals, however, this works well when only when the user is solicing remote support and is present on their machine to interact with the dialogs. This approach doesn't work when, say, I am trying to login to my own machine remotely using CRD.

In this FR, I am requesting a security framework for programmatically granting permissions to privileged processes that try to access the portal APIs. I believe this is somewhat supported for flatpak applications using the manifest file for the applications but would not work for non-flatpak applications that invoke desktop-neutral APIs e.g. screencast/remote desktop portal APIs. It will be nice to have a mechanism to configure permissions per process/app about which portal APIs can be called by them without having a dialog appear on the screen. These permissions can potentially be configured by privileged users/groups on the system and potentially be backed by the permissions store. A variation of this idea is implemented here where the user has to select streams once and remember them for future. I propose to build further on this approach and have a promptless access to portal APIs where feasible as well as by generalizing this by building a framework that works for all the portal APIs, we can be better future proof e.g. when these clipboard APIs are implemented, we should only have to do little configuration to support programmatic access to such APIs.

Furthermore, here is a related discourse with GNOME contributors where @jadahl mentioned that a separate API might be more suitable for such use cases. I agree that might be a possible (and only?) solution under certain constraints but just wanted to get a feel of what the xdg-desktop-portal community thinks of such use cases.

[orowith2os]

Maybe xdg-desktop-portal could have a system for allowing clients to verify themselves, such as via SSH keys. It could work like so:

1. x-d-p gets a request from an app
2. x-d-p would ask the user at their system if they want to give the app access to that portal, but the user isn't there
3. x-d-p then, after a certain timeout (say, 10 seconds) asks the app for some form of verification

I'm writing this as I'm about to hop off, so may be a bit incomplete ^^;

[GeorgesStavracas]

This issue looks like a more localized version of #471, so I'm treating it as a duplicate for now. Please let's discuss this use case there.