Per-app encryption
Basically the idea is that we'll want the ability for individual Flatpaks to encrypt their data with unique keys to protect the data from other apps. Useful for things like banking apps.
The implementation idea is quite simple: just stack fscrypt over top of the LUKS home directory, and apply the following discussion points:
- change homed's key heirarchy to securely derive per-app keys
- get rid of the performance penalty of stacking multiple layers of encryption
- #37, and the extensions to that described in the research document (TL;DR: Flatpak will need to listen for the signal from homed and throw out its own keys, then send its own signals to apps so they can clean up too)
- Flatpak will be given a key from the homed key hierarchy, derive a per-app key, and only make that key available to that app
- IDK but I suspect fscrypt unlocks across namespaces (unlock it in one mount NS and it'll likely be readable from another) so it's not quite so simple. Flatpak will need to use sandboxing facilities to mask access to other apps'
~/.var/app/*
dir even if the other apps havefilesystem=home
permissions (it might do this already tho, IDKactually looks like Flatpak does do this, but I'll need to check the code to make sure it always does)
- IDK but I suspect fscrypt unlocks across namespaces (unlock it in one mount NS and it'll likely be readable from another) so it's not quite so simple. Flatpak will need to use sandboxing facilities to mask access to other apps'
- We can implement an iOS-esque fine grained encryption policy API too, using GVFS
Edited by Adrian Vovk