From 1aff64a38b4a285cec0740e959c92c37e83c6dde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Thu, 16 May 2019 19:30:35 +0200
Subject: [PATCH] main: Stop owning the public org.freedesktop.Notifications
 name

For sandboxed apps, permission to talk to org.freedesktop.Notifications
looks innocent enough. However as all exported services share the same
connection to the session bus, that permission actually grants an app
access to *any* shell D-Bus API.

While we want apps to use the notification portal, it is still common
for apps to use libnotify, raw D-Bus calls or even notify-send.

We don't want to give those apps a way to circumvent most of the sandbox
restrictions, so stop owning the org.freedesktop.Notifications name.

In a next step we will implement a separate notification-daemon that
exposes the API on the well-known address and proxies any requests to
the real implementation in gnome-shell.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/547
---
 src/main.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main.c b/src/main.c
index 6faf9934f..0bfc039e7 100644
--- a/src/main.c
+++ b/src/main.c
@@ -161,8 +161,6 @@ shell_dbus_init (gboolean replace)
                             "org.gnome.Panel", TRUE,
   /* ...and the org.gnome.Magnifier service. */
                             MAGNIFIER_DBUS_SERVICE, FALSE,
-  /* ...and the org.freedesktop.Notifications service. */
-                            "org.freedesktop.Notifications", FALSE,
                             NULL);
   g_object_unref (bus);
   g_object_unref (session);