Feature request: Allow to remap service names

[xi]

It would often be useful for dbus services to reliably know which app they are talking to. For example, the keychain service on iOS only allows access to a secret for the app that created that secret. As far as I know, this is currently not possible on linux/dbus because there is no reliable way to identify apps (whatever that might be exactly). A service could use GetConnectionUnixProcessID and then check /proc/{pid}/exe, but that often ends up being bash or python, which is not really useful.

A way something like this could be implemented is that the service acquires a separate name for each app, e.g. org.freedesktop.Secret.MyApp and then we could use xdg-dbus-proxy to remap that name to org.freedesktop.Secret within the sandbox. Of course this would still require changes in the services, but not to the dbus interface specs.

For syntax, I imaging something like this:

xdg-dbus-proxy unix:path=/run/usr/1000/bus /run/usr/1000/bus-proxy --filter \
  --talk=org.freedesktop.Secret.MyApp:org.freedesktop.Secret

Maybe this approach could also be used to solve issues like #15 and #18.

I could try to work on the implementation. But before I get into that I wanted to check if you interested at all?

[swick]

I think people are more interested in getting rid of xdg-dbus-proxy than adding more features to it. I do like the idea of the broker being able to make a specific bus name additional available under another name.

Maybe the dbus reference impl (https://gitlab.freedesktop.org/dbus/dbus/) is the better place to bring this up.

[xi]

Can you point me to any discussions why people want to get rid of xdg-dbus-proxy and what could be used instead? I am a bit hesitant about bringing this up at dbus without knowing more context.

[TingPing]

This is the general issue about upstreaming the sandboxing concepts https://gitlab.freedesktop.org/dbus/dbus/-/issues/171