Can fusuma use flatpak: device=input|all permission instead of requiring input group?

[KAGEYAM4]

Is your feature request related to a problem? Please describe.

IMPORTANT: This makes /dev/input/ readable, so if that's an issue for you for some reason (like for privacy- or securityconcerns etc. or if it causes other parts of your OS to misbehave), consider this your heads-up.

Describe the solution you'd like
Can flatpak solve this ? https://docs.flatpak.org/en/latest/sandbox-permissions.html#device-access

[iberianpig]

I'm not very familiar with Flatpak, but for Fusuma, if we can control access to /dev/input, we might not need the input group for libinput.
Also, fusuma-plugin-remap uses /dev/uinput to create virtual devices, which needs extra permissions.

Projects that use Flatpak, like Steam or other key remappers, might be useful to look at.

It could also be useful to see if we can run without the input group by using systemd to run as root.

[KAGEYAM4]

a Flatpak app runs as your user, so at best it can do what your user can do. --device=input merely provides access to the device nodes.

I asked on flatpak-Matrix, and flatpak solution won't work.

[KAGEYAM4]

@iberianpig found it on how steam-input works --> (TLDR: udev-rule granting tag:uaccess)

• https://www.reddit.com/r/archlinux/comments/viss0k/having_steam_installed_gives_your_user_readwrite/
• https://wiki.archlinux.org/title/Gamepad#Device_permissions
• https://github.com/ValveSoftware/steam-devices/blob/master/60-steam-input.rules

Granting access to uinput and touchpad is better that being part of input group.

Here's an example of udev rule for touchpad that i am using.

• Got the attributes by running sudo evtest and then selecting events which i though belong to touchpad, performing action on touchpad to see if output shows in evtest. Then using $ udevadm info --attribute-walk --name=/dev/input/<event-id> to get attributes.
• Using udev rule from steaminput for uinput