Remove access to whole filesystem

[rugk]

Minimizing permissions is always a good idea.
Why do you now need access to all files? Is not the idea that exploits or so in a PDF viewer could be mitigated/not have such a bad effect if it does not have access to all files?

The filesystem=host permission got copied from upstream/Flathub https://github.com/flathub/org.gnome.Evince/blob/master/org.gnome.Evince.json#L13
It seems that revoking that permission doesn't cause any problem with the app's main functionality.

https://bugzilla.redhat.com/show_bug.cgi?id=2098179

Ref upstream also did not explain why/how this permission would be needed: https://gitlab.gnome.org/GNOME/evince/-/issues/1810

Fixes #76

[flathubbot]

Started test build 99575

[rugk]

Ah just saw #76, anyway I see no big open issue there preventing this.

[flathubbot]

Build 99575 successful
To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/97304/org.gnome.Evince.flatpakref

[Mikenux]

Ah just saw #76, anyway I see no big open issue there preventing this.

If you read it, you will find this comment: #76 (comment)

Also, there are other PRs for this: #61 and #88.

There is also another issue: see flatpak/xdg-desktop-portal#807 and https://gitlab.gnome.org/GNOME/libdazzle/-/issues/65

[gpoo]

Thanks for the patch. I merged #88 instead.