Permission for individual files appearing in Flatpak permissions?

$ flatpak permissions
Table      Object     App                     Permissions                  Data
documents  aa2eef9f   org.mozilla.firefox     read,write,grant-permissions (b'/home/user/Pictures/Screenshots/Screenshot from 2023-12-27 12-13-29.png', 38, 17993, 0)
documents  32f8808    org.mozilla.firefox     read,write,grant-permissions (b'/home/user/Pictures/Screenshots/Screenshot from 2023-12-27 12-13-21.png', 38, 17993, 0)
documents  96fe0a97   org.mozilla.firefox     read,write,grant-permissions (b'/home/user/Pictures/Screenshots/Screenshot from 2023-12-27 12-18-02.png', 38, 17993, 0)
documents  244648a7   org.mozilla.firefox     read,write,grant-permissions (b'/home/user/Pictures/Screenshots/Screenshot from 2023-12-27 12-16-46.png', 38, 17993, 0)

Those files are long gone but the permissions are permanent?
Why is this a thing… Do I need to be careful about where I select my files now, and check permission stores sometimes…?

The permissions are requested by Firefox through portal[1], and the files are exported[2]. These are dynamic permissions.
They use to be unable to removed[3], though I was able to remove them with flatpak permission-remove documents <ID>. (permission-reset just removes App and Permissions but leaves the entries there.)

However I think the more correct way as said in the GNOME blog, is to use flatpak document-unexport <ID>[4]. (Will try next time…)

I suppose they indeed build up overtime. I don’t think I saw them in Flatseal. Or it’d be nice if the app can remove the permission afterwards.


  1. https://www.reddit.com/r/flatpak/comments/jwh61z/permissions_on_firefox/ ↩︎

  2. https://blogs.gnome.org/mclasen/2018/07/19/flatpak-a-look-behind-the-portal/ ↩︎

  3. ↩︎

  4. https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-document-unexport ↩︎

flatpak document-unexport --doc-id <ID>
Works as expected.