Run Tor Browser in pseudo flatpak

• Closes "Large text" accessibility feature does not app... (#19266 - closed)
• closes Improve UX of saving downloaded files and pages... (#15678 - closed)
• closes Use desktop portals in Tor Browser (#19408 - closed)
• closes Tor Browser ignores cursor size (accessibility ... (#19572 - closed)
• closes Tor Browser has no minimize & maximize buttons ... (#19328 - closed)
• closes Remove the `tor-browser` shortcut from the side... (#19254 - closed)
• closes Grant Tor Browser access to files as designated... (#10422 - closed)

Testing

Click to expand

When we talk about a file/folder being "writable in the Tor Browser context" below we mean that they are both shared with read-write access from the host context into the flatpak context and are have read-write access through the Tor Browser AppArmor profile, so ~/Tor Browser and the XDG directories (~/Downloads, ~/Documents, etc). And, similarly, "readable in the Tor Browser context" means the file/folder is readable in both (flatpak, Apparmor) ways, which includes a few more places, primarily under /usr (e.g. were the documentation lives).

Legend:

• Delta is "✨"
• Regressions are "❗".
• Status quo is everything else.

FileChooser portal

• Download a file...
  • To a folder that is writable in the Tor Browser context: works perfectly, and opening a file chooser again should start in the previous target directory
  • ✨ To a folder that is non-writable in the Tor Browser context: works, but opening a file chooser again will start in /run/user/1000/doc/${some_number} (bad UX)
• Open file after download, by clicking on the "Downloads" button, then on file name
  • folder that is writable in the Tor Browser context: works
  • ✨ folder that is non-writable in the Tor Browser context: works
• Open folder after download, by clicking on the "Downloads" button, then on the folder icon
  • folder that is writable in the Tor Browser context: works
  • ✨ folder that is non-writable in the Tor Browser context: works
• Print page to a PDF file
  • To a folder that is writable in the Tor Browser context: works perfectly, and opening a file chooser again should start in the previous target directory
  • ✨ To a folder that is non-writable in the Tor Browser context: works, but opening a file chooser again will start in /run/user/1000/doc/${some_number} (bad UX)
• Save Page As...
  • To a folder that is writable in the Tor Browser context: works perfectly
  • ✨ To a folder that is non-writable in the Tor Browser context: should fail, but "Retry" in the Download widget should succeed although the _files folder silently fails to be created (bad UX)
    • why "should fail". Do you mean it will fail?
• File → Open File...
  • To a folder that is readable in the Tor Browser context...
    • ❗ Inside /usr (also /etc and /proc but they are less relevant): "Access to the file was denied", and the URL is /run/user/1000/doc/${some_number}/foo.html. Note that this is a true regression introduced in this MR due to the FileChooser portal and how it treats /usr (and the others) in a special way. Details: !1025 (comment 254087) (bad UX)
    • Anywhere else (e.g. $HOME): works perfectly
  • ✨ To a folder that is non-readable in the Tor Browser context: works, the URL is /run/user/1000/doc/${some_number}/foo.html, but any files it references (like a _files folder) are absent (bad UX)
• Opening a file by dragging it from Nautilus to Tor Browser...
  • To a folder that is readable in the Tor Browser context: works perfectly
  • ✨ To a folder that is non-readable in the Tor Browser context: "File not found" (bad UX)

Settings portal

• ✨ Large Text (#19266 (closed))
• ✨ Large mouse pointer (#19572 (closed))
• ✨ Minimize and maximize buttons in title bar (#19328 (closed))

File forwarding

• Opening a HTML document in Nautilus should open it in Tor Browser
  • If the file is readable in the Tor Browser context: the URL is the path to the file, and images etc from a _files folder are included
  • ✨ If the file is non-readable in the Tor Browser context: the URL is /run/user/1000/doc/${some_number}/foo.html, but any files it references (like a _files folder) are absent (bad UX)

No regressions elsewhere

• Browsing local documentation opened with the (obsolete) tails-documentation script
• Browsing local documentation opened from 1 of our custom programs that links to it
• HTML Drag and Drop API, like https://share.riseup.net
• Sandbox: go to about:support and check that everything is true in the Sandbox section (especially User Namespaces). Also there should not be a warning banner when starting saying "Some of Tor Browser's security features may offer less protection on your current operating system".
• Hardware accelerated rendering
• Video and sound
• There is a spinner when starting
• Printer support
• Persistent bookmarks
• Screen reader
• Screen keyboard
• IBus, CJK input
• Localization
• Install add-on
• Control port stuff (circuit list, new circuit for this site, new identity)

No improvement

• Hardware accelerated video. Broken even without this MR (#20801)
• Microphone and webcam. Disabled in upstream Tor Browser, see the "MediaDevices API" section in the design doc
  • When a webpage is accessing the microphone there is an orange overlay floating icon