[Solved] Signal (Flatpak) can access my files even Flatseal shows the opposite

I use Signal (from Flathub) upon Fedora (latest stable).

I check Signal permissions from Flatseal. Every permission is default yet (I did not change anything yet).

Every permission under “filesystem” title is disabled. But I can attach any file from anywhere (real home folder, mounted ext4 partitions…).

Is there any bug or I miss something?

I want to install Chrome (in any case) but I want to block from Flatseal to access to all my files. So it will only able to get some information from my machine. But when I saw Signal I change my mind…

When you attach a file, what I presume happens is that the flatpak gets access to 1 particular file using xdg-desktop-portal: GitHub - flatpak/xdg-desktop-portal: Desktop integration portal. This means that only you are able to choose the files it can access (the filesystem permission is a permission that means the app can access files in said directories without your consent). Unfortunately when you give an app access to a file through xdg desktop portal, there isn’t a way to specify one time access. The app gets access to that file or folder forever. It seems there are some open issues about this, such as this one: Once a file is opened with FileChooser, the permissions remain permanently in flatpak · Issue #1349 · flatpak/xdg-desktop-portal · GitHub

At least that’s my understanding, I am not an expert in this field, so I could be wrong

Thank you