Data Sandboxing using Graphs
In Tracker 3.0, the search index is divided into multiple graphs.
The filesystem indexer maintains the following graphs:
tracker:FileSystem: stores names of all files and folders that are indexed
tracker:Audio: stores metadata of audio files
tracker:Documents: stores metadata and contents of text and wordprocessor documents, spreadsheets, and presentations
tracker:Pictures: stores metadata of picture files
tracker:Videos: stores metadata of video files
tracker:Software: stores metadata of desktop and iso files
Applications inside a Flatpak sandbox access the search index via xdg-tracker-portal. They need to declare in advance which graphs they will access. Apps should only access graphs relevant to them, e.g. music player apps should only access the tracker:Audio graph.
The tracker:Documents graph is much more sensitive than the others, as documents are much more likely to contain private user information than other types of content, and the search index will store the contents of these files.
The xdg-tracker-portal does not provide a way for apps to actually read the files. It is intended only for listing and searching user content.