File System（ファイル・システム）

《訳注》

Plugin 説明内容の英語表記部分について　Plugin 各章は、原文データからページ内容の一部が自動生成されているため、英語表記のままの部分があります。

API Reference

ファイル・システムにアクセスします。

対応プラットフォーム

This plugin requires a Rust version of at least 1.77.2

Platform	Level	Notes
windows		Apps installed via MSI or NSIS in `perMachine` and `both` mode require admin permissions for write access in `$RESOURCES` folder
linux		No write access to `$RESOURCES` folder
macos		No write access to `$RESOURCES` folder
android		Access is restricted to Application folder by default
ios		Access is restricted to Application folder by default

セットアップ

はじめに、「fs（ファイル・システム）」プラグインをインストールしてください。

自動で設定
自動で設定

自分のプロジェクトのパッケージ・マネージャーを使用して依存関係を追加します：

npm run tauri add fs

yarn run tauri add fs

pnpm tauri add fs

deno task tauri add fs

bun tauri add fs

cargo tauri add fs

src-tauri フォルダで次のコマンドを実行して、このプラグインを Cargo.toml 内のプロジェクトの依存関係に追加します：
```
cargo add tauri-plugin-fs
```

追加したプラグインを初期化するために lib.rs を修正します：

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
  tauri::Builder::default()
    .plugin(tauri_plugin_fs::init())
    .run(tauri::generate_context!())
    .expect("error while running tauri application");
}

お好みの JavaScript パッケージ・マネージャーを使用して、「JavaScript Guest」バインディングをインストールします：
- npm
- yarn
- pnpm
- deno
- bun
npm install @tauri-apps/plugin-fs
yarn add @tauri-apps/plugin-fs
pnpm add @tauri-apps/plugin-fs
deno add npm:@tauri-apps/plugin-fs
bun add @tauri-apps/plugin-fs

設定

Android

オーディオ、キャッシュ、ドキュメント、ダウンロード、画像、パブリック、またはビデオのディレクトリを使用する場合、アプリは外部ストレージにアクセス可能である必要があります。

gen/android/app/src/main/AndroidManifest.xml ファイルの中の manifest タグに次のアクセス権限を含めてください：

<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

iOS

Apple 社は、ユーザーのプライバシー保護を強化するために、アプリ開発者に API の使用に対する「承認理由」を明記することを義務付けています。

このため、必要な NSPrivacyAccessedAPICategoryFileTimestamp キーと C617.1 推奨の理由を含む PrivacyInfo.xcprivacy ファイルを src-tauri/gen/apple フォルダ内に作成してください。

《訳注》

承認理由 approved reasons：　Apple 社の「API に対する使用承認理由」記載要求は 2024/05/01 から適用されています（参考）。その理由・背景は、上記本文内のリンク先にある Apple 社サイト（英語版）に記載されています。以下、その要訳を示します：　アプリのコア機能を司る API には、開発者によるものもサードパーティ製 SDK に含まれているものも、デバイスの内部信号にアクセスしてデバイスやユーザーの識別・特定（フィンカープリンティング）に繋がる潜在的な危険性があるため、その API が必要である理由（required reasons for APIs）を確認するための措置。この理由を明示しない場合、App Store でのアプリのアップロードが拒否されます。

C617.1：　API 使用理由コード番号のひとつ。　「NSPrivacyAccessedAPICategory」で規定されている API 選定理由コード。「C617.1」は、「アプリ・コンテナ、アプリ・グループ・コンテナ、またはアプリの CloudKit コンテナ内のファイルのタイムスタンプ、サイズ、その他のメタデータにアクセスする」場合に、この理由コードを宣言するものです。

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>C617.1</string>
        </array>
      </dict>
    </array>
  </dict>
</plist>

使用法

「fs（ファイルシステム）」プラグインは JavaScript と Rust の両方で利用可能です。

JavaScript
Rust

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
// `"withGlobalTauri": true` を使用する場合は、
// const { exists, BaseDirectory } = window.__TAURI__.fs; を使用できます

// `$APPDATA/avatar.png`ファイルが存在するかどうかを確認します
await exists('avatar.png', { baseDir: BaseDirectory.AppData });

use tauri_plugin_fs::FsExt;

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
  tauri::Builder::default()
      .plugin(tauri_plugin_fs::init())
      .setup(|app| {
          // allowed the given directory
          let scope = app.fs_scope();
          scope.allow_directory("/path/to/directory", false);
          dbg!(scope.allowed());

          Ok(())
       })
       .run(tauri::generate_context!())
       .expect("error while running tauri application");
}

セキュリティ

このモジュールは「パス・トラバーサル」を防止し、親ディレクトリへの「アクセサ」メソッドの使用を許可しません（つまり、「/usr/path/to/../file」や「../path/to/file」へのパスは許可されません）。この API を使用してアクセスされるパスは、ベース・ディレクトリのどれかひとつに関連しているか、path API を使用して作成されている必要があります。

《訳注》

パス・トラバーサル　path traversal：　「ディレクトリ・トラバーサル」とも呼ばれるコンピュータ・システムへの攻撃手法。ユーザーが指定したファイル名のセキュリティ検証または無害化が不十分なことを悪用し、攻撃者がファイル・システム API に対し、本来アクセスできない「親（別）ディレクトリへの移動（トラバース）」を可能にするパス情報を与えることで、システム内の別の場所にあるパスワードや個人情報を奪取するもの。《wikipedia》

アクセサ accessor：　オブジェクトの中のプロパティの値を取り出したり、変更したりする関数（メソッド）のこと。

詳しくは、@tauri-apps/plugin-fs - Security（英語サイト）をご覧ください。

パス Paths

「ファイル・システム」プラグインは、パスを操作するための二つの方法（「ベース・ディレクトリ」と「path API」）を提供しています。

ベース・ディレクトリ

操作の作業ディレクトリとして機能する baseDir が定義できるオプション引数が、どの API にもあります。
```
import { readFile } from '@tauri-apps/plugin-fs';
const contents = await readFile('avatars/tauri.png', {
  baseDir: BaseDirectory.Home,
});
```
上記の例では、「Home ベース・ディレクトリ」を使用しているため、~/avatars/tauri.png ファイルが読み取られます。

path API（パス API）

別の方法として、「パス API」を使用してパス操作を実行することもできます。

import { readFile } from '@tauri-apps/plugin-fs';
import * as path from '@tauri-apps/api/path';
const home = await path.homeDir();
const contents = await readFile(await path.join(home, 'avatars/tauri.png'));

ファイル Files

Create（作成）

この操作では、ファイルを作成し、そのハンドル（識別子）を返します。ファイルが既に存在する場合は、切り捨てられます。

import { create, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await create('foo/bar.txt', { baseDir: BaseDirectory.AppData });
await file.write(new TextEncoder().encode('Hello world'));
await file.close();

Write（書き込み）

「ファイル・システム」プラグインでは、パフォーマンス向上のために「テキスト・ファイル」と「バイナリ・ファイル」を書き込むために別々の API を提供しています。

テキスト・ファイル

import { writeTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const contents = JSON.stringify({ notifications: true });
await writeTextFile('config.json', contents, {
  baseDir: BaseDirectory.AppConfig,
});

バイナリ・ファイル

import { writeFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const contents = new Uint8Array(); // fill a byte array
await writeFile('config', contents, {
  baseDir: BaseDirectory.AppConfig,
});

Open（開く）

この処理では、ファイルを開き、そのハンドルを返します。この API を使用すると、ファイルを開く方法をより詳細に制御できます。（読み取り専用モード、書き込み専用モード、上書きではなく追加、ファイルが存在しない場合にのみ作成、など）。

読み取り専用 read-only

デフォルト・モードです。

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  read: true,
  baseDir: BaseDirectory.AppData,
});

const stat = await file.stat();
const buf = new Uint8Array(stat.size);
await file.read(buf);
const textContents = new TextDecoder().decode(buf);
await file.close();

書き込み専用 write-only

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('Hello world'));
await file.close();

デフォルトでは、file.write() 呼び出しで、ファイルは切り捨てられます。既存のコンテンツに追加する方法の詳細については、次の例を参照してください。

追加 append

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  append: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();

{ append: true } は { write: true, append: true } と同じ効果を持つことに注意してください。

切り捨て truncate

truncate オプションが設定されていて、しかもファイルがすでに存在する場合、ファイルは長さ「0」に切り捨てられます。
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  truncate: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();
```
このオプションでは、write が true である必要があります。

このオプションは、複数の file.write() 呼び出しを使用して既存のファイルを書き換える場合は、append オプションと一緒に使用できます。
作成 create

デフォルトでは、open API は既存のファイルのみを開きます。ファイルが存在しない場合には作成し、存在する場合にはそのファイルを開くようにするには、create を true に設定してください：
```
import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  create: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();
```
ファイルが作成されるようにするには、write も append も true に設定する必要があります。

ファイルがすでに存在する場合にファイルを作成しないようにするには、次の createNew を参照してください。

新規作成 createNew

createNew は create 同様に動作しますが、ファイルがすでに存在する場合はファイルを作成しません。

import { open, BaseDirectory } from '@tauri-apps/plugin-fs';
const file = await open('foo/bar.txt', {
  write: true,
  createNew: true,
  baseDir: BaseDirectory.AppData,
});
await file.write(new TextEncoder().encode('world'));
await file.close();

ファイルが作成されるようにするには、write も true に設定する必要があります。

Read（読み取り）

このプラグインは、パフォーマンス向上のために「テキスト・ファイル」と「バイナリ・ファイル」を読み取りに別々の API を提供しています。

テキスト・ファイル

import { readTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const configToml = await readTextFile('config.toml', {
  baseDir: BaseDirectory.AppConfig,
});

ファイルが大きい場合は、readTextFileLines API を使用して、ストリーミング（シーケンシャルに「数行ごとの読み出し」を行なうこと）ができます：

import { readTextFileLines, BaseDirectory } from '@tauri-apps/plugin-fs';
const lines = await readTextFileLines('app.logs', {
  baseDir: BaseDirectory.AppLog,
});
for await (const line of lines) {
  console.log(line);
}

バイナリ・ファイル

import { readFile, BaseDirectory } from '@tauri-apps/plugin-fs';
const icon = await readFile('icon.png', {
  baseDir: BaseDirectory.Resources,
});

Remove（削除）

ファイルを削除するには remove() を呼び出します。ファイルが存在しない場合はエラーが返されます。

import { remove, BaseDirectory } from '@tauri-apps/plugin-fs';
await remove('user.db', { baseDir: BaseDirectory.AppLocalData });

Copy（コピー）

copyFile 関数は、「ソース・パス source path」と「宛先パス destination path」を受け取ります。それぞれのベース・ディレクトリを別々に設定する必要があることに注意してください。

import { copyFile, BaseDirectory } from '@tauri-apps/plugin-fs';
await copyFile('user.db', 'user.db.bk', {
  fromPathBaseDir: BaseDirectory.AppLocalData,
  toPathBaseDir: BaseDirectory.Temp,
});

上記の例では、「<app-local-data>/user.db」ファイルが「$TMPDIR/user.db.bk」にコピーされます。

Exists（ファイル有無確認）

ファイルが存在するかどうかを確認するには、exists() 関数を使用します。

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
const tokenExists = await exists('token', {
  baseDir: BaseDirectory.AppLocalData,
});

Metadata（メタデータ）

ファイルのメタデータは、stat および lstat 関数を使用して取得できます。「stat 関数」はシンボリック・リンクを辿ります（実際に指し示しているファイルが「スコープ」で許可されていない場合にはエラーを返します）。一方、「lstat 関数」はシンボリック・リンクを辿らず、シンボリック・リンク自体の情報を返します。

《訳注》

シンボリック・リンク　symlink：　「ソフト・リンク」。コンピュータのディスク上で扱うファイルやディレクトリを、本来の位置にファイルを残しつつそれとは別の場所に置いたり別名を付けてアクセスする手段。Windows では「ショートカット」、macOS では「エイリアス」と呼ばれます。《wikipedia》

import { stat, BaseDirectory } from '@tauri-apps/plugin-fs';
const metadata = await stat('app.db', {
  baseDir: BaseDirectory.AppLocalData,
});

Rename（名前の変更）

「rename 関数」は「ソース・パス」と「宛先パス」を受け取ります。それぞれのベース・ディレクトリを別々に設定する必要があることに注意してください。

import { rename, BaseDirectory } from '@tauri-apps/plugin-fs';
await rename('user.db.bk', 'user.db', {
  fromPathBaseDir: BaseDirectory.AppLocalData,
  toPathBaseDir: BaseDirectory.Temp,
});

上記の例では、「<app-local-data>/user.db.bk」ファイルの名前が「$TMPDIR/user.db」に変更されます。

Truncate（切り捨て）

指定されたファイルを、指定されたファイルの長さ（デフォルトは「0」）に達するまで「切り捨て」るか「拡張」します。

「長さ 0」に切り捨て

import { truncate } from '@tauri-apps/plugin-fs';
await truncate('my_file.txt', 0, { baseDir: BaseDirectory.AppLocalData });

「指定の長さ」に切り捨て

import {
  truncate,
  readTextFile,
  writeTextFile,
  BaseDirectory,
} from '@tauri-apps/plugin-fs';

const filePath = 'file.txt';
await writeTextFile(filePath, 'Hello World', {
  baseDir: BaseDirectory.AppLocalData,
});
await truncate(filePath, 7, {
  baseDir: BaseDirectory.AppLocalData,
});
const data = await readTextFile(filePath, {
  baseDir: BaseDirectory.AppLocalData,
});
console.log(data); // "Hello W"（「Hello World」を「7」文字で切り捨て）

ディレクトリ Directories

Create（作成）

ディレクトリを作成するには、「mkdir 関数」を呼び出します：

import { mkdir, BaseDirectory } from '@tauri-apps/plugin-fs';
await mkdir('images', {
  baseDir: BaseDirectory.AppLocalData,
});

Read（読み出し）

「readDir 関数」はディレクトリの内容項目を再帰的にリストします：

《訳注》

再帰的　recursively：　「再帰的に」とは「同じ処理を同じルールで直接の対象とその下位の内容にまで適用する」ことです。たとえば「再帰的にリストする」とは対象のディレクトリの内容とそのサブディレクトリの内容までリストし、『再帰的に削除する」とはその下位のファイルまで削除する、という処理が行なわれます。

import { readDir, BaseDirectory } from '@tauri-apps/plugin-fs';
const entries = await readDir('users', { baseDir: BaseDirectory.AppLocalData });

Remove（削除）

ディレクトリを削除するには　remove() を呼び出します。ディレクトリが存在しない場合はエラーが返されます。

import { remove, BaseDirectory } from '@tauri-apps/plugin-fs';
await remove('images', { baseDir: BaseDirectory.AppLocalData });

ディレクトリが空でない場合は、recursive オプションを true に設定する必要があります：

import { remove, BaseDirectory } from '@tauri-apps/plugin-fs';
await remove('images', {
  baseDir: BaseDirectory.AppLocalData,
  recursive: true,
});

Exists（ディレクトリ有無確認）

ディレクトリが存在するかどうかを確認するには、「exists() 関数」を使用します：

import { exists, BaseDirectory } from '@tauri-apps/plugin-fs';
const tokenExists = await exists('images', {
  baseDir: BaseDirectory.AppLocalData,
});

Metadata（メタデータ）

ディレクトリのメタデータは、stat および lstat 関数を使用して取得できます。「stat 関数」はシンボリック・リンクを辿ります（実際に指し示しているファイルが「スコープ」で許可されていない場合にはエラーを返します）。一方、「lstat 関数」はシンボリック・リンクを辿らず、シンボリック・リンク自体の情報を返します。

import { stat, BaseDirectory } from '@tauri-apps/plugin-fs';
const metadata = await stat('databases', {
  baseDir: BaseDirectory.AppLocalData,
});

変化の監視

ディレクトリまたはファイルの変更を監視するには、watch または watchImmediate 関数を使用します。

watch（監視）関数

「watch 関数」はデバウンスを発生させるため、一定の遅延後にのみイベントが発行されます：

《訳注》

デバウンス　debounce：　キー入力やマウスの移動のような特定のイベントが短時間で連続して発生した際に、各イベントを個別に処理するのではなく、ある一定時間（たとえば数 100ミリ秒）の間イベントが発生しなかった場合にのみそれまでの処理をまとめて実行する方法。

import { watch, BaseDirectory } from '@tauri-apps/plugin-fs';
await watch(
  'app.log',
  (event) => {
    console.log('app.log event', event);
  },
  {
    baseDir: BaseDirectory.AppLog,
    delayMs: 500,
  }
);

watchImmediate（即時監視）関数

「watchImmediate 関数」は、イベントのリスナーに直ちに通知を行ないます：

import { watchImmediate, BaseDirectory } from '@tauri-apps/plugin-fs';
await watchImmediate(
  'logs',
  (event) => {
    console.log('logs directory event', event);
  },
  {
    baseDir: BaseDirectory.AppLog,
    recursive: true,
  }
);

デフォルトでは、ディレクトリの監視操作は「再帰的」ではありません。すべてのサブディレクトリの変更を再帰的に監視するには、recursive（再帰）オプションを true に設定します。

アクセス権限 Permissions

デフォルトでは、潜在的に危険なプラグイン・コマンドとそのスコープ（有効範囲）はすべてブロックされており、アクセスできません。これらを有効にするには、capabilities 設定でアクセス権限を変更する必要があります。

詳細については「セキュリティ・レベル Capabilities」の章を参照してください。また、プラグインのアクセス権限を設定するには「プライグン・アクセス権の使用」の章のステップ・バイ・ステップ・ガイドを参照してください。

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    "fs:default",
    {
      "identifier": "fs:allow-exists",
      "allow": [{ "path": "$APPDATA/*" }]
    }
  ]
}

Default Permission

This set of permissions describes the what kind of file system access the fs plugin has enabled or denied by default.

Granted Permissions

This default permission set enables read access to the application specific directories (AppConfig, AppData, AppLocalData, AppCache, AppLog) and all files and sub directories created in it. The location of these directories depends on the operating system, where the application is run.

In general these directories need to be manually created by the application at runtime, before accessing files or folders in it is possible.

Therefore, it is also allowed to create all of these folders via the mkdir command.

Denied Permissions

This default permission set prevents access to critical components of the Tauri application by default. On Windows the webview data folder access is denied.

This default permission set includes the following:

create-app-specific-dirs
read-app-specific-dirs-recursive
deny-default

Permission Table

Identifier	Description
`fs:allow-app-read-recursive`	This allows full recursive read access to the complete application folders, files and subdirectories.
`fs:allow-app-write-recursive`	This allows full recursive write access to the complete application folders, files and subdirectories.
`fs:allow-app-read`	This allows non-recursive read access to the application folders.
`fs:allow-app-write`	This allows non-recursive write access to the application folders.
`fs:allow-app-meta-recursive`	This allows full recursive read access to metadata of the application folders, including file listing and statistics.
`fs:allow-app-meta`	This allows non-recursive read access to metadata of the application folders, including file listing and statistics.
`fs:scope-app-recursive`	This scope permits recursive access to the complete application folders, including sub directories and files.
`fs:scope-app`	This scope permits access to all files and list content of top level directories in the application folders.
`fs:scope-app-index`	This scope permits to list all files and folders in the application directories.
`fs:allow-appcache-read-recursive`	This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories.
`fs:allow-appcache-write-recursive`	This allows full recursive write access to the complete `$APPCACHE` folder, files and subdirectories.
`fs:allow-appcache-read`	This allows non-recursive read access to the `$APPCACHE` folder.
`fs:allow-appcache-write`	This allows non-recursive write access to the `$APPCACHE` folder.
`fs:allow-appcache-meta-recursive`	This allows full recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.
`fs:allow-appcache-meta`	This allows non-recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics.
`fs:scope-appcache-recursive`	This scope permits recursive access to the complete `$APPCACHE` folder, including sub directories and files.
`fs:scope-appcache`	This scope permits access to all files and list content of top level directories in the `$APPCACHE` folder.
`fs:scope-appcache-index`	This scope permits to list all files and folders in the `$APPCACHE`folder.
`fs:allow-appconfig-read-recursive`	This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories.
`fs:allow-appconfig-write-recursive`	This allows full recursive write access to the complete `$APPCONFIG` folder, files and subdirectories.
`fs:allow-appconfig-read`	This allows non-recursive read access to the `$APPCONFIG` folder.
`fs:allow-appconfig-write`	This allows non-recursive write access to the `$APPCONFIG` folder.
`fs:allow-appconfig-meta-recursive`	This allows full recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.
`fs:allow-appconfig-meta`	This allows non-recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics.
`fs:scope-appconfig-recursive`	This scope permits recursive access to the complete `$APPCONFIG` folder, including sub directories and files.
`fs:scope-appconfig`	This scope permits access to all files and list content of top level directories in the `$APPCONFIG` folder.
`fs:scope-appconfig-index`	This scope permits to list all files and folders in the `$APPCONFIG`folder.
`fs:allow-appdata-read-recursive`	This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories.
`fs:allow-appdata-write-recursive`	This allows full recursive write access to the complete `$APPDATA` folder, files and subdirectories.
`fs:allow-appdata-read`	This allows non-recursive read access to the `$APPDATA` folder.
`fs:allow-appdata-write`	This allows non-recursive write access to the `$APPDATA` folder.
`fs:allow-appdata-meta-recursive`	This allows full recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.
`fs:allow-appdata-meta`	This allows non-recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics.
`fs:scope-appdata-recursive`	This scope permits recursive access to the complete `$APPDATA` folder, including sub directories and files.
`fs:scope-appdata`	This scope permits access to all files and list content of top level directories in the `$APPDATA` folder.
`fs:scope-appdata-index`	This scope permits to list all files and folders in the `$APPDATA`folder.
`fs:allow-applocaldata-read-recursive`	This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories.
`fs:allow-applocaldata-write-recursive`	This allows full recursive write access to the complete `$APPLOCALDATA` folder, files and subdirectories.
`fs:allow-applocaldata-read`	This allows non-recursive read access to the `$APPLOCALDATA` folder.
`fs:allow-applocaldata-write`	This allows non-recursive write access to the `$APPLOCALDATA` folder.
`fs:allow-applocaldata-meta-recursive`	This allows full recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.
`fs:allow-applocaldata-meta`	This allows non-recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics.
`fs:scope-applocaldata-recursive`	This scope permits recursive access to the complete `$APPLOCALDATA` folder, including sub directories and files.
`fs:scope-applocaldata`	This scope permits access to all files and list content of top level directories in the `$APPLOCALDATA` folder.
`fs:scope-applocaldata-index`	This scope permits to list all files and folders in the `$APPLOCALDATA`folder.
`fs:allow-applog-read-recursive`	This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories.
`fs:allow-applog-write-recursive`	This allows full recursive write access to the complete `$APPLOG` folder, files and subdirectories.
`fs:allow-applog-read`	This allows non-recursive read access to the `$APPLOG` folder.
`fs:allow-applog-write`	This allows non-recursive write access to the `$APPLOG` folder.
`fs:allow-applog-meta-recursive`	This allows full recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.
`fs:allow-applog-meta`	This allows non-recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics.
`fs:scope-applog-recursive`	This scope permits recursive access to the complete `$APPLOG` folder, including sub directories and files.
`fs:scope-applog`	This scope permits access to all files and list content of top level directories in the `$APPLOG` folder.
`fs:scope-applog-index`	This scope permits to list all files and folders in the `$APPLOG`folder.
`fs:allow-audio-read-recursive`	This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories.
`fs:allow-audio-write-recursive`	This allows full recursive write access to the complete `$AUDIO` folder, files and subdirectories.
`fs:allow-audio-read`	This allows non-recursive read access to the `$AUDIO` folder.
`fs:allow-audio-write`	This allows non-recursive write access to the `$AUDIO` folder.
`fs:allow-audio-meta-recursive`	This allows full recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.
`fs:allow-audio-meta`	This allows non-recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics.
`fs:scope-audio-recursive`	This scope permits recursive access to the complete `$AUDIO` folder, including sub directories and files.
`fs:scope-audio`	This scope permits access to all files and list content of top level directories in the `$AUDIO` folder.
`fs:scope-audio-index`	This scope permits to list all files and folders in the `$AUDIO`folder.
`fs:allow-cache-read-recursive`	This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories.
`fs:allow-cache-write-recursive`	This allows full recursive write access to the complete `$CACHE` folder, files and subdirectories.
`fs:allow-cache-read`	This allows non-recursive read access to the `$CACHE` folder.
`fs:allow-cache-write`	This allows non-recursive write access to the `$CACHE` folder.
`fs:allow-cache-meta-recursive`	This allows full recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.
`fs:allow-cache-meta`	This allows non-recursive read access to metadata of the `$CACHE` folder, including file listing and statistics.
`fs:scope-cache-recursive`	This scope permits recursive access to the complete `$CACHE` folder, including sub directories and files.
`fs:scope-cache`	This scope permits access to all files and list content of top level directories in the `$CACHE` folder.
`fs:scope-cache-index`	This scope permits to list all files and folders in the `$CACHE`folder.
`fs:allow-config-read-recursive`	This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories.
`fs:allow-config-write-recursive`	This allows full recursive write access to the complete `$CONFIG` folder, files and subdirectories.
`fs:allow-config-read`	This allows non-recursive read access to the `$CONFIG` folder.
`fs:allow-config-write`	This allows non-recursive write access to the `$CONFIG` folder.
`fs:allow-config-meta-recursive`	This allows full recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.
`fs:allow-config-meta`	This allows non-recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics.
`fs:scope-config-recursive`	This scope permits recursive access to the complete `$CONFIG` folder, including sub directories and files.
`fs:scope-config`	This scope permits access to all files and list content of top level directories in the `$CONFIG` folder.
`fs:scope-config-index`	This scope permits to list all files and folders in the `$CONFIG`folder.
`fs:allow-data-read-recursive`	This allows full recursive read access to the complete `$DATA` folder, files and subdirectories.
`fs:allow-data-write-recursive`	This allows full recursive write access to the complete `$DATA` folder, files and subdirectories.
`fs:allow-data-read`	This allows non-recursive read access to the `$DATA` folder.
`fs:allow-data-write`	This allows non-recursive write access to the `$DATA` folder.
`fs:allow-data-meta-recursive`	This allows full recursive read access to metadata of the `$DATA` folder, including file listing and statistics.
`fs:allow-data-meta`	This allows non-recursive read access to metadata of the `$DATA` folder, including file listing and statistics.
`fs:scope-data-recursive`	This scope permits recursive access to the complete `$DATA` folder, including sub directories and files.
`fs:scope-data`	This scope permits access to all files and list content of top level directories in the `$DATA` folder.
`fs:scope-data-index`	This scope permits to list all files and folders in the `$DATA`folder.
`fs:allow-desktop-read-recursive`	This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories.
`fs:allow-desktop-write-recursive`	This allows full recursive write access to the complete `$DESKTOP` folder, files and subdirectories.
`fs:allow-desktop-read`	This allows non-recursive read access to the `$DESKTOP` folder.
`fs:allow-desktop-write`	This allows non-recursive write access to the `$DESKTOP` folder.
`fs:allow-desktop-meta-recursive`	This allows full recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.
`fs:allow-desktop-meta`	This allows non-recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics.
`fs:scope-desktop-recursive`	This scope permits recursive access to the complete `$DESKTOP` folder, including sub directories and files.
`fs:scope-desktop`	This scope permits access to all files and list content of top level directories in the `$DESKTOP` folder.
`fs:scope-desktop-index`	This scope permits to list all files and folders in the `$DESKTOP`folder.
`fs:allow-document-read-recursive`	This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories.
`fs:allow-document-write-recursive`	This allows full recursive write access to the complete `$DOCUMENT` folder, files and subdirectories.
`fs:allow-document-read`	This allows non-recursive read access to the `$DOCUMENT` folder.
`fs:allow-document-write`	This allows non-recursive write access to the `$DOCUMENT` folder.
`fs:allow-document-meta-recursive`	This allows full recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.
`fs:allow-document-meta`	This allows non-recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics.
`fs:scope-document-recursive`	This scope permits recursive access to the complete `$DOCUMENT` folder, including sub directories and files.
`fs:scope-document`	This scope permits access to all files and list content of top level directories in the `$DOCUMENT` folder.
`fs:scope-document-index`	This scope permits to list all files and folders in the `$DOCUMENT`folder.
`fs:allow-download-read-recursive`	This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories.
`fs:allow-download-write-recursive`	This allows full recursive write access to the complete `$DOWNLOAD` folder, files and subdirectories.
`fs:allow-download-read`	This allows non-recursive read access to the `$DOWNLOAD` folder.
`fs:allow-download-write`	This allows non-recursive write access to the `$DOWNLOAD` folder.
`fs:allow-download-meta-recursive`	This allows full recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.
`fs:allow-download-meta`	This allows non-recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics.
`fs:scope-download-recursive`	This scope permits recursive access to the complete `$DOWNLOAD` folder, including sub directories and files.
`fs:scope-download`	This scope permits access to all files and list content of top level directories in the `$DOWNLOAD` folder.
`fs:scope-download-index`	This scope permits to list all files and folders in the `$DOWNLOAD`folder.
`fs:allow-exe-read-recursive`	This allows full recursive read access to the complete `$EXE` folder, files and subdirectories.
`fs:allow-exe-write-recursive`	This allows full recursive write access to the complete `$EXE` folder, files and subdirectories.
`fs:allow-exe-read`	This allows non-recursive read access to the `$EXE` folder.
`fs:allow-exe-write`	This allows non-recursive write access to the `$EXE` folder.
`fs:allow-exe-meta-recursive`	This allows full recursive read access to metadata of the `$EXE` folder, including file listing and statistics.
`fs:allow-exe-meta`	This allows non-recursive read access to metadata of the `$EXE` folder, including file listing and statistics.
`fs:scope-exe-recursive`	This scope permits recursive access to the complete `$EXE` folder, including sub directories and files.
`fs:scope-exe`	This scope permits access to all files and list content of top level directories in the `$EXE` folder.
`fs:scope-exe-index`	This scope permits to list all files and folders in the `$EXE`folder.
`fs:allow-font-read-recursive`	This allows full recursive read access to the complete `$FONT` folder, files and subdirectories.
`fs:allow-font-write-recursive`	This allows full recursive write access to the complete `$FONT` folder, files and subdirectories.
`fs:allow-font-read`	This allows non-recursive read access to the `$FONT` folder.
`fs:allow-font-write`	This allows non-recursive write access to the `$FONT` folder.
`fs:allow-font-meta-recursive`	This allows full recursive read access to metadata of the `$FONT` folder, including file listing and statistics.
`fs:allow-font-meta`	This allows non-recursive read access to metadata of the `$FONT` folder, including file listing and statistics.
`fs:scope-font-recursive`	This scope permits recursive access to the complete `$FONT` folder, including sub directories and files.
`fs:scope-font`	This scope permits access to all files and list content of top level directories in the `$FONT` folder.
`fs:scope-font-index`	This scope permits to list all files and folders in the `$FONT`folder.
`fs:allow-home-read-recursive`	This allows full recursive read access to the complete `$HOME` folder, files and subdirectories.
`fs:allow-home-write-recursive`	This allows full recursive write access to the complete `$HOME` folder, files and subdirectories.
`fs:allow-home-read`	This allows non-recursive read access to the `$HOME` folder.
`fs:allow-home-write`	This allows non-recursive write access to the `$HOME` folder.
`fs:allow-home-meta-recursive`	This allows full recursive read access to metadata of the `$HOME` folder, including file listing and statistics.
`fs:allow-home-meta`	This allows non-recursive read access to metadata of the `$HOME` folder, including file listing and statistics.
`fs:scope-home-recursive`	This scope permits recursive access to the complete `$HOME` folder, including sub directories and files.
`fs:scope-home`	This scope permits access to all files and list content of top level directories in the `$HOME` folder.
`fs:scope-home-index`	This scope permits to list all files and folders in the `$HOME`folder.
`fs:allow-localdata-read-recursive`	This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories.
`fs:allow-localdata-write-recursive`	This allows full recursive write access to the complete `$LOCALDATA` folder, files and subdirectories.
`fs:allow-localdata-read`	This allows non-recursive read access to the `$LOCALDATA` folder.
`fs:allow-localdata-write`	This allows non-recursive write access to the `$LOCALDATA` folder.
`fs:allow-localdata-meta-recursive`	This allows full recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.
`fs:allow-localdata-meta`	This allows non-recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics.
`fs:scope-localdata-recursive`	This scope permits recursive access to the complete `$LOCALDATA` folder, including sub directories and files.
`fs:scope-localdata`	This scope permits access to all files and list content of top level directories in the `$LOCALDATA` folder.
`fs:scope-localdata-index`	This scope permits to list all files and folders in the `$LOCALDATA`folder.
`fs:allow-log-read-recursive`	This allows full recursive read access to the complete `$LOG` folder, files and subdirectories.
`fs:allow-log-write-recursive`	This allows full recursive write access to the complete `$LOG` folder, files and subdirectories.
`fs:allow-log-read`	This allows non-recursive read access to the `$LOG` folder.
`fs:allow-log-write`	This allows non-recursive write access to the `$LOG` folder.
`fs:allow-log-meta-recursive`	This allows full recursive read access to metadata of the `$LOG` folder, including file listing and statistics.
`fs:allow-log-meta`	This allows non-recursive read access to metadata of the `$LOG` folder, including file listing and statistics.
`fs:scope-log-recursive`	This scope permits recursive access to the complete `$LOG` folder, including sub directories and files.
`fs:scope-log`	This scope permits access to all files and list content of top level directories in the `$LOG` folder.
`fs:scope-log-index`	This scope permits to list all files and folders in the `$LOG`folder.
`fs:allow-picture-read-recursive`	This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories.
`fs:allow-picture-write-recursive`	This allows full recursive write access to the complete `$PICTURE` folder, files and subdirectories.
`fs:allow-picture-read`	This allows non-recursive read access to the `$PICTURE` folder.
`fs:allow-picture-write`	This allows non-recursive write access to the `$PICTURE` folder.
`fs:allow-picture-meta-recursive`	This allows full recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.
`fs:allow-picture-meta`	This allows non-recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics.
`fs:scope-picture-recursive`	This scope permits recursive access to the complete `$PICTURE` folder, including sub directories and files.
`fs:scope-picture`	This scope permits access to all files and list content of top level directories in the `$PICTURE` folder.
`fs:scope-picture-index`	This scope permits to list all files and folders in the `$PICTURE`folder.
`fs:allow-public-read-recursive`	This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories.
`fs:allow-public-write-recursive`	This allows full recursive write access to the complete `$PUBLIC` folder, files and subdirectories.
`fs:allow-public-read`	This allows non-recursive read access to the `$PUBLIC` folder.
`fs:allow-public-write`	This allows non-recursive write access to the `$PUBLIC` folder.
`fs:allow-public-meta-recursive`	This allows full recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.
`fs:allow-public-meta`	This allows non-recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics.
`fs:scope-public-recursive`	This scope permits recursive access to the complete `$PUBLIC` folder, including sub directories and files.
`fs:scope-public`	This scope permits access to all files and list content of top level directories in the `$PUBLIC` folder.
`fs:scope-public-index`	This scope permits to list all files and folders in the `$PUBLIC`folder.
`fs:allow-resource-read-recursive`	This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories.
`fs:allow-resource-write-recursive`	This allows full recursive write access to the complete `$RESOURCE` folder, files and subdirectories.
`fs:allow-resource-read`	This allows non-recursive read access to the `$RESOURCE` folder.
`fs:allow-resource-write`	This allows non-recursive write access to the `$RESOURCE` folder.
`fs:allow-resource-meta-recursive`	This allows full recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.
`fs:allow-resource-meta`	This allows non-recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics.
`fs:scope-resource-recursive`	This scope permits recursive access to the complete `$RESOURCE` folder, including sub directories and files.
`fs:scope-resource`	This scope permits access to all files and list content of top level directories in the `$RESOURCE` folder.
`fs:scope-resource-index`	This scope permits to list all files and folders in the `$RESOURCE`folder.
`fs:allow-runtime-read-recursive`	This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories.
`fs:allow-runtime-write-recursive`	This allows full recursive write access to the complete `$RUNTIME` folder, files and subdirectories.
`fs:allow-runtime-read`	This allows non-recursive read access to the `$RUNTIME` folder.
`fs:allow-runtime-write`	This allows non-recursive write access to the `$RUNTIME` folder.
`fs:allow-runtime-meta-recursive`	This allows full recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.
`fs:allow-runtime-meta`	This allows non-recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics.
`fs:scope-runtime-recursive`	This scope permits recursive access to the complete `$RUNTIME` folder, including sub directories and files.
`fs:scope-runtime`	This scope permits access to all files and list content of top level directories in the `$RUNTIME` folder.
`fs:scope-runtime-index`	This scope permits to list all files and folders in the `$RUNTIME`folder.
`fs:allow-temp-read-recursive`	This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories.
`fs:allow-temp-write-recursive`	This allows full recursive write access to the complete `$TEMP` folder, files and subdirectories.
`fs:allow-temp-read`	This allows non-recursive read access to the `$TEMP` folder.
`fs:allow-temp-write`	This allows non-recursive write access to the `$TEMP` folder.
`fs:allow-temp-meta-recursive`	This allows full recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.
`fs:allow-temp-meta`	This allows non-recursive read access to metadata of the `$TEMP` folder, including file listing and statistics.
`fs:scope-temp-recursive`	This scope permits recursive access to the complete `$TEMP` folder, including sub directories and files.
`fs:scope-temp`	This scope permits access to all files and list content of top level directories in the `$TEMP` folder.
`fs:scope-temp-index`	This scope permits to list all files and folders in the `$TEMP`folder.
`fs:allow-template-read-recursive`	This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories.
`fs:allow-template-write-recursive`	This allows full recursive write access to the complete `$TEMPLATE` folder, files and subdirectories.
`fs:allow-template-read`	This allows non-recursive read access to the `$TEMPLATE` folder.
`fs:allow-template-write`	This allows non-recursive write access to the `$TEMPLATE` folder.
`fs:allow-template-meta-recursive`	This allows full recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.
`fs:allow-template-meta`	This allows non-recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics.
`fs:scope-template-recursive`	This scope permits recursive access to the complete `$TEMPLATE` folder, including sub directories and files.
`fs:scope-template`	This scope permits access to all files and list content of top level directories in the `$TEMPLATE` folder.
`fs:scope-template-index`	This scope permits to list all files and folders in the `$TEMPLATE`folder.
`fs:allow-video-read-recursive`	This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories.
`fs:allow-video-write-recursive`	This allows full recursive write access to the complete `$VIDEO` folder, files and subdirectories.
`fs:allow-video-read`	This allows non-recursive read access to the `$VIDEO` folder.
`fs:allow-video-write`	This allows non-recursive write access to the `$VIDEO` folder.
`fs:allow-video-meta-recursive`	This allows full recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.
`fs:allow-video-meta`	This allows non-recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics.
`fs:scope-video-recursive`	This scope permits recursive access to the complete `$VIDEO` folder, including sub directories and files.
`fs:scope-video`	This scope permits access to all files and list content of top level directories in the `$VIDEO` folder.
`fs:scope-video-index`	This scope permits to list all files and folders in the `$VIDEO`folder.
`fs:allow-copy-file`	Enables the copy_file command without any pre-configured scope.
`fs:deny-copy-file`	Denies the copy_file command without any pre-configured scope.
`fs:allow-create`	Enables the create command without any pre-configured scope.
`fs:deny-create`	Denies the create command without any pre-configured scope.
`fs:allow-exists`	Enables the exists command without any pre-configured scope.
`fs:deny-exists`	Denies the exists command without any pre-configured scope.
`fs:allow-fstat`	Enables the fstat command without any pre-configured scope.
`fs:deny-fstat`	Denies the fstat command without any pre-configured scope.
`fs:allow-ftruncate`	Enables the ftruncate command without any pre-configured scope.
`fs:deny-ftruncate`	Denies the ftruncate command without any pre-configured scope.
`fs:allow-lstat`	Enables the lstat command without any pre-configured scope.
`fs:deny-lstat`	Denies the lstat command without any pre-configured scope.
`fs:allow-mkdir`	Enables the mkdir command without any pre-configured scope.
`fs:deny-mkdir`	Denies the mkdir command without any pre-configured scope.
`fs:allow-open`	Enables the open command without any pre-configured scope.
`fs:deny-open`	Denies the open command without any pre-configured scope.
`fs:allow-read`	Enables the read command without any pre-configured scope.
`fs:deny-read`	Denies the read command without any pre-configured scope.
`fs:allow-read-dir`	Enables the read_dir command without any pre-configured scope.
`fs:deny-read-dir`	Denies the read_dir command without any pre-configured scope.
`fs:allow-read-file`	Enables the read_file command without any pre-configured scope.
`fs:deny-read-file`	Denies the read_file command without any pre-configured scope.
`fs:allow-read-text-file`	Enables the read_text_file command without any pre-configured scope.
`fs:deny-read-text-file`	Denies the read_text_file command without any pre-configured scope.
`fs:allow-read-text-file-lines`	Enables the read_text_file_lines command without any pre-configured scope.
`fs:deny-read-text-file-lines`	Denies the read_text_file_lines command without any pre-configured scope.
`fs:allow-read-text-file-lines-next`	Enables the read_text_file_lines_next command without any pre-configured scope.
`fs:deny-read-text-file-lines-next`	Denies the read_text_file_lines_next command without any pre-configured scope.
`fs:allow-remove`	Enables the remove command without any pre-configured scope.
`fs:deny-remove`	Denies the remove command without any pre-configured scope.
`fs:allow-rename`	Enables the rename command without any pre-configured scope.
`fs:deny-rename`	Denies the rename command without any pre-configured scope.
`fs:allow-seek`	Enables the seek command without any pre-configured scope.
`fs:deny-seek`	Denies the seek command without any pre-configured scope.
`fs:allow-size`	Enables the size command without any pre-configured scope.
`fs:deny-size`	Denies the size command without any pre-configured scope.
`fs:allow-stat`	Enables the stat command without any pre-configured scope.
`fs:deny-stat`	Denies the stat command without any pre-configured scope.
`fs:allow-truncate`	Enables the truncate command without any pre-configured scope.
`fs:deny-truncate`	Denies the truncate command without any pre-configured scope.
`fs:allow-unwatch`	Enables the unwatch command without any pre-configured scope.
`fs:deny-unwatch`	Denies the unwatch command without any pre-configured scope.
`fs:allow-watch`	Enables the watch command without any pre-configured scope.
`fs:deny-watch`	Denies the watch command without any pre-configured scope.
`fs:allow-write`	Enables the write command without any pre-configured scope.
`fs:deny-write`	Denies the write command without any pre-configured scope.
`fs:allow-write-file`	Enables the write_file command without any pre-configured scope.
`fs:deny-write-file`	Denies the write_file command without any pre-configured scope.
`fs:allow-write-text-file`	Enables the write_text_file command without any pre-configured scope.
`fs:deny-write-text-file`	Denies the write_text_file command without any pre-configured scope.
`fs:create-app-specific-dirs`	This permissions allows to create the application specific directories.
`fs:deny-default`	This denies access to dangerous Tauri relevant files and folders by default.
`fs:deny-webview-data-linux`	This denies read access to the `$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.
`fs:deny-webview-data-windows`	This denies read access to the `$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here. Allowing access can lead to sensitive information disclosure and should be well considered.
`fs:read-all`	This enables all read related commands without any pre-configured accessible paths.
`fs:read-app-specific-dirs-recursive`	This permission allows recursive read functionality on the application specific base directories.
`fs:read-dirs`	This enables directory read and file metadata related commands without any pre-configured accessible paths.
`fs:read-files`	This enables file read related commands without any pre-configured accessible paths.
`fs:read-meta`	This enables all index or metadata related commands without any pre-configured accessible paths.
`fs:scope`	An empty permission you can use to modify the global scope. Example `{ "identifier": "read-documents", "windows": ["main"], "permissions": [ "fs:allow-read", { "identifier": "fs:scope", "allow": [ "$APPDATA/documents/*/" ], "deny": [ "$APPDATA/documents/secret.txt" ] } ] }`
`fs:write-all`	This enables all write related commands without any pre-configured accessible paths.
`fs:write-files`	This enables all file write related commands without any pre-configured accessible paths.

Scopes

このプラグインのアクセス権限には、どのパスが許可されるか、または明示的に拒否されるかを定義するためのスコープ（有効範囲）が含まれています。

「スコープ」の詳細については、「コマンド・スコープ」を参照してください。

「許可 allow」または「拒否 deny」のスコープのどちらにも、許可または拒否する必要があるすべてのパスをリストした配列を含める必要があります。スコープのエントリは「{ path: string }」形式です。

スコープ・エントリでは、「$<path> 変数」を使用して、ホーム・ディレクトリ、アプリ・リソース・ディレクトリ、設定ディレクトリなどの一般的なシステムパスを参照できます。以下の表に、参照可能な一般的なパスをすべて示します：

Path	変数
appConfigDir	$APPCONFIG
appDataDir	$APPDATA
appLocalDataDir	$APPLOCALDATA
appcacheDir	$APPCACHE
applogDir	$APPLOG
audioDir	$AUDIO
cacheDir	$CACHE
configDir	$CONFIG
dataDir	$DATA
localDataDir	$LOCALDATA
desktopDir	$DESKTOP
documentDir	$DOCUMENT
downloadDir	$DOWNLOAD
executableDir	$EXE
fontDir	$FONT
homeDir	$HOME
pictureDir	$PICTURE
publicDir	$PUBLIC
runtimeDir	$RUNTIME
templateDir	$TEMPLATE
videoDir	$VIDEO
resourceDir	$RESOURCE
tempDir	$TEMP

設定例

グローバル・スコープ

どの fs コマンドにもスコープを適用するには、「fs:scope 権限」を使用します：

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    {
      "identifier": "fs:scope",
      "allow": [{ "path": "$APPDATA" }, { "path": "$APPDATA/**/*" }]
    }
  ]
}

ある特定のfsコマンドだけにスコープを適用するには、アクセス権限のオブジェクト形式 { "identifier": string, "allow"?: [], "deny"?: [] } を使用します：

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "main-capability",
  "description": "Capability for the main window",
  "windows": ["main"],
  "permissions": [
    {
      "identifier": "fs:allow-rename",
      "allow": [{ "path": "$HOME/**/*" }]
    },
    {
      "identifier": "fs:allow-rename",
      "deny": [{ "path": "$HOME/.config/**/*" }]
    },
    {
      "identifier": "fs:allow-exists",
      "allow": [{ "path": "$APPDATA/*" }]
    }
  ]
}

上記の例では、任意の「$APPDATA サブ・パス」（サブ・ディレクトリを含まない）を使用して exists API と rename を使用します。

Unix ベースのシステムの「ドット・ファイル」（例：.gitignore）あるいは「ドット・フォルダ」（例：.ssh）にアクセスしようとしている場合には、完全なパス（/home/user/.ssh/example）を指定するか、「ドット・フォルダー」のパス・コンポーネントの後ろに「グロブ（ワイルドカード）」を追加する形（/home/user/.ssh/*）のいずれかを用いる必要があります。

《訳注》

グロブ　glob：　主に Unix 系環境において、ワイルドカードでファイル名のセットを指定するパターンのこと《wikipedia》

もしあなたの使用事例でこれが機能しない場合は、任意のコンポーネントを有効な「パス・リテラル」（パスの直接指定値）として扱うようにプラグインを設定してください。

《訳注》

パス・リテラル　path literal：　リテラルは、プログラミング言語においてソースコード内に値を直接表記した形のものです。パス・リテラルは、ファイルやディレクトリのパスを「文字通りの」文字列として扱うことです。《wikipedia》

 "plugins": {
    "fs": {
      "requireLiteralLeadingDot": false
    }
  }

【※ この日本語版は、「Jun 18, 2025 英語版」に基づいています】

Support on Open Collective Sponsor on GitHub

File System（ファイル・システム）

Denied Permissions

This default permission set includes the following:

Permission Table

Example