desktop-packages team mailing list archive

Thread
Date

[Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
Date: Thu, 10 Dec 2015 17:51:35 -0000
Reply-to: Bug 1230091 <1230091@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

(I now realize that this bug report is about Mir allowing out-of-process
child windows in general, not about the permissions prompt in
particular. Sorry for the noise.)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to signon in Ubuntu.
https://bugs.launchpad.net/bugs/1230091

Title:
  [enhancement] Trusted Session surface management (required for
  appstore app trust model), modal subwindows

Status in content-hub:
  Invalid
Status in Mir:
  Triaged
Status in unity-mir:
  Triaged
Status in signon package in Ubuntu:
  Invalid
Status in unity-mir package in Ubuntu:
  Triaged

Bug description:
  (I'm filing this as a bug in order to be able to point other people to
  it, and to track its progress; if there's a blueprint containing this
  task, please let me know)

  Some components (such as the Online Accounts trusted helper) need to
  be able to pop-up a window (typically, a dialog) on top of the running
  application. Such windows should be modal to the application, that is
  the user should not be able to interact with the application while the
  modal window is displayed on top of them. This also means that in the
  task switcher one shouldn't see two windows, but only the topmost
  modal window (and parts of the application window, in case the modal
  window on top is a non-fullscreen dialog).

  For developers, this API already exists in Qt: http://doc.qt.io/qt-5/qwindow.html#fromWinId
  It needs to be implemented in the QPA plugin, so feel free to add the relevant projects to the bug report.

  From jdstrand>
  This is a hard requirement for application confinement because of our trust model-- permission to access sensitive data by AppStore apps is typically granted or denied at the time of access (caching the result for later use as appropriate), so users have a context for the access being requested. We do this instead of throwing up a permissions prompt at installation. However, for it to work, trusted helpers like online accounts and location require this functionality from unity-mir. A trust-store is also being implemented so other services like calendar and contacts can do the same. Because this feature is not implemented, the implementation for online accounts, location and the trust-store is blocked and appstore apps are therefore able to access these services without the user knowing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/content-hub/+bug/1230091/+subscriptions