elementary-dev-community team mailing list archive

Thread
Date

elementary's path forward for application containment and security.

To: "elementary-dev-community@xxxxxxxxxxxxxxxxxxx" <elementary-dev-community@xxxxxxxxxxxxxxxxxxx>
From: Cameron Norman <camerontnorman@xxxxxxxxx>
Date: Wed, 19 Mar 2014 01:29:18 -0007

Hello all,

I recently have taken an interest in some of the containment andsecurity features being developed for Ubuntu touch, as well as LennartPoettering's plans for containment on GNOME.

One of the recurring aspects that I see is a "Content Hub" (Ubuntu) or"application Portals" (GNOME) system. Both of these have remarkablesimilarity (in concept) to elementary's Contractor. Although many ofyou most likely did not foresee Contractor's role in security when itwas created, it undoubtedly does have one. By delegating outresponsibilities (such as, say, printing), Contractor allows for theremoval of privileges from an application. If all applications areusing the print contract, there is no need for those applications tohave the capability to use the printer.

By extending Contractor's scope (or moving to another service) furthercontainment, as well as better features, is possible. Specifically,returning data, instead of handing them off, will allow for increasedconsolidation of privileges.

The open and save GTK file dialogs are great example. If apps usecontracts to perform these functions, they do not need to be given theprivilege of directly reading or writing to the user's documents,pictures, emails, etc.

Another good example is retrieving a profile photo. Instead of havingevery social media app be able to directly access the webcam, theycould ask Contractor for a photo, and contractor could give the webcamoption.


These are the changes/additions that I think could make this possible:
* returning data instead of just handing it off
* ability to call a contract by name (e.g. "Print" or "OpenFile")

* passing / returning more types of data: not just files, but alsostrings, booleans, or URLs

Before I go into detail about how I have been thinking about exposingthis functionality, I would like to hear all of your thoughts about themerit of these changes, and if any of you would like to develop thesethings with me (heads up: I suck at programming :).

Lennart Poettering's presentation of portals at GUADEC 2013, startingat 35:00.


Ubuntu Mobile's "Content Hub".

Thank you very much for reading,
--

Cameron Norman

Follow ups

Re: elementary's path forward for application containment and security.
From: Akshay Shekher, 2014-03-19
Re: elementary's path forward for application containment and security.
From: Daniel Foré, 2014-03-19