ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-07-12 08:45 AM, Marc Deslauriers wrote:

>>
>> If declaring the location or flagging to use a different location in the
>> toplevel manifest is unacceptable, the path needs to be given to apparmor
>> somehow. Assuming that installing and upgrading click packages in different
>> locations is solvable without declaring it in the manifest, we could approach
>> this in apparmor with:
>>  * keep adding paths to the Ubuntu templates as you suggest
>>  * have OEMs define their own templates/policy_groups
>>    in /usr/share/apparmor/{policy_groups,templates}/<oem>/<oem_version>, and
>>    then the security section of the click manifest would specify the template,
>>    policy_vendor and policy_version
> 
> The click package AppArmor hook could query the click package installer as to
> where the installation path is. This would allow us to support custom locations
> without embedding them in the manifest, which is controlled by the developer and
> we can't change once the package ships. This also allows us to control what
> those custom locations are.
> 

Also, this would allow OEMs to preload existing applications on phones they ship
without requiring them to modify the manifest file, which in certain instances
they may not even control. For example, if an OEM wants to preload the Facebook
application.

Marc.