← Back to team overview

ubuntu-appstore-developers team mailing list archive

Re: Downloadable content

 

On 07/31/2013 10:45 AM, Ted Gould wrote:
> On Tue, 2013-07-30 at 11:30 +0100, Martin Albisetti wrote:
>> >  - Who will own this sub-project?
>>
>> Also happy to own it as I think most of the key pieces land within my domains.
> 
> I think the major one that doesn't is possibly having the AppArmor profile allow
> reading from another Click package.  I don't think that's in the security part
> of the manifest today.
> 

It isn't, and this would have to be designed. I think quite a bit of
downloadable content will work fine without adjusting policy. Ie, 'foo' is in
the app store. User installs it, launches foo and sees an in-app purchase for
foo. foo goes through the machinations of payment and then downloads it
somewhere in ~/.local/share/foo/ (ie, a writable area for the app). I think this
would be an acceptable first cut.

Sharing data between apps but from the same developer should be possible, but
this is the part that requires design. I don't think we're ready to design this
fully now, but we thought about this scenario when coming up with the naming
scheme for APPNAME and APPVERSION. Ie, after the click apparmor hook is run,
currently we have the following in policy:

@{APPNAME}="com.ubuntu.developer.jdstrand.evilapp"
@{APPVERSION}="0.4"
@{CLICK_DIR}="/opt/click.ubuntu.com"
profile "com.ubuntu.developer.jdstrand.evilapp_evilapp_0.4" {
  ...
  @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/    r,
  @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/**  mrklix,
  ...
  owner @{HOME}/.cache/@{APPNAME}/         rw,
  owner @{HOME}/.cache/@{APPNAME}/**       mrwkl,
  owner @{HOME}/.local/share/@{APPNAME}/   rw,
  owner @{HOME}/.local/share/@{APPNAME}/** mrwklix,
  ...
}

Note, this is just OTOH and not a design or discussed, but to give you an idea
of how this *could* work, it is not hard to imagine creating a new template
variable and rules like so:

@{APPDEVELOPER}="com.ubuntu.developer.jdstrand"
...
  @{CLICK_DIR}/@{APPDEVELOPER}.*/   r,
  @{CLICK_DIR}/@{APPDEVELOPER}.*/** mrl,
  owner @{HOME}/.local/share/@{APPDEVELOPER}.*/   r,
  owner @{HOME}/.local/share/@{APPDEVELOPER}.*/** mrl,
...


-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature


Follow ups

References