ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Downloadable content

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Wed, 31 Jul 2013 11:25:39 -0500
In-reply-to: <1375285556.3709.20.camel@localhost>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7

On 07/31/2013 10:45 AM, Ted Gould wrote:
> On Tue, 2013-07-30 at 11:30 +0100, Martin Albisetti wrote:
>> >  - Who will own this sub-project?
>>
>> Also happy to own it as I think most of the key pieces land within my domains.
> 
> I think the major one that doesn't is possibly having the AppArmor profile allow
> reading from another Click package.  I don't think that's in the security part
> of the manifest today.
> 

It isn't, and this would have to be designed. I think quite a bit of
downloadable content will work fine without adjusting policy. Ie, 'foo' is in
the app store. User installs it, launches foo and sees an in-app purchase for
foo. foo goes through the machinations of payment and then downloads it
somewhere in ~/.local/share/foo/ (ie, a writable area for the app). I think this
would be an acceptable first cut.

Sharing data between apps but from the same developer should be possible, but
this is the part that requires design. I don't think we're ready to design this
fully now, but we thought about this scenario when coming up with the naming
scheme for APPNAME and APPVERSION. Ie, after the click apparmor hook is run,
currently we have the following in policy:

@{APPNAME}="com.ubuntu.developer.jdstrand.evilapp"
@{APPVERSION}="0.4"
@{CLICK_DIR}="/opt/click.ubuntu.com"
profile "com.ubuntu.developer.jdstrand.evilapp_evilapp_0.4" {
  ...
  @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/    r,
  @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/**  mrklix,
  ...
  owner @{HOME}/.cache/@{APPNAME}/         rw,
  owner @{HOME}/.cache/@{APPNAME}/**       mrwkl,
  owner @{HOME}/.local/share/@{APPNAME}/   rw,
  owner @{HOME}/.local/share/@{APPNAME}/** mrwklix,
  ...
}

Note, this is just OTOH and not a design or discussed, but to give you an idea
of how this *could* work, it is not hard to imagine creating a new template
variable and rules like so:

@{APPDEVELOPER}="com.ubuntu.developer.jdstrand"
...
  @{CLICK_DIR}/@{APPDEVELOPER}.*/   r,
  @{CLICK_DIR}/@{APPDEVELOPER}.*/** mrl,
  owner @{HOME}/.local/share/@{APPDEVELOPER}.*/   r,
  owner @{HOME}/.local/share/@{APPDEVELOPER}.*/** mrl,
...

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Downloadable content
From: Jamie Strandboge, 2013-07-31

References

Downloadable content
From: Daniel Holbach, 2013-07-26
Re: Downloadable content
From: Martin Albisetti, 2013-07-30
Re: Downloadable content
From: Ted Gould, 2013-07-31