ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Downloadable content

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Wed, 31 Jul 2013 11:33:38 -0500
In-reply-to: <51F93A83.9050509@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7

On 07/31/2013 11:25 AM, Jamie Strandboge wrote:
> On 07/31/2013 10:45 AM, Ted Gould wrote:
>> On Tue, 2013-07-30 at 11:30 +0100, Martin Albisetti wrote:
>>>>  - Who will own this sub-project?
>>>
>>> Also happy to own it as I think most of the key pieces land within my domains.
>>
>> I think the major one that doesn't is possibly having the AppArmor profile allow
>> reading from another Click package.  I don't think that's in the security part
>> of the manifest today.
>>
> 
> It isn't, and this would have to be designed. I think quite a bit of
> downloadable content will work fine without adjusting policy. Ie, 'foo' is in
> the app store. User installs it, launches foo and sees an in-app purchase for
> foo. foo goes through the machinations of payment and then downloads it
> somewhere in ~/.local/share/foo/ (ie, a writable area for the app). I think this
> would be an acceptable first cut.
> 
> Sharing data between apps but from the same developer should be possible, but
> this is the part that requires design. I don't think we're ready to design this
> fully now, but we thought about this scenario when coming up with the naming
> scheme for APPNAME and APPVERSION. Ie, after the click apparmor hook is run,
> currently we have the following in policy:
> 
> @{APPNAME}="com.ubuntu.developer.jdstrand.evilapp"
> @{APPVERSION}="0.4"
> @{CLICK_DIR}="/opt/click.ubuntu.com"
> profile "com.ubuntu.developer.jdstrand.evilapp_evilapp_0.4" {
>   ...
>   @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/    r,
>   @{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/**  mrklix,
>   ...
>   owner @{HOME}/.cache/@{APPNAME}/         rw,
>   owner @{HOME}/.cache/@{APPNAME}/**       mrwkl,
>   owner @{HOME}/.local/share/@{APPNAME}/   rw,
>   owner @{HOME}/.local/share/@{APPNAME}/** mrwklix,
>   ...
> }
> 
> Note, this is just OTOH and not a design or discussed, but to give you an idea
> of how this *could* work, it is not hard to imagine creating a new template
> variable and rules like so:
> 
> @{APPDEVELOPER}="com.ubuntu.developer.jdstrand"
> ...
>   @{CLICK_DIR}/@{APPDEVELOPER}.*/   r,
>   @{CLICK_DIR}/@{APPDEVELOPER}.*/** mrl,
>   owner @{HOME}/.local/share/@{APPDEVELOPER}.*/   r,
>   owner @{HOME}/.local/share/@{APPDEVELOPER}.*/** mrl,
> ...
> 

I forgot to mention, sharing downloadable content between apps not written by
the same developer is not handled by the above and would require design. Feels
like the two covered scenarios (just downloading to your writable area and
sharing between developer apps), above, would likely be enough, but I could have
easily not thought of all the use cases (have I mentioned it needs design? :).

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

References

Downloadable content
From: Daniel Holbach, 2013-07-26
Re: Downloadable content
From: Martin Albisetti, 2013-07-30
Re: Downloadable content
From: Ted Gould, 2013-07-31
Re: Downloadable content
From: Jamie Strandboge, 2013-07-31