ubuntu-phone team mailing list archive

[Zisu Andrei <matzipan@xxxxxxxxx>]

Right... what about a "Save to dropbox" usecase, "Open the email in a
browser", etc?

Zisu Andrei


On 13 August 2013 17:34, Jamie Strandboge <jamie@xxxxxxxxxxxxx> wrote:

> On 08/13/2013 11:23 AM, Zisu Andrei wrote:
> > Take this situation: on app1 user taps "log in with facebook", app1
> takes user
> > to app2 where he logs in to facebook with his account and approves app1,
> now
> > app2 takes the user back to app1, where app1 is fed a response from app2
> with
> > the access tokens required to access the user's data.
> >
> > How would it work with the current no-app-to-app-calls model?
> >
>
> app1 can't "take the user to app2". If app1 wants to connect to facebook,
> it
> must specify the "accounts" policy group in the manifest and use online
> accounts
> to get the tokens (and when this online accounts work lands (soon), the
> user
> will be prompted on if app1 can connect to facebook (after which, online
> accounts will cache the result)).
>
> > Zisu Andrei
> >
> >
> > On 13 August 2013 17:04, Jamie Strandboge <jamie@xxxxxxxxxxxxx
> > <mailto:jamie@xxxxxxxxxxxxx>> wrote:
> >
> >     On 08/13/2013 08:33 AM, Michael Zanetti wrote:
> >     > On Tuesday 13 August 2013 10:01:58 Sergio Schvezov wrote:
> >     >> On Tue, Aug 13, 2013 at 9:33 AM, Michael Zanetti <
> >     >>
> >     >> michael.zanetti@xxxxxxxxxxxxx <mailto:
> michael.zanetti@xxxxxxxxxxxxx>> wrote:
> >     >>> Hi,
> >     >>>
> >     >>> I've just been watching this demo [1] on how to publish click
> packages.
> >     >>> Looks
> >     >>> very promising! However, one question that comes up here is at
> the
> >     >>> uploading
> >     >>> step (3:13 in the video):
> >     >>>
> >     >>> The website allows to upload a binary package and a source
> package.
> >     >>> However, I
> >     >>> can't see any connection between those two. How can I be sure
> that the
> >     >>> binary
> >     >>> click package indeed contains an unmodified version of the
> uploaded source
> >     >>> package? From what I can see here I could easily publish some
> source code
> >     >>> and
> >     >>> then build a malicious package containing some additional bad
> code.
> >     >>
> >     >> You will be confined by apparmor here and very limited in the bad
> things
> >     >> you can do.
> >     >
> >     > I don't agree here. I'm not entirely sure how AppArmor works, but
> I assume it
> >     > would block access to, for instance, my address book. If I still
> want to use
> >     > that app there must be some place where I can grant permissions to
> an app to
> >     > access my address book. This is where I would like to know what
> the package
> >     > actually does with my address book and where I would need to rely
> on the fact
> >     > that the binary package is indeed an *unpatched* version of the
> uploaded
> >     > source package.
> >     >
> >     Click packages will be confined by AppArmor[1] and there is a
> permissions model
> >     where developers declare what the click package can do[2]. Apps are
> quite
> >     confined by default by design and they are not allowed to access
> other app's
> >     data, among other things. This is to prevent malicious apps from
> doing harm to
> >     the system or obtaining the user's data. Application developers will
> need to
> >     used published APIs to access things like locations, online
> accounts, the
> >     addressbook, etc and these APIs will be supported in the click
> manifest. Access
> >     to data like the address book will be limited and handled via an out
> of process
> >     helper which may also help mediate the access (ie, provide a
> contextual runtime
> >     prompt). That's the good news-- the bad news is that not all of
> these APIs are
> >     implemented today, but they are being worked on. I'll let others
> comment on
> >     their status.
> >
> >     More specifically to your question-- click packages and the app
> store will
> >     support binary only uploads of packages. With this in mind, it isn't
> >     particularly useful to have a build server from a security point of
> view because
> >     a malicious app author would simply not upload the source to avoid
> detection. A
> >     build could be useful for other reasons-- such as to make sure that
> the app is
> >     built in a clean environment, etc, but I'll let others comment on
> that too.
> >
> >     [1]
> https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement
> >     [2]
> https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click
> >     --
> >     Jamie Strandboge                 http://www.ubuntu.com/
> >
> >
> >     --
> >     Mailing list: https://launchpad.net/~ubuntu-phone
> >     Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> >     <mailto:ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
> >     Unsubscribe : https://launchpad.net/~ubuntu-phone
> >     More help   : https://help.launchpad.net/ListHelp
> >
> >
> >
> >
>
>
> --
> Jamie Strandboge                 http://www.ubuntu.com/
>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>
>