← Back to team overview

ubuntu-phone team mailing list archive

Re: Need picture_files policy in mg app

 

On Sun, Sep 15, 2013 at 5:33 PM, Michael Zanetti <
michael.zanetti@xxxxxxxxxxxxx> wrote:

> On Sunday 15 September 2013 18:33:45 Thomas Voß wrote:
> > [...]
> > > Hmm, I could think of lots of use cases to display pictures from the
> > > pictures folder within an app. For example image manipulation programs
> > > could import them, social media apps could want to share them (e.g.
> > > attached to a blog post), chat applications to select an avatar etc.
> >
> > While the filesystem might have such a folder, the intended way to
> > solve the use-cases you are mentioning above is the
> > content-picking/sharing infrastructure.
> >
> > > I think that an app should not be able to access other app's pictures
> > > (e.g.
> > > stored in /home/phablet/.cache/$APPID/ ) but accessing the common
> pictures
> > > folder is probably a must-have in the long run, no?
> >
> > Well, the confinement approach basically says: There is no content on
> > the phone that is not owned by an app. With that, the pictures folder
> > would be owned by the default Gallery application and thus,
> > confinement rules would apply again.
>
> With that not even the integrated camera-app would be able to store
> pictures
> into it, no?
>

Yes and no,

root@ubuntu-phablet:/# cat
/usr/share/apparmor/easyprof/policygroups/ubuntu/1.0/picture_files
# Description: Can read and write to picture files. This policy group is
#  reserved for certain applications, such as gallery applications.
#  Developers should typically use the content_exchange policy group and
#  API to access picture files instead.
# Usage: reserved
owner @{HOME}/Pictures/   r,
owner @{HOME}/Pictures/** rwk,

root@ubuntu-phablet:/# cat
/usr/share/apparmor/easyprof/policygroups/ubuntu/1.0/picture_files_read
# Description: Can read all picture files. This policy group is reserved
#  for certain applications, such as gallery applications. Developers
#  should typically use the content_exchange policy group and API to
#  access picture files instead.
# Usage: reserved
owner @{HOME}/Pictures/   r,
owner @{HOME}/Pictures/** r,


> > I'm trying to understand this app's concrete use-case better to
> > propose a way forward.
>
> But somehow there must be a way to exchange data between apps I think.
>
> Also stuff like music files can't be owned by one music player without
> access
> for others. How would you write an app that can stream your music/video
> files
> via DLNA? Or just an alternative music player?
>

root@ubuntu-phablet:/# cat
/usr/share/apparmor/easyprof/policygroups/ubuntu/1.0/music_files
# Description: Can read and write to music files. This policy group is
#  reserved for certain applications, such as music players. Developers
#  should typically use the content_exchange policy group and API to
#  access music files instead.
# Usage: reserved
owner @{HOME}/Music/   r,
owner @{HOME}/Music/** rwk,

root@ubuntu-phablet:/# cat
/usr/share/apparmor/easyprof/policygroups/ubuntu/1.0/music_files_read
# Description: Can read all music files. This policy group is reserved
#  for certain applications, such as music players. Developers should
#  typically use the content_exchange policy group and API to access
#  music files instead.
# Usage: reserved
owner @{HOME}/Music/   r,
owner @{HOME}/Music/** r,


> Another use case would be some application that can create pictures. For
> example some pimped camera app, or some avatar creation app. It should be
> possible to save that to the same location as the other pictures.
>

Those rules allow you to do that, and they are created specifically for
this, but they are reserved so you may or may not make it into the store.

Follow ups

References