ubuntu-phone team mailing list archive

Thread
Date

Executing binaries from click packages, under confinement

To: "ubuntu-phone@xxxxxxxxxxxxxxxxxxx" <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
From: Alberto Mardegan <alberto.mardegan@xxxxxxxxxxxxx>
Date: Mon, 03 Feb 2014 18:05:33 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

Hi all!
  One of the tasks I'm working on in Online Accounts is support for
account plugins (those bits of code which are responsible to create/edit
accounts for a specific provider, e.g. facebook) to be installed as
click packages.

For security reasons, the Online Accounts (from now on, "OA") service
will need to execute the plugins in a separate process, confined with
the proper AppArmor profile (dictated by the click package). Such a
process will be able to create/modify only the account it was requested
to work on, and not others; so, for example, the account plugin for
Facebook should not be able to change any setting on the Google account,
and vice versa.

On the other hand, the account plugin will need to have its window
reparented on top of the OA window, so that it will not appear as a
separate entity (see also
https://wiki.ubuntu.com/Security/TrustStoreAndSessions).

I'm now facing the choice of how to implement all the above; my original
idea was to execute the plugin with aa-exec-click, but before jumping on
that solution I'd like to double check with a wider audience. I've been
told that the content hub uses upstart-app-launch instead, so I wonder
if I should use that instead (but that will only work if the plugins
install a .desktop file, will it)?

Ciao,
  Alberto

Follow ups

Re: Executing binaries from click packages, under confinement
From: Ted Gould, 2014-02-03
Re: Executing binaries from click packages, under confinement
From: Jamie Strandboge, 2014-02-03