ubuntu-phone team mailing list archive

Thread
Date

Re: Executing binaries from click packages, under confinement

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Ted Gould <ted@xxxxxxxxxx>
Date: Tue, 04 Feb 2014 08:13:19 -0600
In-reply-to: <52F09F32.4020903@canonical.com>
Organization: Ubuntu

On Tue, 2014-02-04 at 10:05 +0200, Alberto Mardegan wrote:

> I had a quick look at the untrusted helper branch, but I couldn't
> understand if it's suitable for my case:
> 
> " * Start an untrusted helper for a specific @type on a given
>  * @appid.  We don't know how that is done specifically, as Upstart
>  * will call a helper for that type.  And then execute it under the
>  * Apparmor profile for that helper type."
> 
> What is "type" in this context?

Type is a string for something defined by you.  This way we can keep the
infographics away from the account service helpers.  So I'd guess for
you it'd be something like "account-service-plugin" or some such.  It
doesn't matter really as long as you use the same type for all the
functions (and unique, don't use "content-hub-picker" ☺).

> We have a couple of constraints which
> I'm not sure that are supported by the untrusted-helper implementation:
> 
> 1) Each untrusted helper has to be run with its own AppArmor profile
> (so that the Facebook plugin cannot delete the Google account)

Correct, each untrusted helper runs under the AppArmor profile generated
for it's App ID.  So then in a typical Click package there'll be a
stanza for the application that has a "desktop" entry and then a new
application stanza for the other type of helper.  For example a content
hub picker might look like this (I'm not sure the actual strings, so
don't quote this):

"hooks": {
   "foo": { /* I'm an application */
      "desktop": "foo.desktop",
      "apparmor": "security.json"
    },
   "picker": { /* I haz ur content */
      "content-hub-picker": "picker-definition.desktop",
      "apparmor": "more-security.json"
    }
}

So then there'd be two different App IDs com.foo_foo_1.2.3 and
com.foo_picker_1.2.3 which could each have potentially different
AppArmor profiles.

> 2) We need to be able to launch more than one instance of the same
> account plugin: application A and application B might both request
> access to the Facebook account at the same time.

You probably want upstart_app_launch_start_multiple_helper() which
returns an instance handle.  That allows you to track multiple instances
of the same App ID.  This is also a requirement for Content Hub.

Ted

Attachment: signature.asc
Description: This is a digitally signed message part

Follow ups

Re: Executing binaries from click packages, under confinement
From: Alberto Mardegan, 2014-02-04

References

Executing binaries from click packages, under confinement
From: Alberto Mardegan, 2014-02-03
Re: Executing binaries from click packages, under confinement
From: Ted Gould, 2014-02-03
Re: Executing binaries from click packages, under confinement
From: Alberto Mardegan, 2014-02-04