ubuntu-phone team mailing list archive

[Ted Gould <ted@xxxxxxxxxxxxx>]

On Sat, 2015-04-18 at 22:59 +0300, Alberto Mardegan wrote:

> On 04/18/2015 12:11 AM, Darren Smith wrote:
> [...]
> > I then try to open the file using quazip but get denied by apparmor:
> > 
> >     Apr 17 21:56:31 ubuntu-phablet kernel: [226697.166126]type=1400
> >     audit(1429304191
> >     .476:898): apparmor="DENIED" operation="open"
> >     profile="<username>_<appname>_0.1" nam
> >     e="/home/phablet/.cache/<appname>.<username>/HubIncoming/<number>/example.zip"
> >     pid=234
> >     01 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011
> >     ouid=32011
> > 
> > Any ideas what I'm doing wrong?
> 
> I hope I'm not putting you off track, but I believe that the problem is
> that the file is under
> 
>   ~/.cache/<appname>.<username>/
> 
> while your app should have access to
> 
>   ~/.cache/<username>/
> 
> only. That is, an app whose security label is <package>_<app>_<version>
> has access to ~/.cache/<package>/ .


I think that you're correct it is a path issue, but what changed is the
default for package names. Now the store is defaulting package names to
"<appname>.<username>", so if you have the default layout, you end up
with an AppID like this:

$(appname).$(username)_$(appname)_$(version)

Now, to be clear, that's a store thing in that the rest of the system
sees that as a package. And it still won't always be that format for
things like collections. For example a package of card games that shares
common assets. They'd probably be something like:
cardgames.developer_rummy_1.2.3. Also, as we get groups for developer
uploads username will probably be, for most projects, a group name.

The result is that all of the directories that are setup $(package) but
for many people they'll think of them as "$(appname).$(username)" as
that's what they'll recognize the strings as.

Ted