ubuntu-touch-coreapps team mailing list archive

Thread
Date

Re: [Ubuntu-phone] App Confinement for Core Apps

To: ubuntu-phone <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
From: Sergio Schvezov <sergio.schvezov@xxxxxxxxxxxxx>
Date: Mon, 12 Aug 2013 15:02:00 -0300
Cc: ubuntu-touch-coreapps <ubuntu-touch-coreapps@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAOosft-3kLkXqDQmkWX_Pej4YnU8L3dQ+VrRQyvvbmJjqUNkeA@mail.gmail.com>

On Mon, Aug 12, 2013 at 6:46 AM, Nekhelesh Ramananthan <
krnekhelesh@xxxxxxxxx> wrote:

> Hello everyone,
>

Hey, so there seems to be two different question under this subject and the
latter seems to be hidden, I'll only address click.

>
> As we all know, click packages will be confined for security measures.
> Would the core apps such as clock, weather, rss reader and others also be
> confined? In a way it can be assumed that the core apps are system
> applications since they are planned to be available by default in the phone
> images. This decision of whether they will be confined or not really
> affects the implementation of certain features.
>

If not for all the dependencies on debian packaging for testing that was
added last week, all of the core apps would of been in click form this week
(currently only dropping-letters, sudoku and stock ticker will land
initially).

>
> For instance, for the clock app, I would need to use tzdata to get
> timezone information for different countries. This is necessary for
> implementing the world clock feature. The world clock feature allows the
> user to add different cities around the world to display the time in those
> cities. So staying in the Netherlands, I would like to add New York, Delhi,
> Sydney to know the time at those places. For this, I need to know the time
> difference with respect to UTC along with the day light saving rules. This
> is also precisely why I need to use tzdata. tzdata is being used by Ubuntu
> Desktop to provide this exact feature.
>

After a quick talk with the good security folks developing for confinement,
I've configured all the apps to run with a blanket template except for the
filemanager and terminal which will run unconfined (which wouldn't be in a
production image anyways).

You can read up on the security stuff here in [1].

Today all the click packages for core apps are dynamically created (because
the configuration manifest is still volatile and we still have debian
packaging in those branches). You can get them on [2]. They will only work
if you have the latest and greatest qtubuntu.

Cheers
Sergio.

[1]
https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click
[2] http://people.canonical.com/~ubuntu-archive/click_packages/

References

App Confinement for Core Apps
From: Nekhelesh Ramananthan, 2013-08-12