Hi, We are working on webapps integrations and click packaging on UbuntuTouch and trying to address the WebApps confinement details.
We already had a chat with Jamie about that last week to further trim down the whole story. A bit of rough context before the gist of the email: - A Webapp on Touch will be an individual click package with a desktop file, a set of icons, and possibly (but not strictly mandatory) a snippet of javascript along with a manifest file, - The webbrowser-app will be used as a container for running the Webapp, and the Exec line from the desktop file for each Webapp click package will reflect that with something roughly like: Exec=webbrowser-app --webapp http://ubuntu.com (subject to change) with various additional command line options that will be used to tweak the UI aspect and (restricted) navigation, - When running in "Webapp mode", the click-desktop hook will property setup the Path in the desktop file and the app will be started with the local package as the cwd, which will then be used to locate potential snippets that need to be injected by the webbrowser-app (the local lookup bit needs to be added since atm it tries to search for snippets in /usr/share), Now the bits that are left: 1. how the webbrowser-app should react to that and act in a properly confined way for each Webapp. The idea there would be to prevent history, bookmarks, cookies etc. to be shared among the Webapps and obviously with the regular browser app. This would be done by tweaking the webbrowser-app to setup its cache & data folders depending on it's startup APP_ID. 2. The webapp browsing experience would be strictly confined to a specific set of url patterns, and the functionality is already being merged in the webbrowser-app, 3. I was wondering if for those packages and given the specific nature of webapps and the associated security risks (spoofing, phishing etc), we would be able to bypass some sort of review process that would be a bit more restricted than the one (if any) for other apps. At the moment, the APP_ID specific profile would prevent any local data capture etc. Jamie did put up a wiki page to capture the current decision/state of the discussions, https://wiki.ubuntu.com/SecurityTeam/Specifications/WebAppsConfinement Cheers! Alex
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
