Right... what about a "Save to dropbox" usecase, "Open the email in a browser", etc?
Zisu Andrei On 13 August 2013 17:34, Jamie Strandboge <[email protected]> wrote: > On 08/13/2013 11:23 AM, Zisu Andrei wrote: > > Take this situation: on app1 user taps "log in with facebook", app1 > takes user > > to app2 where he logs in to facebook with his account and approves app1, > now > > app2 takes the user back to app1, where app1 is fed a response from app2 > with > > the access tokens required to access the user's data. > > > > How would it work with the current no-app-to-app-calls model? > > > > app1 can't "take the user to app2". If app1 wants to connect to facebook, > it > must specify the "accounts" policy group in the manifest and use online > accounts > to get the tokens (and when this online accounts work lands (soon), the > user > will be prompted on if app1 can connect to facebook (after which, online > accounts will cache the result)). > > > Zisu Andrei > > > > > > On 13 August 2013 17:04, Jamie Strandboge <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 08/13/2013 08:33 AM, Michael Zanetti wrote: > > > On Tuesday 13 August 2013 10:01:58 Sergio Schvezov wrote: > > >> On Tue, Aug 13, 2013 at 9:33 AM, Michael Zanetti < > > >> > > >> [email protected] <mailto: > [email protected]>> wrote: > > >>> Hi, > > >>> > > >>> I've just been watching this demo [1] on how to publish click > packages. > > >>> Looks > > >>> very promising! However, one question that comes up here is at > the > > >>> uploading > > >>> step (3:13 in the video): > > >>> > > >>> The website allows to upload a binary package and a source > package. > > >>> However, I > > >>> can't see any connection between those two. How can I be sure > that the > > >>> binary > > >>> click package indeed contains an unmodified version of the > uploaded source > > >>> package? From what I can see here I could easily publish some > source code > > >>> and > > >>> then build a malicious package containing some additional bad > code. > > >> > > >> You will be confined by apparmor here and very limited in the bad > things > > >> you can do. > > > > > > I don't agree here. I'm not entirely sure how AppArmor works, but > I assume it > > > would block access to, for instance, my address book. If I still > want to use > > > that app there must be some place where I can grant permissions to > an app to > > > access my address book. This is where I would like to know what > the package > > > actually does with my address book and where I would need to rely > on the fact > > > that the binary package is indeed an *unpatched* version of the > uploaded > > > source package. > > > > > Click packages will be confined by AppArmor[1] and there is a > permissions model > > where developers declare what the click package can do[2]. Apps are > quite > > confined by default by design and they are not allowed to access > other app's > > data, among other things. This is to prevent malicious apps from > doing harm to > > the system or obtaining the user's data. Application developers will > need to > > used published APIs to access things like locations, online > accounts, the > > addressbook, etc and these APIs will be supported in the click > manifest. Access > > to data like the address book will be limited and handled via an out > of process > > helper which may also help mediate the access (ie, provide a > contextual runtime > > prompt). That's the good news-- the bad news is that not all of > these APIs are > > implemented today, but they are being worked on. I'll let others > comment on > > their status. > > > > More specifically to your question-- click packages and the app > store will > > support binary only uploads of packages. With this in mind, it isn't > > particularly useful to have a build server from a security point of > view because > > a malicious app author would simply not upload the source to avoid > detection. A > > build could be useful for other reasons-- such as to make sure that > the app is > > built in a clean environment, etc, but I'll let others comment on > that too. > > > > [1] > https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement > > [2] > https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click > > -- > > Jamie Strandboge http://www.ubuntu.com/ > > > > > > -- > > Mailing list: https://launchpad.net/~ubuntu-phone > > Post to : [email protected] > > <mailto:[email protected]> > > Unsubscribe : https://launchpad.net/~ubuntu-phone > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > -- > Jamie Strandboge http://www.ubuntu.com/ > > > -- > Mailing list: https://launchpad.net/~ubuntu-phone > Post to : [email protected] > Unsubscribe : https://launchpad.net/~ubuntu-phone > More help : https://help.launchpad.net/ListHelp > >
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
