On 08/12/2013 04:46 AM, Nekhelesh Ramananthan wrote: > Hello everyone, > > As we all know, click packages will be confined for security measures. Would > the > core apps such as clock, weather, rss reader and others also be confined? In a > way it can be assumed that the core apps are system applications since they > are > planned to be available by default in the phone images. This decision of > whether > they will be confined or not really affects the implementation of certain > features. > > For instance, for the clock app, I would need to use tzdata to get timezone > information for different countries. This is necessary for implementing the > world clock feature. The world clock feature allows the user to add different > cities around the world to display the time in those cities. So staying in the > Netherlands, I would like to add New York, Delhi, Sydney to know the time at > those places. For this, I need to know the time difference with respect to UTC > along with the day light saving rules. This is also precisely why I need to > use > tzdata. tzdata is being used by Ubuntu Desktop to provide this exact feature. > > I have been told several times that I should use the timezone feature present > in > Qt. However to the best of my knowledge, timezone support *has not *landed in > Qt > 5.1. And the clock app is fully QML + Javascript. Both these languages provide > almost no timezone ID support. Hence I am forced to use online APIs to > determine > this info. Being a core app, I believe this implementation is not reliable and > needs to be fixed asap. > > Other ideas such as maintaining my own timezone database which I ship with the > clock app package is not really viable either since gathering the time > difference info is not difficult, however taking into account the day light > saving rules at the correct place and date is almost impossible to implement > perfectly. > > Any suggestions on how this can be done are welcome. I am hoping that the > security team can chime into this discussion to decide what can be done. > The short answer is that if software shipped as click packages, they should run under confinement[1] (exceptions may be made, but they should be rare). Developers should file bugs where the confinement is not working for them[2]. The problem here is, as you mentioned, there is no supported SDK API and therefore there is no specific AppArmor policy developed to support it. That said, /usr/share/zoneinfo/** is available for read access via the standard ubuntu-sdk template, so perhaps there is no problem for you after all? (well, it is a problem that the SDK doesn't offer what you need-- I just mean that you should be able to access these files within the current confinement).
[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest [2]https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+filebug -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
