-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/05/2013 08:09 PM, Jamie Strandboge wrote:
> On 09/05/2013 07:01 AM, Alberto Mardegan wrote:
>> Well, if we don't have a myAppIsRunning() API, apps can simply
>> busy-loop whenever they want, so I don't see much harm in adding
>> this API. We could also protect it with apparmor, so that the
>> usage of this API must be explicitly declared in the
>> application's manifest file (and then we could question whether
>> the app has any reason to use it).
>>
> We can't control access to library calls in this manner. You can
> mmap the library and get everything, or you can't. We can't block
> the mmap of the library because an app could just ship its own
> version of the library and mmap it.
[...]
Right. Then what about this approach:
ubuntu_api_start_busy_work():
- create an empty file in the app's namespace (maybe
$XDG_RUNTIME_DIR/<appId>/busy_work). This will fail if the app is
confined and not allowed to do busy work at all.
- setup a signal handler for the SIGXCPU signal.
ubuntu_api_stop_busy_work():
- removes the signal handler.
Then, when the watchgod service sees that an app is using "too much"
CPU time, it would:
- check if $XDG_RUNTIME_DIR/<appId>/busy_work is present; if not,
kill the app
- send SIGXCPU
> I think the point of this API is not to protect against abuse, but
> to allow a well-intentioned app from getting killed. To me, an
> abusive app will be handled by bad reviews/bug reports ("This app
> sucks-- my battery is dead in 5 minutes whenever I use it").
> Because we don't have a way to distinguish between accidental and
> intentional high CPU usage now, we don't have anything other than
> app reviews. If we introduce this call, we can detect the
> accidental high CPU usage now. The handful of apps that abuse it
> can still be handled via user reviews like they are now.
I agree, but having the application declare that it can be doing busy
work for some seconds in its manifest file can be of great help for
reviewers: if the capability is not mentioned in the manifest, it
means that the application doesn't need a lot of investigation
(because the app will automatically be killed if it misuses CPU).
Also, if users report problems about a shortened battery life, we
would first investigate those app which have the capability in their
manifest.
Ciao,
Alberto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlItZgoACgkQVLQegMXeCFLu6wCeNzjXO73BqPVSzH0fpIhx1a+t
2QwAn3kte/w9nMFy6B9IsrshdaVq3iMa
=DvGZ
-----END PGP SIGNATURE-----
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
