On 02/03/2014 11:05 AM, Alberto Mardegan wrote: > Hi all! > One of the tasks I'm working on in Online Accounts is support for > account plugins (those bits of code which are responsible to create/edit > accounts for a specific provider, e.g. facebook) to be installed as > click packages. > > For security reasons, the Online Accounts (from now on, "OA") service > will need to execute the plugins in a separate process, confined with > the proper AppArmor profile (dictated by the click package). Such a > process will be able to create/modify only the account it was requested > to work on, and not others; so, for example, the account plugin for > Facebook should not be able to change any setting on the Google account, > and vice versa. > > On the other hand, the account plugin will need to have its window > reparented on top of the OA window, so that it will not appear as a > separate entity (see also > https://wiki.ubuntu.com/Security/TrustStoreAndSessions). > > I'm now facing the choice of how to implement all the above; my original > idea was to execute the plugin with aa-exec-click, but before jumping on > that solution I'd like to double check with a wider audience. I've been > told that the content hub uses upstart-app-launch instead, so I wonder > if I should use that instead (but that will only work if the plugins > install a .desktop file, will it)? > So the question is how the trusted helper (online accounts) will launch the plugin. You could use upstart-app-launch, but afiak it does need a desktop file like you said. You can use aa-exec-click which will give you all the environment and sandbox preparation that upstart-app-launch does. Alternatively, you can use libapparmor's change_profile() after you fork but before you exec. This leaves env setup up to you.
At this point, I think I would suggest just using aa-exec-click, but note by doing so it will not be under application lifecycle since it is isn't running under upstart. I'm not sure how much of a concern this is. It is conceivable app authors could abuse this to start long running processes, so this is perhaps not the best choice. Maybe upstart-app-launch should be adjusted to assist online accounts? I'll let others comment on that. -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
