#2328 BLOC Update.: Bitfrost requires that the 'File New' and 'Share' features be initiated through Sugar itself, not through the activities.

Zarro Boogs per Child bugtracker at laptop.org
Mon Mar 3 04:59:20 EST 2008 

#2328: Bitfrost requires that the 'File New' and 'Share' features be initiated
through Sugar itself, not through the activities.
----------------------+-----------------------------------------------------
  Reporter:  mstone   |       Owner:  marco          
      Type:  defect   |      Status:  new            
  Priority:  blocker  |   Milestone:  Update.2       
 Component:  sugar    |     Version:                 
Resolution:           |    Keywords:  security, sugar
  Verified:  0        |    Blocking:                 
 Blockedby:           |  
----------------------+-----------------------------------------------------

Comment(by tomeu):

 Replying to [comment:15 mstone]:
 > Marco, Tomeu - sugar clearly needs an API for determining whether to
 show the object chooser in response to an activity's request. To a first
 approximation, this API should take a security identifier (today, a uid)
 and should return a decision (which today could be 'Allow' or 'Deny'). It
 should probably also take a selector to indicate whether the activity
 wants read-only access to the datastore entries it may receive or whether
 it also wants to be able to commit updates to them.
 >
 > (I'm hypothesizing here that requests to update a datastore entry with
 an ID the DS has never seen will always be accepted but that requests to
 update an existing entry must have been authorized by the human operator.)

 Michael, I'll try to explain how I have understood that we can go forward
 in securing the DS:

  * Activities will continue to access the Datastore D-Bus API as today.

  * The DS will ask Rainbow if a request from an activity should be
 accepted.

  * The Journal (the service that provides the !ObjectChooser) will ask
 Rainbow if an activity has permission to show the !ObjectChooser and which
 filter should have (filter by mime type, by object type, by activity,...).

  * Activities should be able to query Rainbow about which permissions they
 have, so they can change their UI accordingly.

 Any of this make sense to you?

-- 
Ticket URL: <http://dev.laptop.org/ticket/2328#comment:20>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list