Comment 3 for bug 1437641

Revision history for this message
Stefano Verzegnassi (verzegnassi-stefano) wrote :

Yes, it is. By default, an app can only access its own folder (for data it's usually $HOME/.local/share/<app_id>).
An app can set an additional set of location where it wants to have read and/or write access: for gallery-app it's user's Pictures folder, for docviewer-app it's user's Documents folder.
Third party apps that requires access to more locations on the file system will require a manual review while uploading in the store, core applications need to discuss about their needs with the security team.

We (docviewer-app team) could decide to read the whole file system, as filemanager-app or terminal-app do. But that wouldn't fit with the goals of the app.
It's a design issue, more than a engineering one, and we would need to do a lot of additional work because the platform *properly* force to respect some security rules.

You can find further information here: https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement

To be fair I think you spotted a lack of features that would be nice to take care of.
IMHO the project that could satisfy this need is the filemanager-app, which operates in the typical scenario where this need gets 'disclosed' (i.e. advanced user that want to access to some system data - the file manager is the only user friendly solution that can do that).