[enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mir |
Triaged
|
Medium
|
Unassigned | ||
content-hub |
Invalid
|
Undecided
|
Unassigned | ||
unity-mir |
Triaged
|
High
|
Unassigned | ||
mir (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
signon (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
unity-mir (Ubuntu) |
Triaged
|
Undecided
|
Unassigned |
Bug Description
(I'm filing this as a bug in order to be able to point other people to it, and to track its progress; if there's a blueprint containing this task, please let me know)
Some components (such as the Online Accounts trusted helper) need to be able to pop-up a window (typically, a dialog) on top of the running application. Such windows should be modal to the application, that is the user should not be able to interact with the application while the modal window is displayed on top of them. This also means that in the task switcher one shouldn't see two windows, but only the topmost modal window (and parts of the application window, in case the modal window on top is a non-fullscreen dialog).
For developers, this API already exists in Qt: http://
It needs to be implemented in the QPA plugin, so feel free to add the relevant projects to the bug report.
From jdstrand>
This is a hard requirement for application confinement because of our trust model-- permission to access sensitive data by AppStore apps is typically granted or denied at the time of access (caching the result for later use as appropriate), so users have a context for the access being requested. We do this instead of throwing up a permissions prompt at installation. However, for it to work, trusted helpers like online accounts and location require this functionality from unity-mir. A trust-store is also being implemented so other services like calendar and contacts can do the same. Because this feature is not implemented, the implementation for online accounts, location and the trust-store is blocked and appstore apps are therefore able to access these services without the user knowing.
description: | updated |
tags: | added: application-confinement |
Changed in unity-mir (Ubuntu Saucy): | |
importance: | Undecided → High |
description: | updated |
summary: |
- [feature] Window reparenting + [feature] Window reparenting (required for appstore app trust model) |
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy): | |
status: | New → Won't Fix |
no longer affects: | apparmor-easyprof-ubuntu (Ubuntu) |
no longer affects: | apparmor-easyprof-ubuntu (Ubuntu Saucy) |
no longer affects: | apparmor-easyprof-ubuntu (Ubuntu T-series) |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → Confirmed |
tags: | added: feature |
summary: |
- [feature] Window reparenting (required for appstore app trust model) + [enhancement] Window reparenting (required for appstore app trust model) |
tags: |
added: enhancement removed: feature |
Changed in signon (Ubuntu Saucy): | |
status: | Confirmed → Won't Fix |
Changed in signon (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in unity-mir (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in unity-mir (Ubuntu Saucy): | |
status: | Confirmed → Won't Fix |
Changed in mir: | |
assignee: | nobody → rosa maria (rprosamaria383) |
Changed in mir: | |
assignee: | rosa maria (rprosamaria383) → nobody |
Changed in unity-mir: | |
assignee: | nobody → rosa maria (rprosamaria383) |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
assignee: | nobody → rosa maria (rprosamaria383) |
Changed in unity-mir: | |
assignee: | rosa maria (rprosamaria383) → nobody |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
assignee: | rosa maria (rprosamaria383) → nobody |
Changed in mir: | |
assignee: | nobody → rosa maria (ceryscloe) |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
assignee: | nobody → rosa maria (ceryscloe) |
Changed in signon (Ubuntu Trusty): | |
assignee: | nobody → rosa maria (ceryscloe) |
Changed in unity-mir (Ubuntu Saucy): | |
assignee: | nobody → rosa maria (ceryscloe) |
Changed in mir: | |
assignee: | rosa maria (ceryscloe) → nobody |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
assignee: | rosa maria (ceryscloe) → nobody |
Changed in signon (Ubuntu Trusty): | |
assignee: | rosa maria (ceryscloe) → nobody |
Changed in unity-mir (Ubuntu Saucy): | |
assignee: | rosa maria (ceryscloe) → nobody |
Changed in content-hub: | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in mir: | |
milestone: | none → 0.7.0 |
Changed in mir: | |
milestone: | 0.7.0 → none |
Changed in unity-mir: | |
status: | Triaged → Fix Committed |
Changed in mir: | |
status: | Triaged → Fix Committed |
Changed in mir: | |
status: | Fix Committed → Triaged |
Changed in unity-mir: | |
status: | Fix Committed → Triaged |
description: | updated |
Thoughts:
1. Mir has no concept of window parent/child relationships, for now it just has a list of windows per application. This needs to be added, as shell will need that information.
2. Do we want any application to be able to reparent its window to another applications window? Probably not, so need a way to authorize these re-parent moves. Apps like the trusted helpers should always be able to do it. Also I see no reason why if app1 spawns app2, then app2 should be able to reparent a window to app1's window.
3. On the Mir client side API, apps need a way to fetch an identifier of the window it wants its window to be a child of. This information only exists in the mir server currently. Then need to add API to request the reparenting.
Talking with the Mir team about this last week, the idea of "parent/child" relationship for applications was floated. This is where an application can be designated a child of another. So if app1 is child of app2, then if app1 creates a window, it is automatically made a child of app2's window (and is given focus). Or even has choice of app2's windows to be reparented to.
This would make application lifecycle work easier, as can easily tell which children apps to suspend/resume with the parent. And would mean only 1 window in task switcher. And would prevent arbitrary reparenting of windows by abusive applications.
However how does one designate one application to be child of another? I need Mir guys to answer this.