[Sugar-devel] Advice request: XO sound recording

Sascha Silbe sascha-ml-reply-to-2010-3 at silbe.org
Mon Oct 4 04:11:00 EDT 2010

Previous message: [Sugar-devel] Advice request: XO sound recording
Next message: [Sugar-devel] Advice request: XO sound recording
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Excerpts from James Simmons's message of Mon Oct 04 01:28:03 +0200 2010:

> There is a chapter called "Fun With The Journal" which has examples of
> listing out Journal entries.  What you need to do is figure out what
> the MIME type of the Ogg entries in the Journal are and write code to
> list them.  Then you can put the entries in a GTK table and select
> them from there.

Just a word of caution: While access to the data store is unrestricted
because nobody got around to implement the access controls, this won't
be the case forever. In general you should only assume that you have
access to the entry belonging to the currently running activity session
(P_DOCUMENT [1,2]). The Object Chooser is a powerbox [3] that will grant
your activity access to an additional entry selected by the user (and
only that one entry, nothing else).

While activities can request additional permissions [4] only certain
combinations will be granted automatically. In particular listing data
store entries is mutually exclusive with network access [5]:

>> We solve this by allowing programs to request read-only permissions for
>> one type of document (e.g. image, audio, text, e-mail) at installation
>> time, but making that permission (#P_DOCUMENT_RO) mutually exclusive
>> with asking for any network access at all. A photo viewing program, in
>> other words, normally has no business connecting to the Internet.

While the user can explicitly grant activities additional permissions,
we should be careful not to train them to do this for a significant
number of activities as it would make the system pointless and vulnerable
to the attacks we're trying to guard the users against (e.g. [6]).

Sascha

[1] http://wiki.laptop.org/go/OLPC_Bitfrost#P_DOCUMENT:_file_store_service
[2] http://dev.laptop.org/git/security/tree/bitfrost.txt#n874
[3] http://en.wikipedia.org/wiki/File_dialog#Powerbox
[4] http://wiki.sugarlabs.org/go/Development_Team/Low-level_Activity_API#Permissions_Declarations
[5] http://wiki.laptop.org/go/OLPC_Bitfrost#P_DOCUMENT_RO
[6] http://wiki.laptop.org/go/OLPC_Bitfrost#Compromising_privacy_2
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
Url : http://lists.sugarlabs.org/archive/sugar-devel/attachments/20101004/466091fe/attachment.pgp

Previous message: [Sugar-devel] Advice request: XO sound recording
Next message: [Sugar-devel] Advice request: XO sound recording
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list