WebAppsConfinement
Introduction
Webapps use javascript and the browser to provide an experience that is more tightly integrated with Ubuntu. The webapps team would like to be able to ship webapps as click packages. This page discusses how webapps ties in with ApplicationConfinement.
Implementation for 13.10
At a high-level, this is essentially the same process as for ApplicationConfinement, with the following differences:
- the click manifest should specify the 'ubuntu-sdk-13.10' framework
the desktop file uses 'webbrowser-app --webapp <args>' instead of 'qmlscene' in Exec line. Eg:
Exec=webbrowser-app --webapp <args>
Webapps use the ubuntu-webapp template in the security manifest file.
- Webapps typically should declare no more than the 'networking', 'audio' and 'video' policy groups (note, some webapps (eg, facebook) may also want to access location)
- Webapps ship their javascript, manifest, icon and anything else in the click install directory for the webapp
webrowser-app supports --webappUrlPatterns to prevent users from navigating to other URLs in the main frame (therefore embedded content will still work). The url dispatcher will be used to launch the main browser when navigating to sites not matching the pattern
- --webappUrlPatterns should typically use 'https?://' to avoid needless redirects to the global browser
--webappUrlPatterns should typically specify their glob at the end of the pattern, after '/'. Eg, --webappUrlPatterns=https?://m.facebook.com/*
- the --webappUrlPatterns must match the target URL in the Exec line.
A properly formatted Exec line is:
Exec=webbrowser-app --enable-back-forward --webapp \ --webappUrlPatterns=https?://mobile.twitter.com/* \ http://mobile.twitter.com
A properly formatted click security manifest is:
{ "template": "ubuntu-webapp", "policy_groups": [ "audio", "networking", "video" ], "policy_version": 1.0 }
Implementation for 14.04
This is essentially the same as for 13.10, except that:
- the click manifest should specify the 'ubuntu-sdk-14.04-qml-dev1' framework
- the security manifest should specify '1.1' for the policy_version and add the 'webview' policy_group
- rather than specifying 'webbrowser-app --webapp' in the desktop file, 'webapp-container --store-session cookies' should be used instead.
A properly formatted Exec line is:
Exec=webapp-container --enable-back-forward --store-session-cookies \ --webappUrlPatterns=https?://mobile.twitter.com/* \ http://mobile.twitter.com
A properly formatted click security manifest is (this uses 14.04 policy with oxide):
{ "template": "ubuntu-webapp", "policy_groups": [ "audio", "content_exchange", "location", "networking", "video", "webview" ], "policy_version": 1.1 }
15.04 and ubuntu-html5-app-launcher
In 14.10 and earlier, app deverlopers could use ubuntu-html5-app-launcher with the ubuntu-sdk template. In 15.04 ubuntu-html5-app-launcher has merged with webapp-container and ubuntu-html5-app-launcher is deprecated and users should use the ubuntu-webapp template and specify webapp-container instead of html5-app-container in their .desktop file.
Considerations/Limitations
FIXED as of 2013-09-20: currently stores cache in @{HOME}/.cache/webbrowser-app/ and data in @{HOME}/.local/share/webbrowser-app/. webbrowser-app needs to be updated to honor the $APP_ID environment variable so that each webapp will be isolated with its own separate cache and data storage. This will prevent leaking history, credentials, etc and is what will make reviews largely automatable like with click apps. This is https://launchpad.net/bugs/1226085)--
- Phishing attacks via webapps are no different than click packages providing a webview. Isolating webapps via click will prevent access to existing cookies, etc and the app review and bug reporting process will take care of abuses.
- A limitation in the current implementation is that credentials in the webapp and the main browser are intentionally separate, so functionality like clicking "like on facebook" will be in the context of the webapp, not the main browser (this limitation exists on other platforms). This may be addressed in future releases
- A limitation in the current implementation is that if click a twitter url in the facebook app, it will open in the main webbrowser instead of in the twitter webapp/click app. This will be handled by url dispatcher in a future release.
SecurityTeam/Specifications/WebAppsConfinement (last edited 2015-05-22 14:49:53 by jdstrand)