Store programs should not be able to place random phone calls nor hidden sms messages. All those things that can cause costs to end users should basicly open sailfish sms and phone applications, and end user needs to manually press send or call button.
But of course if you sideload root suid applications while in developer mode, then $RANDOM_NON-STORE_NATIVE_APPS can cause you costs by sending hidden smses. (Android apps cant make hidden phonecalls nor sms messages).
But this is exactly one of the problems I saw with Aegis: the lack of granularity. Here, you are simplistically creating just two tokens: "things that can cause cost to end users" and "everything else". This is terrible as I can think of a few things that do not cause cost to end users and yet I do not want $RANDOM_STORE_APPS from doing them (e.g. spamming my address book). Aegis, at least, had 5 or 6 "interesting" tokens (the rest were basically garbage as they were not designed to protect the user).
Additionally, by preventing suid apps entirely in the official store you're already removing control from the user, as there are may be some things that can be only done with suid apps that semantically are not "things that cause cost" (e.g. backup programs? other-half drivers?) .
That said I'm not necessarily in favour of allowing suid binaries to the store. To put it simply, this problem requires severe consideration.
(Also, since compositor runs as "nemo" uid, can't you just ptrace it/WriteProcessMemory() and simulate clicks around the interface?)
Additionally, by preventing suid apps entirely in the official store you're already removing control from the user, as there are may be some things that can be only done with suid apps that semantically are not "things that cause cost" (e.g. backup programs? other-half drivers?) .
That said I'm not necessarily in favour of allowing suid binaries to the store. To put it simply, this problem requires severe consideration.
(Also, since compositor runs as "nemo" uid, can't you just ptrace it/WriteProcessMemory() and simulate clicks around the interface?)
Last edited by javispedro; 2013-12-16 at 15:19.