On Mon, 8 Jul 2013, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
It also needs to provide dummy access to any memory cards too -- or at the very least chroot type access to data areas so as to limit every app to only have the possibility to read/write it's own data.
Actually we need permissions on the data store. Now that the use of Android phones as a VFAT USB attached block device has gone away there's no reason not to use a filesystem like Ext4 with POSIX ACLs. Lots of apps get access to all the mass storage of the phone when they really only need one of the following: 1) Access to store their own data (a chroot would do in this case, but it's only one situation). 2) Access to one particular data store - the most common case being an application which only needs access to photos. A chroot wouldn't work for this as it's a fairly standard feature to store photos in two locations. 3) Access to particular files, EG you view a picture in the gallery app and then say that you want to share it via a particular application. Fairly basic ACL use would solve case #1 and #2 if there was a way to specify which application's data is shared (which needs some UI changes). For case #3 you could either copy the file or do a temporary bind mount to avoid having to change ACLs on the entire tree. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/