Manual review request for Curiosity app

Hi everyone,

I’m one of the developers of a productivity & search app called Curiosity, and trying to understand how to better get it published to the snapcraft store.

Among other things, we need access to users’ files for the app to index. For that, I’ve changed the confinement mode to classic, which now triggered the Manual Review required on the app page.

Any input required from our side to get it approved?

Thanks,

Rafael

Hey @theolivenbaum,

To access user’s files you could plug some interfaces like home, personal-files, removable-media or even system-files and stay under strict confinement. Does curiosity need to access other location not covered by some of those interfaces?

Thanks!

Hi @emitorino,

Thanks for the info! I can give it a try here.

We usually also need to run a few script commands on the shell - for commands like putting the computer to sleep, locking the screen, etc. Plus on windows/mac we also list open windows and installed programs. Is any of this possible within the confinement?

And finally - from the confinement can we still write to the user home and tmp folders? We store user data under the user home, and need to write to a tmp folder (albeit not necessarily /tmp).

Thanks!

Hi @emitorino,

I’ve changed our build to include the interfaces that seems like will be necessary for the app to work.

The dashboard still shows that a human review is required due to three of the interfaces that I added (desktop-launch, personal-files, system-files)

human review required due to ‘allow-installation’ constraint (bool) declaration-snap-v2_plugs_installation (curiosity, desktop-launch)

human review required due to ‘allow-installation’ constraint (bool) declaration-snap-v2_plugs_installation (curiosity, personal-files)

human review required due to ‘allow-installation’ constraint (bool) declaration-snap-v2_plugs_installation (curiosity, system-files)

How should I proceed now?

Thanks!

Hey @theolivenbaum,

So now you need to follow the process for aliases, auto-connections and tracks since you are plugging some interfaces which require this process to be follow.

Could you please check the personal-files and system-files docs and update your snap to properly specify if you need read or write access and to which specific locations? Please also explain here so we can proceed with the voting.

Thanks!

Hi @emitorino, thanks for the feedback! I’ll give it a try with the docs you sent, and let you know once I get it working with our build system. Meanwhile I’ll cancel the current apps review requests. One question: What’s the policy for the rejected/cancelled revisions? Do they get auto-deleted after some time? Cheers!

Hi @emitorino, could you check if the latest version we published has the proper interfaces connected now?

Thanks!

Hey @theolivenbaum, apologize for the delay!

I have checked your snap and I see:

read-home-folder:
    interface: personal-files
    read:
      - $HOME
  read-installed-apps:
    interface: system-files
    read:
      - /usr/share/applications 

To access non-hidden files owned by the user in the user’s home directory, you can plug home which is auto-connected by default on classic systems right away. Are you also willing to access hidden files/directories in the user’s home? If that’s the case that’s where you can plug personal-files but please consider that you need to specify which ones you need since the main purpose of this interface is to import data from existing applications where the snap is the clear owner of the target directory. A final comment in case you are not aware of, snaps have $HOME set to ~/snap/< snapname >/current, this Security policy and sandboxing could help to understand better the env vars and their values.

A similar situation happens with system-files. The interface is specifically used to provide read-only access to system configuration directories created by a non-snap version of an application now running from an equivalent snap. What are you trying to achieve by reading /usr/share/applications?

Hi @emitorino, thanks for the update! Our app is both a search tool and a launcher for installed apps (similar to Spotlight, but for local and cloud apps, and not limited to macOS). For that, we do need to list and be able to launch installed apps, and be able to index files from the user.

Is this possible with the current model from the snap sandbox? What would be the best permissions to achieve that? We only need read access to the files in this case, but without it part of the functionality of the app would be limited.

Thanks!

Rafael

Given the requirements of Curiosity I believe the current approach you are taking is reasonable - whilst the snap could work as a classic snap, it would appear that the use of desktop-launch and perhaps system-files to allow the snap to enumerate all applications should allow the snap to work under strict confinement, providing a more secure solution for users.

However, note the desktop-launch interface is super-privileged and so requires publisher vetting (similar to the process for classic confinement too).

As such, +1 from me for the use-of and auto-connect of desktop-launch for curiosity. Regarding system-files - to see the actual applications installed on the host you will need to look under /var/lib/snapd/hostfs/usr/share/applications instead. So please change your system-files slot to specify this path, and this should then be named: hostfs-usr-share-applications so that users can understand it’s purpose better. Finally for personal-files - the home interface should already provide the access which you need.

As such, +1 for use-of and auto-connect of system-files named hostfs-usr-share-applications for read access to /var/lib/snapd/hostfs/usr/share/applications as well.

-1 for personal-files access to read of $HOME as this should be available via the home interface. Note this does not provide access to say ~/.local/share/applications (which I wonder is what you really need) - in that case you could specify a personal-files instance with read to this path $HOME/.local/share/applications called dot-local-share-applications - in that case, +1 to that from me.

Hey @theolivenbaum,

Can you please confirm you could make the snap work under strict confinement as suggested?

I am +1 as well for auto-connect desktop-launch for curiosity. @Igor could you please perform publisher vetting since this is a very privileged interface?

I am +1 as well for use-of and auto-connect of system-files named hostfs-usr-share-applications for read access to /var/lib/snapd/hostfs/usr/share/applications, but I don’t see you have updated the snap yet using this suggestion so if you can confirm this works I am happy to grant it since it has the enough votes.

@theolivenbaum please confirm what exact access you need from personal-files/home.

Thanks!

@theolivenbaum this request is waiting on your response - can you please let us know regarding my suggestions earlier in the thread so we can try and proceed.

@theolivenbaum - ping, this request cannot proceed without the requested information?

@theolivenbaum,

Since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks

Hi @emitorino! I’ll do - we’re a bit overwhelmed this last weeks but I’ll get back to this soon and let you know if I need any help!

1 Like