Manual Review Requested - blue-print-evaluate (classic confinement)

BluePrint is a cross platform hexadecimal editor based on HTTP protocol.

Its front end runs on any kind of smart device and its host end can run on both Linux and Windows platforms.

It can also perform graphical editing operations, even if the host is a headless or remote machine.

It transfers the most necessary data, which means the least band deamanding, when operating the remote machine for its based on HTTP protocol,

Its performance is greatly improved, comparing with other editing software running on the remote machine,

It allows users write their own data providing modules according to the data provider protocol based on its open architecture,

It has powerful and extensible template analysis function.

To edit/analyze data, you must be able to access any device specified by the user, and users can even write providers to access PCI configuration space.

Can you please refer to the Process for reviewing classic confinement snaps and detail which of the supported categories you believe this snap fits within? From the details you have provided, I think it should work fine with strict confinement with the home interface connected so you need to provide more evidence as to why you believe classic confinement is required.

@isaac.clack ping, can you please provide the requested information?

Hi, As what I wrote, the blue print can access/edit/analyse any data from user. It has 3 standard data provider: Disk / File / Volume (the PCI configuration space data provider is in developing) So we need to enumerate objects in these groups and access data of object.

In fact the problem it encounters is similar to Visual LVM: finding disks, volumes, files available in the system and being able to read (and preferably write)

I am sorry @isaac.clack but can you please read the process information I linked to earlier in this thread and provide the specific information that is required for a classic confinement request - ie. what accesses are required by the snap in question that can only be achieved via classic confinement (or put another way, when using strict confinement, what are the things the snap requires access to which are not able to be achieved via the use of the various supported interfaces) and which of the existing categories for classic confinement does the snap in question fit within and some justification for this?

Until this is done we cannot proceed with this request. Thanks.

@isaac.clack ping, can you please try the above suggestion?

Sorry for lated reply.

In fact we’ve tried many ways, such as system-files.

It is really hard to handle.

Now we need to enumerate the filesystem supported by host machines with command :

#define ENUM_FORMAT_TYPE (PCHAR)“find /usr/sbin -name ‘mkfs.’|sed ‘s//usr/sbin/mkfs.//’;find /sbin -name 'mkfs.’|sed ‘s//sbin/mkfs.//’”

it fails in snap with errors.

We do not care which mode our products work on. But it must work.

We understand the difficulties you are facing with the restrict confinement. Can you take a look to the Process for reviewing classic confinement and explain us the use case for your snap and in which supported category do you think it would fit it?

Hi @isaac.clack!

Would you mind sharing the denials you see while trying to make blue-print-evaluate work under strict confinement? There are some supported interfaces that should help to enumerate disks etc.

In case you are not familiar with, you can run snappy-debug which will recommend interfaces based on the behavior it observes in your snap.

@isaac.clack - ping, can you please provide the requested information?

@isaac.clack since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue.