Comment 5 for bug 1371574
Revision history for this message
| Colin Watson (cjwatson) wrote Re: [Bug 1371574] Re: After installing clicks to /custom/click, /usr/share/click/preinstalled version are still preferred | #5 |
OK. I'm convinced by your arguments about app IDs; I didn't realise
that the profile name needed to be known outside just aa-exec-click
(which does have the application path in hand as well as the app ID).
I like your proposal of putting all the possible database names in
CLICK_DIR. Would it be reasonable to just add all the valid click
databases there, regardless of whether a given package happens to be
unpacked there at the moment? In that case, the necessary API for that
already exists, albeit a little obscurely:
>>> from gi.repository import Click
>>> db = Click.DB()
>>> db.read()
>>> [db.get(
['/usr/
It might then be unnecessary to change click at all, which is obviously
fantastic from my point of view. ;-) But this does genuinely seem like
a better technical solution, and would let us stop playing whack-a-mole
with the precise ordering of various database operations. Given that
click-apparmor is the only system-level hook in the phone stack right
now, we could mandate this kind of thing as required behaviour for
future system-level hooks.