Comment 8 for bug 1384286

Ok, so, let's clear the terminology up a little. All click packages are installed in /opt (this is what Christian was talking about). However, those packages (whether they by apps or scopes) aren't available to the user until the user hooks are run, which creates symlinks in $HOME to the things in /opt (this is what Michi was talking about). Then there are the writable areas that apps and scopes have (this is what mardy and michi were talking about). Note, within the apparmor policy, @{APP_PKGNAME} refers to the 'name' field from the click manifest.

Scopes writable non-volatile areas (ie, not in /run) are:
  (unconfined) @{HOME}/.local/share/unity-scopes/unconfined/@{APP_PKGNAME}/*
  (confined network scope) @{HOME}/.local/share/unity-scopes/leaf-net/@{APP_PKGNAME}/*

Whereas apps writable non-volatile areas (excluding the QML cache directory) are:
  @{HOME}/.cache/@{APP_PKGNAME}/*
  @{HOME}/.config/@{APP_PKGNAME}/*
  @{HOME}/.local/share/@{APP_PKGNAME}/*

Also note, we already have a precedent for sharing between apps shipped in the same click: push helpers. Push helpers writable non-volatile areas are the same as for apps:
  @{HOME}/.cache/@{APP_PKGNAME}/*
  @{HOME}/.config/@{APP_PKGNAME}/*
  @{HOME}/.local/share/@{APP_PKGNAME}/*

Michi, my understanding was this would be perhaps a new API call, not something that you would change on your end, but that is an implementation detail and I can see arguments on either side.

Since Michi said he doesn't care where the directory is and we have a precedent for data sharing already and it seems to make the most sense for scopes to surface the data in an app rather than the other way around, I am going to add this to the ubuntu-scope-network template:
  # Allow scopes to share data with the app shipped in the same click
  owner @{HOME}/.local/share/@{APP_PKGNAME}/ rw,
  owner @{HOME}/.local/share/@{APP_PKGNAME}/** mrwkl,