Open airpingu opened 10 years ago
Perhaps I have just misunderstood the mechanism - if so, please educate me :)
My original point was that I don't see necessary to declare in the manifest which datastores an app wants to access, unless it is about specifying the 'type' of the datastore, i.e. "messages", "contacts", "calls". Then, the user agent can display a dialog with the matching datastores, and can even handle the read-only vs read-write access. The app would get all the datastores approved by the user, together with the type of permission approved by the user (or device security policy).
As an example, getDataStores("messages")
would pop up a dialog possibly matching
On some other devices, all sms and mms may be exposed by one read-only datastore.
IMO this is simple and flexible enough, while the user agent has every information for making and enforcing security policy decisions.
Please see https://github.com/airpingu/data-store-api/issues/18#issuecomment-41139888. Quoted the comment from @zolkis as below:
"Hard-coding these accesses in the manifest sounds bad to me. As I said, when you write an app, you should be aware of what other apps are installed in all devices you are developing for, and deploy a different manifest if some other app is replaced... This is non-deterministic, and sounds like a maintenance nightmare to me."
A possible solution will be take the accessibility as an optional parameter of
getDataStores(...)
. For example,