Comment 3 for bug 1230091

Hi Gerry, your suggested solution wouldn't work for us: we need to decouple the process child-parent relationship from the windows' one. We pop up windows from D-Bus services, and the same process could be serving multiple modal windows on top of different client applications (see also bug #1223881).
I also recommend that processes which create windows on top of other processes be never stopped. In fact, I think that the shell should treat them as transparent: when in the task switcher, the user should continue seeing the name of the started application, not of the process who created the topmost window.

I really recommend to stick to the Qt API, and if needed protect the API with apparmor. Since apparmor can protect files, and not individual method calls, we could make it so that the QPA (or mir-client) implementation of the reparenting request first attempts to create a file $XDG_RUNTIME_DIR/ubuntu-api/<appId>/window_reparenting, and protect this path behind an apparmor rule, so that only apps belonging to the "window_reparenting" policy group can successfully create the file. Or we could simplify things and simply not allow any third-party apps to use the window reparenting feature (in fact, I can hardly think of a case where it would be useful for ordinary apps). Then, the shell (or mir-server) code would effectively reparent the windows only if that file is present.