[UDM] Add support for the ubuntu-download-manager in the ubuntu-sdk profile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
The ubuntu download manager exposes the following methods and interfaces that will would like to manage with apparmor:
Service Path: com.canonical.
Interface: com.canonical.
Object path: /
The following methods should be allowed to click/confined applications:
The following methods should NOT be allowed to click/confined applications:
exit
All the click/confined applications should ONLY be allowed to use the root path (/) and all the methods in the object paths that follow the pattern /{APPID}
Related branches
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | Triaged → In Progress |
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.1.4
--------------- easyprof- ubuntu (1.1.4) trusty; urgency=medium
apparmor-
* 1.*/ubuntu-sdk: adjust for ubuntu- html5-app- launcher (LP: #1274640) ubuntu- html5-app- launcher to handle HTML5 apps ubuntu- html5-app- launcher/ ** /.local/ share/accounts/ ** to dereference click singlesignonui. cookiesForIdent ity singlesignonui. cookiesForIdent ity).
- allow reexec for /usr/bin/
launched via upstart-app-launch
- allow read access to /usr/share/
* 1.*/accounts:
- allow read on @{HOME}
symlinks for online accounts providers (LP: #1278859)
- add comment about usage of com.nokia.
* 1.*/networking: finetune DownloadManager DBus access (LP: #1277578)
- explicitly allow safe and explicitly disallow unsafe DownloadManager
APIs
- restrict apps to their own downloads
* 1.*/ubuntu-webapp: allow the webapps access to SignonUi API for retrieving
web cookies for an account (com.nokia.
This is being added to the ubuntu-webapp template instead of the accounts
policy group because this API should only be available to the webapp
container and is not needed to use online accounts in general
(LP: #1278934)
-- Jamie Strandboge <email address hidden> Wed, 12 Feb 2014 09:20:58 -0600