require screenlock password (if set)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu File Manager App |
Fix Released
|
Critical
|
Arto Jalkanen | ||
Ubuntu Terminal App |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Ubuntu Touch will soon have the ability to set a PIN/password for the user. If the password is set, we should limit access to the terminal and the filemanager to guard against sideloading apps when lending a phone to someone who does not know the PIN/password.
For the terminal, we should unconditionally require the screenlock password when one is set on application launch. See https:/
For the file manager, we should allow passwordless access to MTP-exported directories, and require the screenlock password when one is set when accessing non-MTP-exported directories. This can be implemented as a button (or similar): 'Show all files' which when clicked should prompt for the password (if set). 'Show all files' should not be remembered between application invocations.
IMPORTANT: this only covers a very limited set of attack scenarios, but does guard against casual trojanning when lending a phone to a stranger. Notably, it does not cover sideloading via adb.
FYI, these changes are required for RTM, so I added the appropriate tag. The Importance should be at least 'High'.
Related branches
- Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
- Arto Jalkanen: Approve
- Seth Arnold (community): Approve
-
Diff: 1183 lines (+773/-27)20 files modifiedREADME (+9/-4)
debian/control (+12/-0)
debian/qtdeclarative5-pamauthentication0.1.install (+1/-0)
manifest.json.in (+6/-3)
src/app/qml/filemanager.qml (+6/-0)
src/app/qml/ui/AuthenticationDialog.qml (+78/-0)
src/app/qml/ui/FolderListPage.qml (+29/-5)
src/plugin/CMakeLists.txt (+1/-0)
src/plugin/folderlistmodel/dirmodel.cpp (+101/-3)
src/plugin/folderlistmodel/dirmodel.h (+11/-1)
src/plugin/pamauthentication/CMakeLists.txt (+37/-0)
src/plugin/pamauthentication/pamauthentication.cpp (+183/-0)
src/plugin/pamauthentication/pamauthentication.h (+72/-0)
src/plugin/pamauthentication/pamauthentication_plugin.cpp (+34/-0)
src/plugin/pamauthentication/pamauthentication_plugin.h (+39/-0)
src/plugin/pamauthentication/qmldir (+2/-0)
tests/autopilot/filemanager/CMakePluginParser.py (+120/-0)
tests/autopilot/filemanager/tests/__init__.py (+30/-9)
tests/autopilot/filemanager/tests/test_context_menu.py (+1/-1)
ubuntu-filemanager-app.json (+1/-1)
- Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
- Alan Pope 🍺🐧🐱 🦄 (community): Approve
- Victor Thompson (community): Needs Information
-
Diff: 704 lines (+568/-7)15 files modifiedREADME.md (+2/-4)
apparmor.json (+1/-1)
debian/control (+12/-0)
debian/qtdeclarative5-pamauthentication0.1.install (+1/-0)
src/app/qml/AuthenticationDialog.qml (+78/-0)
src/app/qml/AuthenticationService.qml (+72/-0)
src/app/qml/NotifyDialog.qml (+30/-0)
src/app/qml/ubuntu-terminal-app.qml (+4/-2)
src/plugin/CMakeLists.txt (+1/-0)
src/plugin/pamauthentication/CMakeLists.txt (+37/-0)
src/plugin/pamauthentication/pamauthentication.cpp (+183/-0)
src/plugin/pamauthentication/pamauthentication.h (+72/-0)
src/plugin/pamauthentication/pamauthentication_plugin.cpp (+34/-0)
src/plugin/pamauthentication/pamauthentication_plugin.h (+39/-0)
src/plugin/pamauthentication/qmldir (+2/-0)
tags: | added: rtm14 |
description: | updated |
Changed in ubuntu-filemanager-app: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in ubuntu-terminal-app: | |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
Changed in ubuntu-terminal-app: | |
importance: | High → Critical |
Changed in ubuntu-filemanager-app: | |
assignee: | nobody → Arto Jalkanen (ajalkane) |
Changed in ubuntu-filemanager-app: | |
status: | Fix Committed → Fix Released |
Changed in ubuntu-terminal-app: | |
status: | Fix Committed → Fix Released |
- Is there an API for applications to request the status of the screenlock password?
- How can file manager determine if a directory is being exported over MTP?