Change log : apparmor-easyprof-ubuntu package : Ubuntu

16.10.3

Deleted in bionic-release on 2020-07-11 (Reason: unmaintained. LP: #1750005)

Obsolete in artful-release on 2020-07-10

Superseded in artful-release on 2017-05-07

Obsolete in zesty-release on 2018-06-22

Obsolete in yakkety-release on 2018-01-23

Deleted in yakkety-proposed on 2020-07-10 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.10.3) yakkety; urgency=medium

  [ Michi Henning ]
  * add ClientConfig to list of allowed methods for applications using the
    thumbnailer (LP: #1528058)

 -- Jamie Strandboge <email address hidden>  Fri, 26 Aug 2016 10:01:48 -0500

Available diffs

diff from 16.10.1 to 16.10.3 (3.7 KiB)
diff from 16.10.2 (in ~ci-train-ppa-service/ubuntu/landing-056-deletedppa) to 16.10.3 (1014 bytes)

16.10.2

Deleted in zesty-proposed on 2016-10-20 (Reason: superseded by version in release pocket)

Superseded in yakkety-proposed on 2016-08-29

apparmor-easyprof-ubuntu (16.10.2) yakkety; urgency=medium

  [ You-Sheng Yang ]
  * add lib64 for 64bit android (LP: #1615923)

  [ Simon Fels ]
  * Allow libhybris to load its linker implementation at runtime.

  [ Tyler Hicks ]
  * ubuntu/webview: update to allow access to the new app-specific shared
    memory files that will be used by Oxide 1.17.5, 1.18, and newer
    (LP: #1260103)

  [ Ken Vandine ]
  * ubuntu/ubuntu-sdk, ubuntu/ubuntu-webapp: add access to content-hub's
    Pasteboard

 -- Jamie Strandboge <email address hidden>  Thu, 25 Aug 2016 13:32:04 -0500

Available diffs

diff from 16.10.1 (in Ubuntu) to 16.10.2 (3.3 KiB)
diff from 16.10.1+16.10.20160803-0ubuntu1 to 16.10.2 (3.2 KiB)

16.10.1

Superseded in yakkety-release on 2016-10-06

Deleted in yakkety-proposed on 2016-10-08 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.10.1) yakkety; urgency=medium

  * add 16.10 policy
  * add bluetooth-net and bluetooth-file-transfer to pending/
  * add reserved ubuntu/bluetooth (LP: #1569582)

 -- Jamie Strandboge <email address hidden>  Tue, 10 May 2016 16:21:46 -0500

Available diffs

diff from 16.04.5 to 16.10.1 (17.2 KiB)

16.04.5

Superseded in yakkety-release on 2016-05-10

Published in xenial-release on 2016-04-04

Deleted in xenial-proposed (Reason: moved to release)

apparmor-easyprof-ubuntu (16.04.5) xenial; urgency=medium

  * ubuntu/calendar: update to allow read on /etc/{,writable/}timezone
    (LP: #1565908)

 -- Jamie Strandboge <email address hidden>  Mon, 04 Apr 2016 12:50:18 -0500

Available diffs

diff from 16.04.4 to 16.04.5 (656 bytes)

16.04.4

Superseded in xenial-release on 2016-04-04

Deleted in xenial-proposed on 2016-04-06 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.04.4) xenial; urgency=medium

  [ Jamie Strandboge ]
  * adjust cpuinfo_max_freq access for newer kernels
  * ubuntu/calendar: update policy to account for newer EDS Subprocess path
    on the org.gnome.evolution.dataserver.Calendar interface (LP: #1548888)

 -- Jamie Strandboge <email address hidden>  Tue, 23 Feb 2016 16:50:56 -0600

Available diffs

diff from 16.04.3 to 16.04.4 (1.0 KiB)

16.04.3

Superseded in xenial-release on 2016-02-23

Deleted in xenial-proposed on 2016-02-25 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.04.3) xenial; urgency=medium

  [ Tiago Salem Herrmann ]
  * ubuntu/history: add owner read access to
    @{HOME}/.local/share/history-service/attachments/

  [ Jamie Strandboge ]
  * ubuntu/webview: apply shm changes in last upload to previous policy and
    adjust symlinks (LP: #1538475)

 -- Jamie Strandboge <email address hidden>  Wed, 27 Jan 2016 08:16:28 -0600

Available diffs

diff from 16.04.2 to 16.04.3 (1.0 KiB)

16.04.2

Superseded in xenial-release on 2016-01-27

Deleted in xenial-proposed on 2016-01-28 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.04.2) xenial; urgency=medium

  * ubuntu/ubuntu-sdk:
    - apply shm changes in last upload to previous policy and adjust symlinks
    - allow read access to /usr/share/click/frameworks

 -- Jamie Strandboge <email address hidden>  Thu, 19 Nov 2015 15:00:52 -0600

Available diffs

diff from 16.04.1 to 16.04.2 (1003 bytes)

16.04.1

Superseded in xenial-release on 2015-11-20

Deleted in xenial-proposed on 2015-11-21 (Reason: moved to release)

apparmor-easyprof-ubuntu (16.04.1) xenial; urgency=medium

  * create policy version 16.04 for xenial
  * adjust autopkgtests for policy version 15.10
  * ubuntu/ubuntu-sdk, ubuntu/webview: allow /dev/shm in addition to /run/shm
    (LP: #1508054)

 -- Jamie Strandboge <email address hidden>  Mon, 26 Oct 2015 15:52:48 -0500

Available diffs

diff from 15.10.11 to 16.04.1 (15.8 KiB)

15.10.11

Superseded in xenial-release on 2015-10-27

Obsolete in wily-release on 2018-01-22

Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.11) wily; urgency=medium

  * adjust autopkgtests for in-app-purchases

Available diffs

diff from 15.10.9 to 15.10.11 (980 bytes)
diff from 15.10.10 to 15.10.11 (680 bytes)

15.10.10

Superseded in wily-proposed on 2015-09-21

apparmor-easyprof-ubuntu (15.10.10) wily; urgency=medium

  [ Rodney Dawes ]
  * Add in-app-purchases policy group for IAP support (LP: #1498202)

 -- Jamie Strandboge <email address hidden>  Mon, 21 Sep 2015 16:48:49 -0500

Available diffs

diff from 15.10.9 to 15.10.10 (597 bytes)

15.10.9

Superseded in wily-release on 2015-09-22

Deleted in wily-proposed on 2015-09-24 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.9) wily; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/15.10/accounts: add back v1 API

 -- Jamie Strandboge <email address hidden>  Thu, 10 Sep 2015 10:38:22 -0500

Available diffs

diff from 15.10.8 to 15.10.9 (1.2 KiB)

15.10.8

Superseded in wily-release on 2015-09-10

Deleted in wily-proposed on 2015-09-12 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.8) wily; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/15.10/accounts: use only the new Online Accounts v2 API
  * ubuntu/1.[23]/accounts: add the new Online Accounts v2 API
  * ubuntu/15.10/ubuntu-account-plugin: add the required v1 API

 -- Jamie Strandboge <email address hidden>  Wed, 29 Jul 2015 15:16:07 -0500

Available diffs

diff from 15.10.7 to 15.10.8 (1.6 KiB)

15.10.7

Superseded in wily-release on 2015-07-29

Deleted in wily-proposed on 2015-07-31 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.7) wily; urgency=medium

  * ubuntu/ubuntu-webapp: allow read access to /usr/share/ubuntu-html5-theme
    and /usr/share/ubuntu-html5-ui-toolkit (LP: #1477580)

 -- Jamie Strandboge <email address hidden>  Thu, 23 Jul 2015 16:16:49 -0500

Available diffs

diff from 15.10.6 to 15.10.7 (677 bytes)

15.10.6

Superseded in wily-release on 2015-07-23

Deleted in wily-proposed on 2015-07-25 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.6) wily; urgency=medium

  * add ubuntu/keep-display-on for using the Unity screen DBus API
    - LP: #1462489
  * adjust autopkgtests for keep-display-on

 -- Jamie Strandboge <email address hidden>  Wed, 08 Jul 2015 09:11:56 -0500

Available diffs

diff from 15.10.5 to 15.10.6 (1.1 KiB)

15.10.5

Superseded in wily-release on 2015-07-08

Deleted in wily-proposed on 2015-07-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.5) wily; urgency=medium

  * ubuntu/ubuntu-account-plugin (LP: #1468792):
    - allow access to QML cache
    - explicitly deny access to /proc/[0-9]*/mounts and /dev/disk/by-label/
  * hardware/graphics.d/apparmor-easyprof-ubuntu_(hammerhead|mako|flo):
    also allow access to kgsl-3d0.0/kgsl/kgsl-3d0/reset_count

 -- Jamie Strandboge <email address hidden>  Fri, 26 Jun 2015 10:47:37 -0500

Available diffs

diff from 15.10.4 to 15.10.5 (1.1 KiB)

15.10.4

Superseded in wily-release on 2015-06-26

Deleted in wily-proposed on 2015-06-27 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.4) wily; urgency=medium

  [ Ken VanDine ]
  * Fixed the interface name for the SocketDemangler rule in the ubuntu-sdk
    template and added rule to allow the socket-demangler to be executed.

 -- Jamie Strandboge <email address hidden>  Fri, 19 Jun 2015 08:09:46 -0500

Available diffs

diff from 15.10.3 to 15.10.4 (963 bytes)

15.10.3

Superseded in wily-release on 2015-06-19

Deleted in wily-proposed on 2015-06-20 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.3) wily; urgency=medium

  * ubuntu/unconfined: remove autopilot specific rules and use simpler
    '/** pix,' rule. This is possible because dbus-property-service no longer
    ships 'fakeenv' rules. This is only backportable on earlier releases if
    dbus-property-service in those releases has the same change.
    (LP: #1464341)

 -- Jamie Strandboge <email address hidden>  Fri, 12 Jun 2015 09:59:18 -0500

Available diffs

diff from 15.10.2 to 15.10.3 (868 bytes)

15.10.2

Superseded in wily-release on 2015-06-12

Deleted in wily-proposed on 2015-06-13 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.2) wily; urgency=medium

  [ Ted Gould ]
  * ubuntu/ubuntu-sdk: DBus rule for UAL TPS untrusted helpers (LP: #1462494)

 -- Jamie Strandboge <email address hidden>  Fri, 05 Jun 2015 14:17:58 -0500

Available diffs

diff from 15.10.1 to 15.10.2 (1.2 KiB)

15.10.1

Superseded in wily-release on 2015-06-08

Deleted in wily-proposed on 2015-06-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (15.10.1) wily; urgency=medium

  [ James Henstridge ]
  * ubuntu/ubuntu-sdk: add rules to allow access to the new GetThumbnail
    method

  [ Jamie Strandboge ]
  * create policy version 15.10 for wily
  * adjust autopkgtests for policy version 15.10
  * README.source: update for new version numbers that track releases

 -- Jamie Strandboge <email address hidden>  Thu, 21 May 2015 09:09:16 -0500

Available diffs

diff from 1.3.10 to 15.10.1 (16.0 KiB)

1.3.10

Superseded in wily-release on 2015-05-23

Obsolete in vivid-release on 2018-01-18

Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.10) vivid; urgency=medium

  * templates/*: explicitly deny noisy access to accountsservice
    (LP: #1433590)
 -- Jamie Strandboge <email address hidden>   Tue, 07 Apr 2015 11:29:08 -0500

Available diffs

diff from 1.3.9 to 1.3.10 (1.1 KiB)

1.3.9

Superseded in vivid-release on 2015-04-08

Deleted in vivid-proposed on 2015-04-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.9) vivid; urgency=medium

  * templates/ubuntu-sdk|ubuntu-webapp: explicitly deny noisy /dev/tty access
  * policygroups/accounts: also deny 'r' to /{,var/}run/user/*/signond/socket
    to silence expected noisy denial (LP: #1415492)
 -- Jamie Strandboge <email address hidden>   Mon, 30 Mar 2015 08:42:47 -0500

Available diffs

diff from 1.3.8 to 1.3.9 (1.1 KiB)

1.3.8

Superseded in vivid-release on 2015-03-30

Deleted in vivid-proposed on 2015-03-31 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.8) vivid; urgency=medium

  * hardware/video.d/apparmor-easyprof-ubuntu_mako: add accesses for
    video4linux 1 and 2 devices needed by mediascanner2 (gst-plugin-scanner)
    et al
 -- Jamie Strandboge <email address hidden>   Wed, 04 Mar 2015 08:42:23 -0600

Available diffs

diff from 1.3.7 to 1.3.8 (528 bytes)

1.3.7

Superseded in vivid-release on 2015-03-04

Deleted in vivid-proposed on 2015-03-05 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.7) vivid; urgency=medium

  * ubuntu/webview: allow oxide_helper read access to /sys/devices/system/cpu/
    and /sys/devices/system/cpu/cpu[0-9]*/cpufreq/cpuinfo_max_freq
 -- Jamie Strandboge <email address hidden>   Thu, 26 Feb 2015 08:22:04 -0600

Available diffs

diff from 1.3.4 to 1.3.7 (1.4 KiB)
diff from 1.3.6 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.3.7 (575 bytes)

1.3.6

Superseded in vivid-proposed on 2015-02-26

apparmor-easyprof-ubuntu (1.3.6) vivid; urgency=medium

  * ubuntu/1.0/ubuntu-{sdk,webapp}: also allow access to mir libraries via
    the new mir abstraction for 1.0 templates (LP: #1422521)

Available diffs

diff from 1.3.4 (in Ubuntu) to 1.3.6 (1.1 KiB)
diff from 1.3.5 to 1.3.6 (724 bytes)

1.3.4

Superseded in vivid-release on 2015-02-26

Deleted in vivid-proposed on 2015-02-27 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/accounts: explictly deny access to the p2p socket. This will now be
    available only to unconfined apps to support a trusted socket for
    privileged processes (LP: #1415492)

  [ Jamie Strandboge ]
  * add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy
    (LP: #1219644)
  * adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin
  * ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq
    readonly access
 -- Jamie Strandboge <email address hidden>   Tue, 03 Feb 2015 16:24:15 -0600

Available diffs

diff from 1.3.3 to 1.3.4 (3.8 KiB)

1.3.3

Superseded in vivid-release on 2015-02-04

Deleted in vivid-proposed on 2015-02-06 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.3) vivid; urgency=medium

  * ubuntu/{music,pictures,video}_files*: temporarily allow read access to
    global SD card user directory (LP: #1392368). This can be removed once
    there is a proper API for apps to find the SD card label.
 -- Jamie Strandboge <email address hidden>   Thu, 08 Jan 2015 14:24:42 -0600

Available diffs

diff from 1.3.2 to 1.3.3 (1.1 KiB)

1.3.2

Superseded in vivid-release on 2015-01-09

Deleted in vivid-proposed on 2015-01-10 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.2) vivid; urgency=medium

  [ Ricardo Salveti de Araujo ]
  * Adding hardware/video.d/apparmor-easyprof-ubuntu_manta to allow rw on
    /dev/video*, needed for hardware video decoding (LP: #1408130). (Note: we
    may need to add rw on /dev/v4l-subdev*, but this seems to be enough for
    now)
 -- Jamie Strandboge <email address hidden>   Thu, 08 Jan 2015 11:41:57 -0600

Available diffs

diff from 1.3.1 to 1.3.2 (523 bytes)

1.3.1

Superseded in vivid-release on 2015-01-08

Deleted in vivid-proposed on 2015-01-10 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.1) vivid; urgency=medium

  * ubuntu/ubuntu-sdk:
    - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
      Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src
    - explicitly deny dbus bind on name="org.freedesktop.Application" since
      it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
  * ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use
    webapp-container and specify the 'webview' policy group with 1.3 (15.04)
    policy (LP: #1392461)
  * ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow
    scopes to read data from the apps data dir (LP: #1384286)
  * adjust all dbus rules to use peer=(label=unconfined) to prevent
    coordinated communications between apps over DBus (LP: #1383824)
  * ubuntu/{music,pictures,video}_files*: allow access to global SD card
    directories (LP: #1391930)
  * debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
    changes (we need at least apparmor_parser 2.9.beta4 for these)
 -- Jamie Strandboge <email address hidden>   Mon, 15 Dec 2014 15:53:32 +0000

Available diffs

diff from 1.3.0 to 1.3.1 (9.3 KiB)

1.3.0

Superseded in vivid-release on 2014-12-15

Deleted in vivid-proposed on 2014-12-17 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.3.0) vivid; urgency=medium

  * debian/control:
    - add Vcs-Bzr and Vcs-Browser now that we have them
    - adjust Standards-Version
  * add debian/make-new-version.sh and document how to use it
  * create policy version 1.3
  * adjust autopkgtests:
    - add tests for policy version 1.3
    - fix lintian warnings in naming of the tests
  * debian/apparmor-easyprof-ubuntu.postinst: add #DEBHELPER# token
 -- Jamie Strandboge <email address hidden>   Wed, 29 Oct 2014 07:52:45 -0500

Available diffs

diff from 1.2.38 to 1.3.0 (14.8 KiB)

1.2.38

Superseded in vivid-release on 2014-10-29

Obsolete in utopic-release on 2016-11-03

Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.38) utopic; urgency=medium

  * ubuntu/networking: add rules for app-specific ubuntu-download-manager
    file downloads (LP: #1384349)
 -- Jamie Strandboge <email address hidden>   Wed, 22 Oct 2014 14:13:44 -0400

Available diffs

diff from 1.2.37 to 1.2.38 (674 bytes)

1.2.37

Superseded in utopic-release on 2014-10-22

Deleted in utopic-proposed on 2014-10-24 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.37) utopic; urgency=medium

  * ubuntu/audio: also allow access to GetArtistArt when accessing the
    thumbnailer (LP: #1381102)
 -- Jamie Strandboge <email address hidden>   Tue, 14 Oct 2014 09:37:24 -0500

Available diffs

diff from 1.2.35 to 1.2.37 (1.5 KiB)
diff from 1.2.36 to 1.2.37 (601 bytes)

1.2.36

Superseded in utopic-release on 2014-10-14

Deleted in utopic-proposed on 2014-10-16 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.36) utopic; urgency=medium

  * ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
    /com/google/code/AccountsSSO/SingleSignOn/** (LP: #1378809)
  * ubuntu/ubuntu-*, pending/ubuntu-scope-local-content, ubuntu/webview: also
    allow read on /android/system/build.prop (LP: #1378838)
 -- Jamie Strandboge <email address hidden>   Wed, 08 Oct 2014 08:28:17 -0500

Available diffs

diff from 1.2.35 to 1.2.36 (1.3 KiB)

1.2.35

Superseded in utopic-release on 2014-10-08

Deleted in utopic-proposed on 2014-10-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.35) utopic; urgency=medium

  * ubuntu/1.2/push-notification-client: don't deny access to the clipboard
    since sdk apps are supposed to be able to specify this policy group
  * ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among
    other things) explicitly disables access to the clipboard (LP: #1371170)
  * adjust autopackagetest for ubuntu-push-helper
  * ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
    /com/google/code/AccountsSSO/SingleSignOn
  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: also
    add remaining libhybris paths (/{,var/}run/shm/hybris_shm_data and
    /system/build.prop)
  * ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access
    (LP: #1378115)
 -- Jamie Strandboge <email address hidden>   Mon, 06 Oct 2014 10:41:18 -0500

Available diffs

diff from 1.2.34 to 1.2.35 (3.0 KiB)

1.2.34

Superseded in utopic-release on 2014-10-08

Deleted in utopic-proposed on 2014-10-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.34) utopic; urgency=medium

  * ubuntu/1.[12]/ubuntu-{sdk,webapp}: re-add still needed rule for
    /{,run/}shm/shm/WK2SharedMemory.[0-9]*. This needs to stay until qtwebkit
    is removed from the image (LP: #1377648)
 -- Jamie Strandboge <email address hidden>   Mon, 06 Oct 2014 07:10:09 -0500

Available diffs

diff from 1.2.30 to 1.2.34 (3.3 KiB)
diff from 1.2.33 to 1.2.34 (761 bytes)

1.2.33

Superseded in utopic-release on 2014-10-06

Deleted in utopic-proposed on 2014-10-07 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.33) utopic; urgency=medium

  * ubuntu/accounts: allow access to GetAll on org.freedesktop.DBus.Properties
    for /com/google/code/AccountsSSO/SingleSignOn (LP: #1377205)
  * ubuntu/webview: also deny access to /custom/etc/dconf_profile. This is
    fallout from Oxide trying to use gsettings, but we've been silently
    denying that access since the webview policy group was added, so just
    silence this denial too (LP: #1260101)
  * ubuntu/ubuntu-{sdk,webapp}: also allow talking to clipboard on freedesktop
    interface (LP: #1377221)
  * tests/test-data.py: update hardware dir handling and also adjust policy
    groups to use tmpdir
  * debian/control: Build-Depends on apparmor so we can check syntax during
    builds
 -- Jamie Strandboge <email address hidden>   Fri, 03 Oct 2014 10:21:33 -0500

Available diffs

diff from 1.2.32 to 1.2.33 (2.2 KiB)

1.2.32

Superseded in utopic-release on 2014-10-03

Deleted in utopic-proposed on 2014-10-05 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.32) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
    allow access to android libraries (LP: #1376430)
  * ubuntu/ubuntu-{sdk,webapp}: allow read access for thumbnailer icons
    (LP: #1376436)
 -- Jamie Strandboge <email address hidden>   Wed, 01 Oct 2014 15:13:35 -0500

Available diffs

diff from 1.2.30 to 1.2.32 (1.5 KiB)
diff from 1.2.31 to 1.2.32 (1.1 KiB)

1.2.31

Superseded in utopic-proposed on 2014-10-01

apparmor-easyprof-ubuntu (1.2.31) utopic; urgency=medium

  * ubuntu/ubuntu-{sdk,webapp}: allow apps to read and write to their
    app-specific QML cached bytecode (LP: #1376361)
 -- Jamie Strandboge <email address hidden>   Wed, 01 Oct 2014 12:18:29 -0500

Available diffs

diff from 1.2.30 to 1.2.31 (pending)

1.2.30

Superseded in utopic-release on 2014-10-01

Deleted in utopic-proposed on 2014-10-03 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.30) utopic; urgency=medium

  * ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218)
  * ubuntu/microphone: remove shmfd access since it is in the templates now
 -- Jamie Strandboge <email address hidden>   Tue, 30 Sep 2014 09:33:57 -0500

Available diffs

diff from 1.2.27 to 1.2.30 (2.2 KiB)
diff from 1.2.29 to 1.2.30 (1.1 KiB)

1.2.29

Superseded in utopic-release on 2014-09-30

Deleted in utopic-proposed on 2014-10-02 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.29) utopic; urgency=medium

  * ubuntu/webview: explicitly deny write access to @{PROC}/[0-9]*/oom_adj
    and @{PROC}/[0-9]*/oom_score_adj. This is confirmed as a way to escape
    application lifecycle (LP: #1260115)
 -- Jamie Strandboge <email address hidden>   Mon, 29 Sep 2014 12:28:39 -0500

Available diffs

diff from 1.2.28 to 1.2.29 (637 bytes)

1.2.28

Superseded in utopic-release on 2014-09-29

Deleted in utopic-proposed on 2014-10-01 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.28) utopic; urgency=medium

  * ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable
    on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623)
  * ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for
    /{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060)
  * ubuntu/microphone:
    - add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder
      (LP: #1370218)
    - explicitly deny read on /dev/
  * ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
    webapp-container needs corresponding 'bind' call on
    org.freedesktop.Application, which we block elsewhere. webapp-container
    shouldn't be doing this under confinement, but we allow this rule in
    content_exchange, so just allow it to avoid confusion. (LP: #1357371)
 -- Jamie Strandboge <email address hidden>   Fri, 26 Sep 2014 15:21:37 -0500

Available diffs

diff from 1.2.27 to 1.2.28 (1.8 KiB)

1.2.27

Superseded in utopic-release on 2014-09-29

Deleted in utopic-proposed on 2014-09-30 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.27) utopic; urgency=medium

  * ubuntu/ubuntu-{sdk,webapp}: all apps can access the Mir clipboard
    (LP: #1372579). Note, LP: 1371170 will be fixed in a future update
  * ubuntu/push-notification-client: explit deny (with auditing) for access
    to the Mir clipboard (background apps should not have access)
  * ubuntu/ubuntu-scope-network: explicit deny (with auditing) for access
    to the Mir clipboard (scopes should not have access)
  * pending/ubuntu-scope-local-content: bring up to date with changes to
    ubuntu-scope-network
 -- Jamie Strandboge <email address hidden>   Tue, 23 Sep 2014 09:07:00 -0500

Available diffs

diff from 1.2.22 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.2.27 (3.9 KiB)
diff from 1.2.26 to 1.2.27 (2.1 KiB)

1.2.26

Superseded in utopic-release on 2014-09-23

Deleted in utopic-proposed on 2014-09-24 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.26) utopic; urgency=medium

  * ubuntu/{audio,video}: allow mediascanner to send us signals
 -- Jamie Strandboge <email address hidden>   Mon, 22 Sep 2014 10:49:21 -0500

Available diffs

diff from 1.2.25 to 1.2.26 (713 bytes)

1.2.25

Superseded in utopic-release on 2014-09-22

Deleted in utopic-proposed on 2014-09-24 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.25) utopic; urgency=medium

  * ubuntu/location: don't filter receive on interface (allows PropertyChanged
    on org.freedesktop.DBus.Properties but also helps future proof)
 -- Jamie Strandboge <email address hidden>   Sun, 21 Sep 2014 11:52:56 -0500

Available diffs

diff from 1.2.24 to 1.2.25 (645 bytes)

1.2.24

Superseded in utopic-release on 2014-09-21

Deleted in utopic-proposed on 2014-09-23 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.24) utopic; urgency=medium

  * ubuntu/camera: allow DBus communications with media-hub (LP: #1369512)
  * ubuntu/*: drop redundnat 'ptrace (read) peer=@{profile_name}' since we
    include it in the base abstraction now
 -- Jamie Strandboge <email address hidden>   Tue, 16 Sep 2014 08:48:37 -0500

Available diffs

diff from 1.2.23 to 1.2.24 (1.2 KiB)

1.2.23

Superseded in utopic-release on 2014-09-20

Deleted in utopic-proposed on 2014-09-21 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.23) utopic; urgency=medium

  * ubuntu-scope-network:
    - don't needlessly escape '-' in zmq access rule
    - silence @{PROC}/[0-9]*/attr/current denial since the scopes runner uses
      aa_getcon() and the denial is noisy (LP: #1367264)
  * ubuntu-webapp: explicitly deny noisy denial to dbus bind on
    org.freedesktop.Application
  * debian/apparmor-easyprof-ubuntu.postinst: update the cached .md5sums file
    on upgrade to avoid running on install and then again on first boot after
    upgrade. This change only affects apt upgrades and not system-image
    upgrades since system-image upgrades always use the existing .md5sums if
    they exist (see /etc/system-image/writable-paths).
 -- Jamie Strandboge <email address hidden>   Wed, 10 Sep 2014 08:54:28 -0500

Available diffs

diff from 1.2.22 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.2.23 (1.5 KiB)

1.2.22

Superseded in utopic-release on 2014-09-12

Deleted in utopic-proposed on 2014-09-14 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.22) utopic; urgency=medium

  * Updates for abstract and anonymous socket mediation (LP: #1362199):
    - ubuntu/*/ubuntu-*:
      + use dbus-strict and dbus-session-strict abstractions and remove
        duplicated policy
      + allow ubuntu-sdk and ubuntu-webapp connect, receive and send on the
        maliit abstract socket
      + allow write access to owner /{,var/}run/user/*/@{APP_PKGNAME}/{,**}
    - ubuntu/*/unconfined: allow unix
    - ubuntu/webview:
      + allow oxide to talk to sandbox via unix sockets
      + allow sandbox to talk to @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION}
        peer
      + allow various unix perms from base abstract for the sandbox to use
        unix sockets
    - debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4
  * ubuntu/webview: use @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION} for
    signal now that we have @{APP_APPNAME} available (LP: #1363112)
  * ubuntu/debug: 'audit deny @{HOME}/.local/share/ r' which is used by the
    SDK to see if confined
  * debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4~
 -- Jamie Strandboge <email address hidden>   Fri, 05 Sep 2014 15:17:07 -0500

Available diffs

diff from 1.2.21 (in Ubuntu) to 1.2.22 (3.4 KiB)
diff from 1.2.22~abstract8 to 1.2.22 (812 bytes)

1.2.21

Superseded in utopic-release on 2014-09-09

Deleted in utopic-proposed on 2014-09-10 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.21) utopic; urgency=medium

  * ubuntu/1.2/accounts: online accounts now has Mir trusted session support
    so move accounts policy group to reserved (LP: #1230091)
 -- Jamie Strandboge <email address hidden>   Wed, 20 Aug 2014 08:05:37 -0500

Available diffs

diff from 1.2.20 to 1.2.21 (614 bytes)

1.2.20

Superseded in utopic-release on 2014-08-21

Deleted in utopic-proposed on 2014-08-23 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.20) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
    - add DBus session and system accesses to scope templates like we have in
      the app templates. This allows scopes to talk to trusted helpers like
      online accounts and location-service. Actual communication with the
      services is still controlled by the respective policy groups.
    - add scope-specific access to /run/user/[0-9]*/scopes/leaf-{net,fs}/*
 -- Jamie Strandboge <email address hidden>   Fri, 15 Aug 2014 10:56:32 -0500

Available diffs

diff from 1.2.15 to 1.2.20 (3.7 KiB)
diff from 1.2.19 to 1.2.20 (1.4 KiB)

1.2.19

Superseded in utopic-release on 2014-08-15

Deleted in utopic-proposed on 2014-08-17 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.19) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
    adjust path to settings, it was renamed to settings.ini (LP: #1356930)
 -- Jamie Strandboge <email address hidden>   Thu, 14 Aug 2014 11:48:17 -0500

Available diffs

diff from 1.2.18 to 1.2.19 (649 bytes)

1.2.18

Superseded in utopic-release on 2014-08-14

Deleted in utopic-proposed on 2014-08-16 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.18) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
    - allow rk access to scope specific settings.db
    - explicitly noisy deny rw access to unconfined directory
 -- Jamie Strandboge <email address hidden>   Wed, 13 Aug 2014 08:39:40 -0500

Available diffs

diff from 1.2.17 to 1.2.18 (825 bytes)

1.2.17

Superseded in utopic-release on 2014-08-13

Deleted in utopic-proposed on 2014-08-15 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.17) utopic; urgency=medium

  * ubuntu/*: explicitly deny 'w' access to /dev/xLog (LP: #1352432)
 -- Jamie Strandboge <email address hidden>   Mon, 11 Aug 2014 15:45:29 -0500

Available diffs

diff from 1.2.16 to 1.2.17 (684 bytes)

1.2.16

Superseded in utopic-release on 2014-08-11

Deleted in utopic-proposed on 2014-08-13 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium

  * ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API
    (LP: #1341548)
  * ubuntu/1.[12]/contacts: remove workaround policy since address-book-app
    no longer uses the telepathy API (LP: #1227818)
  * ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and
    noisy with the camera app
  * ubuntu/ubuntu-webapp: receive application-specific Open on
    org.freedesktop.Application to allow url-dispatcher working with already
    running webapps (LP: #1342129)
 -- Jamie Strandboge <email address hidden>   Thu, 07 Aug 2014 13:19:59 -0500

Available diffs

diff from 1.2.15 to 1.2.16 (2.4 KiB)

1.2.15

Superseded in utopic-release on 2014-08-11

Deleted in utopic-proposed on 2014-08-12 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.15) utopic; urgency=medium

  * ubuntu/*: explicitly deny noisy access to @{PROC}/xlog (LP: #1352432)
 -- Jamie Strandboge <email address hidden>   Mon, 04 Aug 2014 12:56:05 -0500

Available diffs

diff from 1.2.14 to 1.2.15 (757 bytes)

1.2.14

Superseded in utopic-release on 2014-08-04

Deleted in utopic-proposed on 2014-08-06 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.14) utopic; urgency=medium

  * ubuntu/camera: update to allow write access to the finalized path for the
    microphone socket (/dev/socket/micshm) (ref. LP: 1337582)
 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2014 13:07:19 -0500

Available diffs

diff from 1.2.13 to 1.2.14 (816 bytes)

1.2.13

Superseded in utopic-release on 2014-07-30

Deleted in utopic-proposed on 2014-08-01 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.13) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network: allow 'w' for leaf-net/@{APP_PKGNAME}/
  * pending/ubuntu-scope-local-content:
    - add 'w' for leaf-fs/@{APP_PKGNAME}/
    - add missing fix for LP: 1347177 (LP: #1348210)
  * include openssl abstraction in templates instead of in the networking
    policy group. This is needed due to changes in newer curl and gnutls28
    (LP: #1350152)
 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2014 07:23:56 -0500

Available diffs

diff from 1.2.12 to 1.2.13 (1.5 KiB)

1.2.12

Superseded in utopic-release on 2014-07-30

Deleted in utopic-proposed on 2014-08-01 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.12) utopic; urgency=medium

  * ubuntu/1.2/ubuntu-scope-network: allow rw on zmq/*-r reply endpoints. The
    scopes-api has protections for malformed or non-UUID-matching replies, so
    use a glob here to allow aggregating scopes to work. (LP: #1347177)
 -- Jamie Strandboge <email address hidden>   Wed, 23 Jul 2014 10:15:17 -0500

Available diffs

diff from 1.2.11 to 1.2.12 (741 bytes)

1.2.11

Superseded in utopic-release on 2014-07-24

Deleted in utopic-proposed on 2014-07-25 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.11) utopic; urgency=medium

  * add data/hardware/graphics.d/apparmor-easyprof-ubuntu_hammerhead in
    support of Nexus 5 devices
 -- Jamie Strandboge <email address hidden>   Thu, 17 Jul 2014 10:14:31 -0500

Available diffs

diff from 1.2.10 to 1.2.11 (509 bytes)

1.2.10

Superseded in utopic-release on 2014-07-17

Deleted in utopic-proposed on 2014-07-19 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.10) utopic; urgency=medium

  * remove ubuntu/1.2/friends policy group and adjust autopackagetest
    accordingly (LP: #1340869)
  * ubuntu/calendar: com.canonical.indicator.datetime.AlarmProperties should
    also be allowed on the org.freedesktop.DBus.Properties interface
    (LP: #1342708)
 -- Jamie Strandboge <email address hidden>   Wed, 16 Jul 2014 11:15:29 -0500

Available diffs

diff from 1.2.9 to 1.2.10 (1.5 KiB)

1.2.9

Superseded in utopic-release on 2014-07-16

Deleted in utopic-proposed on 2014-07-18 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.9) utopic; urgency=medium

  * ubuntu/webview:
    - adjust to allow oxide_render access to WebCore databases (LP: #1339724)
    - adjust for updated path for QML web plugin (LP: #1339777)
  * ubuntu/1.2: add new push-notification-client policy group
  * ubuntu/ubuntu-{sdk,webapp}: adjust for updated path for QML web plugin
  * ubuntu/audio: allow read access for /usr/share/sounds and
    /custom/usr/share/sounds (LP: #1340326)
  * ubuntu/audio: allow write access to /android/micshm (LP: #1337582)
 -- Jamie Strandboge <email address hidden>   Thu, 10 Jul 2014 12:28:30 -0500

Available diffs

diff from 1.2.8 to 1.2.9 (2.4 KiB)

1.2.8

Superseded in utopic-release on 2014-07-11

Deleted in utopic-proposed on 2014-07-12 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.8) utopic; urgency=medium

  * ubuntu/*/calendar: com.canonical.indicator.datetime.AlarmProperties
    should be allowed to confined apps
  * ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content):
    - allow exec of scoperunner for .so scopes
    - remove unused policy for .so files (the scope click hook creates
      symlinks to the click install directory instead)
 -- Jamie Strandboge <email address hidden>   Fri, 27 Jun 2014 11:59:02 -0500

Available diffs

diff from 1.2.7 to 1.2.8 (1.2 KiB)

1.2.7

Superseded in utopic-release on 2014-06-28

Deleted in utopic-proposed on 2014-06-29 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.7) utopic; urgency=medium

  * update for usensors (LP: #1334701)
    - ubuntu/*/ubuntu-sdk, ubuntu-webapp: update for haptic feedback
    - ubuntu/1.2/sensors:
      + remove /dev/binder
      + add access to all of usensors DBus API
 -- Jamie Strandboge <email address hidden>   Thu, 26 Jun 2014 15:03:16 -0500

Available diffs

diff from 1.2.6 to 1.2.7 (1.0 KiB)

1.2.6

Superseded in utopic-release on 2014-06-26

Deleted in utopic-proposed on 2014-06-28 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.6) utopic; urgency=medium

  * ubuntu/*/ubuntu-sdk, ubuntu-webapp:
    - allow read access to /custom/usr/share/fonts/{,**}
    - allow read access to /custom/xdg/data/themes/
    - group /custom rules together
 -- Jamie Strandboge <email address hidden>   Wed, 25 Jun 2014 10:42:17 -0500

Available diffs

diff from 1.2.5 to 1.2.6 (940 bytes)

1.2.5

Superseded in utopic-release on 2014-06-25

Deleted in utopic-proposed on 2014-06-26 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.5) utopic; urgency=medium

  * ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content):
    adjust to use @{APP_PKGNAME}_@{APP_APPNAME}* for zmq endpoints
  * tests/test-data.py: updates for new click-apparmor variables which are
    now needed since easyprof now more carefully verifies the policy
 -- Jamie Strandboge <email address hidden>   Mon, 23 Jun 2014 14:56:17 -0500

Available diffs

diff from 1.2.4 to 1.2.5 (1.2 KiB)

1.2.4

Superseded in utopic-release on 2014-06-23

Deleted in utopic-proposed on 2014-06-25 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.4) utopic; urgency=medium

  * ubuntu/1.2: refinements to scopes policy
    - use private-files-strict abstraction
    - finetune client endpoint policy
    - explicitly deny access to the zmq directory for the ubuntu-sdk and
      ubuntu-webapp templates
    - explicitly deny direct interaction with URL dispatcher to prevent data
      leaks
    - move ubuntu-scope-local-content template to 'pending' since there are
      unresolved issues surrounding its interaction with URL dispatcher.
      Adjust autopkgtests accordingly
  * ubuntu/calendar: update for upcoming calendar management landing
  * ubuntu/*/audio,video: add mediascanner2 DBus access (LP: #1303962)
  * ubuntu/1.[12]/music_files_read: remove temporary access to
    @{HOME}/.cache/mediascanner/ now that we have policy for mediascanner2
    DBus access. Note: normally this would require the change in only the
    latest policy, but this policy group has only been used by the music-app
    and it is still unconfined
  * ubuntu/1.1: also ship debug policy group for 1.1 policy and update
    autopkgtests for this (LP: #1323233)
 -- Jamie Strandboge <email address hidden>   Fri, 06 Jun 2014 07:37:54 -0500

Available diffs

diff from 1.2.3 to 1.2.4 (3.9 KiB)

1.2.3

Superseded in utopic-release on 2014-06-06

Deleted in utopic-proposed on 2014-06-07 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.3) utopic; urgency=medium

  * fix autopkgtests for new templates and policy group
 -- Jamie Strandboge <email address hidden>   Fri, 30 May 2014 08:00:50 +0200

Available diffs

diff from 1.2.2 to 1.2.3 (743 bytes)

1.2.2

Superseded in utopic-release on 2014-05-30

Deleted in utopic-proposed on 2014-05-31 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.2) utopic; urgency=medium

  * ubuntu/1.2:
    - add ubuntu-scope-network template
    - add ubuntu-scope-local-content template
    - add debug policy group (LP: #1323233)
  * ubuntu/1.[12]: add ptrace read to @{profile_name}
 -- Jamie Strandboge <email address hidden>   Fri, 30 May 2014 00:36:26 +0200

Available diffs

diff from 1.2.1 to 1.2.2 (2.0 KiB)

1.2.1

Superseded in utopic-release on 2014-05-30

Deleted in utopic-proposed on 2014-05-31 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.1) utopic; urgency=medium

  * ubuntu/*: update unconfined template to work with autopilot (changes to
    exec were required since the /** pix rule conflicted with upcoming
    autopilot rules)
    - use ###VAR### since the template vars
    - allow exec (mostly) everywhere except @{HOMEDIRS}/*/autopilot/fakeenv
 -- Jamie Strandboge <email address hidden>   Fri, 23 May 2014 08:46:09 +0200

Available diffs

diff from 1.2.0 to 1.2.1 (929 bytes)

1.2.0

Superseded in utopic-release on 2014-05-23

Deleted in utopic-proposed on 2014-05-24 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.2.0) utopic; urgency=medium

  * add 1.2 policy:
    - create data/templates/ubuntu/1.2 and symlink to 1.1 policy
    - create data/policygroups/ubuntu/1.2 and symlink to 1.1 policy
    - update debian/tests/installed_* to add 1.2 policy
  * tests/test-data.py: add --debug option
 -- Jamie Strandboge <email address hidden>   Thu, 22 May 2014 12:20:00 +0200

Available diffs

diff from 1.1.18 to 1.2.0 (11.8 KiB)

1.1.18

Superseded in utopic-release on 2014-05-22

Deleted in utopic-proposed on 2014-05-23 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.18) utopic; urgency=medium

  * ubuntu/*: adjust audio/video policy groups comment to mention that the
    media-hub server allows playing remote content
  * ubuntu/networking:
    - correct member portion of DBus rules to not include interface
      (LP: #1311164)
    - adjust explit deny DownloadManager rules to include interface
  * 1.*/ubuntu-sdk:
    - allow read of /usr/share/qtdeclarative5-ubuntu-ui-extras-browser-plugin/
    - allow read access of /etc/machine-id
    - allow ptrace read of ourself
  * 1.1/webview: allow capability dac_read_search for oxide_helper
  * 1.*/video: allow read access to video4linux for playback
  * 1.*/audio: allow calling GetAlbumArt from the thumbnailer DBus API
  * 1.1/ubuntu-*: remove temporary rule for /usr/share/libthai/thbrk.tri
  * ubuntu/*: adjust the calendar and contacts reserved policy groups to
    allow access to the sync monitor (LP: #1319544). This should be removed
    when LP: 1319546 is fixed.
  * 1.1/music_files_read: allow read of @{HOME}/.cache/mediascanner/ until
    LP: 1303962 and LP: 1315381 are fixed
 -- Jamie Strandboge <email address hidden>   Thu, 15 May 2014 13:37:06 -0500

Available diffs

diff from 1.1.17 (in ~ci-train-ppa-service/ubuntu/landing-004-deletedppa) to 1.1.18 (3.2 KiB)

1.1.17

Superseded in utopic-release on 2014-05-15

Deleted in utopic-proposed on 2014-05-17 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.17) utopic; urgency=medium

  * 1.*/audio,video: allow communications with the media-hub-server now that
    it is a trusted helper (LP: #1303962)
  * 1.1/music_files*,video_files*: revert media-hub rules in 1.1.15 now that
    common policy groups (audio and video) can be used instead
  * 1.1/ubuntu-*: allow apps to communicate with the Launcher via their
    @{APP_ID_DBUS} specific path (LP: #1301400)
 -- Jamie Strandboge <email address hidden>   Wed, 16 Apr 2014 13:40:03 -0500

Available diffs

diff from 1.1.16 (in Ubuntu) to 1.1.17 (1.4 KiB)

1.1.16

Superseded in utopic-release on 2014-04-30

Published in trusty-release on 2014-04-09

Deleted in trusty-proposed (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.16) trusty; urgency=medium

  * 1.1/webview: update to allow exec of chrome-sandbox now that oxide is
    doing a proper fork/exec
 -- Jamie Strandboge <email address hidden>   Wed, 09 Apr 2014 13:58:10 -0500

Available diffs

diff from 1.1.15 to 1.1.16 (533 bytes)

1.1.15

Superseded in trusty-release on 2014-04-09

Deleted in trusty-proposed on 2014-04-11 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.15) trusty; urgency=medium

  * 1.*/unconfined: update for ptrace and signal
  * 1.1/music_files*: add rules for talking to the media-hub-server and read
    access to mediascanner files
  * 1.1/video_files*: add rules for talking to the media-hub-server and read
    access to mediascanner files
 -- Jamie Strandboge <email address hidden>   Tue, 08 Apr 2014 07:09:42 -0500

Available diffs

diff from 1.1.14 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.1.15 (892 bytes)

1.1.14

Superseded in trusty-release on 2014-04-08

Deleted in trusty-proposed on 2014-04-09 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.14) trusty; urgency=medium

  * 1.1/webview: update for ptrace and signal mediation (LP: #1298611)
  * debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4
 -- Jamie Strandboge <email address hidden>   Thu, 03 Apr 2014 15:19:23 -0500

Available diffs

diff from 1.1.13 (in Ubuntu) to 1.1.14 (961 bytes)

1.1.13

Superseded in trusty-release on 2014-04-04

Deleted in trusty-proposed on 2014-04-05 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.13) trusty; urgency=medium

  * 1.1/webview (LP: #1301351)
    - add 'mr' for chrome-sandbox and oxide-renderer
    - allow 'r' for @{PROC}/sys/kernel/yama/ptrace_scope
 -- Jamie Strandboge <email address hidden>   Wed, 02 Apr 2014 09:11:49 -0500

Available diffs

diff from 1.1.12 to 1.1.13 (740 bytes)

1.1.12

Superseded in trusty-release on 2014-04-02

Deleted in trusty-proposed on 2014-04-03 (Reason: moved to release)

apparmor-easyprof-ubuntu (1.1.12) trusty; urgency=medium

  * 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
    /usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for
    people who are diagnosing oxide issues (LP: #1260044)
 -- Jamie Strandboge <email address hidden>   Mon, 31 Mar 2014 13:14:37 -0500

Available diffs

diff from 1.1.11 to 1.1.12 (576 bytes)

Ubuntuapparmor-easyprof-ubuntu package

Change log for apparmor-easyprof-ubuntu package in Ubuntu

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Ubuntu
apparmor-easyprof-ubuntu package