Change log for apparmor-easyprof-ubuntu package in Ubuntu
1 → 75 of 131 results | First • Previous • Next • Last |
Deleted in bionic-release (Reason: unmaintained. LP: #1750005) |
Obsolete in artful-release |
Superseded in artful-release |
Obsolete in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (16.10.3) yakkety; urgency=medium [ Michi Henning ] * add ClientConfig to list of allowed methods for applications using the thumbnailer (LP: #1528058) -- Jamie Strandboge <email address hidden> Fri, 26 Aug 2016 10:01:48 -0500
Available diffs
Deleted in zesty-proposed (Reason: superseded by version in release pocket) |
Superseded in yakkety-proposed |
apparmor-easyprof-ubuntu (16.10.2) yakkety; urgency=medium [ You-Sheng Yang ] * add lib64 for 64bit android (LP: #1615923) [ Simon Fels ] * Allow libhybris to load its linker implementation at runtime. [ Tyler Hicks ] * ubuntu/webview: update to allow access to the new app-specific shared memory files that will be used by Oxide 1.17.5, 1.18, and newer (LP: #1260103) [ Ken Vandine ] * ubuntu/ubuntu-sdk, ubuntu/ubuntu-webapp: add access to content-hub's Pasteboard -- Jamie Strandboge <email address hidden> Thu, 25 Aug 2016 13:32:04 -0500
Available diffs
apparmor-easyprof-ubuntu (16.10.1) yakkety; urgency=medium * add 16.10 policy * add bluetooth-net and bluetooth-file-transfer to pending/ * add reserved ubuntu/bluetooth (LP: #1569582) -- Jamie Strandboge <email address hidden> Tue, 10 May 2016 16:21:46 -0500
Available diffs
- diff from 16.04.5 to 16.10.1 (17.2 KiB)
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (16.04.5) xenial; urgency=medium * ubuntu/calendar: update to allow read on /etc/{,writable/}timezone (LP: #1565908) -- Jamie Strandboge <email address hidden> Mon, 04 Apr 2016 12:50:18 -0500
Available diffs
- diff from 16.04.4 to 16.04.5 (656 bytes)
apparmor-easyprof-ubuntu (16.04.4) xenial; urgency=medium [ Jamie Strandboge ] * adjust cpuinfo_max_freq access for newer kernels * ubuntu/calendar: update policy to account for newer EDS Subprocess path on the org.gnome.evolution.dataserver.Calendar interface (LP: #1548888) -- Jamie Strandboge <email address hidden> Tue, 23 Feb 2016 16:50:56 -0600
Available diffs
- diff from 16.04.3 to 16.04.4 (1.0 KiB)
apparmor-easyprof-ubuntu (16.04.3) xenial; urgency=medium [ Tiago Salem Herrmann ] * ubuntu/history: add owner read access to @{HOME}/.local/share/history-service/attachments/ [ Jamie Strandboge ] * ubuntu/webview: apply shm changes in last upload to previous policy and adjust symlinks (LP: #1538475) -- Jamie Strandboge <email address hidden> Wed, 27 Jan 2016 08:16:28 -0600
Available diffs
- diff from 16.04.2 to 16.04.3 (1.0 KiB)
apparmor-easyprof-ubuntu (16.04.2) xenial; urgency=medium * ubuntu/ubuntu-sdk: - apply shm changes in last upload to previous policy and adjust symlinks - allow read access to /usr/share/click/frameworks -- Jamie Strandboge <email address hidden> Thu, 19 Nov 2015 15:00:52 -0600
Available diffs
- diff from 16.04.1 to 16.04.2 (1003 bytes)
apparmor-easyprof-ubuntu (16.04.1) xenial; urgency=medium * create policy version 16.04 for xenial * adjust autopkgtests for policy version 15.10 * ubuntu/ubuntu-sdk, ubuntu/webview: allow /dev/shm in addition to /run/shm (LP: #1508054) -- Jamie Strandboge <email address hidden> Mon, 26 Oct 2015 15:52:48 -0500
Available diffs
- diff from 15.10.11 to 16.04.1 (15.8 KiB)
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (15.10.11) wily; urgency=medium * adjust autopkgtests for in-app-purchases
Available diffs
- diff from 15.10.9 to 15.10.11 (980 bytes)
- diff from 15.10.10 to 15.10.11 (680 bytes)
apparmor-easyprof-ubuntu (15.10.10) wily; urgency=medium [ Rodney Dawes ] * Add in-app-purchases policy group for IAP support (LP: #1498202) -- Jamie Strandboge <email address hidden> Mon, 21 Sep 2015 16:48:49 -0500
Available diffs
- diff from 15.10.9 to 15.10.10 (597 bytes)
apparmor-easyprof-ubuntu (15.10.9) wily; urgency=medium [ Alberto Mardegan ] * ubuntu/15.10/accounts: add back v1 API -- Jamie Strandboge <email address hidden> Thu, 10 Sep 2015 10:38:22 -0500
Available diffs
- diff from 15.10.8 to 15.10.9 (1.2 KiB)
apparmor-easyprof-ubuntu (15.10.8) wily; urgency=medium [ Alberto Mardegan ] * ubuntu/15.10/accounts: use only the new Online Accounts v2 API * ubuntu/1.[23]/accounts: add the new Online Accounts v2 API * ubuntu/15.10/ubuntu-account-plugin: add the required v1 API -- Jamie Strandboge <email address hidden> Wed, 29 Jul 2015 15:16:07 -0500
Available diffs
- diff from 15.10.7 to 15.10.8 (1.6 KiB)
apparmor-easyprof-ubuntu (15.10.7) wily; urgency=medium * ubuntu/ubuntu-webapp: allow read access to /usr/share/ubuntu-html5-theme and /usr/share/ubuntu-html5-ui-toolkit (LP: #1477580) -- Jamie Strandboge <email address hidden> Thu, 23 Jul 2015 16:16:49 -0500
Available diffs
- diff from 15.10.6 to 15.10.7 (677 bytes)
apparmor-easyprof-ubuntu (15.10.6) wily; urgency=medium * add ubuntu/keep-display-on for using the Unity screen DBus API - LP: #1462489 * adjust autopkgtests for keep-display-on -- Jamie Strandboge <email address hidden> Wed, 08 Jul 2015 09:11:56 -0500
Available diffs
- diff from 15.10.5 to 15.10.6 (1.1 KiB)
apparmor-easyprof-ubuntu (15.10.5) wily; urgency=medium * ubuntu/ubuntu-account-plugin (LP: #1468792): - allow access to QML cache - explicitly deny access to /proc/[0-9]*/mounts and /dev/disk/by-label/ * hardware/graphics.d/apparmor-easyprof-ubuntu_(hammerhead|mako|flo): also allow access to kgsl-3d0.0/kgsl/kgsl-3d0/reset_count -- Jamie Strandboge <email address hidden> Fri, 26 Jun 2015 10:47:37 -0500
Available diffs
- diff from 15.10.4 to 15.10.5 (1.1 KiB)
apparmor-easyprof-ubuntu (15.10.4) wily; urgency=medium [ Ken VanDine ] * Fixed the interface name for the SocketDemangler rule in the ubuntu-sdk template and added rule to allow the socket-demangler to be executed. -- Jamie Strandboge <email address hidden> Fri, 19 Jun 2015 08:09:46 -0500
Available diffs
- diff from 15.10.3 to 15.10.4 (963 bytes)
apparmor-easyprof-ubuntu (15.10.3) wily; urgency=medium * ubuntu/unconfined: remove autopilot specific rules and use simpler '/** pix,' rule. This is possible because dbus-property-service no longer ships 'fakeenv' rules. This is only backportable on earlier releases if dbus-property-service in those releases has the same change. (LP: #1464341) -- Jamie Strandboge <email address hidden> Fri, 12 Jun 2015 09:59:18 -0500
Available diffs
- diff from 15.10.2 to 15.10.3 (868 bytes)
apparmor-easyprof-ubuntu (15.10.2) wily; urgency=medium [ Ted Gould ] * ubuntu/ubuntu-sdk: DBus rule for UAL TPS untrusted helpers (LP: #1462494) -- Jamie Strandboge <email address hidden> Fri, 05 Jun 2015 14:17:58 -0500
Available diffs
- diff from 15.10.1 to 15.10.2 (1.2 KiB)
apparmor-easyprof-ubuntu (15.10.1) wily; urgency=medium [ James Henstridge ] * ubuntu/ubuntu-sdk: add rules to allow access to the new GetThumbnail method [ Jamie Strandboge ] * create policy version 15.10 for wily * adjust autopkgtests for policy version 15.10 * README.source: update for new version numbers that track releases -- Jamie Strandboge <email address hidden> Thu, 21 May 2015 09:09:16 -0500
Available diffs
- diff from 1.3.10 to 15.10.1 (16.0 KiB)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (1.3.10) vivid; urgency=medium * templates/*: explicitly deny noisy access to accountsservice (LP: #1433590) -- Jamie Strandboge <email address hidden> Tue, 07 Apr 2015 11:29:08 -0500
Available diffs
- diff from 1.3.9 to 1.3.10 (1.1 KiB)
apparmor-easyprof-ubuntu (1.3.9) vivid; urgency=medium * templates/ubuntu-sdk|ubuntu-webapp: explicitly deny noisy /dev/tty access * policygroups/accounts: also deny 'r' to /{,var/}run/user/*/signond/socket to silence expected noisy denial (LP: #1415492) -- Jamie Strandboge <email address hidden> Mon, 30 Mar 2015 08:42:47 -0500
Available diffs
- diff from 1.3.8 to 1.3.9 (1.1 KiB)
apparmor-easyprof-ubuntu (1.3.8) vivid; urgency=medium * hardware/video.d/apparmor-easyprof-ubuntu_mako: add accesses for video4linux 1 and 2 devices needed by mediascanner2 (gst-plugin-scanner) et al -- Jamie Strandboge <email address hidden> Wed, 04 Mar 2015 08:42:23 -0600
Available diffs
- diff from 1.3.7 to 1.3.8 (528 bytes)
apparmor-easyprof-ubuntu (1.3.7) vivid; urgency=medium * ubuntu/webview: allow oxide_helper read access to /sys/devices/system/cpu/ and /sys/devices/system/cpu/cpu[0-9]*/cpufreq/cpuinfo_max_freq -- Jamie Strandboge <email address hidden> Thu, 26 Feb 2015 08:22:04 -0600
Available diffs
- diff from 1.3.4 to 1.3.7 (1.4 KiB)
- diff from 1.3.6 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.3.7 (575 bytes)
apparmor-easyprof-ubuntu (1.3.6) vivid; urgency=medium * ubuntu/1.0/ubuntu-{sdk,webapp}: also allow access to mir libraries via the new mir abstraction for 1.0 templates (LP: #1422521)
Available diffs
- diff from 1.3.4 (in Ubuntu) to 1.3.6 (1.1 KiB)
- diff from 1.3.5 to 1.3.6 (724 bytes)
apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium [ Alberto Mardegan ] * ubuntu/accounts: explictly deny access to the p2p socket. This will now be available only to unconfined apps to support a trusted socket for privileged processes (LP: #1415492) [ Jamie Strandboge ] * add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy (LP: #1219644) * adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin * ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq readonly access -- Jamie Strandboge <email address hidden> Tue, 03 Feb 2015 16:24:15 -0600
Available diffs
- diff from 1.3.3 to 1.3.4 (3.8 KiB)
apparmor-easyprof-ubuntu (1.3.3) vivid; urgency=medium * ubuntu/{music,pictures,video}_files*: temporarily allow read access to global SD card user directory (LP: #1392368). This can be removed once there is a proper API for apps to find the SD card label. -- Jamie Strandboge <email address hidden> Thu, 08 Jan 2015 14:24:42 -0600
Available diffs
- diff from 1.3.2 to 1.3.3 (1.1 KiB)
apparmor-easyprof-ubuntu (1.3.2) vivid; urgency=medium [ Ricardo Salveti de Araujo ] * Adding hardware/video.d/apparmor-easyprof-ubuntu_manta to allow rw on /dev/video*, needed for hardware video decoding (LP: #1408130). (Note: we may need to add rw on /dev/v4l-subdev*, but this seems to be enough for now) -- Jamie Strandboge <email address hidden> Thu, 08 Jan 2015 11:41:57 -0600
Available diffs
- diff from 1.3.1 to 1.3.2 (523 bytes)
apparmor-easyprof-ubuntu (1.3.1) vivid; urgency=medium * ubuntu/ubuntu-sdk: - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials. Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src - explicitly deny dbus bind on name="org.freedesktop.Application" since it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit * ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use webapp-container and specify the 'webview' policy group with 1.3 (15.04) policy (LP: #1392461) * ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow scopes to read data from the apps data dir (LP: #1384286) * adjust all dbus rules to use peer=(label=unconfined) to prevent coordinated communications between apps over DBus (LP: #1383824) * ubuntu/{music,pictures,video}_files*: allow access to global SD card directories (LP: #1391930) * debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer changes (we need at least apparmor_parser 2.9.beta4 for these) -- Jamie Strandboge <email address hidden> Mon, 15 Dec 2014 15:53:32 +0000
Available diffs
- diff from 1.3.0 to 1.3.1 (9.3 KiB)
apparmor-easyprof-ubuntu (1.3.0) vivid; urgency=medium * debian/control: - add Vcs-Bzr and Vcs-Browser now that we have them - adjust Standards-Version * add debian/make-new-version.sh and document how to use it * create policy version 1.3 * adjust autopkgtests: - add tests for policy version 1.3 - fix lintian warnings in naming of the tests * debian/apparmor-easyprof-ubuntu.postinst: add #DEBHELPER# token -- Jamie Strandboge <email address hidden> Wed, 29 Oct 2014 07:52:45 -0500
Available diffs
- diff from 1.2.38 to 1.3.0 (14.8 KiB)
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (1.2.38) utopic; urgency=medium * ubuntu/networking: add rules for app-specific ubuntu-download-manager file downloads (LP: #1384349) -- Jamie Strandboge <email address hidden> Wed, 22 Oct 2014 14:13:44 -0400
Available diffs
- diff from 1.2.37 to 1.2.38 (674 bytes)
apparmor-easyprof-ubuntu (1.2.37) utopic; urgency=medium * ubuntu/audio: also allow access to GetArtistArt when accessing the thumbnailer (LP: #1381102) -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2014 09:37:24 -0500
Available diffs
- diff from 1.2.35 to 1.2.37 (1.5 KiB)
- diff from 1.2.36 to 1.2.37 (601 bytes)
apparmor-easyprof-ubuntu (1.2.36) utopic; urgency=medium * ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for /com/google/code/AccountsSSO/SingleSignOn/** (LP: #1378809) * ubuntu/ubuntu-*, pending/ubuntu-scope-local-content, ubuntu/webview: also allow read on /android/system/build.prop (LP: #1378838) -- Jamie Strandboge <email address hidden> Wed, 08 Oct 2014 08:28:17 -0500
Available diffs
- diff from 1.2.35 to 1.2.36 (1.3 KiB)
apparmor-easyprof-ubuntu (1.2.35) utopic; urgency=medium * ubuntu/1.2/push-notification-client: don't deny access to the clipboard since sdk apps are supposed to be able to specify this policy group * ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among other things) explicitly disables access to the clipboard (LP: #1371170) * adjust autopackagetest for ubuntu-push-helper * ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for /com/google/code/AccountsSSO/SingleSignOn * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: also add remaining libhybris paths (/{,var/}run/shm/hybris_shm_data and /system/build.prop) * ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access (LP: #1378115) -- Jamie Strandboge <email address hidden> Mon, 06 Oct 2014 10:41:18 -0500
Available diffs
- diff from 1.2.34 to 1.2.35 (3.0 KiB)
apparmor-easyprof-ubuntu (1.2.34) utopic; urgency=medium * ubuntu/1.[12]/ubuntu-{sdk,webapp}: re-add still needed rule for /{,run/}shm/shm/WK2SharedMemory.[0-9]*. This needs to stay until qtwebkit is removed from the image (LP: #1377648) -- Jamie Strandboge <email address hidden> Mon, 06 Oct 2014 07:10:09 -0500
Available diffs
- diff from 1.2.30 to 1.2.34 (3.3 KiB)
- diff from 1.2.33 to 1.2.34 (761 bytes)
apparmor-easyprof-ubuntu (1.2.33) utopic; urgency=medium * ubuntu/accounts: allow access to GetAll on org.freedesktop.DBus.Properties for /com/google/code/AccountsSSO/SingleSignOn (LP: #1377205) * ubuntu/webview: also deny access to /custom/etc/dconf_profile. This is fallout from Oxide trying to use gsettings, but we've been silently denying that access since the webview policy group was added, so just silence this denial too (LP: #1260101) * ubuntu/ubuntu-{sdk,webapp}: also allow talking to clipboard on freedesktop interface (LP: #1377221) * tests/test-data.py: update hardware dir handling and also adjust policy groups to use tmpdir * debian/control: Build-Depends on apparmor so we can check syntax during builds -- Jamie Strandboge <email address hidden> Fri, 03 Oct 2014 10:21:33 -0500
Available diffs
- diff from 1.2.32 to 1.2.33 (2.2 KiB)
apparmor-easyprof-ubuntu (1.2.32) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow access to android libraries (LP: #1376430) * ubuntu/ubuntu-{sdk,webapp}: allow read access for thumbnailer icons (LP: #1376436) -- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 15:13:35 -0500
Available diffs
- diff from 1.2.30 to 1.2.32 (1.5 KiB)
- diff from 1.2.31 to 1.2.32 (1.1 KiB)
apparmor-easyprof-ubuntu (1.2.31) utopic; urgency=medium * ubuntu/ubuntu-{sdk,webapp}: allow apps to read and write to their app-specific QML cached bytecode (LP: #1376361) -- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 12:18:29 -0500
Available diffs
- diff from 1.2.30 to 1.2.31 (pending)
apparmor-easyprof-ubuntu (1.2.30) utopic; urgency=medium * ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218) * ubuntu/microphone: remove shmfd access since it is in the templates now -- Jamie Strandboge <email address hidden> Tue, 30 Sep 2014 09:33:57 -0500
Available diffs
- diff from 1.2.27 to 1.2.30 (2.2 KiB)
- diff from 1.2.29 to 1.2.30 (1.1 KiB)
apparmor-easyprof-ubuntu (1.2.29) utopic; urgency=medium * ubuntu/webview: explicitly deny write access to @{PROC}/[0-9]*/oom_adj and @{PROC}/[0-9]*/oom_score_adj. This is confirmed as a way to escape application lifecycle (LP: #1260115) -- Jamie Strandboge <email address hidden> Mon, 29 Sep 2014 12:28:39 -0500
Available diffs
- diff from 1.2.28 to 1.2.29 (637 bytes)
apparmor-easyprof-ubuntu (1.2.28) utopic; urgency=medium * ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623) * ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for /{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060) * ubuntu/microphone: - add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder (LP: #1370218) - explicitly deny read on /dev/ * ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus webapp-container needs corresponding 'bind' call on org.freedesktop.Application, which we block elsewhere. webapp-container shouldn't be doing this under confinement, but we allow this rule in content_exchange, so just allow it to avoid confusion. (LP: #1357371) -- Jamie Strandboge <email address hidden> Fri, 26 Sep 2014 15:21:37 -0500
Available diffs
- diff from 1.2.27 to 1.2.28 (1.8 KiB)
apparmor-easyprof-ubuntu (1.2.27) utopic; urgency=medium * ubuntu/ubuntu-{sdk,webapp}: all apps can access the Mir clipboard (LP: #1372579). Note, LP: 1371170 will be fixed in a future update * ubuntu/push-notification-client: explit deny (with auditing) for access to the Mir clipboard (background apps should not have access) * ubuntu/ubuntu-scope-network: explicit deny (with auditing) for access to the Mir clipboard (scopes should not have access) * pending/ubuntu-scope-local-content: bring up to date with changes to ubuntu-scope-network -- Jamie Strandboge <email address hidden> Tue, 23 Sep 2014 09:07:00 -0500
Available diffs
apparmor-easyprof-ubuntu (1.2.26) utopic; urgency=medium * ubuntu/{audio,video}: allow mediascanner to send us signals -- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 10:49:21 -0500
Available diffs
- diff from 1.2.25 to 1.2.26 (713 bytes)
apparmor-easyprof-ubuntu (1.2.25) utopic; urgency=medium * ubuntu/location: don't filter receive on interface (allows PropertyChanged on org.freedesktop.DBus.Properties but also helps future proof) -- Jamie Strandboge <email address hidden> Sun, 21 Sep 2014 11:52:56 -0500
Available diffs
- diff from 1.2.24 to 1.2.25 (645 bytes)
apparmor-easyprof-ubuntu (1.2.24) utopic; urgency=medium * ubuntu/camera: allow DBus communications with media-hub (LP: #1369512) * ubuntu/*: drop redundnat 'ptrace (read) peer=@{profile_name}' since we include it in the base abstraction now -- Jamie Strandboge <email address hidden> Tue, 16 Sep 2014 08:48:37 -0500
Available diffs
- diff from 1.2.23 to 1.2.24 (1.2 KiB)
apparmor-easyprof-ubuntu (1.2.23) utopic; urgency=medium * ubuntu-scope-network: - don't needlessly escape '-' in zmq access rule - silence @{PROC}/[0-9]*/attr/current denial since the scopes runner uses aa_getcon() and the denial is noisy (LP: #1367264) * ubuntu-webapp: explicitly deny noisy denial to dbus bind on org.freedesktop.Application * debian/apparmor-easyprof-ubuntu.postinst: update the cached .md5sums file on upgrade to avoid running on install and then again on first boot after upgrade. This change only affects apt upgrades and not system-image upgrades since system-image upgrades always use the existing .md5sums if they exist (see /etc/system-image/writable-paths). -- Jamie Strandboge <email address hidden> Wed, 10 Sep 2014 08:54:28 -0500
Available diffs
apparmor-easyprof-ubuntu (1.2.22) utopic; urgency=medium * Updates for abstract and anonymous socket mediation (LP: #1362199): - ubuntu/*/ubuntu-*: + use dbus-strict and dbus-session-strict abstractions and remove duplicated policy + allow ubuntu-sdk and ubuntu-webapp connect, receive and send on the maliit abstract socket + allow write access to owner /{,var/}run/user/*/@{APP_PKGNAME}/{,**} - ubuntu/*/unconfined: allow unix - ubuntu/webview: + allow oxide to talk to sandbox via unix sockets + allow sandbox to talk to @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION} peer + allow various unix perms from base abstract for the sandbox to use unix sockets - debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4 * ubuntu/webview: use @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION} for signal now that we have @{APP_APPNAME} available (LP: #1363112) * ubuntu/debug: 'audit deny @{HOME}/.local/share/ r' which is used by the SDK to see if confined * debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4~ -- Jamie Strandboge <email address hidden> Fri, 05 Sep 2014 15:17:07 -0500
Available diffs
- diff from 1.2.21 (in Ubuntu) to 1.2.22 (3.4 KiB)
- diff from 1.2.22~abstract8 to 1.2.22 (812 bytes)
apparmor-easyprof-ubuntu (1.2.21) utopic; urgency=medium * ubuntu/1.2/accounts: online accounts now has Mir trusted session support so move accounts policy group to reserved (LP: #1230091) -- Jamie Strandboge <email address hidden> Wed, 20 Aug 2014 08:05:37 -0500
Available diffs
- diff from 1.2.20 to 1.2.21 (614 bytes)
apparmor-easyprof-ubuntu (1.2.20) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: - add DBus session and system accesses to scope templates like we have in the app templates. This allows scopes to talk to trusted helpers like online accounts and location-service. Actual communication with the services is still controlled by the respective policy groups. - add scope-specific access to /run/user/[0-9]*/scopes/leaf-{net,fs}/* -- Jamie Strandboge <email address hidden> Fri, 15 Aug 2014 10:56:32 -0500
Available diffs
- diff from 1.2.15 to 1.2.20 (3.7 KiB)
- diff from 1.2.19 to 1.2.20 (1.4 KiB)
apparmor-easyprof-ubuntu (1.2.19) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: adjust path to settings, it was renamed to settings.ini (LP: #1356930) -- Jamie Strandboge <email address hidden> Thu, 14 Aug 2014 11:48:17 -0500
Available diffs
- diff from 1.2.18 to 1.2.19 (649 bytes)
apparmor-easyprof-ubuntu (1.2.18) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: - allow rk access to scope specific settings.db - explicitly noisy deny rw access to unconfined directory -- Jamie Strandboge <email address hidden> Wed, 13 Aug 2014 08:39:40 -0500
Available diffs
- diff from 1.2.17 to 1.2.18 (825 bytes)
apparmor-easyprof-ubuntu (1.2.17) utopic; urgency=medium * ubuntu/*: explicitly deny 'w' access to /dev/xLog (LP: #1352432) -- Jamie Strandboge <email address hidden> Mon, 11 Aug 2014 15:45:29 -0500
Available diffs
- diff from 1.2.16 to 1.2.17 (684 bytes)
apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium * ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API (LP: #1341548) * ubuntu/1.[12]/contacts: remove workaround policy since address-book-app no longer uses the telepathy API (LP: #1227818) * ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and noisy with the camera app * ubuntu/ubuntu-webapp: receive application-specific Open on org.freedesktop.Application to allow url-dispatcher working with already running webapps (LP: #1342129) -- Jamie Strandboge <email address hidden> Thu, 07 Aug 2014 13:19:59 -0500
Available diffs
- diff from 1.2.15 to 1.2.16 (2.4 KiB)
apparmor-easyprof-ubuntu (1.2.15) utopic; urgency=medium * ubuntu/*: explicitly deny noisy access to @{PROC}/xlog (LP: #1352432) -- Jamie Strandboge <email address hidden> Mon, 04 Aug 2014 12:56:05 -0500
Available diffs
- diff from 1.2.14 to 1.2.15 (757 bytes)
apparmor-easyprof-ubuntu (1.2.14) utopic; urgency=medium * ubuntu/camera: update to allow write access to the finalized path for the microphone socket (/dev/socket/micshm) (ref. LP: 1337582) -- Jamie Strandboge <email address hidden> Wed, 30 Jul 2014 13:07:19 -0500
Available diffs
- diff from 1.2.13 to 1.2.14 (816 bytes)
apparmor-easyprof-ubuntu (1.2.13) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network: allow 'w' for leaf-net/@{APP_PKGNAME}/ * pending/ubuntu-scope-local-content: - add 'w' for leaf-fs/@{APP_PKGNAME}/ - add missing fix for LP: 1347177 (LP: #1348210) * include openssl abstraction in templates instead of in the networking policy group. This is needed due to changes in newer curl and gnutls28 (LP: #1350152) -- Jamie Strandboge <email address hidden> Wed, 30 Jul 2014 07:23:56 -0500
Available diffs
- diff from 1.2.12 to 1.2.13 (1.5 KiB)
apparmor-easyprof-ubuntu (1.2.12) utopic; urgency=medium * ubuntu/1.2/ubuntu-scope-network: allow rw on zmq/*-r reply endpoints. The scopes-api has protections for malformed or non-UUID-matching replies, so use a glob here to allow aggregating scopes to work. (LP: #1347177) -- Jamie Strandboge <email address hidden> Wed, 23 Jul 2014 10:15:17 -0500
Available diffs
- diff from 1.2.11 to 1.2.12 (741 bytes)
apparmor-easyprof-ubuntu (1.2.11) utopic; urgency=medium * add data/hardware/graphics.d/apparmor-easyprof-ubuntu_hammerhead in support of Nexus 5 devices -- Jamie Strandboge <email address hidden> Thu, 17 Jul 2014 10:14:31 -0500
Available diffs
- diff from 1.2.10 to 1.2.11 (509 bytes)
apparmor-easyprof-ubuntu (1.2.10) utopic; urgency=medium * remove ubuntu/1.2/friends policy group and adjust autopackagetest accordingly (LP: #1340869) * ubuntu/calendar: com.canonical.indicator.datetime.AlarmProperties should also be allowed on the org.freedesktop.DBus.Properties interface (LP: #1342708) -- Jamie Strandboge <email address hidden> Wed, 16 Jul 2014 11:15:29 -0500
Available diffs
- diff from 1.2.9 to 1.2.10 (1.5 KiB)
apparmor-easyprof-ubuntu (1.2.9) utopic; urgency=medium * ubuntu/webview: - adjust to allow oxide_render access to WebCore databases (LP: #1339724) - adjust for updated path for QML web plugin (LP: #1339777) * ubuntu/1.2: add new push-notification-client policy group * ubuntu/ubuntu-{sdk,webapp}: adjust for updated path for QML web plugin * ubuntu/audio: allow read access for /usr/share/sounds and /custom/usr/share/sounds (LP: #1340326) * ubuntu/audio: allow write access to /android/micshm (LP: #1337582) -- Jamie Strandboge <email address hidden> Thu, 10 Jul 2014 12:28:30 -0500
Available diffs
- diff from 1.2.8 to 1.2.9 (2.4 KiB)
apparmor-easyprof-ubuntu (1.2.8) utopic; urgency=medium * ubuntu/*/calendar: com.canonical.indicator.datetime.AlarmProperties should be allowed to confined apps * ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content): - allow exec of scoperunner for .so scopes - remove unused policy for .so files (the scope click hook creates symlinks to the click install directory instead) -- Jamie Strandboge <email address hidden> Fri, 27 Jun 2014 11:59:02 -0500
Available diffs
- diff from 1.2.7 to 1.2.8 (1.2 KiB)
apparmor-easyprof-ubuntu (1.2.7) utopic; urgency=medium * update for usensors (LP: #1334701) - ubuntu/*/ubuntu-sdk, ubuntu-webapp: update for haptic feedback - ubuntu/1.2/sensors: + remove /dev/binder + add access to all of usensors DBus API -- Jamie Strandboge <email address hidden> Thu, 26 Jun 2014 15:03:16 -0500
Available diffs
- diff from 1.2.6 to 1.2.7 (1.0 KiB)
apparmor-easyprof-ubuntu (1.2.6) utopic; urgency=medium * ubuntu/*/ubuntu-sdk, ubuntu-webapp: - allow read access to /custom/usr/share/fonts/{,**} - allow read access to /custom/xdg/data/themes/ - group /custom rules together -- Jamie Strandboge <email address hidden> Wed, 25 Jun 2014 10:42:17 -0500
Available diffs
- diff from 1.2.5 to 1.2.6 (940 bytes)
apparmor-easyprof-ubuntu (1.2.5) utopic; urgency=medium * ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content): adjust to use @{APP_PKGNAME}_@{APP_APPNAME}* for zmq endpoints * tests/test-data.py: updates for new click-apparmor variables which are now needed since easyprof now more carefully verifies the policy -- Jamie Strandboge <email address hidden> Mon, 23 Jun 2014 14:56:17 -0500
Available diffs
- diff from 1.2.4 to 1.2.5 (1.2 KiB)
apparmor-easyprof-ubuntu (1.2.4) utopic; urgency=medium * ubuntu/1.2: refinements to scopes policy - use private-files-strict abstraction - finetune client endpoint policy - explicitly deny access to the zmq directory for the ubuntu-sdk and ubuntu-webapp templates - explicitly deny direct interaction with URL dispatcher to prevent data leaks - move ubuntu-scope-local-content template to 'pending' since there are unresolved issues surrounding its interaction with URL dispatcher. Adjust autopkgtests accordingly * ubuntu/calendar: update for upcoming calendar management landing * ubuntu/*/audio,video: add mediascanner2 DBus access (LP: #1303962) * ubuntu/1.[12]/music_files_read: remove temporary access to @{HOME}/.cache/mediascanner/ now that we have policy for mediascanner2 DBus access. Note: normally this would require the change in only the latest policy, but this policy group has only been used by the music-app and it is still unconfined * ubuntu/1.1: also ship debug policy group for 1.1 policy and update autopkgtests for this (LP: #1323233) -- Jamie Strandboge <email address hidden> Fri, 06 Jun 2014 07:37:54 -0500
Available diffs
- diff from 1.2.3 to 1.2.4 (3.9 KiB)
apparmor-easyprof-ubuntu (1.2.3) utopic; urgency=medium * fix autopkgtests for new templates and policy group -- Jamie Strandboge <email address hidden> Fri, 30 May 2014 08:00:50 +0200
Available diffs
- diff from 1.2.2 to 1.2.3 (743 bytes)
apparmor-easyprof-ubuntu (1.2.2) utopic; urgency=medium * ubuntu/1.2: - add ubuntu-scope-network template - add ubuntu-scope-local-content template - add debug policy group (LP: #1323233) * ubuntu/1.[12]: add ptrace read to @{profile_name} -- Jamie Strandboge <email address hidden> Fri, 30 May 2014 00:36:26 +0200
Available diffs
- diff from 1.2.1 to 1.2.2 (2.0 KiB)
apparmor-easyprof-ubuntu (1.2.1) utopic; urgency=medium * ubuntu/*: update unconfined template to work with autopilot (changes to exec were required since the /** pix rule conflicted with upcoming autopilot rules) - use ###VAR### since the template vars - allow exec (mostly) everywhere except @{HOMEDIRS}/*/autopilot/fakeenv -- Jamie Strandboge <email address hidden> Fri, 23 May 2014 08:46:09 +0200
Available diffs
- diff from 1.2.0 to 1.2.1 (929 bytes)
apparmor-easyprof-ubuntu (1.2.0) utopic; urgency=medium * add 1.2 policy: - create data/templates/ubuntu/1.2 and symlink to 1.1 policy - create data/policygroups/ubuntu/1.2 and symlink to 1.1 policy - update debian/tests/installed_* to add 1.2 policy * tests/test-data.py: add --debug option -- Jamie Strandboge <email address hidden> Thu, 22 May 2014 12:20:00 +0200
Available diffs
- diff from 1.1.18 to 1.2.0 (11.8 KiB)
apparmor-easyprof-ubuntu (1.1.18) utopic; urgency=medium * ubuntu/*: adjust audio/video policy groups comment to mention that the media-hub server allows playing remote content * ubuntu/networking: - correct member portion of DBus rules to not include interface (LP: #1311164) - adjust explit deny DownloadManager rules to include interface * 1.*/ubuntu-sdk: - allow read of /usr/share/qtdeclarative5-ubuntu-ui-extras-browser-plugin/ - allow read access of /etc/machine-id - allow ptrace read of ourself * 1.1/webview: allow capability dac_read_search for oxide_helper * 1.*/video: allow read access to video4linux for playback * 1.*/audio: allow calling GetAlbumArt from the thumbnailer DBus API * 1.1/ubuntu-*: remove temporary rule for /usr/share/libthai/thbrk.tri * ubuntu/*: adjust the calendar and contacts reserved policy groups to allow access to the sync monitor (LP: #1319544). This should be removed when LP: 1319546 is fixed. * 1.1/music_files_read: allow read of @{HOME}/.cache/mediascanner/ until LP: 1303962 and LP: 1315381 are fixed -- Jamie Strandboge <email address hidden> Thu, 15 May 2014 13:37:06 -0500
Available diffs
apparmor-easyprof-ubuntu (1.1.17) utopic; urgency=medium * 1.*/audio,video: allow communications with the media-hub-server now that it is a trusted helper (LP: #1303962) * 1.1/music_files*,video_files*: revert media-hub rules in 1.1.15 now that common policy groups (audio and video) can be used instead * 1.1/ubuntu-*: allow apps to communicate with the Launcher via their @{APP_ID_DBUS} specific path (LP: #1301400) -- Jamie Strandboge <email address hidden> Wed, 16 Apr 2014 13:40:03 -0500
Available diffs
- diff from 1.1.16 (in Ubuntu) to 1.1.17 (1.4 KiB)
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (1.1.16) trusty; urgency=medium * 1.1/webview: update to allow exec of chrome-sandbox now that oxide is doing a proper fork/exec -- Jamie Strandboge <email address hidden> Wed, 09 Apr 2014 13:58:10 -0500
Available diffs
- diff from 1.1.15 to 1.1.16 (533 bytes)
apparmor-easyprof-ubuntu (1.1.15) trusty; urgency=medium * 1.*/unconfined: update for ptrace and signal * 1.1/music_files*: add rules for talking to the media-hub-server and read access to mediascanner files * 1.1/video_files*: add rules for talking to the media-hub-server and read access to mediascanner files -- Jamie Strandboge <email address hidden> Tue, 08 Apr 2014 07:09:42 -0500
Available diffs
apparmor-easyprof-ubuntu (1.1.14) trusty; urgency=medium * 1.1/webview: update for ptrace and signal mediation (LP: #1298611) * debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4 -- Jamie Strandboge <email address hidden> Thu, 03 Apr 2014 15:19:23 -0500
Available diffs
- diff from 1.1.13 (in Ubuntu) to 1.1.14 (961 bytes)
apparmor-easyprof-ubuntu (1.1.13) trusty; urgency=medium * 1.1/webview (LP: #1301351) - add 'mr' for chrome-sandbox and oxide-renderer - allow 'r' for @{PROC}/sys/kernel/yama/ptrace_scope -- Jamie Strandboge <email address hidden> Wed, 02 Apr 2014 09:11:49 -0500
Available diffs
- diff from 1.1.12 to 1.1.13 (740 bytes)
apparmor-easyprof-ubuntu (1.1.12) trusty; urgency=medium * 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for /usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for people who are diagnosing oxide issues (LP: #1260044) -- Jamie Strandboge <email address hidden> Mon, 31 Mar 2014 13:14:37 -0500
Available diffs
- diff from 1.1.11 to 1.1.12 (576 bytes)
1 → 75 of 131 results | First • Previous • Next • Last |