Change log for apparmor-easyprof-ubuntu package in Ubuntu
| 76 → 131 of 131 results | First • Previous • Next • Last |
apparmor-easyprof-ubuntu (1.1.11) trusty; urgency=medium
* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access.
-- Jamie Strandboge <email address hidden> Fri, 28 Mar 2014 09:57:13 -0500
Available diffs
- diff from 1.1.10 to 1.1.11 (1.2 KiB)
apparmor-easyprof-ubuntu (1.1.10) trusty; urgency=medium
* 1.*/ubuntu-*:
- add read access to /usr/share/unity/icons/**. Why this isn't under
/usr/share/icons/unity instead, I don't know, but the access is
harmless, so allow it. This is currently needed by the gallery
- explicitly deny access to com.canonical.snapdecisions interface
(LP: #1291234)
* 1.*/friends: allow freedesktop.org notifications which is needed by the
gallery app to show that a picture has been uploaded (LP: #1279969)
* debian/control: Build-Depends on apparmor-easyprof since it is needed by
the testsuite. This is needed because dh-apparmor now only Suggests
apparmor-easyprof
-- Jamie Strandboge <email address hidden> Mon, 24 Mar 2014 17:20:42 -0500
Available diffs
- diff from 1.1.9 to 1.1.10 (1.5 KiB)
apparmor-easyprof-ubuntu (1.1.9) trusty; urgency=medium
* adjustments for Qt5.2
- 1.*/networking: like with other NetworkManager access, explicitly deny
connecting to peer=(name=org.freedesktop.NetworkManager)
* 1.1/content_exchange: deny 'w' on ~/.cache/@{APP_PKGNAME}/HubIncoming/**.
The content-hub will create hard links in this directory for volatile
data, but using hard links means the content source file could be modified
by the app. This prevents that. (LP: #1293771)
-- Jamie Strandboge <email address hidden> Mon, 17 Mar 2014 15:04:33 -0500
Available diffs
- diff from 1.1.8 to 1.1.9 (1011 bytes)
apparmor-easyprof-ubuntu (1.1.8) trusty; urgency=medium
* 1.*/ubuntu-sdk: allow accesses to workaround intel driver crash on X
- allow read of /sys/devices/pci[0-9]*/**/uevent
- allow read of /etc/udev/udev.conf
- explicityly deny /run/udev/data/**, like we do elsewhere
- LP: #1286162
-- Jamie Strandboge <email address hidden> Wed, 05 Mar 2014 12:16:44 -0600
Available diffs
- diff from 1.1.7 to 1.1.8 (771 bytes)
apparmor-easyprof-ubuntu (1.1.7) trusty; urgency=medium
* 1.*/ubuntu-sdk: /usr/share/ubuntu-html5-theme moved to
/usr/share/ubuntu-html5-ui-toolkit (LP: #1287297)
-- Jamie Strandboge <email address hidden> Mon, 03 Mar 2014 12:18:22 -0600
Available diffs
- diff from 1.1.6 to 1.1.7 (638 bytes)
apparmor-easyprof-ubuntu (1.1.6) trusty; urgency=medium
* add hardware/graphics.d/apparmor-easyprof-ubuntu_flo
* update hardware/graphics.d/apparmor-easyprof-ubuntu_mako: allow read of
/sys/devices/platform/kgsl-3d0.0/kgsl/kgsl-3d0/gpuclk r,
* 1.*/ubuntu-*: add read for /sys/devices/system/cpu/
-- Jamie Strandboge <email address hidden> Sat, 22 Feb 2014 11:22:12 -0600
Available diffs
- diff from 1.1.5 to 1.1.6 (836 bytes)
apparmor-easyprof-ubuntu (1.1.5) trusty; urgency=medium
* 1.0/ubuntu-sdk: add read to qtdeclarative5-ubuntu-ui-extras-browser-plugin
for applications that use UbuntuWebview (LP: #1280293)
* 1.1/webview: add read to qtdeclarative5-ubuntu-ui-extras-browser-plugin.
With 1.1 we will use oxide so all applications using UbuntuWebview will
need to specify this policy group, so just add it here rather than
the ubuntu-sdk template
* adjust ubuntu-* templates to allow read to /usr/share/libthai/thbrk.tri
as a temporary fix until the AppArmor fonts abstraction has the real fix
(LP: #1278702)
* 1.1/ubuntu-webapp: explicitly deny noicy read access to /sys/bus/ and
/sys/class/
-- Jamie Strandboge <email address hidden> Tue, 18 Feb 2014 09:00:55 -0600
Available diffs
- diff from 1.1.4 to 1.1.5 (1.4 KiB)
apparmor-easyprof-ubuntu (1.1.4) trusty; urgency=medium * 1.*/ubuntu-sdk: adjust for ubuntu-html5-app-launcher (LP: #1274640) - allow reexec for /usr/bin/ubuntu-html5-app-launcher to handle HTML5 apps launched via upstart-app-launch - allow read access to /usr/share/ubuntu-html5-app-launcher/** * 1.*/accounts: - allow read on @{HOME}/.local/share/accounts/** to dereference click symlinks for online accounts providers (LP: #1278859) - add comment about usage of com.nokia.singlesignonui.cookiesForIdentity * 1.*/networking: finetune DownloadManager DBus access (LP: #1277578) - explicitly allow safe and explicitly disallow unsafe DownloadManager APIs - restrict apps to their own downloads * 1.*/ubuntu-webapp: allow the webapps access to SignonUi API for retrieving web cookies for an account (com.nokia.singlesignonui.cookiesForIdentity). This is being added to the ubuntu-webapp template instead of the accounts policy group because this API should only be available to the webapp container and is not needed to use online accounts in general (LP: #1278934) -- Jamie Strandboge <email address hidden> Wed, 12 Feb 2014 09:20:58 -0600
Available diffs
- diff from 1.1.3 to 1.1.4 (2.5 KiB)
apparmor-easyprof-ubuntu (1.1.3) trusty; urgency=medium * 1.1/webview: updates for oxide * 1.1/ubuntu-sdk: remove workaround policy for LP: #1197056 (cordova webview applications should not use ~/.local/share) * 1.*/ubuntu-sdk: all to receive Open on org.freedesktop.Application to allow UriHandler in the SDK to work with already running apps. Patch thanks to Ken Vandine. * implement autopkgtests - add debian/tests/control - add debian/tests/install_* - adjust debian/control for XS-Testsuite -- Jamie Strandboge <email address hidden> Wed, 05 Feb 2014 16:54:26 -0500
Available diffs
- diff from 1.1.2 to 1.1.3 (2.9 KiB)
apparmor-easyprof-ubuntu (1.1.2) trusty; urgency=medium
* 1.*/ubuntu-* templates: allow ro access to /etc/xdg/QtProject/Sensors.conf
(LP: #1267972)
-- Jamie Strandboge <email address hidden> Fri, 10 Jan 2014 13:39:00 -0600
Available diffs
- diff from 1.1.1 to 1.1.2 (738 bytes)
apparmor-easyprof-ubuntu (1.1.1) trusty; urgency=medium * adjust policy for webapp-container (LP: #1267183) - 1.0/ubuntu-webapp template adds /usr/bin/webapp-container rmix since apps can currently only use ubuntu-sdk-13.10 framework - 1.1/ubuntu-webapp template replaces /usr/bin/webbrowser-app with /usr/bin/webapp-container since 1.1 policy will only be allowed with ubuntu-sdk-14.04 framework -- Jamie Strandboge <email address hidden> Thu, 09 Jan 2014 07:53:56 -0600
Available diffs
- diff from 1.1.0 to 1.1.1 (772 bytes)
apparmor-easyprof-ubuntu (1.1.0) trusty; urgency=medium
* no change over last version except the minor version of the packaging
version which I forgot to increment in the last upload
-- Jamie Strandboge <email address hidden> Fri, 20 Dec 2013 14:29:06 -0600
Available diffs
- diff from 1.0.44 to 1.1.0 (416 bytes)
apparmor-easyprof-ubuntu (1.0.44) trusty; urgency=low
* add ubuntu/1.1 policy, symlinking to 1.0 for things with no changes
* adjust tests/test-data.py for 1.1 policy
* add webview policy group for oxide
* 1.*/ubuntu-* templates:
- remove old comment about Click packages being installed in /opt
- explicitly deny /run/shm/lttng-ust-* (LP: #1260491)
- also allow /custom/xdg/data/themes (LP: #1261875)
* 1.1/ubuntu-* templates: remove access to /tmp/mir_socket (LP: #1236912)
* add hardware/graphics.d/apparmor-easyprof-ubuntu_goldfish
-- Jamie Strandboge <email address hidden> Fri, 20 Dec 2013 08:13:36 -0600
Available diffs
- diff from 1.0.43 to 1.0.44 (9.6 KiB)
apparmor-easyprof-ubuntu (1.0.43) trusty; urgency=low
* ubuntu-* templates: explicitly disable access to /dev/input/* (with audit)
to ensure they aren't ever accidentally enabled
* accounts: add policy for account change notifications and invoking the
trusted helper (LP: #1245903)
* ubuntu-* templates: also allow rw access to
/sys/devices/virtual/timed_output/vibrator/enable
-- Jamie Strandboge <email address hidden> Thu, 21 Nov 2013 06:15:03 -0600
Available diffs
- diff from 1.0.42 to 1.0.43 (1.0 KiB)
apparmor-easyprof-ubuntu (1.0.42) trusty; urgency=low
* ubuntu-sdk template:
- workaround non-app-specific cordova-ubuntu file accesses (LP: 1197056)
- allow reexec for /usr/bin/cordova-ubuntu* to handle cordova apps
launched via upstart-app-launch (LP: #1244655)
-- Jamie Strandboge <email address hidden> Fri, 25 Oct 2013 15:39:29 -0500
Available diffs
- diff from 1.0.41 to 1.0.42 (1.1 KiB)
apparmor-easyprof-ubuntu (1.0.41) trusty; urgency=low
* ubuntu-* templates:
- allow rw access to /sys/class/timed_output/vibrator/enable
(LP: #1241735)
- comment on how NameHasOwner and GetNameOwner may leak information
* networking: explicitly deny receive messages and signals from network
manager and ofono in addition to send to silence denials for apps and
libraries with too broad AddMatch calls
* hardware/video.d: add hardware specific accesses for mako and maguro
(LP: #1243198)
* hardware/audio.d: add hardware specific accesses for mako
* video:
- include hardware/video.d
- add /dev/ashmem
* audio: add /dev/ashmem
-- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 07:37:43 -0500
Available diffs
- diff from 1.0.40 to 1.0.41 (1.8 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
apparmor-easyprof-ubuntu (1.0.40) saucy; urgency=low
* unconfined template: updates for terminal app
- due to AF_UNIX use attach_disconnected
- allow mount, remount and umount
-- Jamie Strandboge <email address hidden> Tue, 15 Oct 2013 08:37:54 -0500
Available diffs
- diff from 1.0.39 to 1.0.40 (618 bytes)
apparmor-easyprof-ubuntu (1.0.39) saucy; urgency=low
* friends: add dbus receive to interface=com.canonical.Dee.Peer
* ubuntu-* templates:
- add 'r' for ~/.config/user-dirs.dirs
- remove temporary vs-thumb /usr/share access now that it is fixed
(LP: #1235325)
* calendar: also allow CalendarView (LP: #1239073)
-- Jamie Strandboge <email address hidden> Sun, 13 Oct 2013 21:55:36 -0500
Available diffs
- diff from 1.0.38 to 1.0.39 (1.2 KiB)
apparmor-easyprof-ubuntu (1.0.38) saucy; urgency=low
* ubuntu-* templates: move /run/shm/hybris_shm_data access out of the
camera policy group into the templates since a recent hybris change
requires this in all apps (LP: #1237539)
-- Jamie Strandboge <email address hidden> Wed, 09 Oct 2013 12:47:53 -0500
Available diffs
- diff from 1.0.37 to 1.0.38 (880 bytes)
apparmor-easyprof-ubuntu (1.0.37) saucy; urgency=low
* hardware/graphics.d/apparmor-easyprof-ubuntu_grouper: allow 'rw' to
/dev/knvmap (LP: #1237436)
-- Jamie Strandboge <email address hidden> Wed, 09 Oct 2013 09:29:56 -0500
Available diffs
- diff from 1.0.36 to 1.0.37 (466 bytes)
apparmor-easyprof-ubuntu (1.0.36) saucy; urgency=low
* ubuntu-* templates:
- due to AF_UNIX use attach_disconnected and allow rw on
/dev/socket/property_service (LP: #1208988)
- add temporary workaround to use /tmp/mir_socket (LP: 1236912)
-- Jamie Strandboge <email address hidden> Tue, 08 Oct 2013 13:11:46 -0500
Available diffs
- diff from 1.0.35 to 1.0.36 (915 bytes)
apparmor-easyprof-ubuntu (1.0.35) saucy; urgency=low
* apparmor-easyprof-ubuntu.install: install data/hardware/*, thus allowing
porters, OEMs, etc to ship their own policy without having to modify this
package (LP: #1197133)
* add data/hardware/graphics.d/* and data/hardware/audio.d/*, namespaced to
this package. We will move these out to lxc-android-config later
* tests/test-data.py: adjust to test data/hardware/*
* accounts: move to reserved status until LP: 1230091 is fixed
* calendar: remove workaround rule for gio DBus path (LP: #1227295)
* add usermetrics policy group so apps can update the infographic
* ubuntu-* templates:
- allow StartServiceByName on the system bus too. This is needed by the
new usermetrics policy group and we will presumably have more going
forward (eg location)
- account for /org/freedesktop/dbus object path. This seems to be used by
the python DBus bindings (eg, friends)
- move hardware specific accesses out of the templates into
hardware/graphics.d/ in preparation of the move to shipping these in
lxc-android-config (note, this doesn't change apparmor policy in any
way)
- add 'r' to dbus system bus socket (LP: #1208988)
- add ixr access to thumbnailer helper (LP: #1234543)
- finetune HUD access
- don't use ibus abstraction but instead use 'r' access for
owner @{HOME}/.config/ibus/**
- don't use freedesktop.org abstraction but instead add read accesses
for /usr/share/icons and various mime files
- updates for new gstreamer
- move in gstreamer accesses from audio policy groupd due to hybris
* ubuntu-sdk template:
- remove workaround paths now that ubuntu-ui-toolkit is using
QCoreApplication::applicationName based on MainView's applicationName
(LP: #1197056, #1197051, #1224126, LP: #1231863)
* ubuntu-webapp template:
- allow read access to /usr/share/unity-webapps/userscripts/**
- allow rix to gst-plugin-scanner
* add reserved friends policy group (reserved because it needs integration
with trust-store to be used by untrusted apps)
* remove peer from receive DBus rules in the ubuntu-* templates and the
contacts, history, and location policy groups (LP: #1233895)
* audio:
- move gstreamer stuff out to templates since hybris pulls it in for all
apps
- include hardware/audio.d for hardware specific accesses
-- Jamie Strandboge <email address hidden> Mon, 07 Oct 2013 13:18:27 -0500
Available diffs
- diff from 1.0.34 to 1.0.35 (7.1 KiB)
apparmor-easyprof-ubuntu (1.0.34) saucy; urgency=low * ubuntu-* templates: allow read access to themes in /custom (LP: #1229471) -- Jamie Strandboge <email address hidden> Tue, 24 Sep 2013 10:27:02 -0500
Available diffs
- diff from 1.0.33 to 1.0.34 (764 bytes)
apparmor-easyprof-ubuntu (1.0.33) saucy; urgency=low
* ubuntu-webapp: allow reexec for webbrowser-app to handle webapps launched
via upstart-app-launch (LP: #1228236)
-- Jamie Strandboge <email address hidden> Fri, 20 Sep 2013 11:46:35 -0500
Available diffs
- diff from 1.0.32 to 1.0.33 (574 bytes)
apparmor-easyprof-ubuntu (1.0.32) saucy; urgency=low
* accounts:
- needs lock ('k') access to .config/libaccounts-glib/accounts.db and read
access to .config/libaccounts-glib/accounts.db*.
- read access to /usr/share/accounts/**
- deny write to .config/libaccounts-glib/accounts.db* (LP: #1220552)
* refine audio policy group:
- remove /tmp/ accesses now that TMPDIR is set by the sandbox
- allow access to only the native socket (ie, disallow dbus-socket (only
needed by pacmd), access to pid and the cli debugging socket)
(LP: #1211380)
- remove 'w' access to /{,var/}run/user/*/pulse/ - this should already
exist when click apps run
- remove /dev/binder, no longer needed now that we use audio HAL and
pulseaudio
- silence the denial for creating ~/.gstreamer-0.10/ if it doesn't exist
* camera:
- add rw for /dev/ashmem. This will go away when camera moves to HAL
- rw /run/shm/hybris_shm_data
- add read on /android/system/media/audio/ui/camera_click.ogg
* connectivity:
- add policy as used by QML's QtSystemInfo and also Qt's QHostAddress,
QNetworkInterface
- add commented out rules for ofono (LP: 1226844)
* finalize content_exchange policy for the content-hub. We now have two
different policy groups: content_exchange for requesting/importing data
and content_exchange_source for providing/exporting data
* microphone:
- remove /dev/binder, no longer needed now that we use audio HAL and
pulseaudio
- add gstreamer and pulseaudio accesses and silence ALSA denials (we
force pulseaudio). Eventually we should consolidate these and the ones
in audio into a separate abstraction.
* networking
- explicitly deny access to NetworkManager. This technically should be
needed at all, but depending on how apps connect, the lowlevel
libraries get NM involved. Do the same for ofono
- add access to the download manager (LP: #1227860)
* video: add gstreamer accesses. Eventually we should consolidate these
and the ones in audio into a gstreamer abstraction
* add the following new reserved policy groups (reserved because they need
integration with trust-store to be used by untrusted apps):
- calendar - to access /org/gnome/evolution/dataserver/SourceManager,
/org/gnome/evolution/dataserver/CalendarFactory and
/org/gnome/evolution/dataserver/Calendar/**
- contacts - to access com.canonical.pim and org.freedesktop.Telepathy.
Note, org.freedesktop.Telepathy will go away when LP: 1227818 is fixed
- history - to access com.canonical.HistoryService
* remove unused policy groups. This would normally constitute a new minor
version, but no one is using these yet. When there is an API to use for
this sort of thing, we can reintroduce them
- read_connectivity_details
- bluetooth (no supported Qt5 API for these per the SDK team)
- nfc (no supported Qt5 API for these per the SDK team)
* ubuntu* templates:
- remove workaround HUD rule for DBus access to hud/applications/* now
that the HUD is fixed.
- allow connecting to dbus-daemon system daemon (org.freedesktop.DBus)
for Hello, GetNameOwner, NameHasOwner, AddMatch and RemoveMatch which
are all currently used when connecting to the network depending on the
application API used. Allow the accesses to silence the denials: they
are harmless and allows us to add more allow rules for other policy
groups for system bus APIs down the line (as opposed to if we
explicitly denied the accesses to org.freedesktop.DBus).
- add more Nexus 7 accesses
* ubuntu-sdk template:
- remove workaround access for /tmp/*.sci now that TMPDIR is set
(LP: #1197047)
- remove workaround access for /var/tmp/etilqs_* now that TMPDIR is set
(LP: #1197049)
- add support for HTC vision thanks to Florian Will (LP: #1214975)
* ubuntu-webapp template: use only application specific directories rather
then the global webbrowser-app one (LP: #1226085)
* debian/rules: enable tests during build
* debian/control: Build-Depends on python3-minimal (for tests)
* apparmor-easyprof-ubuntu.postinst: run aa-clickhook -f if it is available
-- Jamie Strandboge <email address hidden> Wed, 18 Sep 2013 15:06:15 -0500
Available diffs
- diff from 1.0.31 to 1.0.32 (7.2 KiB)
apparmor-easyprof-ubuntu (1.0.31) saucy; urgency=low
* ubuntu-* templates: allow unconditional access to the DispatchURL
API from com.canonical.URLDispatcher
* ubuntu-sdk template: add another temporary workaround for non-app-specific
path for qtdeclarative5-u1db1.0 (see LP: 1224126 for details)
-- Jamie Strandboge <email address hidden> Wed, 11 Sep 2013 16:36:01 -0500
Available diffs
- diff from 1.0.30 to 1.0.31 (1.3 KiB)
apparmor-easyprof-ubuntu (1.0.30) saucy; urgency=low
* update location policy group to allow connections to location service on
the system bus (LP: #1223211). This will need to be updated once the
trust-store is implemented (that is tracked in LP: 1223371)
* move ubuntu-webapp-experimental to ubuntu-webapp
* ubuntu-* templates: clarify comments on XDG base dirs
-- Jamie Strandboge <email address hidden> Tue, 10 Sep 2013 08:49:06 -0500
Available diffs
- diff from 1.0.29 to 1.0.30 (4.4 KiB)
apparmor-easyprof-ubuntu (1.0.29) saucy; urgency=low
* add 'Usage' meta information to all policy groups
* music_files*, picture_files*, video_files*: update the descriptions for
these policy groups and mark them as reserved
* debian/README.Debian: update for the above
-- Jamie Strandboge <email address hidden> Thu, 05 Sep 2013 09:31:33 -0500
Available diffs
- diff from 1.0.28 to 1.0.29 (2.1 KiB)
apparmor-easyprof-ubuntu (1.0.28) saucy; urgency=low * accounts policy group: allow read access to accounts.db (LP: #1220552) * audio policy group: allow a few more pulseaudio accesses (LP: #1220552) * ubuntu-sdk template: allow read access to gschemas.compiled (LP: #1218655) -- Jamie Strandboge <email address hidden> Wed, 04 Sep 2013 08:34:33 -0500
Available diffs
- diff from 1.0.27 to 1.0.28 (1.3 KiB)
apparmor-easyprof-ubuntu (1.0.27) saucy; urgency=low * ubuntu-* template: update HUD access -- Jamie Strandboge <email address hidden> Tue, 03 Sep 2013 11:18:37 -0500
Available diffs
- diff from 1.0.26 to 1.0.27 (593 bytes)
apparmor-easyprof-ubuntu (1.0.26) saucy; urgency=low * ubuntu-* template: allow accesses to /android/vendor/lib (LP: #1219885) -- Jamie Strandboge <email address hidden> Tue, 03 Sep 2013 09:38:03 -0500
Available diffs
- diff from 1.0.25 to 1.0.26 (756 bytes)
apparmor-easyprof-ubuntu (1.0.25) saucy; urgency=low
* accounts, location, content_exchange: uncomment DBus rules now that
apparmor_parser supports them
* ubuntu-sdk:
- deny QtWebPluginProcess for now
- simplify workaround access for webkit webviews
* ubuntu-*: fix HUD accesses
-- Jamie Strandboge <email address hidden> Fri, 30 Aug 2013 16:10:53 -0500
Available diffs
- diff from 1.0.24 to 1.0.25 (1.5 KiB)
apparmor-easyprof-ubuntu (1.0.24) saucy; urgency=low
* ubuntu-* template: adjust HUD rule to use @{APP_ID_DBUS}
* debian/control: Depends on apparmor (>= 2.8.0-0ubuntu26) which is first
to support variables in DBus rules
-- Jamie Strandboge <email address hidden> Thu, 29 Aug 2013 21:53:36 -0500
Available diffs
- diff from 1.0.23 to 1.0.24 (942 bytes)
apparmor-easyprof-ubuntu (1.0.23) saucy; urgency=low * ubuntu-sdk template: another update for HUD DBus rules * add preliminary ubuntu-webapp-experimental template -- Jamie Strandboge <email address hidden> Thu, 29 Aug 2013 14:36:17 -0500
Available diffs
- diff from 1.0.22 to 1.0.23 (3.0 KiB)
apparmor-easyprof-ubuntu (1.0.22) saucy; urgency=low
* ubuntu-sdk template:
- add rk for gnome/index.theme
- add DBus rule for maliit
- add DBus rules for com.canonical.Shell.BottomBarVisibilityCommunicator
- update HUD DBus rules
-- Jamie Strandboge <email address hidden> Thu, 29 Aug 2013 08:23:39 -0500
Available diffs
- diff from 1.0.21 to 1.0.22 (1.1 KiB)
apparmor-easyprof-ubuntu (1.0.21) saucy; urgency=low
* unconfined template: add access to DBus
* ubuntu-sdk template: preliminary DBus rules
* debian/control: update to Depends on apparmor 2.8.0-0ubuntu25, the first
version of apparmor that supports DBus rules
-- Jamie Strandboge <email address hidden> Wed, 28 Aug 2013 16:24:52 -0500
Available diffs
- diff from 1.0.20 to 1.0.21 (1.5 KiB)
apparmor-easyprof-ubuntu (1.0.20) saucy; urgency=low * ubuntu-sdk template: allow accesses to /android/system/lib -- Jamie Strandboge <email address hidden> Wed, 28 Aug 2013 10:22:32 -0500
Available diffs
- diff from 1.0.19 to 1.0.20 (574 bytes)
apparmor-easyprof-ubuntu (1.0.19) saucy; urgency=low
* ubuntu-sdk template: simply the accesses to the QML OfflineStorage. These
rules are temporary and the old ones slowed down the parser
-- Jamie Strandboge <email address hidden> Fri, 23 Aug 2013 16:59:52 -0500
Available diffs
- diff from 1.0.18 to 1.0.19 (674 bytes)
apparmor-easyprof-ubuntu (1.0.18) saucy; urgency=low * ubuntu-sdk template: allow accesses for cordova (PhoneGap) -- Jamie Strandboge <email address hidden> Fri, 23 Aug 2013 13:58:30 -0500
Available diffs
- diff from 1.0.17 to 1.0.18 (973 bytes)
apparmor-easyprof-ubuntu (1.0.17) saucy; urgency=low
* ubuntu-sdk template:
- add note on info leaks via /proc until we get the kernel vars
-- Jamie Strandboge <email address hidden> Fri, 16 Aug 2013 12:27:16 -0500
Available diffs
- diff from 1.0.16 to 1.0.17 (1.6 KiB)
apparmor-easyprof-ubuntu (1.0.16) saucy; urgency=low
* rename data_exchange policy group to content_exchange. This would normally
constitute a new minor version, but no one is using these yet
* ubuntu-sdk template:
- add a couple PROC accesses for desktop systems
- add /usr/bin/qtchooser rmix for launching under upstart
- add device specific access for desktop nvidia users (LP: #1212425)
- adjust to use /{,var/}run/user/*/confined/@{APPNAME} instead of
/{,var/}run/user/*/@{APPNAME}
-- Jamie Strandboge <email address hidden> Wed, 14 Aug 2013 13:56:04 -0500
Available diffs
- diff from 1.0.15 to 1.0.16 (1.8 KiB)
apparmor-easyprof-ubuntu (1.0.15) saucy; urgency=low
* ubuntu-sdk template:
- remove redundant library access
- add device specific access for manta (LP: #1211055)
-- Jamie Strandboge <email address hidden> Wed, 14 Aug 2013 13:46:01 -0500
Available diffs
- diff from 1.0.14 to 1.0.15 (671 bytes)
apparmor-easyprof-ubuntu (1.0.14) saucy; urgency=low
* audio policy group:
- adjust to enforce pulseaudio, and clean up comments for for gstreamer
- generalize gsreamer access a bit
* ubuntu-sdk template:
- adjust template to use /{,var/}run/user/*/confined/@{APPNAME}/ to avoid
potential name conflicts and info disclosure of running apps
- remove stray gstreamer access that is now in audio
-- Jamie Strandboge <email address hidden> Mon, 12 Aug 2013 10:59:19 -0500
Available diffs
- diff from 1.0.13 to 1.0.14 (1.6 KiB)
apparmor-easyprof-ubuntu (1.0.13) saucy; urgency=low
* update audio, camera and video for desktop systems
* ubuntu-sdk template
- remove libhybris change in 1.0.12. After studying the architecture, this
provides no security benefit
- add note on binder
* move /dev/binder accesses out to each policy group that requires them.
These will be removed as the migration to HAL is performed (see LP 1197134
for details)
-- Jamie Strandboge <email address hidden> Fri, 09 Aug 2013 15:02:57 -0500
Available diffs
- diff from 1.0.12 to 1.0.13 (2.0 KiB)
apparmor-easyprof-ubuntu (1.0.12) saucy; urgency=low
* update ubuntu-sdk template for libhybris. We will allow loading various
android libraries except those associated with our policy group
permissions for audio, camera, gps, microphone, sensors and video. Ideally
we'll have a cleaner way of handling this in the future, but it works for
now.
* add initial set of supported policy groups:
- accounts (commented out DBus rules)
- audio
- bluetooth (empty)
- camera
- connectivity (empty)
- data_exchange (commented out DBus rules)
- location (commented out DBus rules)
- microphone
- music_files
- music_files_read
- networking
- nfc (empty)
- picture_files
- picture_files_read
- read_connectivity_details (empty)
- sensors (empty)
- video
- video_files
- video_files_read
-- Jamie Strandboge <email address hidden> Thu, 01 Aug 2013 16:58:23 -0500
Available diffs
- diff from 1.0.11 to 1.0.12 (2.4 KiB)
apparmor-easyprof-ubuntu (1.0.11) saucy; urgency=low
* update ubuntu-sdk to have policy for standard locations for
XDG_CONFIG_HOME and XDG_RUNTIME_DIR too
Available diffs
- diff from 1.0.9 to 1.0.11 (1.2 KiB)
apparmor-easyprof-ubuntu (1.0.9) saucy; urgency=low
* update ubuntu-sdk template:
- for mako
- write to /sys/kernel/debug/tracing/trace_marker
-- Jamie Strandboge <email address hidden> Wed, 24 Jul 2013 09:11:36 -0500
Available diffs
- diff from 1.0.8 to 1.0.9 (699 bytes)
apparmor-easyprof-ubuntu (1.0.8) saucy; urgency=low
* update ubuntu-sdk template to use @{CLICK_DIR}
-- Jamie Strandboge <email address hidden> Thu, 18 Jul 2013 15:22:55 -0500
Available diffs
- diff from 1.0.7 to 1.0.8 (783 bytes)
apparmor-easyprof-ubuntu (1.0.7) saucy; urgency=low
* update ubuntu-sdk to allow 'mklix' in addition to 'r' in the install
directory
-- Jamie Strandboge <email address hidden> Wed, 17 Jul 2013 09:37:45 -0500
Available diffs
- diff from 1.0.6 to 1.0.7 (625 bytes)
apparmor-easyprof-ubuntu (1.0.6) saucy; urgency=low * update ubuntu-sdk template for maguro * add tests/test-data.py (not yet enabled in the build) -- Jamie Strandboge <email address hidden> Fri, 12 Jul 2013 08:28:09 -0500
Available diffs
- diff from 1.0.5 to 1.0.6 (2.9 KiB)
apparmor-easyprof-ubuntu (1.0.5) saucy; urgency=low * update for UTIK to ubuntu-ui-toolkit path change -- Jamie Strandboge <email address hidden> Thu, 11 Jul 2013 15:33:33 -0500
Available diffs
- diff from 1.0.4 to 1.0.5 (626 bytes)
apparmor-easyprof-ubuntu (1.0.4) saucy; urgency=low
* add 'unconfined' template to support special-cased apps that should not
run under confinement. This template should not normally be used and
any app using it will require manual review.
-- Jamie Strandboge <email address hidden> Thu, 11 Jul 2013 13:04:57 -0500
Available diffs
- diff from 1.0.3 to 1.0.4 (798 bytes)
apparmor-easyprof-ubuntu (1.0.3) saucy; urgency=low
* Simplify templates and policy groups. Policy groups should all be
optional. This makes it easier for the SDK to consume
- collapse templates into the ubuntu-sdk template
- move sdk-base and qmlscene* policy into ubuntu-sdk template
-- Jamie Strandboge <email address hidden> Fri, 05 Jul 2013 16:01:08 -0500
Available diffs
- diff from 1.0.2 to 1.0.3 (2.8 KiB)
apparmor-easyprof-ubuntu (1.0.2) saucy; urgency=low
* add sdk-base policy group (based on apparmor's ubuntu-sdk-base)
- use 'owner' with @{PROC}/cmdline
- move gst-plugin-scanner to qmlscene-webview
- deny accesses to /dev/log_* (LP: #1197124)
- add bug reference for /dev/binder
- deny access to /dev/cpuctl/apps/tasks and
/dev/cpuctl/apps/bg_non_interactive/tasks
* adjust qmlscene to have 'owner "@{HOME}/.local/share/Qt Project/" w,'
-- Jamie Strandboge <email address hidden> Wed, 03 Jul 2013 17:21:09 -0500
Available diffs
- diff from 1.0.1 to 1.0.2 (1.4 KiB)
apparmor-easyprof-ubuntu (1.0.1) saucy; urgency=low * Update templates and policy groups with bug references for various FIXMEs -- Jamie Strandboge <email address hidden> Tue, 02 Jul 2013 12:42:08 -0500
Available diffs
- diff from 1.0.0 to 1.0.1 (1.5 KiB)
apparmor-easyprof-ubuntu (1.0.0) saucy; urgency=low * Initial release -- Jamie Strandboge <email address hidden> Fri, 28 Jun 2013 07:50:18 -0500
| 76 → 131 of 131 results | First • Previous • Next • Last |
