apparmor-easyprof-ubuntu

Merge lp://qastaging/~tiagosh/apparmor-easyprof-ubuntu/messaging-app-confinement into lp://qastaging/apparmor-easyprof-ubuntu

  1. messaging-app-confinement
  2. Merge into trunk
Proposed by Tiago Salem Herrmann
Status: Needs review
Proposed branch: lp://qastaging/~tiagosh/apparmor-easyprof-ubuntu/messaging-app-confinement
Merge into: lp://qastaging/apparmor-easyprof-ubuntu
Diff against target: 113 lines (+98/-0)
3 files modified
data/policygroups/ubuntu/1.3/history (+22/-0)
data/policygroups/ubuntu/1.3/telephony (+65/-0)
data/policygroups/ubuntu/1.3/urfkill (+11/-0)
To merge this branch: bzr merge lp://qastaging/~tiagosh/apparmor-easyprof-ubuntu/messaging-app-confinement
Reviewer Review Type Date Requested Status
Jamie Strandboge (community) Disapprove
Review via email: mp+281769@code.qastaging.launchpad.net

Commit message

Add telephony policy
Add urfkill policy
Allow read access to attachment files in the history policy

Description of the change

Changes required to run messaging-app confined:

- Add telephony policy
- Add urfkill policy
- Allow read access to attachment files in the history policy

To post a comment you must log in.
Revision history for this message
Bill Filler (bfiller) wrote :

Also see related MR for messaging-app:
https://code.launchpad.net/~phablet-team/messaging-app/add-apparmor-profile/+merge/282029

Reply
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The history change is fine, though I see no reason to change it only for the 1.3 policy. Just change the 1.0 policy and it will apply to 1.3.

The urfkill policy group is very broad and needs to be carefully thought through. It is currently 'common' but should all apps be able to talk to the urfkill service through its whole dbus API? (I'm thinking probably not). Plus both rules almost certainly need: peer=(label=unconfined)

The telephony policy group is incredibly broad allows the following:
 * full dconf access (we don't allow apps to dconf at this time)
 * wide access to ofono (this directly conflicts with the networking policy group which as explicit deny rules)
 * wide access to com.meego.msyncd
 * wide access to all of org.freedesktop.DBus on the session bus (information disclosure, isolation violation)
 * wide access to all of telepathy

Essentially, I think that adding urfkill and telepathy policy groups needs to be carefully thought out and studied so that we expose it carefully to apps. What is here is too broad and not something we should expose to apps.

NAK

All that said, I think the route to take is to put all these rules (history, urfkill and telepathy) into the messaging-app policy itself. I suggest putting all of this (including history, which I plan to apply but not upload today) into debian/messaging-app-apparmor.additions, then add all these rules before the trailing '}' in the debian/usr.bin.messaging-app after the 'sed' but before the apparmor_parser -QTK call in the apparmor target of debian/rules.

I'd still like to review the changing in the messaging-app, but they can be done in the other MP.

review: Disapprove
Reply

Unmerged revisions

43. By Tiago Salem Herrmann

Add telephony policy

42. By Tiago Salem Herrmann

Allow read access to attachment files

41. By Tiago Salem Herrmann

Add urfkill policy

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches