apparmor-easyprof-ubuntu

Merge lp://qastaging/~tyhicks/apparmor-easyprof-ubuntu/lp1260103 into lp://qastaging/apparmor-easyprof-ubuntu

  1. lp1260103
  2. Merge into trunk
Proposed by Tyler Hicks
Status: Merged
Approved by: Jamie Strandboge
Approved revision: 50
Merged at revision: 53
Proposed branch: lp://qastaging/~tyhicks/apparmor-easyprof-ubuntu/lp1260103
Merge into: lp://qastaging/apparmor-easyprof-ubuntu
Diff against target: 81 lines (+29/-4) (has conflicts)
2 files modified
data/policygroups/ubuntu/1.1/webview (+18/-4)
debian/changelog (+11/-0)
Text conflict in debian/changelog
To merge this branch: bzr merge lp://qastaging/~tyhicks/apparmor-easyprof-ubuntu/lp1260103
Reviewer Review Type Date Requested Status
Olivier Tilloy (community) Approve
Tyler Hicks (community) Abstain
Jamie Strandboge Pending
Review via email: mp+303592@code.qastaging.launchpad.net
To post a comment you must log in.
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I haven't had a chance to test this yet but it the changes are consistent with the paths constructed by https://git.launchpad.net/oxide/commit/?id=9bbf87e80b49e6abcc9419f142655a4ce2fc0638. I'll be sure to test before actually merging into lp:apparmor-easyprof-ubuntu.

Revision history for this message
Olivier Tilloy (osomon) wrote :

Although I haven’t actually tested, that looks mostly good to me, and is consistent with the changeset in oxide.

Note that this change was introduced in the 1.17 branch of oxide, so you don’t want to make the change effective in apparmor-easyprof-ubuntu until oxide 1.17 is released (or the old rule should be kept temporarily until 1.17 is released).

Note that /dev/shm/@{APP_PKGNAME}.oxide is a directory under which oxide will write files. I’m no apparmor expert, but shouldn’t the rule end with a '/' to reflect that?

Revision history for this message
Tyler Hicks (tyhicks) wrote :

You're correct on both points. I shouldn't remove the old rules yet and I need to grant access to the directory contents. I'll adjust this merge request later today.

review: Needs Fixing
Revision history for this message
Tyler Hicks (tyhicks) :
review: Abstain
Revision history for this message
Tyler Hicks (tyhicks) wrote :

@osomon can you have another look? Thanks!

Revision history for this message
Olivier Tilloy (osomon) wrote :

That looks good to me.

I’ve tried to test the change by rebuilding the package and installing oxide 1.17 from https://launchpad.net/~oxide-builds/+archive/ubuntu/oxide-next-for-stable-phone-overlay/ on a phone, only to realize that APP_PKGNAME is not an environment variable that is being set anywhere.
According to https://developer.ubuntu.com/en/phone/platform/guides/app-confinement/, its value can be inferred like so:

  APP_PKGNAME = APP_ID.split('_')[0]

review: Approve
lp://qastaging/~tyhicks/apparmor-easyprof-ubuntu/lp1260103 updated
50. By Tyler Hicks

ubuntu/webview: update to allow access to the new app-specific shared
memory files that will be used by Oxide 1.17.5, 1.18, and newer
(LP: #1260103)

Revision history for this message
Tyler Hicks (tyhicks) wrote :

A small update to mention the exact Oxide version numbers (1.17.5 and 1.18) that should contain the shm changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches