← Back to team overview

touch-packages team mailing list archive

[Bug 1357371] Re: qtwebkit-based webapps denial for RequestName and bind on org.freedesktop.Application

 

For reference, this is the code that triggers the
org.freedesktop.Application RequestName and bind calls:
http://bazaar.launchpad.net/~phablet-team/webbrowser-
app/trunk/view/head:/src/app/webcontainer/webapp-container.qml#L174

The UriHandler object is defined by the SDK, this code is not specific
to the webapp container.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1357371

Title:
  qtwebkit-based webapps denial for RequestName and bind on
  org.freedesktop.Application

Status in “webbrowser-app” package in Ubuntu:
  New

Bug description:
  This is bug #1342129, but for qtwebkit. This bug doesn't appear to
  affect the general functionality of the webapp.

  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner

  The app starts (but with a blank screen, see bug #1357375) and the following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"

  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,

  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"

  If add add the following rule (which is not safe), there are no more denials:
  dbus (bind)
       bus=session
       name=org.freedesktop.Application,

  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).

  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1357371/+subscriptions


References