touch-packages team mailing list archive

Thread
Date

[Bug 1384286] Re: add directory allowing scopes and apps to share data

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 11 Nov 2014 21:25:59 -0000
Reply-to: Bug 1384286 <1384286@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've added a click-reviewers-tools task to handle this from the scopes
confinement specification: "Because scopes share application data with
apps shipped in the same click, reviewers must be careful if the click
package contains any permissions that triggers a manual review
(permissions that pass the automatic checks are considered safe). Eg, if
the app has wide filesystem permissions but no networking and the scope
has networking but no filesystem permissions, then the app can make data
from the system available to the scope and so it could send it out over
the network."

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1384286

Title:
  add directory allowing scopes and apps to share data

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress
Status in “click-reviewers-tools” package in Ubuntu:
  In Progress

Bug description:
  Summary says it all, just need to decide on the directory. I propose using this rule:
    # Allow scopes to share data with the app shipped in the same click
    owner @{HOME}/.local/share/@{APP_PKGNAME}/            rw,
    owner @{HOME}/.local/share/@{APP_PKGNAME}/**          mrwkl,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1384286/+subscriptions

References

[Bug 1384286] [NEW] add directory allowing scopes and apps to share data
From: Jamie Strandboge, 2014-10-22