ubuntu-apps-bugs team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Public bug reported:

Currently the 'contacts' policy group is reserved because giving access
to the address-book-app's DBus API allows applications to obtain all
contacts without user consent. If 'contacts' are going to be made
generally available to untrusted appstore apps, the address-book-app
service needs to be modified to use trust-store, like location-service
does. Integrating with trust-store means that when an app tries to
connect to the address-book-app over DBus, address-book-app will contact
trust-store, the trust-store will prompt the user ("Foo wants to access
your contacts. Is this ok? Yes|No"), optionally cache the result and
return the result to address-book-app. In this manner the user is given
a contextual prompt at the time of access by the app. Using caching this
decision can be remembered the next time. If caching is used, there
should be a method to change the decision in settings.

Targeting to T-Series for now, since the trust-store is not in a
reusable form yet.

** Affects: address-book-app
     Importance: Undecided
         Status: New

** Affects: address-book-app (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: apparmor-easyprof-ubuntu (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: address-book-app (Ubuntu Saucy)
     Importance: Undecided
         Status: Won't Fix

** Affects: apparmor-easyprof-ubuntu (Ubuntu Saucy)
     Importance: Undecided
         Status: Won't Fix

** Affects: address-book-app (Ubuntu T-series)
     Importance: Undecided
         Status: New

** Affects: apparmor-easyprof-ubuntu (Ubuntu T-series)
     Importance: Undecided
         Status: Triaged


** Tags: application-confinement

** Description changed:

  Currently the 'contacts' policy group is reserved because giving access
  to the address-book-app's DBus API allows applications to all contacts
  without user consent. If 'contacts' are going to be made generally
  available to untrusted appstore apps, the address-book-app service needs
  to be modified to use trust-store, like location-service does.
  Integrating with trust-store means that when an app tries to connect to
  the address-book-app over DBus, address-book-app will contact trust-
  store, the trust-store will prompt the user ("Foo wants to access your
  contacts. Is this ok? Yes|No"), optionally cache the result and return
  the result to address-book-app. In this manner the user is given a
  contextual prompt at the time of access by the app. Using caching this
- decision can be remembered the next time.
+ decision can be remembered the next time. If caching is used, there
+ should be a method to change the decision in settings.

** Also affects: address-book-app
   Importance: Undecided
       Status: New

** Description changed:

  Currently the 'contacts' policy group is reserved because giving access
  to the address-book-app's DBus API allows applications to all contacts
  without user consent. If 'contacts' are going to be made generally
  available to untrusted appstore apps, the address-book-app service needs
  to be modified to use trust-store, like location-service does.
  Integrating with trust-store means that when an app tries to connect to
  the address-book-app over DBus, address-book-app will contact trust-
  store, the trust-store will prompt the user ("Foo wants to access your
  contacts. Is this ok? Yes|No"), optionally cache the result and return
  the result to address-book-app. In this manner the user is given a
  contextual prompt at the time of access by the app. Using caching this
  decision can be remembered the next time. If caching is used, there
  should be a method to change the decision in settings.
+ 
+ Targeting to T-Series for now, since the trust-store is not in a
+ reusable form yet.

** Also affects: address-book-app (Ubuntu T-series)
   Importance: Undecided
       Status: New

** Also affects: address-book-app (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Changed in: address-book-app (Ubuntu Saucy)
       Status: New => Won't Fix

** Description changed:

  Currently the 'contacts' policy group is reserved because giving access
- to the address-book-app's DBus API allows applications to all contacts
- without user consent. If 'contacts' are going to be made generally
- available to untrusted appstore apps, the address-book-app service needs
- to be modified to use trust-store, like location-service does.
- Integrating with trust-store means that when an app tries to connect to
- the address-book-app over DBus, address-book-app will contact trust-
- store, the trust-store will prompt the user ("Foo wants to access your
- contacts. Is this ok? Yes|No"), optionally cache the result and return
- the result to address-book-app. In this manner the user is given a
- contextual prompt at the time of access by the app. Using caching this
+ to the address-book-app's DBus API allows applications to obtain all
+ contacts without user consent. If 'contacts' are going to be made
+ generally available to untrusted appstore apps, the address-book-app
+ service needs to be modified to use trust-store, like location-service
+ does. Integrating with trust-store means that when an app tries to
+ connect to the address-book-app over DBus, address-book-app will contact
+ trust-store, the trust-store will prompt the user ("Foo wants to access
+ your contacts. Is this ok? Yes|No"), optionally cache the result and
+ return the result to address-book-app. In this manner the user is given
+ a contextual prompt at the time of access by the app. Using caching this
  decision can be remembered the next time. If caching is used, there
  should be a method to change the decision in settings.
  
  Targeting to T-Series for now, since the trust-store is not in a
  reusable form yet.

** Tags added: application-confinement

** Also affects: apparmor-easyprof-ubuntu (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
       Status: New => Won't Fix

** Changed in: apparmor-easyprof-ubuntu (Ubuntu T-series)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Apps bug tracking, which is subscribed to address-book-app in Ubuntu.
https://bugs.launchpad.net/bugs/1227821

Title:
  please integrate with trust-store

Status in Address Book App:
  New
Status in “address-book-app” package in Ubuntu:
  New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  New
Status in “address-book-app” source package in Saucy:
  Won't Fix
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
  Won't Fix
Status in “address-book-app” source package in t-series:
  New
Status in “apparmor-easyprof-ubuntu” source package in t-series:
  Triaged

Bug description:
  Currently the 'contacts' policy group is reserved because giving
  access to the address-book-app's DBus API allows applications to
  obtain all contacts without user consent. If 'contacts' are going to
  be made generally available to untrusted appstore apps, the address-
  book-app service needs to be modified to use trust-store, like
  location-service does. Integrating with trust-store means that when an
  app tries to connect to the address-book-app over DBus, address-book-
  app will contact trust-store, the trust-store will prompt the user
  ("Foo wants to access your contacts. Is this ok? Yes|No"), optionally
  cache the result and return the result to address-book-app. In this
  manner the user is given a contextual prompt at the time of access by
  the app. Using caching this decision can be remembered the next time.
  If caching is used, there should be a method to change the decision in
  settings.

  Targeting to T-Series for now, since the trust-store is not in a
  reusable form yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/address-book-app/+bug/1227821/+subscriptions