ubuntu-phone team mailing list archive

Thread
Date

Re: App Confinement for Core Apps

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx, krnekhelesh@xxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Mon, 12 Aug 2013 14:25:40 -0500
In-reply-to: <CAOosft-3kLkXqDQmkWX_Pej4YnU8L3dQ+VrRQyvvbmJjqUNkeA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8

On 08/12/2013 04:46 AM, Nekhelesh Ramananthan wrote:
> Hello everyone,
> 
> As we all know, click packages will be confined for security measures. Would the
> core apps such as clock, weather, rss reader and others also be confined? In a
> way it can be assumed that the core apps are system applications since they are
> planned to be available by default in the phone images. This decision of whether
> they will be confined or not really affects the implementation of certain features.
> 
> For instance, for the clock app, I would need to use tzdata to get timezone
> information for different countries. This is necessary for implementing the
> world clock feature. The world clock feature allows the user to add different
> cities around the world to display the time in those cities. So staying in the
> Netherlands, I would like to add New York, Delhi, Sydney to know the time at
> those places. For this, I need to know the time difference with respect to UTC
> along with the day light saving rules. This is also precisely why I need to use
> tzdata. tzdata is being used by Ubuntu Desktop to provide this exact feature.
> 
> I have been told several times that I should use the timezone feature present in
> Qt. However to the best of my knowledge, timezone support *has not *landed in Qt
> 5.1. And the clock app is fully QML + Javascript. Both these languages provide
> almost no timezone ID support. Hence I am forced to use online APIs to determine
> this info. Being a core app, I believe this implementation is not reliable and
> needs to be fixed asap.
> 
> Other ideas such as maintaining my own timezone database which I ship with the
> clock app package is not really viable either since gathering the time
> difference info is not difficult, however taking into account the day light
> saving rules at the correct place and date is almost impossible to implement
> perfectly.
> 
> Any suggestions on how this can be done are welcome. I am hoping that the
> security team can chime into this discussion to decide what can be done.
> 
The short answer is that if software shipped as click packages, they should run
under confinement[1] (exceptions may be made, but they should be rare).
Developers should file bugs where the confinement is not working for them[2].
The problem here is, as you mentioned, there is no supported SDK API and
therefore there is no specific AppArmor policy developed to support it. That
said, /usr/share/zoneinfo/** is available for read access via the standard
ubuntu-sdk template, so perhaps there is no problem for you after all? (well, it
is a problem that the SDK doesn't offer what you need-- I just mean that you
should be able to access these files within the current confinement).

[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest
[2]https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+filebug

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

References

App Confinement for Core Apps
From: Nekhelesh Ramananthan, 2013-08-12