← Back to team overview

ubuntu-sdk-bugs team mailing list archive

  1. ubuntu-sdk-bugs team
  2. Mailing list archive
  3. Message #00062

[Bug 1221407] Re: please provide gui for security manifest

  Thread PreviousDate PreviousThread Next 
** Changed in: qtcreator-plugin-ubuntu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtcreator-plugin-ubuntu in
Ubuntu.
https://bugs.launchpad.net/bugs/1221407

Title:
  please provide gui for security manifest

Status in Qt Creator plugins for Ubuntu:
  Fix Released
Status in “qtcreator-plugin-ubuntu” package in Ubuntu:
  Fix Released

Bug description:
  I know this is planned but wanted to file a bug to give additional
  information.

  Currently Simple tab provides a text input field to add policy groups. It would be good if the sdk could enumerate the policy groups. The policy groups can be enumerated with:
  $ aa-easyprof --list-policy-groups --policy-vendor=ubuntu --policy-version=1.0
  accounts
  audio
  ...

  As of apparmor-easyprof-ubuntu 1.0.29, policy groups have two fields of metadata which the SDK can use. You can get the contents of the policy group with:
  $ aa-easyprof --show-policy-group -p <group> --policy-vendor=ubuntu --policy-version=1.0

  Eg:
  $ aa-easyprof --show-policy-group -p networking --policy-vendor=ubuntu --policy-version=1.0
  # Description: Can access the network
  # Usage: common
  #include <abstractions/nameservice>
  #include <abstractions/openssl>

  or:
  $ aa-easyprof --show-policy-group -p music_files --policy-vendor=ubuntu --policy-version=1.0
  # Description: Can read and write to music files. This policy group is
  #  reserved for certain applications, such as music players. Developers
  #  should typically use the content_exchange policy group and API to
  #  access music files instead.
  # Usage: reserved
  owner @{HOME}/Music/   r,
  owner @{HOME}/Music/** rwk,

  I'm not sure how you want to display all this to the user, but it is
  worth noting that the 'Usage' meta-information should be used by the
  SDK in some manner. Policy groups with 'Usage: common' are safe for
  all applications to use, but ones with 'Usage: reserved' will likely
  cause problems during the review process and may waste the developer's
  time if their app is rejected for using it. Perhaps if the meta
  information (Description and Usage for now) was display along with the
  policy group, developers would have enough information to decide. It
  may make sense for the reserved policy groups to be hidden or require
  a confirmation to add. We want to discourage their use in general.
  This should probably be generalized incase we add other Usage tags,
  like 'core-apps', etc.

  See /usr/share/doc/apparmor-easyprof-ubuntu/README.Debian for more
  details.

  Please also make sure that the SDK doesn't leave any empty policy groups. Currently it is very easy for it to do:
   "policy_groups": [
     "",
     "",
     ""
   }

  If the app specifies no policy groups, then use:
   "policy_groups": []

  in the json

To manage notifications about this bug go to:
https://bugs.launchpad.net/qtcreator-plugin-ubuntu/+bug/1221407/+subscriptions
  Thread PreviousDate PreviousThread Next