ubuntu-sdk-bugs team mailing list archive

Thread
Date
[Bug 1224126] Re: qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for db files

To: ubuntu-sdk-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1224126@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Oct 2013 00:29:47 -0000
Reply-to: Bug 1224126 <1224126@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.35

---------------
apparmor-easyprof-ubuntu (1.0.35) saucy; urgency=low

  * apparmor-easyprof-ubuntu.install: install data/hardware/*, thus allowing
    porters, OEMs, etc to ship their own policy without having to modify this
    package (LP: #1197133)
  * add data/hardware/graphics.d/* and data/hardware/audio.d/*, namespaced to
    this package. We will move these out to lxc-android-config later
  * tests/test-data.py: adjust to test data/hardware/*
  * accounts: move to reserved status until LP: 1230091 is fixed
  * calendar: remove workaround rule for gio DBus path (LP: #1227295)
  * add usermetrics policy group so apps can update the infographic
  * ubuntu-* templates:
    - allow StartServiceByName on the system bus too. This is needed by the
      new usermetrics policy group and we will presumably have more going
      forward (eg location)
    - account for /org/freedesktop/dbus object path. This seems to be used by
      the python DBus bindings (eg, friends)
    - move hardware specific accesses out of the templates into
      hardware/graphics.d/ in preparation of the move to shipping these in
      lxc-android-config (note, this doesn't change apparmor policy in any
      way)
    - add 'r' to dbus system bus socket (LP: #1208988)
    - add ixr access to thumbnailer helper (LP: #1234543)
    - finetune HUD access
    - don't use ibus abstraction but instead use 'r' access for
      owner @{HOME}/.config/ibus/**
    - don't use freedesktop.org abstraction but instead add read accesses
      for /usr/share/icons and various mime files
    - updates for new gstreamer
      - move in gstreamer accesses from audio policy groupd due to hybris
  * ubuntu-sdk template:
    - remove workaround paths now that ubuntu-ui-toolkit is using
      QCoreApplication::applicationName based on MainView's applicationName
      (LP: #1197056, #1197051, #1224126, LP: #1231863)
  * ubuntu-webapp template:
    - allow read access to /usr/share/unity-webapps/userscripts/**
    - allow rix to gst-plugin-scanner
  * add reserved friends policy group (reserved because it needs integration
    with trust-store to be used by untrusted apps)
  * remove peer from receive DBus rules in the ubuntu-* templates and the
    contacts, history, and location policy groups (LP: #1233895)
  * audio:
    - move gstreamer stuff out to templates since hybris pulls it in for all
      apps
    - include hardware/audio.d for hardware specific accesses
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Mon, 07 Oct 2013 13:18:27 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to ubuntu-ui-toolkit in Ubuntu.
https://bugs.launchpad.net/bugs/1224126

Title:
  qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for db
  files

Status in Ubuntu UI Toolkit:
  Fix Released
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released
Status in “u1db-qt” package in Ubuntu:
  Confirmed
Status in “ubuntu-ui-toolkit” package in Ubuntu:
  Fix Released
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
  Fix Released
Status in “u1db-qt” source package in Saucy:
  Confirmed
Status in “ubuntu-ui-toolkit” source package in Saucy:
  Fix Released

Bug description:
  Similar to bug #1197051, qtdeclarative5-u1db1.0 stores its data files in locations like this:
  /home/phablet/.local/share/Qt Project/QtQmlViewer/ubuntu-tasks.db

  This results in AppArmor rules like the following:
  owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/"
  owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/*.db*" rwk,

  But these rules are too lenient and these paths need to be made
  application specific so that different apps using u1db-qt can't tamper
  with each other's data. Specifically: $XDG_DATA_HOME/<app pkgname>
  where '<app pkgname>' is the "name" field in the Click manifest (see
  bug #1197037 for details).

  com.ubuntu.developer.mdspencer.ubuntu-tasks is an app in the app store that is affected by this. It uses the following QML:
      U1db.Database {
          id: storage
          path: "ubuntu-tasks.db"
      }

  This needs to be fixed for 13.10 otherwise apps are not properly
  isolation under application confinement.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-ui-toolkit/+bug/1224126/+subscriptions