ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #00152
[Bug 1197056] Re: SDK webview applications should not use ~/.local/share/*/.QtWebKit/ for their databases
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.35
---------------
apparmor-easyprof-ubuntu (1.0.35) saucy; urgency=low
* apparmor-easyprof-ubuntu.install: install data/hardware/*, thus allowing
porters, OEMs, etc to ship their own policy without having to modify this
package (LP: #1197133)
* add data/hardware/graphics.d/* and data/hardware/audio.d/*, namespaced to
this package. We will move these out to lxc-android-config later
* tests/test-data.py: adjust to test data/hardware/*
* accounts: move to reserved status until LP: 1230091 is fixed
* calendar: remove workaround rule for gio DBus path (LP: #1227295)
* add usermetrics policy group so apps can update the infographic
* ubuntu-* templates:
- allow StartServiceByName on the system bus too. This is needed by the
new usermetrics policy group and we will presumably have more going
forward (eg location)
- account for /org/freedesktop/dbus object path. This seems to be used by
the python DBus bindings (eg, friends)
- move hardware specific accesses out of the templates into
hardware/graphics.d/ in preparation of the move to shipping these in
lxc-android-config (note, this doesn't change apparmor policy in any
way)
- add 'r' to dbus system bus socket (LP: #1208988)
- add ixr access to thumbnailer helper (LP: #1234543)
- finetune HUD access
- don't use ibus abstraction but instead use 'r' access for
owner @{HOME}/.config/ibus/**
- don't use freedesktop.org abstraction but instead add read accesses
for /usr/share/icons and various mime files
- updates for new gstreamer
- move in gstreamer accesses from audio policy groupd due to hybris
* ubuntu-sdk template:
- remove workaround paths now that ubuntu-ui-toolkit is using
QCoreApplication::applicationName based on MainView's applicationName
(LP: #1197056, #1197051, #1224126, LP: #1231863)
* ubuntu-webapp template:
- allow read access to /usr/share/unity-webapps/userscripts/**
- allow rix to gst-plugin-scanner
* add reserved friends policy group (reserved because it needs integration
with trust-store to be used by untrusted apps)
* remove peer from receive DBus rules in the ubuntu-* templates and the
contacts, history, and location policy groups (LP: #1233895)
* audio:
- move gstreamer stuff out to templates since hybris pulls it in for all
apps
- include hardware/audio.d for hardware specific accesses
-- Jamie Strandboge <jamie@xxxxxxxxxx> Mon, 07 Oct 2013 13:18:27 -0500
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to ubuntu-ui-toolkit in Ubuntu.
https://bugs.launchpad.net/bugs/1197056
Title:
SDK webview applications should not use ~/.local/share/*/.QtWebKit/
for their databases
Status in Cordova Ubuntu:
New
Status in Ubuntu UI Toolkit:
Fix Released
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtdeclarative-opensource-src” package in Ubuntu:
New
Status in “ubuntu-ui-toolkit” package in Ubuntu:
Fix Released
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
Fix Released
Status in “qtdeclarative-opensource-src” source package in Saucy:
Won't Fix
Status in “ubuntu-ui-toolkit” source package in Saucy:
Fix Released
Bug description:
Ubuntu SDK applications that use webkit webviews store webkit databases in places like this:
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db
This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk,
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk,
But these rules are too lenient because this could disclose data to a
malicious app and a malicious app could poison the databases.
Therefore, these paths need to be made application specific.
Specifically webbrowser-app should be adjusted to use
$XDG_DATA_HOME/<app_pkgname> for webapps, where '<app_pkgname>' is the
"name" field in the Click manifest (see bug #1197037 for details).
The same bug affects cordova-ubuntu, but writes are to @{HOME}/.local/share/cordova-ubuntu-2.8/.QtWebKit resulting in these too-lenient rules:
owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/WebpageIcons.db" rwk,
owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/cookies.db" rwk,
owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/" r,
owner "@{HOME}/.local/share/cordova-ubuntu*/.QtWebKit/LocalStorage/**" rwk,
To manage notifications about this bug go to:
https://bugs.launchpad.net/cordova-ubuntu/+bug/1197056/+subscriptions