ubuntu-sdk-bugs team mailing list archive

Thread
Date
[Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

To: ubuntu-sdk-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1433590@xxxxxxxxxxxxxxxxxx>
Date: Sat, 27 Aug 2016 14:23:20 -0000
Reply-to: Bug 1433590 <1433590@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package ubuntu-ui-toolkit -
1.3.2073+16.10.20160824

---------------
ubuntu-ui-toolkit (1.3.2073+16.10.20160824) yakkety; urgency=medium

  [ Zsombor Egri ]
  * No need to check the setting anymore when vibrate. Fixes LP: #1433590.

  [ Albert Astals Cid ]
  * AbstractButton: Bind mouse area signals earlier. Otherwise it can happen that
    someone clicks on button and the binding is still not done, i.e. 22911213 .
    Fixes LP: #1610165.

  [ Christian Dywan ]
  * Fix build warnings.
  * Remove unused Q_Q(UCAbtractButton) declaration.

  [ Larry Price ]
  * Address documentation issue in UbuntuListView - pullToRefresh has "enabled"
    property. Fixes LP: #1387679

  [ Loïc Molinari ]
  * Added new C++ UbuntuMetrics library.
    This library allows the monitoring of various metrics in QtQuick 2
    applications. It allows the logging of different metrics as well as
    overlaying these metrics on top of each QtQuick windows.
  * Added LTTng support to UbuntuMetrics.
  * Added support for logging generic events. Made use of it to log predefined
    ApplicationMonitor events. Predefined events only define UserInterfaceReady
    for now, as it's needed to track start-up time.
  * Wrapped libUbuntuMetrics to QML.

  [ Florian Boucault ]
  * Icon, Switch and ProgressBar: enable use of texture atlas.
  * ActivityIndicator: do not load the image until the ActivityIndicator is
    made visible. Load it asynchronously.

  [ Tim Peeters ]
  * Remove unused CHANGES, CHANGES.syntax and NEWS files.

 -- Zoltán Balogh <zoltan.balogh@xxxxxxxxxxxxx>  Wed, 24 Aug 2016
11:35:29 +0000

** Changed in: ubuntu-ui-toolkit (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to ubuntu-ui-toolkit in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Released
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined"

  The following rules allow the requested access:
    dbus (send)
         bus=system
         path="/org/freedesktop/Accounts"
         interface="org.freedesktop.DBus.{Introspectable,Properties}"
         member=Introspect
         peer=(name=org.freedesktop.Accounts,label=unconfined),
    dbus (send)
         bus=system
         path="/org/freedesktop/Accounts"
         interface="org.freedesktop.Accounts"
         member=FindUserById
         peer=(name=org.freedesktop.Accounts,label=unconfined),
    dbus (send)
         bus=system
         path="/org/freedesktop/Accounts/User[0-9]*"
         interface="org.freedesktop.DBus.Properties"
         member=Get
         peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1433590/+subscriptions