ubuntu-touch-coreapps-reviewers team mailing list archive

[Stefano Verzegnassi <stefano92.100@xxxxxxxxx>]

Stefano Verzegnassi has proposed merging lp:~verzegnassi-stefano/ubuntu-docviewer-app/fix-deletion-from-external-storage into lp:ubuntu-docviewer-app.

Commit message:
Updated AppArmor template. It fixes the deletion of a document stored on a SD card.

Requested reviews:
  Alan Pope  (popey)
Related bugs:
  Bug #1524293 in Ubuntu Document Viewer App: "Deleting a document stored in the SD card does not work"
  https://bugs.launchpad.net/ubuntu-docviewer-app/+bug/1524293

For more details, see:
https://code.launchpad.net/~verzegnassi-stefano/ubuntu-docviewer-app/fix-deletion-from-external-storage/+merge/281360

Updated AppArmor template.
It fixes the deletion of a document stored on a SD card (which currently drops a DENIAL).

This would give us write permissions to the Documents folder in any external storage. Similar rights are already used by gallery-app and camera-app for similar reasons, through the 'picture_files' policy[1].
>From the DocViewer perspective, this represents a move from an hypothetical 'document_files_read' to a 'document_files' policy.

@Alan: I'm expressly asking you as reviewer for the reason above, since we may need a authorization from the security team (this would probably be the first case of confined core app using a less restrictive policy).


[1] http://bazaar.launchpad.net/~ubuntu-security/apparmor-easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.1/picture_files
-- 
Your team Ubuntu Document Viewer Developers is subscribed to branch lp:ubuntu-docviewer-app.

=== modified file 'click/docviewer.apparmor'
--- click/docviewer.apparmor	2015-12-04 11:39:06 +0000
+++ click/docviewer.apparmor	2015-12-26 17:41:49 +0000
@@ -10,7 +10,8 @@
         "/dev/disk/by-label/"
     ],
     "write_path": [
-        "@{HOME}/Documents/"
+        "@{HOME}/Documents/",
+        "/media/*/*/[Dd][Oo][Cc][Uu][Mm][Ee][Nn][Tt][Ss]/"
     ],
     "policy_version": 1.3
 }