apparmor policy_version is incorrectly set

Marking as 'Critical' because Click packages created with QtCreator will not work properly until this bug is fixed.

The manifest file template has 1.0 as default policy_version, but the json parser in Qt cuts the .0 since it is taken as a numerical value.

Would the "1.0" be a valid value?

Unfortunately no, it needs to be a float, not a string.

JSON cannot store the decimals of a number if those are all zero. Therefore x.0 will always be stored as x. If we need to store the decimals (i.e. major.minor format), then we need to store it as strings. You could then convert those strings into float.

On the other hand, just wondering, shouldn't we also deal with subversions, i.e. major.minor.subversion? This format cannot ever be stored in a numeric field for sure...

I have checked if there is a way in the JS level to change the representation of numerical values. On the JSON level the sringify function does the first conversion we have a chance to intrude. It can be given a replace function to overule the conversion:

--
function replacer(key, value) {
          if (key == 'policy_version'){
                var ending_zero = ".0";
                var version_value = String(value);
                var new_value = String(version_value.concat(ending_zero));
                return new_value;
        }
    return value;
}
function toJSON() {
    return JSON.stringify(jsonData, replacer);

}
--

Regardless of my clearly desperate and slightly hackish way of forcing the .0 at the end f the value, the JS either drops the .0 when it converts to numerical value or kindly puts the value as a string "1.0" to the JSON file.

I assume that unless we change the very core behavior of JS how it handles numerical values it would be way simpler to store the version numbers in a string just as the application version is stored in a string.

I have changed the policy_version value in the security manifest template to be string instead of numerical value, as json db can not store numerical values in X.0 format.

Wow. I'm shocked that it can't do "1.0"-- python3 json didn't have any problems (in fact, "float(1)" returns 1.0). Then I did some (cursory) research and it turns out that "A floating-point number with a zero a fractional part, such as 1.0, could reasonably be converted to the JSON number 1 as well as 1.0; however no implementations choose to drop the fractional part". Seems we found an implementation that did.

The background is that the security team discussed this to death and there were people that felt the policy_version should be a string, but float won out because tools wouldn't have to do anything special to do numeric sorts and comparisons. It was a way to make sure the manifest was a simple as possible for people, libraries, tools, etc. It was deemed enough to have $major.$minor.

In that spirit, let's mark this bug as "Won't Fix" and I'll adjust click-apparmor, apparmor and the review tools to allow "1" and we'll tack on the .0.

Ok, review tools updated. Now to click-apparmor.

This bug was fixed in the package click-apparmor - 0.1.4

---------------
click-apparmor (0.1.4) saucy; urgency=low

  [ Steve Beattie ]
  * aa-clickhook: output to stdout instead of stderr if no output file
    is specified.

  [ Jamie Strandboge ]
  * add support for abstractions, read_paths and write_paths. These are not
    generally allowed in the Ubuntu app store, but will be handled via the
    review process.
  * fix a few error strings
  * policy_version is JSON Number, not string
  * add some more policy_version tests
  * Qt json outputs 1.0 as 1. Account for that in our transmogrification to
    easyprof (LP: #1214618)
 -- Jamie Strandboge <email address hidden> Thu, 22 Aug 2013 12:15:02 -0500