please provide gui for security manifest
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| qtcreator-plugin-ubuntu |
Fix Released
|
Critical
|
Juhapekka Piiroinen | ||
| qtcreator-plugin-ubuntu (Ubuntu) |
Fix Released
|
Critical
|
Juhapekka Piiroinen | ||
Bug Description
I know this is planned but wanted to file a bug to give additional information.
Currently Simple tab provides a text input field to add policy groups. It would be good if the sdk could enumerate the policy groups. The policy groups can be enumerated with:
$ aa-easyprof --list-
accounts
audio
...
As of apparmor-
$ aa-easyprof --show-policy-group -p <group> --policy-
Eg:
$ aa-easyprof --show-policy-group -p networking --policy-
# Description: Can access the network
# Usage: common
#include <abstractions/
#include <abstractions/
or:
$ aa-easyprof --show-policy-group -p music_files --policy-
# Description: Can read and write to music files. This policy group is
# reserved for certain applications, such as music players. Developers
# should typically use the content_exchange policy group and API to
# access music files instead.
# Usage: reserved
owner @{HOME}/Music/ r,
owner @{HOME}/Music/** rwk,
I'm not sure how you want to display all this to the user, but it is worth noting that the 'Usage' meta-information should be used by the SDK in some manner. Policy groups with 'Usage: common' are safe for all applications to use, but ones with 'Usage: reserved' will likely cause problems during the review process and may waste the developer's time if their app is rejected for using it. Perhaps if the meta information (Description and Usage for now) was display along with the policy group, developers would have enough information to decide. It may make sense for the reserved policy groups to be hidden or require a confirmation to add. We want to discourage their use in general. This should probably be generalized incase we add other Usage tags, like 'core-apps', etc.
See /usr/share/
Please also make sure that the SDK doesn't leave any empty policy groups. Currently it is very easy for it to do:
"policy_groups": [
"",
"",
""
}
If the app specifies no policy groups, then use:
"policy_groups": []
in the json
Related branches
- Ubuntu SDK team: Pending requested
- Diff: 0 lines
| tags: | added: appstore |
| description: | updated |
| tags: | added: application-confinement |
| affects: | qtcreator (Ubuntu) → qtcreator-plugin-ubuntu (Ubuntu) |
| Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Confirmed |
| Changed in qtcreator-plugin-ubuntu: | |
| importance: | Undecided → High |
| status: | New → Confirmed |
| Changed in qtcreator-plugin-ubuntu: | |
| assignee: | nobody → Juhapekka Piiroinen (juhapekka-piiroinen) |
| Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
| assignee: | nobody → Juhapekka Piiroinen (juhapekka-piiroinen) |
| Changed in qtcreator-plugin-ubuntu: | |
| importance: | High → Critical |
| Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
| importance: | High → Critical |
| description: | updated |
| Changed in qtcreator-plugin-ubuntu: | |
| status: | Confirmed → Fix Committed |
| Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
| status: | Confirmed → Fix Committed |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Changed in qtcreator-plugin-ubuntu: | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package qtcreator-
---------------
qtcreator-
* USB Device connection / disconnection detection.
* Refactored Menus.
* Can't set version number in Packaging form (LP: #1212326)
* QtC cuts folder names when building on the device (LP: #1212937)
* Click packages need to exclude the .bzr dir (LP: #1214628)
* Force lower case click package name (LP: #1219877)
* Packaging resets package name, other attributes to default every
time it's opened (LP: #1219948)
* please provide gui for security manifest (LP: #1221407)
* Cannot enable developer mode on read-only image (LP: #1223301)
* Cannot launch application through qtcreator (LP: #1225178)
* Application installation script problems (LP: #1213902)
* Comment field in .desktop file should be generated on the fly
(LP: #1223388)
* SDK should set applicationName to "name" value in the click manifest
(LP: #1227085)
-- Juhapekka Piiroinen <email address hidden> Wed, 18 Sep 2013 15:36:58 +0300