Click apps need access to their own Online Accounts files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
Online Accounts can be extended with new account providers and services provided in click packages. A click hook will install these files in the correct place under ~/.local/
Indeed, click applications should be able to use the account they install, so they need read access to these directories (the "accounts" apparmor template already gives access to the system locations: "/usr/share/
owner @{HOME}
Given that these files are installed under ~/.local/
Related branches
description: | updated |
tags: | added: application-confinement |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
importance: | Undecided → High |
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.1.4
--------------- easyprof- ubuntu (1.1.4) trusty; urgency=medium
apparmor-
* 1.*/ubuntu-sdk: adjust for ubuntu- html5-app- launcher (LP: #1274640) ubuntu- html5-app- launcher to handle HTML5 apps ubuntu- html5-app- launcher/ ** /.local/ share/accounts/ ** to dereference click singlesignonui. cookiesForIdent ity singlesignonui. cookiesForIdent ity).
- allow reexec for /usr/bin/
launched via upstart-app-launch
- allow read access to /usr/share/
* 1.*/accounts:
- allow read on @{HOME}
symlinks for online accounts providers (LP: #1278859)
- add comment about usage of com.nokia.
* 1.*/networking: finetune DownloadManager DBus access (LP: #1277578)
- explicitly allow safe and explicitly disallow unsafe DownloadManager
APIs
- restrict apps to their own downloads
* 1.*/ubuntu-webapp: allow the webapps access to SignonUi API for retrieving
web cookies for an account (com.nokia.
This is being added to the ubuntu-webapp template instead of the accounts
policy group because this API should only be available to the webapp
container and is not needed to use online accounts in general
(LP: #1278934)
-- Jamie Strandboge <email address hidden> Wed, 12 Feb 2014 09:20:58 -0600