Ubuntu Music App

music-app should run under confinement under click

Bug #1315386 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Music App
Fix Released
Medium
Andrew Hayzen

Bug Description

For historical reasons, currently music-app runs unconfined. With media-hub now in place, music-app no longer needs to be unconfined. Because of bug #1303962 and bug #1315381 (lack of apparmor/trust-store integration in mediascanner2) and because music-app still uses grilo, music-app needs special confinement though. Please update click/apparmor.json to be:
{
    "policy_version": 1.1,
    "policy_groups": [
        "audio",
        "networking",
        "usermetrics"
    ],
    "read_path": [
      "/etc/fstab",
      "/proc/[0-9]*/mounts",
      "/usr/share/grilo-plugins/",
      "@{HOME}/.cache/media-art/",
      "@{HOME}/.cache/mediascanner/"
    ],
    "write_path": [
      "@{HOME}/.local/share/grilo-plugins/"
    ]
}

Once music-app moves away from grilo we can remove the write_path and update read_path accordingly. Once it moves to mediascanner2 and bug #1303962 is fixed in mediascanner2, then read_path can be removed entirely.

Related branches

lp:~jdstrand/music-app/lp1315386
Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
Victor Thompson: Approve
Diff: 25 lines (+17/-2)
1 file modified
click/apparmor.json (+17/-2)
lp:~ahayzen/+junk/music-app-confinement-001
lp:~ahayzen/music-app/confinement-back-001
lp:~ahayzen/music-app/remix-confinement-back-001
Rejected for merging into lp:music-app/remix
Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
Music App Developers: Pending requested
Diff: 692 lines (+290/-231)
9 files modified
MusicPlaylists.qml (+143/-25)
click/apparmor.json (+12/-2)
common/CardView.qml (+0/-1)
common/ColumnFlow.qml (+0/-1)
common/ListItemActions/DeletePlaylist.qml (+29/-0)
common/ListItemActions/EditPlaylist.qml (+35/-0)
common/SongsPage.qml (+0/-131)
po/com.ubuntu.music.pot (+70/-70)
tests/autopilot/music_app/__init__.py (+1/-1)
Superseded for merging into lp:music-app/trusty
Music App Developers: Pending requested
Diff: 4986 lines (+1651/-1875) (has conflicts)
26 files modified
MusicAlbums.qml (+21/-123)
MusicArtists.qml (+37/-87)
MusicNowPlaying.qml (+381/-219)
MusicPlaylists.qml (+3/-2)
MusicSettings.qml (+0/-11)
MusicToolbar.qml (+169/-951)
MusicTracks.qml (+14/-15)
MusicaddtoPlaylist.qml (+0/-1)
Player.qml (+5/-1)
Style.qml (+2/-2)
click/apparmor.json (+14/-2)
com.ubuntu.music_music.desktop.in.in (+3/-0)
common/AlbumsPage.qml (+0/-2)
common/BlurredBackground.qml (+11/-9)
common/Card.qml (+151/-0)
common/CardView.qml (+42/-0)
common/ColumnFlow.qml (+159/-0)
common/CoverGrid.qml (+71/-0)
common/MusicPage.qml (+4/-0)
common/MusicRow.qml (+34/-5)
common/SongsPage.qml (+139/-118)
music-app.qml (+24/-33)
po/com.ubuntu.music.pot (+95/-81)
po/pt_BR.po (+111/-84)
tests/autopilot/music_app/__init__.py (+101/-83)
tests/autopilot/music_app/tests/test_music.py (+60/-46)
lp:~ahayzen/music-app/remix-confinement-back-002
Victor Thompson: Approve
Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
Diff: 23 lines (+12/-2)
1 file modified
click/apparmor.json (+12/-2)
Revision history for this message
Andrew Hayzen (ahayzen) wrote :

I believe we still need to be unconfined until we use background playlists in the media-hub (which is WIP) otherwise next/previous selection will not work when the app is suspended?

Revision history for this message
Victor Thompson (vthompson) wrote :

I was under the same impression as Andrew.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I've been running the app all morning under this confinement and haven't experienced any issues. I used the 'Songs' playlist on random. Should I be doing something different?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

(Note, I am using r8 in devel-proposed)

Revision history for this message
Andrew Hayzen (ahayzen) wrote :

The following steps we would *not* expect to work under confinement
1) Select a set of track to play so that there is more than 1 in the queue (eg clicking the top song in the songs tab)
2) Optionally seek near the end of the track
3) Turn the screen off before the track ends so that the app is suspended
4) The player progresses onto the next track

I would expect step 4 not to work until the screen is turned back on.

Revision history for this message
Victor Thompson (vthompson) wrote :

Jamie, did you first remove the app's lifecycle exception? I believe it is hardcoded--so Unity-mir would probably need to be recompiled after removing it from the code.

Revision history for this message
Victor Thompson (vthompson) wrote :

The code to do this is here:

http://bazaar.launchpad.net/~mir-team/unity-mir/trunk/view/head:/src/modules/Unity/Application/application_manager.cpp#L184

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I didn't remove the lifecycle exception since that is separate from the apps confinement. Running music-app under confinement and using:
$ adb shell tail -f /var/log/syslog | grep DEN

shows no denials, even for powerd (other than one for dbus RequestName which shouldn't be needed on the phone). Are you saying additional apparmor rules are needed to function correctly? It seems to be working fine now.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

"The following steps we would *not* expect to work under confinement
1) Select a set of track to play so that there is more than 1 in the queue (eg clicking the top song in the songs tab)
2) Optionally seek near the end of the track
3) Turn the screen off before the track ends so that the app is suspended
4) The player progresses onto the next track

I would expect step 4 not to work until the screen is turned back on."

I just tested and it works fine.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

As mentioned, apparmor confinement is separate from application lifecycle. I did not touch lifecycle-- I only added confinement.

Revision history for this message
Victor Thompson (vthompson) wrote :

Ok, that sounds good to me. This change can proceed. Removing the lifecycle exception is blocked by the move to the updated media-hub with tracklist support.

Changed in music-app:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Ubuntu Phone Apps Jenkins Bot (ubuntu-phone-apps-jenkins-bot) wrote :

Fix committed into lp:music-app at revision None, scheduled for release in music-app, milestone 1.0

Changed in music-app:
status: Confirmed → Fix Committed
Victor Thompson (vthompson)
Changed in music-app:
status: Fix Committed → Triaged
Revision history for this message
Andrew Hayzen (ahayzen) wrote :

What is preventing us now going back to being confined? mediascanner/thumbnailer?

Also note when this is done we will need write access to ~/Music/ for content-hub imports.

I assume we can't put a translation in the apparmor profile? As for now can only import files into ~/Music/Imported (we may allow the user to decide at a later stage) but "Imported" is translated.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

AppArmor has rudimentary support for translations of xdg user dirs, but note, supporting translated directories on the phone has been ruled out because they are problematic for a whole bunch of reasons, instead the toolkit should handle these for the user rather than handling it in the filesystem.

So, we could've added this to write_path:
owner @{HOME}/Music/Imported/ r,
owner @{HOME}/Music/Imported/** rwk,

but as pointed out, we can't now. We could add the music_files policy group, which uses:
# Usage: reserved
owner @{HOME}/Music/ r,
owner @{HOME}/Music/** rwk,

but then that gets us back to the music-app having full access to all the music files which is one thing we were trying to avoid (we want a system where a 3rd party music app only needs to use the 'common' policy groups). This could be resolved by setting the import directory to ~/.local/share/com.ubuntu.music/imported and then have a symlink from @{HOME}/Music/Imported to ~/.local/share/com.ubuntu.music/imported. Something other than the music-app has to create the symlink.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I think everything is needed for mediascanner2-- have you tried music-app under confinement (for now, using the music_files) policy group)?

Andrew Hayzen (ahayzen)
Changed in music-app:
status: Triaged → In Progress
assignee: Jamie Strandboge (jdstrand) → Andrew Hayzen (andrew-hayzen)
Revision history for this message
Andrew Hayzen (ahayzen) wrote :

For those following this bug it is currently blocked by bug 1373086.

Revision history for this message
Ubuntu Phone Apps Jenkins Bot (ubuntu-phone-apps-jenkins-bot) wrote :

Fix committed into lp:music-app/remix at revision 681, scheduled for release in music-app, milestone music-app-14.10-week-40

Changed in music-app:
status: In Progress → Fix Committed
Victor Thompson (vthompson)
Changed in music-app:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.