hammerhead stable OTA-11 Browser Wont open

affects r223 on rc-proposed too

and r224

affects r226 too

all the way to r233 :)

I think this bug is responsible for a lot of other things being broken in hammerhead right now, pretty sure it will fix all the web app stuff not loading/crashing.

Affects r258.

For information if i activate complain mode for usr.bin.webbrowser-app it's work :

aa-complain /etc/apparmor.d/usr.bin.webbrowser-app

I can confirm this for hammerhead in OTA-14 stable on a Nexus 5, fresh install.

I'm currently trying to pin down all the rules needed to avoid disabling apparmor for the potentially most sensitive app in the system. However, I'm stuck on the following two profiles:

profile="webbrowser-app"
name="/run/shm/webbrowser-app.oxide/.org.chromium.Chromium.<REDACTED>"
comm="webbrowser-app"
denied_mask="c"

profile="webbrowser-app//oxide_helper"
name="/usr/lib/arm-linux-gnueabihf/libhybris/linker/jb.so"
comm="oxide-renderer"
denied_mask="m"

The first I can't define a rule for because the mask seems non-standard. For the second profile, I can't find any reference to oxide in any profile in the config dir, but did find "enforce" in /sys/kernel/security/apparmor/policy/profiles/webbrowser-app.15/profiles/oxide_helper.16/mode. However but I don't understand this policy framework, so don't want to edit this and its associated files.

Ideas?

I/we must be doing something wrong, as all of this is out of the box on OTA-14. Surely others would have noticed the browser not starting for this long.

Cheers.

Okay, here's what I've got as a work-around until our friends on the dev team find a fix:

At the end of the block "profile oxide_helper (attach_disconnected) {" in usr.bin.webbrowser-app add

# LP: #1625832
      #include <local/usr.bin.webbrowser-app..oxide_helper>

In local/usr.bin.webbrowser-app add:

# LP: #1625832
/usr/lib/arm-linux-gnueabihf/libhybris/linker/jb.so rm,
/home/phablet/.local/share/libertine/ContainersConfig.json rk,
/run/shm/webbrowser-app.oxide/* rw,
/sys/bus/ r,
/dev/input/event* rw,
/sys/devices/*/kgsl/*/* r,

And in local/usr.bin.webbrowser-app..oxide_helper (which you've created) add:

# LP: #1625832
/usr/lib/arm-linux-gnueabihf/libhybris/linker/jb.so m,
/run/shm/webbrowser-app.oxide/* rw

There's still the matter of access to /dev/input/event*, but there's no visible loss of functionality, for me.

Cheers.

I can also confirm this happened in both stable and rc.proposed for me on Hammerhead. In fact one of the only things I could get working was the calculator and weather

Indeed. I'm now on rc-proposed r298, and seeing these issues.

I'm going to venture that this is a duplicate of the larger issue here: https://bugs.launchpad.net/ubports-android/+bug/1602916

Hopefully Marius will be able to get his commit from August into r299. I actually can't find that commit though.