Comment 0 for bug 1197056
Revision history for this message
| Jamie Strandboge (jdstrand) wrote SDK webview applications should not use ~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/ for its databases | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Ubuntu SDK applications that use webkit webviews store webkit cache data in places like this:
~/.local/share/Qt Project/
~/.local/share/Qt Project/
This results in AppArmor rules like the following:
owner "@{HOME}
owner "@{HOME}
But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').