Ubuntu SDK applications that use webkit webviews store webkit cache data in places like this:
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db
~/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db
This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/WebpageIcons.db" rwk,
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/.QtWebKit/cookies.db" rwk,
But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').
Ubuntu SDK applications that use webkit webviews store webkit cache data in places like this: QtQmlViewer/ .QtWebKit/ WebpageIcons. db QtQmlViewer/ .QtWebKit/ cookies. db
~/.local/share/Qt Project/
~/.local/share/Qt Project/
This results in AppArmor rules like the following: /.local/ share/Qt Project/ QtQmlViewer/ .QtWebKit/ WebpageIcons. db" rwk, /.local/ share/Qt Project/ QtQmlViewer/ .QtWebKit/ cookies. db" rwk,
owner "@{HOME}
owner "@{HOME}
But these rules are too lenient because this could disclose data to a malicious app and a malicious app could poison the databases. Therefore, these paths need to be made application specific. Specifically: somewhere in $XDG_DATA_DIR/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').