client apps using qtdeclarative5-ubuntu-contacts0.1 accesses the /org/freedesktop/Telepathy DBus API

Bug #1227818 reported by Jamie Strandboge on 2013-09-19
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
address-book-app (Ubuntu)
High
Renato Araujo Oliveira Filho
Saucy
High
Renato Araujo Oliveira Filho
Trusty
Undecided
Unassigned
apparmor-easyprof-ubuntu (Ubuntu)
Undecided
Jamie Strandboge
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

Using this:

import Ubuntu.Contacts 0.1
...
Tab {
    title: i18n.tr("Contacts")

    page: Page {
        ContactListView {
            anchors.fill: parent
            onContactClicked: console.debug("Contact ID:" + contact.contactId)
        }
}

In addition to using com.canonical.pim, it also accesses:
org.freedesktop.Telepathy.AccountManager
org.freedesktop.Telepathy.ChannelDispatcher

I saw this when profiling applications for apparmor policy groups. Here are the apparmor rules I needed to list the contacts on my desktop system:
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/AccountManager
     peer=(name=org.freedesktop.Telepathy.AccountManager),
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/ChannelDispatcher
     peer=(name=org.freedesktop.Telepathy.ChannelDispatcher),
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/Account/**
     member=Get{,All}
     peer=(name=org.freedesktop.Telepathy.AccountManager),

Jamie Strandboge (jdstrand) wrote :

Adding a task for apparmor-easyprof-ubuntu. It is going to ship a reserved policy group for contacts and as a workaround it will include these accesses. It would be nice to have clients not access org.freedesktop.Telepathy directly.

Bill Filler (bfiller) on 2013-09-19
Changed in address-book-app (Ubuntu Saucy):
importance: Undecided → High
assignee: nobody → Renato Araujo Oliveira Filho (renatofilho)
status: New → Confirmed

removing the package; libfolks-telepathy25

should avoid that.

I found the problem the contact list is importing the telephony module, I am not sure the reason for that I need to confirm with boiko or tiago tomorrow.

This diff fix the problem:

=== modified file 'src/imports/Ubuntu/Contacts/ContactSimpleListView.qml'
--- src/imports/Ubuntu/Contacts/ContactSimpleListView.qml 2013-09-12 21:46:40 +0000
+++ src/imports/Ubuntu/Contacts/ContactSimpleListView.qml 2013-09-19 23:23:14 +0000
@@ -18,7 +18,7 @@
 import QtContacts 5.0
 import Ubuntu.Components 0.1
 import Ubuntu.Components.ListItems 0.1 as ListItem
-import Ubuntu.Telephony 0.1
+//import Ubuntu.Telephony 0.1

 import "ContactList.js" as Sections

Jamie Strandboge (jdstrand) wrote :

Adding t tasks since this doesn't look like it will be fixed for 13.10.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Won't Fix
Bill Filler (bfiller) wrote :

this is actually fixed with address-book-app release 0.2+13.10.20131011-0ubuntu1 which should hit an image soon

Changed in address-book-app (Ubuntu Saucy):
status: Confirmed → Fix Committed
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Won't Fix → Fix Committed
Changed in address-book-app (Ubuntu Trusty):
status: New → Fix Released
Changed in address-book-app (Ubuntu Saucy):
status: Fix Committed → Won't Fix
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Workaround policy was added to apparmor-easyprof-ubuntu in 13.10 so marking Fix Released. This policy was not removed in 14.04 like it should've been when address-book-app was fixed, so marking "Won't Fix". I'll fix 14.10 policy in 1.2.16.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in apparmor-easyprof-ubuntu (Ubuntu Trusty):
status: Confirmed → Won't Fix
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.16

---------------
apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium

  * ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API
    (LP: #1341548)
  * ubuntu/1.[12]/contacts: remove workaround policy since address-book-app
    no longer uses the telepathy API (LP: #1227818)
  * ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and
    noisy with the camera app
  * ubuntu/ubuntu-webapp: receive application-specific Open on
    org.freedesktop.Application to allow url-dispatcher working with already
    running webapps (LP: #1342129)
 -- Jamie Strandboge <email address hidden> Thu, 07 Aug 2014 13:19:59 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers