add DownloadManager access to networking policy group
Bug #1227860 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The download manager DBus API is stabilizing. Once it is available to SDK apps we need to add support for it to the networking policy group.
Related branches
To post a comment you must log in.
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.0.32
--------------- easyprof- ubuntu (1.0.32) saucy; urgency=low
apparmor-
* accounts: libaccounts- glib/accounts. db and read libaccounts- glib/accounts. db*. accounts/ ** libaccounts- glib/accounts. db* (LP: #1220552) }run/user/ */pulse/ - this should already hybris_ shm_data system/ media/audio/ ui/camera_ click.ogg nterface importing data exchange_ source for providing/exporting data evolution/ dataserver/ SourceManager, org/gnome/ evolution/ dataserver/ CalendarFactory and org/gnome/ evolution/ dataserver/ Calendar/ ** .Telepathy. .Telepathy will go away when LP: 1227818 is fixed HistoryService ty_details
- needs lock ('k') access to .config/
access to .config/
- read access to /usr/share/
- deny write to .config/
* refine audio policy group:
- remove /tmp/ accesses now that TMPDIR is set by the sandbox
- allow access to only the native socket (ie, disallow dbus-socket (only
needed by pacmd), access to pid and the cli debugging socket)
(LP: #1211380)
- remove 'w' access to /{,var/
exist when click apps run
- remove /dev/binder, no longer needed now that we use audio HAL and
pulseaudio
- silence the denial for creating ~/.gstreamer-0.10/ if it doesn't exist
* camera:
- add rw for /dev/ashmem. This will go away when camera moves to HAL
- rw /run/shm/
- add read on /android/
* connectivity:
- add policy as used by QML's QtSystemInfo and also Qt's QHostAddress,
QNetworkI
- add commented out rules for ofono (LP: 1226844)
* finalize content_exchange policy for the content-hub. We now have two
different policy groups: content_exchange for requesting/
and content_
* microphone:
- remove /dev/binder, no longer needed now that we use audio HAL and
pulseaudio
- add gstreamer and pulseaudio accesses and silence ALSA denials (we
force pulseaudio). Eventually we should consolidate these and the ones
in audio into a separate abstraction.
* networking
- explicitly deny access to NetworkManager. This technically should be
needed at all, but depending on how apps connect, the lowlevel
libraries get NM involved. Do the same for ofono
- add access to the download manager (LP: #1227860)
* video: add gstreamer accesses. Eventually we should consolidate these
and the ones in audio into a gstreamer abstraction
* add the following new reserved policy groups (reserved because they need
integration with trust-store to be used by untrusted apps):
- calendar - to access /org/gnome/
/
/
- contacts - to access com.canonical.pim and org.freedesktop
Note, org.freedesktop
- history - to access com.canonical.
* remove unused policy groups. This would normally constitute a new minor
version, but no one is using these yet. When there is an API to use for
this sort of thing, we can reintroduce them
- read_connectivi
- bluetooth (no supported Qt5 API for these per the SDK team)
- nfc (no supported Qt5 API for these per the SDK team)
* ubuntu* templates:
- remove workaround HUD rule for DBus access to hud/applications/* now
...