Ubuntu
apparmor-easyprof-ubuntu package

No security policy to allow reading the /usr/share/ubuntu/ringtones folder

Bug #1340326 reported by Nekhelesh Ramananthan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Clock App
Status tracked in Trunk
Trunk
Fix Released
High
Victor Thompson
Ubuntu Clock App 3.0 "RTM"
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

The new clock app will provide support for choosing a custom ringtone when creating an alarm. The ringtones can be found at /usr/share/sounds/ubuntu/ringtones. However on the phone, while trying to read that folder I get the error,

root@ubuntu-phablet:~# sudo dmesg -T | grep DEN
[Wed Jul 9 14:55:31 2014] type=1400 audit(1404910531.073:159): apparmor="DENIED" operation="open" profile="com.ubuntu.clock.devel_ubuntu-clock-app_0.1" name="/usr/share/sounds/ubuntu/ringtones/" pid=7553 comm="FileInfoThread" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

I cannot find any security policies that would allow reading from this folder.

Related branches

lp:ubuntu/utopic-proposed/apparmor-easyprof-ubuntu
lp:~vthompson/ubuntu-clock-app/fix-1340326
Nekhelesh Ramananthan: Approve
Ubuntu Phone Apps Jenkins Bot: Needs Fixing (continuous-integration)
Diff: 16 lines (+4/-3)
1 file modified
ubuntu-clock-app.json (+4/-3)
Ubuntu Phone Apps Jenkins Bot: Needs Fixing (continuous-integration)
Ubuntu Clock Developers: Pending requested
Diff: 3399 lines (+3156/-0) (has conflicts)
42 files modified
.bzrignore (+1/-0)
CMakeLists.txt (+70/-0)
COPYING (+674/-0)
README (+9/-0)
README.developers (+16/-0)
app/CMakeLists.txt (+16/-0)
app/alarm/AlarmLabel.qml (+61/-0)
app/alarm/AlarmList.qml (+161/-0)
app/alarm/AlarmPage.qml (+53/-0)
app/alarm/AlarmRepeat.qml (+108/-0)
app/alarm/AlarmSound.qml (+115/-0)
app/alarm/AlarmUtils.qml (+136/-0)
app/alarm/CMakeLists.txt (+6/-0)
app/alarm/EditAlarmPage.qml (+203/-0)
app/clock/AddCityButton.qml (+70/-0)
app/clock/CMakeLists.txt (+6/-0)
app/clock/Clock.qml (+131/-0)
app/clock/ClockPage.qml (+124/-0)
app/components/Background.qml (+33/-0)
app/components/CMakeLists.txt (+6/-0)
app/components/ClockCircle.qml (+116/-0)
app/components/PageWithBottomEdge.qml (+392/-0)
app/components/PullToAdd.qml (+77/-0)
app/components/SubtitledListItem.qml (+55/-0)
app/components/Utils.js (+23/-0)
app/graphics/CMakeLists.txt (+6/-0)
app/tests/autopilot/run (+11/-0)
app/tests/autopilot/ubuntu-clock-app/__init__.py (+132/-0)
app/tests/autopilot/ubuntu-clock-app/main/__init__.py (+1/-0)
app/tests/autopilot/ubuntu-clock-app/main/test_main.py (+23/-0)
app/tests/unit/tst_hellocomponent.qml (+49/-0)
app/ubuntu-clock-app.desktop.in (+10/-0)
app/ubuntu-clock-app.qml (+107/-0)
backend/CMakeLists.txt (+21/-0)
backend/modules/Timezone/backend.cpp (+17/-0)
backend/modules/Timezone/backend.h (+38/-0)
backend/modules/Timezone/qmldir (+2/-0)
backend/modules/Timezone/zone.cpp (+12/-0)
backend/modules/Timezone/zone.h (+25/-0)
cmake/Click.cmake (+17/-0)
manifest.json (+15/-0)
ubuntu-clock-app.json (+8/-0)
Revision history for this message
Victor Thompson (vthompson) wrote :

Nekhelesh, the following should work:

{
    "policy_version": 1.2,
    "policy_groups": [
        "audio"
    ],
    "read_path": [
      "/usr/share/sounds/ubuntu/ringtones/"
    ]
}

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Using read_path would work, but use of read_path is discouraged (music-app is still special in this regard). No worries though, the fix is in apparmor-easyprof-ubuntu 1.2.9 which is in utopic-proposed now and finding its way to the archive. Note, you'll have to specify the "audio" policy group now.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Fix Committed
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.9

---------------
apparmor-easyprof-ubuntu (1.2.9) utopic; urgency=medium

  * ubuntu/webview:
    - adjust to allow oxide_render access to WebCore databases (LP: #1339724)
    - adjust for updated path for QML web plugin (LP: #1339777)
  * ubuntu/1.2: add new push-notification-client policy group
  * ubuntu/ubuntu-{sdk,webapp}: adjust for updated path for QML web plugin
  * ubuntu/audio: allow read access for /usr/share/sounds and
    /custom/usr/share/sounds (LP: #1340326)
  * ubuntu/audio: allow write access to /android/micshm (LP: #1337582)
 -- Jamie Strandboge <email address hidden> Thu, 10 Jul 2014 12:28:30 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Fix Committed → Fix Released
Victor Thompson (vthompson)
Changed in ubuntu-clock-app:
status: New → In Progress
assignee: nobody → Victor Thompson (vthompson)
Revision history for this message
Victor Thompson (vthompson) wrote :

apparmor-easyprof-ubuntu v1.2.9 landed in image #125 [1]

[1] http://people.canonical.com/~ogra/touch-image-stats/125.changes

Nekhelesh Ramananthan (nik90)
Changed in ubuntu-clock-app:
status: In Progress → Fix Released
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.