Oct 22 13:32:41 ubuntu-phablet kernel: [ 9393.918517] type=1400 audit(1413999161.373:361): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rschroll.beru_beru_0.9.8" name="/home/phablet/.local/share/ubuntu-download-manager/com.ubuntu.developer.rschroll.beru/Downloads/History%20of%20King%20Charles%20the%20Second%20of%20England%20-%20Abbot_%20Jacob.epub" pid=19786 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
On the one hand, this is not a super critical bug because the ubuntu-download-manager API is not widely used by apps. However, this API is part of the supported frameworks and adding to the policy now rather than as OTA means we can avoid a policy recompile in OTA. The change is simple and the risk is negligible (it would fail to build if there was an error). Plan would be to piggback this on the fix for bug #1383858 so policy recompile only happens once.
This bug was fixed in the package apparmor-
---------------
apparmor-
* ubuntu/networking: add rules for app-specific ubuntu-
file downloads (LP: #1384349)
-- Jamie Strandboge <email address hidden> Wed, 22 Oct 2014 14:13:44 -0400