[HTML5] AppaArmor denials to used the system installed UI SDK files, when webapp container used as a launcher

Bug #1477580 reported by Alexandre Abreu on 2015-07-23
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Critical
David Barth
apparmor-easyprof-ubuntu (Ubuntu)
High
Jamie Strandboge
apparmor-easyprof-ubuntu (Ubuntu RTM)
Critical
Jamie Strandboge
ubuntu-personal-security (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

When launching an app create with the default HTML5 template in qtc on the device (it now uses the 'ubunu-webapp' apparmor template), the css styles are not applied at all.

Here are the apparmor denials:

Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.079466] type=1400 audit(1437658592.368:199): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/fast-buttons.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.082182] type=1400 audit(1437658592.368:200): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/core.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.083800] type=1400 audit(1437658592.368:201): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/buttons.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.086150] type=1400 audit(1437658592.378:202): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/dialogs.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.088011] type=1400 audit(1437658592.378:203): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/page.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.092620] type=1400 audit(1437658592.378:204): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/pagestacks.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Sdk-Launcher> There has been a AppArmor denial for your application.
Sdk-Launcher> Most likely it is missing a policy in the AppArmor file.
Syslog> Jul 23 13:36:32 ubuntu-phablet kernel: [74934.094909] type=1400 audit(1437658592.388:205): apparmor="DENIED" operation="open" profile="tutu.abreu-alexandre_tutu_0.1" name="/usr/share/ubuntu-html5-ui-toolkit/0.1/ambiance/js/tab.js" pid=13230 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

Changed in apparmor-easyprof-ubuntu (Ubuntu):
importance: Undecided → High
Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ubuntu-personal-security (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → In Progress
Changed in ubuntu-personal-security (Ubuntu):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 15.10.7

---------------
apparmor-easyprof-ubuntu (15.10.7) wily; urgency=medium

  * ubuntu/ubuntu-webapp: allow read access to /usr/share/ubuntu-html5-theme
    and /usr/share/ubuntu-html5-ui-toolkit (LP: #1477580)

 -- Jamie Strandboge <email address hidden> Thu, 23 Jul 2015 16:16:49 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-personal-security - 15.10.2

---------------
ubuntu-personal-security (15.10.2) wily; urgency=medium

  * ubuntu/ubuntu-webapp: allow read access to /usr/share/ubuntu-html5-theme
    and /usr/share/ubuntu-html5-ui-toolkit (LP: #1477580)

 -- Jamie Strandboge <email address hidden> Thu, 23 Jul 2015 16:25:08 -0500

Changed in ubuntu-personal-security (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
importance: Undecided → Critical
milestone: none → ww02-2016
status: New → Confirmed
tags: added: hotfix
Changed in canonical-devices-system-image:
assignee: nobody → David Barth (dbarth)
Changed in apparmor-easyprof-ubuntu (Ubuntu RTM):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Critical
status: New → In Progress
Changed in canonical-devices-system-image:
status: Confirmed → Fix Committed
Łukasz Zemczak (sil2100) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu 1.3.15 in https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-phone-overlay

---------------

apparmor-easyprof-ubuntu (1.3.15) vivid; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/1.[23]/accounts: add the new Online Accounts v2 API (LP: #1512667)

  [ Jamie Strandboge ]
  * ubuntu/ubuntu-webapp: allow read access to /usr/share/ubuntu-html5-theme
    and /usr/share/ubuntu-html5-ui-toolkit (LP: #1477580)

 -- Jamie Strandboge <email address hidden> Fri, 20 Nov 2015 08:41:17 -0600

Changed in apparmor-easyprof-ubuntu (Ubuntu RTM):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
milestone: ww02-2016 → ww50-2015
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers