qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for db files

Bug #1224126 reported by Jamie Strandboge on 2013-09-11
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu UI Toolkit
Fix Released
Undecided
Unassigned
apparmor-easyprof-ubuntu (Ubuntu)
High
Christian Dywan
Saucy
High
Christian Dywan
u1db-qt (Ubuntu)
High
Christian Dywan
Saucy
High
Christian Dywan
ubuntu-ui-toolkit (Ubuntu)
Undecided
Unassigned
Saucy
Undecided
Unassigned

Bug Description

Similar to bug #1197051, qtdeclarative5-u1db1.0 stores its data files in locations like this:
/home/phablet/.local/share/Qt Project/QtQmlViewer/ubuntu-tasks.db

This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/"
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/*.db*" rwk,

But these rules are too lenient and these paths need to be made application specific so that different apps using u1db-qt can't tamper with each other's data. Specifically: $XDG_DATA_HOME/<app pkgname> where '<app pkgname>' is the "name" field in the Click manifest (see bug #1197037 for details).

com.ubuntu.developer.mdspencer.ubuntu-tasks is an app in the app store that is affected by this. It uses the following QML:
    U1db.Database {
        id: storage
        path: "ubuntu-tasks.db"
    }

This needs to be fixed for 13.10 otherwise apps are not properly isolation under application confinement.

Related branches

Jamie Strandboge (jdstrand) wrote :

Adding apparmor-easyprof-ubuntu task since a workaround to not block the app showdown was put in place.

summary: - qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for
- sqlite files
+ qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for db
+ files
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Triaged
importance: Undecided → High
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
assignee: nobody → Christian Dywan (kalikiana)
Michael Spencer (ibelieve) wrote :

I've tried setting the correct path (~/.local/share/com.ubuntu.developer.mdspencer.ubuntu-tasks/ubuntu-tasks.db) for U1db, but it doesn't work. The ~ is not turned into my user directory, but instead the whole path is created as a directory structure under ~/.local/share/Qt Project/QtQmlViewer.

Christian Dywan (kalikiana) wrote :

Bug 1206935 made U1Db use StandardPaths. But https://code.launchpad.net/~kalikiana/ubuntu-ui-toolkit/appname/+merge/180601 is required to use the app-specific folder instead of 'Qt Project'. Unfortunately lp has no concept of dependencies.

description: updated
Changed in u1db-qt (Ubuntu Saucy):
assignee: nobody → Christian Dywan (kalikiana)
Changed in ubuntu-ui-toolkit:
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-ui-toolkit - 0.1.46+13.10.20130925.1-0ubuntu1

---------------
ubuntu-ui-toolkit (0.1.46+13.10.20130925.1-0ubuntu1) saucy; urgency=low

  [ Timo Jyrinki ]
  * Temporarily disable the jokes example in order to not have
    qtmultimedia dependency from examples that is not used otherwise.
    This lessens the dependency chains of packages. It can be added back
    after Ubuntu 13.10.
  * Fix regression in qmlscene usage (LP: #1229541). (LP: #1229541)

  [ Christian Dywan ]
  * Set QCoreApplication::applicationName based on MainView. (LP:
    #1197056, #1197051, #1224126)
  * Include subfolders of Components in api check.

  [ Zsombor Egri ]
  * Organizer EDS (Evolution Data Server) integration.
  * StateSaver attached component.
  * Fix alarm status reporting, updating documentation on asynchronous
    behavior of save and cancel operations. Alarm status notification
    reports the operation the status refers to. (LP: #1226516)
  * Dialer + DialerHand components required for TimePicker. .

  [ Leo Arias ]
  * Added UbuntuUIToolkitAppTestCase as a base test case for the
    autopilot tests. (LP: #1227355)
  * Added the autopilot emulator for toggles.

  [ Nick Dedekind ]
  * Added clipping to tab bar. (LP: #1226104)

  [ Alberto Mardegan ]
  * Support re-attaching to a different QQuickView Make the plugin
    correctly handle the case when the QQuickView is destroyed and a new
    one is created: this is done by avoiding using static variables, and
    instead binding the data to the QQmlEngine, QQmlContext or QWindow
    as appropriate. . (LP: #1221707)

  [ Dennis O'Flaherty ]
  * Reword the description for easier reading.

  [ tpeeters ]
  * Fix warnings when running gallery-app autopilot tests. (LP:
    #1223329, #1223326)
  * Smarter automatic updating of Panel's opened property. Panel.open()
    and Panel.close() should be used to open/close a Panel, or when
    using a toolbar with ToolbarItems from a Page, set Page.tools.opened
    to open/close the toolbar. No API or behavior changes since the
    panel-open-close branch. Toolbar behavior changes will be done in a
    following MR.

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 765
 -- Ubuntu daily release <email address hidden> Wed, 25 Sep 2013 07:08:56 +0000

Changed in ubuntu-ui-toolkit (Ubuntu Saucy):
status: New → Fix Released
Changed in ubuntu-ui-toolkit:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.35

---------------
apparmor-easyprof-ubuntu (1.0.35) saucy; urgency=low

  * apparmor-easyprof-ubuntu.install: install data/hardware/*, thus allowing
    porters, OEMs, etc to ship their own policy without having to modify this
    package (LP: #1197133)
  * add data/hardware/graphics.d/* and data/hardware/audio.d/*, namespaced to
    this package. We will move these out to lxc-android-config later
  * tests/test-data.py: adjust to test data/hardware/*
  * accounts: move to reserved status until LP: 1230091 is fixed
  * calendar: remove workaround rule for gio DBus path (LP: #1227295)
  * add usermetrics policy group so apps can update the infographic
  * ubuntu-* templates:
    - allow StartServiceByName on the system bus too. This is needed by the
      new usermetrics policy group and we will presumably have more going
      forward (eg location)
    - account for /org/freedesktop/dbus object path. This seems to be used by
      the python DBus bindings (eg, friends)
    - move hardware specific accesses out of the templates into
      hardware/graphics.d/ in preparation of the move to shipping these in
      lxc-android-config (note, this doesn't change apparmor policy in any
      way)
    - add 'r' to dbus system bus socket (LP: #1208988)
    - add ixr access to thumbnailer helper (LP: #1234543)
    - finetune HUD access
    - don't use ibus abstraction but instead use 'r' access for
      owner @{HOME}/.config/ibus/**
    - don't use freedesktop.org abstraction but instead add read accesses
      for /usr/share/icons and various mime files
    - updates for new gstreamer
      - move in gstreamer accesses from audio policy groupd due to hybris
  * ubuntu-sdk template:
    - remove workaround paths now that ubuntu-ui-toolkit is using
      QCoreApplication::applicationName based on MainView's applicationName
      (LP: #1197056, #1197051, #1224126, LP: #1231863)
  * ubuntu-webapp template:
    - allow read access to /usr/share/unity-webapps/userscripts/**
    - allow rix to gst-plugin-scanner
  * add reserved friends policy group (reserved because it needs integration
    with trust-store to be used by untrusted apps)
  * remove peer from receive DBus rules in the ubuntu-* templates and the
    contacts, history, and location policy groups (LP: #1233895)
  * audio:
    - move gstreamer stuff out to templates since hybris pulls it in for all
      apps
    - include hardware/audio.d for hardware specific accesses
 -- Jamie Strandboge <email address hidden> Mon, 07 Oct 2013 13:18:27 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Fix Released
Changed in u1db-qt (Ubuntu Saucy):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints