HERE conditions cannot be loaded

Bug #1507667 reported by Víctor R. Ruiz on 2015-10-19
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Bill Filler
webbrowser-app (Ubuntu)
Olivier Tilloy

Bug Description

After the latest confinement upgrade to webbrowser-app, HERE terms and conditions are no longer accessible.

Test case.
- Flash the phone.
- Finish the setup wizard.
- Finish gesture tutorial.
- Open location indicator.
- Tap on "Read HERE terms and conditions".

Expected result.
- Webbrowser app is launched and T&C file is loaded and displayed.

Actual result.
- Webbrowser app cannot read local files, T&C file gives an error.

Related branches

Víctor R. Ruiz (vrruiz) wrote :
Jean-Baptiste Lallement (jibel) wrote :

I think that the browser cannot access this file now that it is confined.

Changed in canonical-devices-system-image:
importance: Undecided → High
assignee: nobody → Bill Filler (bfiller)
status: New → Confirmed
Changed in webbrowser-app (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Bill Filler (bfiller) on 2015-10-19
Changed in webbrowser-app (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
Changed in canonical-devices-system-image:
milestone: none → ww46-2015
Olivier Tilloy (osomon) wrote :

Indeed, that is a regression, something we overlooked when testing confinement of the browser.
With the confinement, browsing anywhere on the filesystem (file:// URLs) is forbidden. Not sure whether we can easily add an exception to the apparmor profile for that one file (which by the way is localized, so it’s not actually just one file, we’d need a wildcard exception for file:///custom/vendor/here/location-provider-consent/*.html), and if it’s desirable at all from a security standpoint.
Is the expectation that these TOS have to be available offline? Or is it ok to point users to the same page online, with an http:// link?

Jean-Baptiste Lallement (jibel) wrote :

Some else should confirm but I think it is expected to be available offline since you can use the service with network connection and the TOS are also available during the wizard where the Wifi connection is not necessarily up.

tags: added: regression-release
Tyler Hicks (tyhicks) wrote :

As long as these terms and conditions html files are under our control (meaning that Canonical provides them in the system image) and the terms and conditions html files are the only files in the location-provider-consent directory, adding a rule such as this to the profile should be no problem:

  /custom/vendor/here/location-provider-consent/*.html r,

Olivier Tilloy (osomon) on 2015-10-20
Changed in webbrowser-app (Ubuntu):
status: Confirmed → In Progress
Changed in webbrowser-app (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
status: Confirmed → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers