-
apparmor-easyprof-ubuntu (1.2.38) utopic; urgency=medium
* ubuntu/networking: add rules for app-specific ubuntu-download-manager
file downloads (LP: #1384349)
-- Jamie Strandboge <email address hidden> Wed, 22 Oct 2014 14:13:44 -0400
-
apparmor-easyprof-ubuntu (1.2.37) utopic; urgency=medium
* ubuntu/audio: also allow access to GetArtistArt when accessing the
thumbnailer (LP: #1381102)
-- Jamie Strandboge <email address hidden> Tue, 14 Oct 2014 09:37:24 -0500
-
apparmor-easyprof-ubuntu (1.2.36) utopic; urgency=medium
* ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
/com/google/code/AccountsSSO/SingleSignOn/** (LP: #1378809)
* ubuntu/ubuntu-*, pending/ubuntu-scope-local-content, ubuntu/webview: also
allow read on /android/system/build.prop (LP: #1378838)
-- Jamie Strandboge <email address hidden> Wed, 08 Oct 2014 08:28:17 -0500
-
apparmor-easyprof-ubuntu (1.2.35) utopic; urgency=medium
* ubuntu/1.2/push-notification-client: don't deny access to the clipboard
since sdk apps are supposed to be able to specify this policy group
* ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among
other things) explicitly disables access to the clipboard (LP: #1371170)
* adjust autopackagetest for ubuntu-push-helper
* ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
/com/google/code/AccountsSSO/SingleSignOn
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: also
add remaining libhybris paths (/{,var/}run/shm/hybris_shm_data and
/system/build.prop)
* ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access
(LP: #1378115)
-- Jamie Strandboge <email address hidden> Mon, 06 Oct 2014 10:41:18 -0500
-
apparmor-easyprof-ubuntu (1.2.34) utopic; urgency=medium
* ubuntu/1.[12]/ubuntu-{sdk,webapp}: re-add still needed rule for
/{,run/}shm/shm/WK2SharedMemory.[0-9]*. This needs to stay until qtwebkit
is removed from the image (LP: #1377648)
-- Jamie Strandboge <email address hidden> Mon, 06 Oct 2014 07:10:09 -0500
-
apparmor-easyprof-ubuntu (1.2.33) utopic; urgency=medium
* ubuntu/accounts: allow access to GetAll on org.freedesktop.DBus.Properties
for /com/google/code/AccountsSSO/SingleSignOn (LP: #1377205)
* ubuntu/webview: also deny access to /custom/etc/dconf_profile. This is
fallout from Oxide trying to use gsettings, but we've been silently
denying that access since the webview policy group was added, so just
silence this denial too (LP: #1260101)
* ubuntu/ubuntu-{sdk,webapp}: also allow talking to clipboard on freedesktop
interface (LP: #1377221)
* tests/test-data.py: update hardware dir handling and also adjust policy
groups to use tmpdir
* debian/control: Build-Depends on apparmor so we can check syntax during
builds
-- Jamie Strandboge <email address hidden> Fri, 03 Oct 2014 10:21:33 -0500
-
apparmor-easyprof-ubuntu (1.2.32) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
allow access to android libraries (LP: #1376430)
* ubuntu/ubuntu-{sdk,webapp}: allow read access for thumbnailer icons
(LP: #1376436)
-- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 15:13:35 -0500
-
apparmor-easyprof-ubuntu (1.2.31) utopic; urgency=medium
* ubuntu/ubuntu-{sdk,webapp}: allow apps to read and write to their
app-specific QML cached bytecode (LP: #1376361)
-- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 12:18:29 -0500
-
apparmor-easyprof-ubuntu (1.2.30) utopic; urgency=medium
* ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218)
* ubuntu/microphone: remove shmfd access since it is in the templates now
-- Jamie Strandboge <email address hidden> Tue, 30 Sep 2014 09:33:57 -0500
-
apparmor-easyprof-ubuntu (1.2.29) utopic; urgency=medium
* ubuntu/webview: explicitly deny write access to @{PROC}/[0-9]*/oom_adj
and @{PROC}/[0-9]*/oom_score_adj. This is confirmed as a way to escape
application lifecycle (LP: #1260115)
-- Jamie Strandboge <email address hidden> Mon, 29 Sep 2014 12:28:39 -0500
-
apparmor-easyprof-ubuntu (1.2.28) utopic; urgency=medium
* ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable
on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623)
* ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for
/{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060)
* ubuntu/microphone:
- add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder
(LP: #1370218)
- explicitly deny read on /dev/
* ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
webapp-container needs corresponding 'bind' call on
org.freedesktop.Application, which we block elsewhere. webapp-container
shouldn't be doing this under confinement, but we allow this rule in
content_exchange, so just allow it to avoid confusion. (LP: #1357371)
-- Jamie Strandboge <email address hidden> Fri, 26 Sep 2014 15:21:37 -0500
-
apparmor-easyprof-ubuntu (1.2.27) utopic; urgency=medium
* ubuntu/ubuntu-{sdk,webapp}: all apps can access the Mir clipboard
(LP: #1372579). Note, LP: 1371170 will be fixed in a future update
* ubuntu/push-notification-client: explit deny (with auditing) for access
to the Mir clipboard (background apps should not have access)
* ubuntu/ubuntu-scope-network: explicit deny (with auditing) for access
to the Mir clipboard (scopes should not have access)
* pending/ubuntu-scope-local-content: bring up to date with changes to
ubuntu-scope-network
-- Jamie Strandboge <email address hidden> Tue, 23 Sep 2014 09:07:00 -0500
-
apparmor-easyprof-ubuntu (1.2.26) utopic; urgency=medium
* ubuntu/{audio,video}: allow mediascanner to send us signals
-- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 10:49:21 -0500
-
apparmor-easyprof-ubuntu (1.2.25) utopic; urgency=medium
* ubuntu/location: don't filter receive on interface (allows PropertyChanged
on org.freedesktop.DBus.Properties but also helps future proof)
-- Jamie Strandboge <email address hidden> Sun, 21 Sep 2014 11:52:56 -0500
-
apparmor-easyprof-ubuntu (1.2.24) utopic; urgency=medium
* ubuntu/camera: allow DBus communications with media-hub (LP: #1369512)
* ubuntu/*: drop redundnat 'ptrace (read) peer=@{profile_name}' since we
include it in the base abstraction now
-- Jamie Strandboge <email address hidden> Tue, 16 Sep 2014 08:48:37 -0500
-
apparmor-easyprof-ubuntu (1.2.23) utopic; urgency=medium
* ubuntu-scope-network:
- don't needlessly escape '-' in zmq access rule
- silence @{PROC}/[0-9]*/attr/current denial since the scopes runner uses
aa_getcon() and the denial is noisy (LP: #1367264)
* ubuntu-webapp: explicitly deny noisy denial to dbus bind on
org.freedesktop.Application
* debian/apparmor-easyprof-ubuntu.postinst: update the cached .md5sums file
on upgrade to avoid running on install and then again on first boot after
upgrade. This change only affects apt upgrades and not system-image
upgrades since system-image upgrades always use the existing .md5sums if
they exist (see /etc/system-image/writable-paths).
-- Jamie Strandboge <email address hidden> Wed, 10 Sep 2014 08:54:28 -0500
-
apparmor-easyprof-ubuntu (1.2.22) utopic; urgency=medium
* Updates for abstract and anonymous socket mediation (LP: #1362199):
- ubuntu/*/ubuntu-*:
+ use dbus-strict and dbus-session-strict abstractions and remove
duplicated policy
+ allow ubuntu-sdk and ubuntu-webapp connect, receive and send on the
maliit abstract socket
+ allow write access to owner /{,var/}run/user/*/@{APP_PKGNAME}/{,**}
- ubuntu/*/unconfined: allow unix
- ubuntu/webview:
+ allow oxide to talk to sandbox via unix sockets
+ allow sandbox to talk to @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION}
peer
+ allow various unix perms from base abstract for the sandbox to use
unix sockets
- debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4
* ubuntu/webview: use @{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION} for
signal now that we have @{APP_APPNAME} available (LP: #1363112)
* ubuntu/debug: 'audit deny @{HOME}/.local/share/ r' which is used by the
SDK to see if confined
* debian/control: Depends on apparmor >= 2.8.96~2541-0ubuntu4~
-- Jamie Strandboge <email address hidden> Fri, 05 Sep 2014 15:17:07 -0500
-
apparmor-easyprof-ubuntu (1.2.21) utopic; urgency=medium
* ubuntu/1.2/accounts: online accounts now has Mir trusted session support
so move accounts policy group to reserved (LP: #1230091)
-- Jamie Strandboge <email address hidden> Wed, 20 Aug 2014 08:05:37 -0500
-
apparmor-easyprof-ubuntu (1.2.20) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
- add DBus session and system accesses to scope templates like we have in
the app templates. This allows scopes to talk to trusted helpers like
online accounts and location-service. Actual communication with the
services is still controlled by the respective policy groups.
- add scope-specific access to /run/user/[0-9]*/scopes/leaf-{net,fs}/*
-- Jamie Strandboge <email address hidden> Fri, 15 Aug 2014 10:56:32 -0500
-
apparmor-easyprof-ubuntu (1.2.19) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
adjust path to settings, it was renamed to settings.ini (LP: #1356930)
-- Jamie Strandboge <email address hidden> Thu, 14 Aug 2014 11:48:17 -0500
-
apparmor-easyprof-ubuntu (1.2.18) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
- allow rk access to scope specific settings.db
- explicitly noisy deny rw access to unconfined directory
-- Jamie Strandboge <email address hidden> Wed, 13 Aug 2014 08:39:40 -0500
-
apparmor-easyprof-ubuntu (1.2.17) utopic; urgency=medium
* ubuntu/*: explicitly deny 'w' access to /dev/xLog (LP: #1352432)
-- Jamie Strandboge <email address hidden> Mon, 11 Aug 2014 15:45:29 -0500
-
apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium
* ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API
(LP: #1341548)
* ubuntu/1.[12]/contacts: remove workaround policy since address-book-app
no longer uses the telepathy API (LP: #1227818)
* ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and
noisy with the camera app
* ubuntu/ubuntu-webapp: receive application-specific Open on
org.freedesktop.Application to allow url-dispatcher working with already
running webapps (LP: #1342129)
-- Jamie Strandboge <email address hidden> Thu, 07 Aug 2014 13:19:59 -0500
-
apparmor-easyprof-ubuntu (1.2.15) utopic; urgency=medium
* ubuntu/*: explicitly deny noisy access to @{PROC}/xlog (LP: #1352432)
-- Jamie Strandboge <email address hidden> Mon, 04 Aug 2014 12:56:05 -0500
-
apparmor-easyprof-ubuntu (1.2.14) utopic; urgency=medium
* ubuntu/camera: update to allow write access to the finalized path for the
microphone socket (/dev/socket/micshm) (ref. LP: 1337582)
-- Jamie Strandboge <email address hidden> Wed, 30 Jul 2014 13:07:19 -0500
-
apparmor-easyprof-ubuntu (1.2.13) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network: allow 'w' for leaf-net/@{APP_PKGNAME}/
* pending/ubuntu-scope-local-content:
- add 'w' for leaf-fs/@{APP_PKGNAME}/
- add missing fix for LP: 1347177 (LP: #1348210)
* include openssl abstraction in templates instead of in the networking
policy group. This is needed due to changes in newer curl and gnutls28
(LP: #1350152)
-- Jamie Strandboge <email address hidden> Wed, 30 Jul 2014 07:23:56 -0500
-
apparmor-easyprof-ubuntu (1.2.12) utopic; urgency=medium
* ubuntu/1.2/ubuntu-scope-network: allow rw on zmq/*-r reply endpoints. The
scopes-api has protections for malformed or non-UUID-matching replies, so
use a glob here to allow aggregating scopes to work. (LP: #1347177)
-- Jamie Strandboge <email address hidden> Wed, 23 Jul 2014 10:15:17 -0500
-
apparmor-easyprof-ubuntu (1.2.11) utopic; urgency=medium
* add data/hardware/graphics.d/apparmor-easyprof-ubuntu_hammerhead in
support of Nexus 5 devices
-- Jamie Strandboge <email address hidden> Thu, 17 Jul 2014 10:14:31 -0500
-
apparmor-easyprof-ubuntu (1.2.10) utopic; urgency=medium
* remove ubuntu/1.2/friends policy group and adjust autopackagetest
accordingly (LP: #1340869)
* ubuntu/calendar: com.canonical.indicator.datetime.AlarmProperties should
also be allowed on the org.freedesktop.DBus.Properties interface
(LP: #1342708)
-- Jamie Strandboge <email address hidden> Wed, 16 Jul 2014 11:15:29 -0500
-
apparmor-easyprof-ubuntu (1.2.9) utopic; urgency=medium
* ubuntu/webview:
- adjust to allow oxide_render access to WebCore databases (LP: #1339724)
- adjust for updated path for QML web plugin (LP: #1339777)
* ubuntu/1.2: add new push-notification-client policy group
* ubuntu/ubuntu-{sdk,webapp}: adjust for updated path for QML web plugin
* ubuntu/audio: allow read access for /usr/share/sounds and
/custom/usr/share/sounds (LP: #1340326)
* ubuntu/audio: allow write access to /android/micshm (LP: #1337582)
-- Jamie Strandboge <email address hidden> Thu, 10 Jul 2014 12:28:30 -0500
-
apparmor-easyprof-ubuntu (1.2.8) utopic; urgency=medium
* ubuntu/*/calendar: com.canonical.indicator.datetime.AlarmProperties
should be allowed to confined apps
* ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content):
- allow exec of scoperunner for .so scopes
- remove unused policy for .so files (the scope click hook creates
symlinks to the click install directory instead)
-- Jamie Strandboge <email address hidden> Fri, 27 Jun 2014 11:59:02 -0500
-
apparmor-easyprof-ubuntu (1.2.7) utopic; urgency=medium
* update for usensors (LP: #1334701)
- ubuntu/*/ubuntu-sdk, ubuntu-webapp: update for haptic feedback
- ubuntu/1.2/sensors:
+ remove /dev/binder
+ add access to all of usensors DBus API
-- Jamie Strandboge <email address hidden> Thu, 26 Jun 2014 15:03:16 -0500
-
apparmor-easyprof-ubuntu (1.2.6) utopic; urgency=medium
* ubuntu/*/ubuntu-sdk, ubuntu-webapp:
- allow read access to /custom/usr/share/fonts/{,**}
- allow read access to /custom/xdg/data/themes/
- group /custom rules together
-- Jamie Strandboge <email address hidden> Wed, 25 Jun 2014 10:42:17 -0500
-
apparmor-easyprof-ubuntu (1.2.5) utopic; urgency=medium
* ubuntu/ubuntu-scope-network (and pending ubuntu-scope-local-content):
adjust to use @{APP_PKGNAME}_@{APP_APPNAME}* for zmq endpoints
* tests/test-data.py: updates for new click-apparmor variables which are
now needed since easyprof now more carefully verifies the policy
-- Jamie Strandboge <email address hidden> Mon, 23 Jun 2014 14:56:17 -0500
-
apparmor-easyprof-ubuntu (1.2.4) utopic; urgency=medium
* ubuntu/1.2: refinements to scopes policy
- use private-files-strict abstraction
- finetune client endpoint policy
- explicitly deny access to the zmq directory for the ubuntu-sdk and
ubuntu-webapp templates
- explicitly deny direct interaction with URL dispatcher to prevent data
leaks
- move ubuntu-scope-local-content template to 'pending' since there are
unresolved issues surrounding its interaction with URL dispatcher.
Adjust autopkgtests accordingly
* ubuntu/calendar: update for upcoming calendar management landing
* ubuntu/*/audio,video: add mediascanner2 DBus access (LP: #1303962)
* ubuntu/1.[12]/music_files_read: remove temporary access to
@{HOME}/.cache/mediascanner/ now that we have policy for mediascanner2
DBus access. Note: normally this would require the change in only the
latest policy, but this policy group has only been used by the music-app
and it is still unconfined
* ubuntu/1.1: also ship debug policy group for 1.1 policy and update
autopkgtests for this (LP: #1323233)
-- Jamie Strandboge <email address hidden> Fri, 06 Jun 2014 07:37:54 -0500
-
apparmor-easyprof-ubuntu (1.2.3) utopic; urgency=medium
* fix autopkgtests for new templates and policy group
-- Jamie Strandboge <email address hidden> Fri, 30 May 2014 08:00:50 +0200
-
apparmor-easyprof-ubuntu (1.2.2) utopic; urgency=medium
* ubuntu/1.2:
- add ubuntu-scope-network template
- add ubuntu-scope-local-content template
- add debug policy group (LP: #1323233)
* ubuntu/1.[12]: add ptrace read to @{profile_name}
-- Jamie Strandboge <email address hidden> Fri, 30 May 2014 00:36:26 +0200
-
apparmor-easyprof-ubuntu (1.2.1) utopic; urgency=medium
* ubuntu/*: update unconfined template to work with autopilot (changes to
exec were required since the /** pix rule conflicted with upcoming
autopilot rules)
- use ###VAR### since the template vars
- allow exec (mostly) everywhere except @{HOMEDIRS}/*/autopilot/fakeenv
-- Jamie Strandboge <email address hidden> Fri, 23 May 2014 08:46:09 +0200
-
apparmor-easyprof-ubuntu (1.2.0) utopic; urgency=medium
* add 1.2 policy:
- create data/templates/ubuntu/1.2 and symlink to 1.1 policy
- create data/policygroups/ubuntu/1.2 and symlink to 1.1 policy
- update debian/tests/installed_* to add 1.2 policy
* tests/test-data.py: add --debug option
-- Jamie Strandboge <email address hidden> Thu, 22 May 2014 12:20:00 +0200
-
apparmor-easyprof-ubuntu (1.1.18) utopic; urgency=medium
* ubuntu/*: adjust audio/video policy groups comment to mention that the
media-hub server allows playing remote content
* ubuntu/networking:
- correct member portion of DBus rules to not include interface
(LP: #1311164)
- adjust explit deny DownloadManager rules to include interface
* 1.*/ubuntu-sdk:
- allow read of /usr/share/qtdeclarative5-ubuntu-ui-extras-browser-plugin/
- allow read access of /etc/machine-id
- allow ptrace read of ourself
* 1.1/webview: allow capability dac_read_search for oxide_helper
* 1.*/video: allow read access to video4linux for playback
* 1.*/audio: allow calling GetAlbumArt from the thumbnailer DBus API
* 1.1/ubuntu-*: remove temporary rule for /usr/share/libthai/thbrk.tri
* ubuntu/*: adjust the calendar and contacts reserved policy groups to
allow access to the sync monitor (LP: #1319544). This should be removed
when LP: 1319546 is fixed.
* 1.1/music_files_read: allow read of @{HOME}/.cache/mediascanner/ until
LP: 1303962 and LP: 1315381 are fixed
-- Jamie Strandboge <email address hidden> Thu, 15 May 2014 13:37:06 -0500
-
apparmor-easyprof-ubuntu (1.1.17) utopic; urgency=medium
* 1.*/audio,video: allow communications with the media-hub-server now that
it is a trusted helper (LP: #1303962)
* 1.1/music_files*,video_files*: revert media-hub rules in 1.1.15 now that
common policy groups (audio and video) can be used instead
* 1.1/ubuntu-*: allow apps to communicate with the Launcher via their
@{APP_ID_DBUS} specific path (LP: #1301400)
-- Jamie Strandboge <email address hidden> Wed, 16 Apr 2014 13:40:03 -0500
-
apparmor-easyprof-ubuntu (1.1.16) trusty; urgency=medium
* 1.1/webview: update to allow exec of chrome-sandbox now that oxide is
doing a proper fork/exec
-- Jamie Strandboge <email address hidden> Wed, 09 Apr 2014 13:58:10 -0500