Ubuntu
apparmor-easyprof-ubuntu package

Deny untrusted/confined apps to use "com.canonical.snapdecisions"

Bug #1291234 reported by Mirco Müller
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

The notification-daemon of unity8 allows trusted programs to use the DBus-interface "com.canonical.snapdecisions" to pass in a UnityMenuModel describing UI-elements like e.g. password-entries to be added to a snap-decision notification. To take extra care, this isn't accidentally available to untrusted/confined apps (from the app-store) it should be explicitly restricted to trusted applications only.

Please add a corresponding rule to AppArmor's easyprof to accomplish that.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is being implemented with the following rule:
  deny dbus bus=session
            interface="com.canonical.snapdecisions",

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.1.10

---------------
apparmor-easyprof-ubuntu (1.1.10) trusty; urgency=medium

  * 1.*/ubuntu-*:
    - add read access to /usr/share/unity/icons/**. Why this isn't under
      /usr/share/icons/unity instead, I don't know, but the access is
      harmless, so allow it. This is currently needed by the gallery
    - explicitly deny access to com.canonical.snapdecisions interface
      (LP: #1291234)
  * 1.*/friends: allow freedesktop.org notifications which is needed by the
    gallery app to show that a picture has been uploaded (LP: #1279969)
  * debian/control: Build-Depends on apparmor-easyprof since it is needed by
    the testsuite. This is needed because dh-apparmor now only Suggests
    apparmor-easyprof
 -- Jamie Strandboge <email address hidden> Mon, 24 Mar 2014 17:20:42 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.