[webapps] should enable access to dbus org.freedesktop.Application

Marc and I discussed this and we can't add a rule to bind on org.freedesktop.Application because we can't mediate dbus message contents and adding this rule would mean apps could bind on each other's names.

Instead, should bind on something with @{APP_ID_DBUS} or @{APP_PKGNAME_DBUS} (the former is the full APP_ID with click package name, appname and version; the latter is just the click package name (ie, no appname and no version)). Perhaps the url-dispatcher guys already solved this?

I guess that it would be something that affects any click app that uses the SDK UriHandler (that the webapp-container uses to achieve that), will check with Ted

No, for other packages we don't bind them to well known names. What we do is that we find the DBus connection for the primary PID and send the message to that dbus connection directly. This way we don't have to worry about the info leak issue that Marc and Jamie are talking about. The path is a bit special in that it's the AppID of the app DBus encoded.

wow, would you have some sample code to clarify how the app is supposed to open it's dbus port and which interface it will advertise / route to the app's internal functions ?

Mentioned it to Alex on IRC, but thought I'd throw it in the bug just for other watchers as well. This is the code that UAL uses to build the path. Basically it just encodes every character that can't be put on the dbus path with _%x of the bytecode.

http://bazaar.launchpad.net/~indicator-applet-developers/ubuntu-app-launch/trunk.14.10/view/head:/libubuntu-app-launch/second-exec-core.c#L151

I get DEN also for the dbus_call:

dbus[2990]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/com_2eubuntu_2edeveloper_2ewebapps_2ewebapp_2dtwitter_5fwebapp_2dtwitter_5f1_2e0_2e15_2e1" interf
ace="org.freedesktop.Application" member="Open" name=":1.3" mask="receive" pid=16631 profile="com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.15.1" peer_pid=3013 p
eer_profile="unconfined"
dbus[2990]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/com_2eubuntu_2edeveloper_2ewebapps_2ewebapp_2dtwitter_5fwebapp_2dtwitter_5f1_2e0_2e15_2e1" interf
ace="org.freedesktop.Application" member="Open" name=":1.3" mask="receive" pid=16631 profile="com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.15.1" peer_pid=3013 p

with the proper path/pid and interface,

This is going to need a policy update, but it looks like we have everything needed to do it.

Confirmed that we just need to add the same policy to ubuntu-webapp that is already in ubuntu-sdk.

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.16

---------------
apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium

  * ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API
    (LP: #1341548)
  * ubuntu/1.[12]/contacts: remove workaround policy since address-book-app
    no longer uses the telepathy API (LP: #1227818)
  * ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and
    noisy with the camera app
  * ubuntu/ubuntu-webapp: receive application-specific Open on
    org.freedesktop.Application to allow url-dispatcher working with already
    running webapps (LP: #1342129)
 -- Jamie Strandboge <email address hidden> Thu, 07 Aug 2014 13:19:59 -0500

This bug was fixed in the package webbrowser-app - 0.23+14.10.20140811-0ubuntu1

---------------
webbrowser-app (0.23+14.10.20140811-0ubuntu1) utopic; urgency=low

  [ Alexandre Abreu ]
  * Add devtools support & ubuntu webview remote debugging
  * Fix URI handling by the webapp container. (LP: #1342129)

  [ Olivier Tilloy ]
  * Fix a couple of harmless warnings that were issued when closing the
    last open tab.
 -- Ubuntu daily release <email address hidden> Mon, 11 Aug 2014 15:14:20 +0000

too old