Ubuntu
ubuntu-system-settings package

TrustStoreModel fails to expose application name for non-click app

Bug #1501428 reported by Olivier Tilloy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Unassigned
Canonical System Image ww40-2015 "ota7"
ubuntu-system-settings (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I’m in the process of fixing bug #1356516 by adding an apparmor profile under which webbrowser-app will be run.
This works well and I now get a system prompt the first time the a page in the browser requests access to the location, as expected.
After accepting, the contents of the corresponding trust store DB look like this:

    $ sqlite3 ~/.local/share/UbuntuLocationService/trust.db
    sqlite> select * from requests;
    Id|ApplicationId|Feature|Timestamp|Answer
    1|webbrowser-app|0|1443631573546767542|1

However when I go to the Location page under Security in system settings, the corresponding list item has an empty label. Looking at the code in plugins/security-privacy/Location.qml, this uses a TrustStoreModel instance, which appears to query desktop files to retrieve the display name of applications. This seems to work well for click apps, but apparently not for webbrowser-app, which is a debian package (but it does have a desktop file, installed under /usr/share/applications/webbrowser-app.desktop).

Related branches

lp:~ken-vandine/ubuntu-system-settings/lp1501428
PS Jenkins bot: Needs Fixing (continuous-integration)
Ubuntu Touch System Settings: Pending requested
Diff: 112 lines (+25/-21)
4 files modified
debian/control (+1/-0)
plugins/security-privacy/CMakeLists.txt (+3/-0)
plugins/security-privacy/trust-store-model.cpp (+18/-19)
tests/plugins/security-privacy/CMakeLists.txt (+3/-2)
lp:~seb128/ubuntu-system-settings/location-desktop-usr
PS Jenkins bot: Needs Fixing (continuous-integration)
Olivier Tilloy (community): Approve
Paweł Stołowski (community): Approve
Ubuntu Touch System Settings: Pending requested
Diff: 16 lines (+6/-0)
1 file modified
plugins/security-privacy/trust-store-model.cpp (+6/-0)
lp:ubuntu/wily-proposed/ubuntu-system-settings
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, did you try the settings version in silo 003, it should fix that issue...
(https://code.launchpad.net/~seb128/ubuntu-system-settings/location-desktop-usr/+merge/272711)

Changed in ubuntu-system-settings (Ubuntu):
importance: Undecided → High
status: New → In Progress
Revision history for this message
Olivier Tilloy (osomon) wrote :

Thanks Sébastien, silo 3 fixes the issue indeed.

Revision history for this message
Ken VanDine (ken-vandine) wrote :

I was trying to test the fix for this in silo 49 and ran into a different problem. I never get a record for webbrowser-app added to the database. I opened the HERE maps webapp, which prompted me for permission to use the location service, which I granted. Then I went to maps.google.com in the browser, and got prompted to access location service, which I granted and was able to see my location on the map. However, the contents of the trust db didn't include webbrowser-app.

select * from requests;
1|com.nokia.heremaps_here|0|1443814712563528626|1

And sure enough, restarting the browser and going to maps.google.com, I was prompted again. Seems to be allowing it, but not storing it.

Revision history for this message
Olivier Tilloy (osomon) wrote :

That’s because the trust store currently whitelists unconfined applications. The prompt you’re getting is from the browser itself, and you’ll get one per domain. The browser should remember your decision, but it doesn’t (that’s a known issue: bug #1425143).
If you test with silo 59 (i.e. browser confined), you will get the system prompt once for webbrowser-app, and it should be added to the trust store’s db.

Jean-Baptiste Lallement (jibel)
Changed in canonical-devices-system-image:
importance: Undecided → High
milestone: none → ww40-2015
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: New → In Progress
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

fixed in
 ubuntu-system-settings (0.3+15.04.20151002-0ubuntu1) vivid; urgency=medium
 .
   [ Sebastien Bacher ]
   * [hospot] include cmakefile hack to get files listed in qtcreator
   * [security-privacy] use the system location as well to look for trust
     store items, that's needed at least for unity8-dash which is not
     distributed as a click and doesn't a .local entry (LP: #1501428)
   * [sound] don't display silent mode warnings, sounds should just be
     played when user selected (LP: #1391502)

Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-system-settings - 0.3+15.10.20151002-0ubuntu1

---------------
ubuntu-system-settings (0.3+15.10.20151002-0ubuntu1) wily; urgency=medium

  [ Sebastien Bacher ]
  * [hospot] include cmakefile hack to get files listed in qtcreator
  * [security-privacy] use the system location as well to look for trust
    store items, that's needed at least for unity8-dash which is not
    distributed as a click and doesn't a .local entry (LP: #1501428)
  * [sound] don't display silent mode warnings, sounds should just be
    played when user selected (LP: #1391502)

  [ jonas-drange ]
  * [phone] encode numbers before passing them to url-dispatcher (LP:
    #1496845)

 -- Ken VanDine <email address hidden> Fri, 02 Oct 2015 17:52:49 +0000

Changed in ubuntu-system-settings (Ubuntu):
status: In Progress → Fix Released
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.