Merge lp:~ken-vandine/apparmor-easyprof-ubuntu/pasteboard into lp:apparmor-easyprof-ubuntu
- pasteboard
- Merge into trunk
Status: | Merged |
---|---|
Merged at revision: | 54 |
Proposed branch: | lp:~ken-vandine/apparmor-easyprof-ubuntu/pasteboard |
Merge into: | lp:apparmor-easyprof-ubuntu |
Diff against target: |
214 lines (+160/-0) 5 files modified
data/templates/ubuntu/1.0/ubuntu-sdk (+32/-0) data/templates/ubuntu/1.0/ubuntu-webapp (+32/-0) data/templates/ubuntu/1.1/ubuntu-sdk (+32/-0) data/templates/ubuntu/1.1/ubuntu-webapp (+32/-0) data/templates/ubuntu/1.3/ubuntu-sdk (+32/-0) |
To merge this branch: | bzr merge lp:~ken-vandine/apparmor-easyprof-ubuntu/pasteboard |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Pat McGowan (community) | Approve | ||
Jamie Strandboge (community) | Needs Information | ||
Review via email: mp+301506@code.launchpad.net |
Commit message
Added access to content-hub's Pasteboard
Description of the change
Added access to content-hub's Pasteboard
- 51. By Ken VanDine
-
Dropped object paths for paste, we check for app focus to control access
Ken VanDine (ken-vandine) wrote : | # |
> The policy looks ok, assuming that the content service doesn't allow clicks
> from grabbing the clipboard from other processes. Can you comment on that?
This is the backend used by qtubuntu and libertine to share clipboard contents. We allow the process that has focus to access the top item on the clipboard. We use Unity8's isPidFocused API to control access.
> Beyond that, this will trigger a recompile for all clicks that use the default
> template. Pat McGowan needs to approve that this is ok.
>
> Has the pasteboard been backported to previous frameworks? If so, you should
> apply these to those as well.
Apps won't directly talk to the pasteboard, that is handled by qtubuntu. So app developers won't see a difference.
> Is the ubuntu-sdk template the correct place for this? Should it be part of
> content-hub?
We need all apps to have access, so we don't want apps to need to add content_exchange policy to have basic copy/paste support.
> If this is only for the template, is this useful to more than just ubuntu-sdk
> apps? What about scopes? webapps? If so, then this should be applied to those
> templates as well.
Good point, I thought ubuntu-sdk was the base of all things. I guess I was wrong, I'll add it to other templates as well.
> Is this targeted for the stable overlays? If so, please also target at:
> https:/
> -stable-
> https:/
> -stable-
Yes, does that mean we can't land this with our standard landing process? I'll propose branches to those as well.
>
> Thanks!
- 52. By Ken VanDine
-
Allow pasteboard access to ubuntu-webapp as well
Ken VanDine (ken-vandine) wrote : | # |
Pat McGowan (pat-mcgowan) wrote : | # |
The policy recompile is fine
Need to check if any other such changes are queued, good to add them now
Jamie Strandboge (jdstrand) wrote : | # |
"This is the backend used by qtubuntu and libertine to share clipboard contents. We allow the process that has focus to access the top item on the clipboard. We use Unity8's isPidFocused API to control access."
PIDs are racy. Has a member of the security team taken a look at this? If not, I suggested asking Tyler and Emily to look at it/assign someone.
Jamie Strandboge (jdstrand) wrote : | # |
> Apps won't directly talk to the pasteboard, that is handled by qtubuntu. So app developers won't see a difference.
Does that mean it is available to earlier frameworks for free? If so, please adjust the templates for 1.0-1.2 as well.
> > Is the ubuntu-sdk template the correct place for this? Should it be part of
> > content-hub?
> >
> We need all apps to have access, so we don't want apps to need to add
> content_exchange policy to have basic copy/paste support.
Ok
> Yes, does that mean we can't land this with our standard landing process?
> I'll propose branches to those as well.
You can't build apparmor-
- 53. By Ken VanDine
-
Added pasteboard access for 1.0 and 1.1
- 54. By Ken VanDine
-
Dropped duplicated pasteboard in ubuntu-webapp
Ken VanDine (ken-vandine) wrote : | # |
> "This is the backend used by qtubuntu and libertine to share clipboard
> contents. We allow the process that has focus to access the top item on the
> clipboard. We use Unity8's isPidFocused API to control access."
>
> PIDs are racy. Has a member of the security team taken a look at this? If not,
> I suggested asking Tyler and Emily to look at it/assign someone.
It's the same API used by the keyboard now, I'll check to see if that was reviewed.
Tyler Hicks (tyhicks) wrote : | # |
> > "This is the backend used by qtubuntu and libertine to share clipboard
> > contents. We allow the process that has focus to access the top item on the
> > clipboard. We use Unity8's isPidFocused API to control access."
> >
> > PIDs are racy. Has a member of the security team taken a look at this? If
> not,
> > I suggested asking Tyler and Emily to look at it/assign someone.
>
> It's the same API used by the keyboard now, I'll check to see if that was
> reviewed.
I reviewed maliit's use of isPidFocused() here:
https:/
Tyler Hicks (tyhicks) wrote : | # |
Ubuntu Security needs to review the clipboard MP (https:/
- 55. By Ken VanDine
-
Specify path for access to pasteboard
Preview Diff
1 | === modified file 'data/templates/ubuntu/1.0/ubuntu-sdk' |
2 | --- data/templates/ubuntu/1.0/ubuntu-sdk 2016-08-25 17:22:06 +0000 |
3 | +++ data/templates/ubuntu/1.0/ubuntu-sdk 2016-08-25 17:49:25 +0000 |
4 | @@ -235,6 +235,38 @@ |
5 | deny dbus (bind) |
6 | name="org.freedesktop.Application", |
7 | |
8 | + # Allow access to the PasteBoard |
9 | + dbus (receive, send) |
10 | + bus=session |
11 | + interface="com.ubuntu.content.dbus.Service" |
12 | + path="/" |
13 | + member="CreatePaste" |
14 | + peer=(label=unconfined), |
15 | + dbus (receive, send) |
16 | + bus=session |
17 | + interface="com.ubuntu.content.dbus.Service" |
18 | + path="/" |
19 | + member="GetPasteData" |
20 | + peer=(label=unconfined), |
21 | + dbus (receive, send) |
22 | + bus=session |
23 | + interface="com.ubuntu.content.dbus.Service" |
24 | + path="/" |
25 | + member="GetLatestPasteData" |
26 | + peer=(label=unconfined), |
27 | + dbus (receive, send) |
28 | + bus=session |
29 | + interface="com.ubuntu.content.dbus.Service" |
30 | + path="/" |
31 | + member="PasteFormats" |
32 | + peer=(label=unconfined), |
33 | + dbus (receive) |
34 | + bus=session |
35 | + interface="com.ubuntu.content.dbus.Service" |
36 | + path="/" |
37 | + member="PasteFormatsChanged" |
38 | + peer=(label=unconfined), |
39 | + |
40 | # |
41 | # end DBus rules common for all apps |
42 | # |
43 | |
44 | === modified file 'data/templates/ubuntu/1.0/ubuntu-webapp' |
45 | --- data/templates/ubuntu/1.0/ubuntu-webapp 2016-08-25 17:22:06 +0000 |
46 | +++ data/templates/ubuntu/1.0/ubuntu-webapp 2016-08-25 17:49:25 +0000 |
47 | @@ -208,6 +208,38 @@ |
48 | deny dbus (bind) |
49 | name="org.freedesktop.Application", |
50 | |
51 | + # Allow access to the PasteBoard |
52 | + dbus (receive, send) |
53 | + bus=session |
54 | + interface="com.ubuntu.content.dbus.Service" |
55 | + path="/" |
56 | + member="CreatePaste" |
57 | + peer=(label=unconfined), |
58 | + dbus (receive, send) |
59 | + bus=session |
60 | + interface="com.ubuntu.content.dbus.Service" |
61 | + path="/" |
62 | + member="GetPasteData" |
63 | + peer=(label=unconfined), |
64 | + dbus (receive, send) |
65 | + bus=session |
66 | + interface="com.ubuntu.content.dbus.Service" |
67 | + path="/" |
68 | + member="GetLatestPasteData" |
69 | + peer=(label=unconfined), |
70 | + dbus (receive, send) |
71 | + bus=session |
72 | + interface="com.ubuntu.content.dbus.Service" |
73 | + path="/" |
74 | + member="PasteFormats" |
75 | + peer=(label=unconfined), |
76 | + dbus (receive) |
77 | + bus=session |
78 | + interface="com.ubuntu.content.dbus.Service" |
79 | + path="/" |
80 | + member="PasteFormatsChanged" |
81 | + peer=(label=unconfined), |
82 | + |
83 | # |
84 | # end DBus rules common for all webapps |
85 | # |
86 | |
87 | === modified file 'data/templates/ubuntu/1.1/ubuntu-sdk' |
88 | --- data/templates/ubuntu/1.1/ubuntu-sdk 2016-08-25 17:22:06 +0000 |
89 | +++ data/templates/ubuntu/1.1/ubuntu-sdk 2016-08-25 17:49:25 +0000 |
90 | @@ -230,6 +230,38 @@ |
91 | deny dbus (bind) |
92 | name="org.freedesktop.Application", |
93 | |
94 | + # Allow access to the PasteBoard |
95 | + dbus (receive, send) |
96 | + bus=session |
97 | + interface="com.ubuntu.content.dbus.Service" |
98 | + path="/" |
99 | + member="CreatePaste" |
100 | + peer=(label=unconfined), |
101 | + dbus (receive, send) |
102 | + bus=session |
103 | + interface="com.ubuntu.content.dbus.Service" |
104 | + path="/" |
105 | + member="GetPasteData" |
106 | + peer=(label=unconfined), |
107 | + dbus (receive, send) |
108 | + bus=session |
109 | + interface="com.ubuntu.content.dbus.Service" |
110 | + path="/" |
111 | + member="GetLatestPasteData" |
112 | + peer=(label=unconfined), |
113 | + dbus (receive, send) |
114 | + bus=session |
115 | + interface="com.ubuntu.content.dbus.Service" |
116 | + path="/" |
117 | + member="PasteFormats" |
118 | + peer=(label=unconfined), |
119 | + dbus (receive) |
120 | + bus=session |
121 | + interface="com.ubuntu.content.dbus.Service" |
122 | + path="/" |
123 | + member="PasteFormatsChanged" |
124 | + peer=(label=unconfined), |
125 | + |
126 | # |
127 | # end DBus rules common for all apps |
128 | # |
129 | |
130 | === modified file 'data/templates/ubuntu/1.1/ubuntu-webapp' |
131 | --- data/templates/ubuntu/1.1/ubuntu-webapp 2016-08-25 17:22:06 +0000 |
132 | +++ data/templates/ubuntu/1.1/ubuntu-webapp 2016-08-25 17:49:25 +0000 |
133 | @@ -211,6 +211,38 @@ |
134 | deny dbus (bind) |
135 | name="org.freedesktop.Application", |
136 | |
137 | + # Allow access to the PasteBoard |
138 | + dbus (receive, send) |
139 | + bus=session |
140 | + interface="com.ubuntu.content.dbus.Service" |
141 | + path="/" |
142 | + member="CreatePaste" |
143 | + peer=(label=unconfined), |
144 | + dbus (receive, send) |
145 | + bus=session |
146 | + interface="com.ubuntu.content.dbus.Service" |
147 | + path="/" |
148 | + member="GetPasteData" |
149 | + peer=(label=unconfined), |
150 | + dbus (receive, send) |
151 | + bus=session |
152 | + interface="com.ubuntu.content.dbus.Service" |
153 | + path="/" |
154 | + member="GetLatestPasteData" |
155 | + peer=(label=unconfined), |
156 | + dbus (receive, send) |
157 | + bus=session |
158 | + interface="com.ubuntu.content.dbus.Service" |
159 | + path="/" |
160 | + member="PasteFormats" |
161 | + peer=(label=unconfined), |
162 | + dbus (receive) |
163 | + bus=session |
164 | + interface="com.ubuntu.content.dbus.Service" |
165 | + path="/" |
166 | + member="PasteFormatsChanged" |
167 | + peer=(label=unconfined), |
168 | + |
169 | # |
170 | # end DBus rules common for all webapps |
171 | # |
172 | |
173 | === modified file 'data/templates/ubuntu/1.3/ubuntu-sdk' |
174 | --- data/templates/ubuntu/1.3/ubuntu-sdk 2016-08-25 17:22:06 +0000 |
175 | +++ data/templates/ubuntu/1.3/ubuntu-sdk 2016-08-25 17:49:25 +0000 |
176 | @@ -230,6 +230,38 @@ |
177 | deny dbus (bind) |
178 | name="org.freedesktop.Application", |
179 | |
180 | + # Allow access to the PasteBoard |
181 | + dbus (receive, send) |
182 | + bus=session |
183 | + interface="com.ubuntu.content.dbus.Service" |
184 | + path="/" |
185 | + member="CreatePaste" |
186 | + peer=(label=unconfined), |
187 | + dbus (receive, send) |
188 | + bus=session |
189 | + interface="com.ubuntu.content.dbus.Service" |
190 | + path="/" |
191 | + member="GetPasteData" |
192 | + peer=(label=unconfined), |
193 | + dbus (receive, send) |
194 | + bus=session |
195 | + interface="com.ubuntu.content.dbus.Service" |
196 | + path="/" |
197 | + member="GetLatestPasteData" |
198 | + peer=(label=unconfined), |
199 | + dbus (receive, send) |
200 | + bus=session |
201 | + interface="com.ubuntu.content.dbus.Service" |
202 | + path="/" |
203 | + member="PasteFormats" |
204 | + peer=(label=unconfined), |
205 | + dbus (receive) |
206 | + bus=session |
207 | + interface="com.ubuntu.content.dbus.Service" |
208 | + path="/" |
209 | + member="PasteFormatsChanged" |
210 | + peer=(label=unconfined), |
211 | + |
212 | # |
213 | # end DBus rules common for all apps |
214 | # |
The policy looks ok, assuming that the content service doesn't allow clicks from grabbing the clipboard from other processes. Can you comment on that?
Beyond that, this will trigger a recompile for all clicks that use the default template. Pat McGowan needs to approve that this is ok.
Has the pasteboard been backported to previous frameworks? If so, you should apply these to those as well.
Is the ubuntu-sdk template the correct place for this? Should it be part of content-hub?
If this is only for the template, is this useful to more than just ubuntu-sdk apps? What about scopes? webapps? If so, then this should be applied to those templates as well.
Is this targeted for the stable overlays? If so, please also target at: /code.launchpad .net/~ubuntu- security/ apparmor- easyprof- ubuntu/ 1.3-stable- phone-overlay /code.launchpad .net/~ubuntu- security/ apparmor- easyprof- ubuntu/ 16.04-stable- phone-overlay
https:/
https:/
Thanks!