Will result in a user's SSH known_hosts file being sent to the hub-importer app (but potentially an app could be using this to send files directly back to itself and it could be grabbing much more important files if they exist, like ~/.ssh/id_rsa).
Unfortunately I don't think applying the apparmor profile of the app which called url-dispatcher will be enough either, as a malicious developer could create a website like http://mikeasoft.com/~mike/urlhack.php which does a header redirect to "content:?pkg=com.ubuntu.developer.ken-vandine.hub-importer&url=file:///home/phablet/.ssh/known_hosts". They would then call Qt.openUrlExternally("http://mikeasoft.com/~mike/urlhack.php") in their app, which would launch the webbrowser. The urlhack page would then cause the webbrowser to issue the request to the url-dispatcher instead of the originating app, and since the webbrowser is unconfined this would again provide a mechanism for accessing all of a user's files from a confined app.
This doesn't appear to obey apparmor profiles, so as it stands this could potentially give unrestricted access to all files owned by the phablet user.
For example, creating a simple QML app that calls:
Qt.openUrlExter nally(" content: ?pkg=com. ubuntu. developer. ken-vandine. hub-importer& url=file: ///home/ phablet/ .ssh/known_ hosts") ;
Will result in a user's SSH known_hosts file being sent to the hub-importer app (but potentially an app could be using this to send files directly back to itself and it could be grabbing much more important files if they exist, like ~/.ssh/id_rsa).
Unfortunately I don't think applying the apparmor profile of the app which called url-dispatcher will be enough either, as a malicious developer could create a website like http:// mikeasoft. com/~mike/ urlhack. php which does a header redirect to "content: ?pkg=com. ubuntu. developer. ken-vandine. hub-importer& url=file: ///home/ phablet/ .ssh/known_ hosts". They would then call Qt.openUrlExter nally("http:// mikeasoft. com/~mike/ urlhack. php") in their app, which would launch the webbrowser. The urlhack page would then cause the webbrowser to issue the request to the url-dispatcher instead of the originating app, and since the webbrowser is unconfined this would again provide a mechanism for accessing all of a user's files from a confined app.