Media Hub

Merge lp:~phablet-team/media-hub/add-unity8-exception into lp:media-hub

  1. add-unity8-exception
  2. Merge into trunk
Proposed by Jim Hodapp
Status: Merged
Approved by: Alfonso Sanchez-Beato
Approved revision: 174
Merged at revision: 172
Proposed branch: lp:~phablet-team/media-hub/add-unity8-exception
Merge into: lp:media-hub
Diff against target: 95 lines (+22/-6)
2 files modified
src/core/media/apparmor/ubuntu.cpp (+18/-6)
src/core/media/apparmor/ubuntu.h (+4/-0)
To merge this branch: bzr merge lp:~phablet-team/media-hub/add-unity8-exception
Reviewer Review Type Date Requested Status
Alfonso Sanchez-Beato Approve
PS Jenkins bot continuous-integration Approve
Paweł Stołowski (community) Approve
Review via email: mp+285627@code.launchpad.net

Commit message

Add apparmor exception to media-hub for unity8

Description of the change

Add apparmor exception to media-hub for unity8

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:170
http://jenkins.qa.ubuntu.com/job/media-hub-ci/392/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-amd64-ci/232
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/232
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/232/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-i386-ci/232

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/392/rebuild

review: Approve (continuous-integration)
Revision history for this message
Paweł Stołowski (stolowski) wrote :

Thanks for that Jim! There is one problem though, it throws early in Context constructor, because there is no package name set for unity8-dash:

apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
terminate called after throwing an instance of 'std::logic_error'
  what(): apparmor::ubuntu::Context: Invalid profile name unity8-dash

If this is because unity8-dash doesn't come from a click package, then I think the ctor of Context also needs an exception for unity8-dash (making unity8-dash a .click is not in our plans).
Please let me know if there is any other way for me to make this constraint happy on my side.

lp:~phablet-team/media-hub/add-unity8-exception updated
171. By Jim Hodapp

Add an exception for unity to not require a package_name since it will not have one

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:171
http://jenkins.qa.ubuntu.com/job/media-hub-ci/393/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-amd64-ci/233
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/233
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/233/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-i386-ci/233

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/393/rebuild

review: Approve (continuous-integration)
Revision history for this message
Paweł Stołowski (stolowski) wrote :

Yep, that helped, thanks!

Revision history for this message
Paweł Stołowski (stolowski) wrote :

Hi Jim, I think there is one more case - I'm getting this when pressing play button from the confined Dash:

Adding track file:///home/phablet/Music/1.mp3
Failed to add track ' "file:///home/phablet/Music/1.mp3" ' to playlist: mpris.TrackList.Error.InsufficientPermissionsToAddTrack: Warning: Not adding track file:///home/phablet/Music/1.mp3 to TrackList because of inadequate client apparmor permissions.

lp:~phablet-team/media-hub/add-unity8-exception updated
172. By Jim Hodapp

Add debugging output

Revision history for this message
Jim Hodapp (jhodapp) wrote :

@Pawel: try rebuilding and get me a clean media-hub.log. I added a couple of debug statements that I want to see the output for since I should already have a working exception (but obviously isn't).

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:172
http://jenkins.qa.ubuntu.com/job/media-hub-ci/395/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-amd64-ci/235
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/235
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/235/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-i386-ci/235

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/395/rebuild

review: Approve (continuous-integration)
Revision history for this message
Paweł Stołowski (stolowski) wrote :

Hi Jim, here you are:

virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
*** void core::ubuntu::media::TrackListSkeleton::Private::handle_add_tracks_with_uri_at(const Ptr&)
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
Warning: Not adding track file:///home/phablet/Music/5.mp3 to TrackList because of inadequate client apparmor permissions.
void core::ubuntu::media::PlayerImplementation<Parent>::stop() [with Parent = core::ubuntu::media::PlayerSkeleton]
Current player state is already stopped - no need to change state to stopped
virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
*** void core::ubuntu::media::TrackListSkeleton::Private::handle_add_tracks_with_uri_at(const Ptr&)
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
Warning: Not adding track file:///home/phablet/Music/5.mp3 to TrackList because of inadequate client apparmor permissions.
void core::ubuntu::media::PlayerImplementation<Parent>::stop() [with Parent = core::ubuntu::media::PlayerSkeleton]
Current player state is already stopped - no need to change state to stopped
virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
*** void core::ubuntu::media::TrackListSkeleton::Private::handle_add_tracks_with_uri_at(const Ptr&)
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
Warning: Not adding track file:///home/phablet/Music/5.mp3 to TrackList because of inadequate client apparmor permissions.

Revision history for this message
Paweł Stołowski (stolowski) wrote :

Ok, this one has the debug you added:

Session created by request of: :1.121, key: 2, uuid: 2533cb52-bf0b-44b9-98a2-603563ecfac8, path:/core/ubuntu/media/Service/sessions/2

audio_sink: pulsesink
video_sink: mirsink
Audio stream role: props,media.role=multimedia
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
operator()():149 -- app_name='unity8-dash', attached
void core::ubuntu::media::PlayerImplementation<Parent>::stop() [with Parent = core::ubuntu::media::PlayerSkeleton]
bool gstreamer::Playbin::set_state_and_wait(GstState): requested state change.
Setting state for parent: 0xabe37254
virtual bool gstreamer::Engine::stop()
Emiting playback_status_changed signal: PlaybackStatus::stopped
virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
*** void core::ubuntu::media::TrackListSkeleton::Private::handle_add_tracks_with_uri_at(const Ptr&)
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
context.profile_name(): -
parsed_uri.path: /home/phablet/Music/1.mp3
Warning: Not adding track file:///home/phablet/Music/1.mp3 to TrackList because of inadequate client apparmor permissions.
void core::ubuntu::media::PlayerImplementation<Parent>::stop() [with Parent = core::ubuntu::media::PlayerSkeleton]
Current player state is already stopped - no need to change state to stopped
virtual void core::ubuntu::media::TrackListImplementation::reset()
Updating MPRIS TrackList properties; Tracks: 0, has_previous: false, has_next: false
*** void core::ubuntu::media::TrackListSkeleton::Private::handle_add_tracks_with_uri_at(const Ptr&)
apparmor profile name: unity8-dash, is_unconfined(): false, has_package_name(): false
context.profile_name(): -
parsed_uri.path: /home/phablet/Music/5.mp3
Warning: Not adding track file:///home/phablet/Music/5.mp3 to TrackList because of inadequate client apparmor permissions.

lp:~phablet-team/media-hub/add-unity8-exception updated
173. By Jim Hodapp

Add unity8 exception for calculating the profile_name

Revision history for this message
Jim Hodapp (jhodapp) wrote :

I uploaded what should be a fix (untested). Please go ahead and build in your silo and give it a try.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:173
http://jenkins.qa.ubuntu.com/job/media-hub-ci/396/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-amd64-ci/236
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/236
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/236/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-i386-ci/236

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/396/rebuild

review: Approve (continuous-integration)
Revision history for this message
Paweł Stołowski (stolowski) wrote :

> I uploaded what should be a fix (untested). Please go ahead and build in your
> silo and give it a try.

Yeah, playback works now, thanks!

Revision history for this message
Jim Hodapp (jhodapp) wrote :

No problem, glad it's working now! I'll have Alfonso do a quick code review so that we can get this landed when you're ready with your silo.

lp:~phablet-team/media-hub/add-unity8-exception updated
174. By Jim Hodapp

Use the const unity_name everywhere

Revision history for this message
Paweł Stołowski (stolowski) wrote :

+1 from me, feel free to land it, thanks!

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:174
http://jenkins.qa.ubuntu.com/job/media-hub-ci/397/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-amd64-ci/237
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/237
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-armhf-ci/237/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-vivid-i386-ci/237

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/397/rebuild

review: Approve (continuous-integration)
Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

LGTM

review: Approve
lp:~phablet-team/media-hub/add-unity8-exception updated
175. By Jim Hodapp

Merged with trunk

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/core/media/apparmor/ubuntu.cpp'
2--- src/core/media/apparmor/ubuntu.cpp 2016-01-15 15:44:04 +0000
3+++ src/core/media/apparmor/ubuntu.cpp 2016-02-23 16:29:54 +0000
4@@ -72,6 +72,7 @@
5
6 static constexpr std::size_t index_package{1};
7 static constexpr std::size_t index_app{2};
8+static const std::string unity_name{"unity8-dash"};
9
10 // Returns true if the context name is a valid Ubuntu app id.
11 // If it is, out is populated with the package and app name.
12@@ -83,7 +84,7 @@
13 static const std::regex full_re{"(.*)_(.*)_(.*)"};
14 static const std::regex trust_store_re{"(.*)-(.*)"};
15
16- if (s == "messaging-app"
17+ if ((s == "messaging-app" or s == unity_name)
18 and std::regex_match(s, out, trust_store_re))
19 {
20 pkg_name = s;
21@@ -103,15 +104,17 @@
22 apparmor::ubuntu::Context::Context(const std::string& name)
23 : apparmor::Context{name},
24 unconfined_{str() == ubuntu::unconfined},
25+ unity_{name == unity_name},
26 has_package_name_{process_context_name(str(), match_, pkg_name_)}
27 {
28 std::cout << "apparmor profile name: " << name;
29 std::cout << ", is_unconfined(): " << is_unconfined();
30 std::cout << ", has_package_name(): " << has_package_name() << std::endl;
31- if (not is_unconfined() && not has_package_name()) throw std::logic_error
32- {
33- "apparmor::ubuntu::Context: Invalid profile name " + str()
34- };
35+ if (not is_unconfined() and not is_unity() and not has_package_name())
36+ throw std::logic_error
37+ {
38+ "apparmor::ubuntu::Context: Invalid profile name " + str()
39+ };
40 }
41
42 bool apparmor::ubuntu::Context::is_unconfined() const
43@@ -119,6 +122,11 @@
44 return unconfined_;
45 }
46
47+bool apparmor::ubuntu::Context::is_unity() const
48+{
49+ return unity_;
50+}
51+
52 bool apparmor::ubuntu::Context::has_package_name() const
53 {
54 return has_package_name_;
55@@ -155,6 +163,9 @@
56
57 Uri parsed_uri = parse_uri(uri);
58
59+ std::cout << "context.profile_name(): " << context.profile_name() << std::endl;
60+ std::cout << "parsed_uri.path: " << parsed_uri.path << std::endl;
61+
62 // All confined apps can access their own files
63 if (parsed_uri.path.find(std::string(".local/share/" + context.package_name() + "/")) != std::string::npos ||
64 parsed_uri.path.find(std::string(".cache/" + context.package_name() + "/")) != std::string::npos)
65@@ -194,7 +205,8 @@
66 // Check in ~/Music and ~/Videos
67 // TODO: when the trust store lands, check it to see if this app can access the dirs and
68 // then remove the explicit whitelist of the music-app, and gallery-app
69- else if ((context.package_name() == "com.ubuntu.music" || context.package_name() == "com.ubuntu.gallery") &&
70+ else if ((context.package_name() == "com.ubuntu.music" || context.package_name() == "com.ubuntu.gallery" ||
71+ context.profile_name() == unity_name) &&
72 (parsed_uri.path.find(std::string("Music/")) != std::string::npos ||
73 parsed_uri.path.find(std::string("Videos/")) != std::string::npos ||
74 parsed_uri.path.find(std::string("/media")) != std::string::npos))
75
76=== modified file 'src/core/media/apparmor/ubuntu.h'
77--- src/core/media/apparmor/ubuntu.h 2016-01-15 15:44:04 +0000
78+++ src/core/media/apparmor/ubuntu.h 2016-02-23 16:29:54 +0000
79@@ -67,6 +67,9 @@
80 // Returns true iff the context is unconfined.
81 virtual bool is_unconfined() const;
82
83+ // Returns true iff the context matches Unity.
84+ virtual bool is_unity() const;
85+
86 // Returns true iff the context contains a package name.
87 virtual bool has_package_name() const;
88
89@@ -79,6 +82,7 @@
90 std::smatch match_;
91 std::string pkg_name_;
92 const bool unconfined_;
93+ const bool unity_;
94 const bool has_package_name_;
95 };
96

Subscribers

People subscribed via source and target branches

to all changes: