trust-store

CMakeLists.txt (+1/-1)
debian/control (+1/-0)
po/trust-store.pot (+10/-11)
src/CMakeLists.txt (+7/-0)
src/core/trust/daemon.cpp (+1/-1)
src/core/trust/mir/agent.cpp (+22/-42)
src/core/trust/mir/agent.h (+44/-16)
src/core/trust/mir/click_desktop_entry_app_info_resolver.cpp (+139/-0)
src/core/trust/mir/click_desktop_entry_app_info_resolver.h (+49/-0)
src/core/trust/mir/prompt_main.cpp (+44/-41)
src/core/trust/mir/prompt_main.h (+16/-4)
src/core/trust/mir/prompt_main.qml (+66/-30)
tests/CMakeLists.txt (+20/-0)
tests/click_desktop_entry_app_name_resolver_test.cpp (+75/-0)
tests/mir_agent_test.cpp (+131/-21)
tests/share/applications/valid.pkg_app_0.0.0.desktop (+56/-0)
tests/test_data.h.in (+5/-0)

To merge this branch:

bzr merge lp:~thomas-voss/trust-store/fix-1504022

Related bugs:

Bug #1382610: Buttons order is wrong	High	In Progress
Bug #1504022: Displays the hook name rather than the .desktop Name	High	In Progress

Link a bug report

Reviewer	Review Type	Date Requested	Status
Matthew Paul Thomas	design		Approve on 2015-12-07
Tyler Hicks			Approve on 2015-12-01
Alberto Mardegan (community)		2015-11-24	Approve on 2015-11-24
PS Jenkins bot	continuous-integration	2015-11-24	Pending
Review via email: mp+278418@code.launchpad.net

This proposal supersedes a proposal from 2015-11-20.

Commit Message

Add interface mir::AppNameResolver.

mir::AppNameResolver is used by mir::Agent to map application IDs
to localized application names.

Description of the Change

Add interface mir::AppNameResolver.

mir::AppNameResolver is used by mir::Agent to map application IDs
to localized application names.

Alberto Mardegan (mardy) wrote on 2015-11-11: Posted in a previous version of this proposal

A couple of inline comments, I'm not convinced that this way of finding the desktop files is reliable.

review: Needs Fixing

Alberto Mardegan (mardy) wrote on 2015-11-12: Posted in a previous version of this proposal

Looks good!

review: Approve

Alberto Mardegan (mardy) wrote on 2015-11-16: Posted in a previous version of this proposal

LGTM

review: Approve

PS Jenkins bot (ps-jenkins) wrote on 2015-11-20: Posted in a previous version of this proposal

FAILED: Continuous integration, rev:141
http://jenkins.qa.ubuntu.com/job/trust-store-ci/101/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-amd64-ci/22/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/22
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/22/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-i386-ci/22

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/101/rebuild

review: Needs Fixing (continuous-integration)

Tyler Hicks (tyhicks) wrote on 2015-11-20: Posted in a previous version of this proposal

Hello - Thomas had asked for a security review and I just took a look at the code.

The code itself looks nearly perfect. I have a couple questions below but they're minor.

I'm mainly concerned about the concept of using the localized Name of the desktop file in a trust prompt. For something like a click app that comes from an untrusted developer, we have no idea if the localized name in their provided desktop file is an accurate translation or a malicious translation intended to trick the user into granting their app access. I don't know of any logic that could be used in the click reviewers tools to verify that the translations are non-malicious. How do we handle such a situation?

As for the code, I have a couple questions/comments:

1) What UID does resolve_desktop_entry_or_throw() run under? I ask because it goes mucking around in the user's home dir and is vulnerable to minor TOCTOU issues such as checking to see if /home/USER/applications/APP_ID.desktop is a regular file and then later passing that path to g_key_file_load_from_file(). The user could modify the path to be a symlink to an area of the filesystem that he/she doesn't own. If resolve_desktop_entry_or_throw() runs as the user, there's probably nothing to worry about.

2) The external XDG stuff that you wrote is a nice idea. I'd recommend packaging it up as a library so that it can be reused in a controllable fashion instead of copying and pasting the code into all of the projects that want to use it.

review: Needs Information

Tyler Hicks (tyhicks) wrote on 2015-11-20: Posted in a previous version of this proposal

After speaking with jdstrand, he explained why the click reviewers tools don't currently verify the Name field of a desktop file. The desktop file name field can't be forced to match the click package name because the desktop file name should be "pretty" while the click package name is alphanumerics and '-'.

Because of this, I don't see how the desktop file name field can be trusted enough to be used in trust store prompts. :/

Thomas Voß (thomas-voss) wrote on 2015-11-21: Posted in a previous version of this proposal

Hey Tyler,

thanks for the detailed review and your comments. Let me first try to clarify on the use of the localized name in trust prompts. I actually raised the same issue as you, and it turns out that we are "vulnerable" to applications faking their identity in a couple of places throughout the system. First and foremost: Unity itself relies on the .desktop file entry for displaying the name. We might want to fix the default approach for handling localized application names meant for human consumption in snappy, though.

One possible way to resolve the issue is by altering the prompt to show the localized name alongside the actual application id. Ideally, we would have an expendable field "Details" as part of the prompt containing in-depth information about the request, at the very least the actual app ID together with the UID (and the human-readable user name).

(@1:) The function always runs under the actual user. I will however add a check to make sure that the current user id matches the user id of the request. If not, we will return early, and deny the request.

(@2:) Sure, happy to. I mainly added the external code here to guarantee a swift landing. I will do the packaging and carry out the requesting asap, but would like to make sure that a fix for this bug is not blocked by package/MIR review processes.

Thomas Voß (thomas-voss) wrote on 2015-11-21: Posted in a previous version of this proposal

One other idea to further clarify the identity of the app might be to include its official icon. At the very least, this would make it easier for the user to associate the source of the trust request with what is visible in the dash and in the launcher.

Thomas Voß (thomas-voss) wrote on 2015-11-23: Posted in a previous version of this proposal

I reported the potential privilege escalation issue in https://bugs.launchpad.net/trust-store/+bug/1518883. The bug has got a fix attached.

Alberto Mardegan (mardy) wrote on 2015-11-23: Posted in a previous version of this proposal

LGTM!

review: Approve

Sebastien Bacher (seb128) wrote on 2015-11-23: Posted in a previous version of this proposal

@Tyler, note that the current situation is not any better, the prompt are using the name of the hook included in the click, which is also not restricted...

Having the appid mentioned looks like a good idea to me though

Thomas Voß (thomas-voss) wrote on 2015-11-23: Posted in a previous version of this proposal

> @Tyler, note that the current situation is not any better, the prompt are
> using the name of the hook included in the click, which is also not
> restricted...
>

I think that's an issue with our review tools tbh. The trust store relies on apparmor to query the profile name. With that, if an app can just request any name in there, we have got a problem from my pov.

> Having the appid mentioned looks like a good idea to me though

Tyler Hicks (tyhicks) wrote on 2015-11-23: Posted in a previous version of this proposal

Thomas, I'm not sure that you need to add a user ID check. I was just curious what UID the code was expected to be running in. I'm happy enough with your answer that it runs as the user.

If you think the XDG code will be reused in other projects, it'd be good to package up separately.

Tyler Hicks (tyhicks) wrote on 2015-11-23: Posted in a previous version of this proposal

> @Tyler, note that the current situation is not any better, the prompt are
> using the name of the hook included in the click, which is also not
> restricted...
>
> Having the appid mentioned looks like a good idea to me though

Yes, I think the appid approach has a chance of greatly improving the situation.

Matthew Paul Thomas (mpt) wrote on 2015-11-23: Posted in a previous version of this proposal

Download full text (3.5 KiB)

The standard permission prompt message is of the form
    <appname> wants to access <property>.
for example
    Frobnicator Turbo wants to access your location.
so the attack you have in mind is for Frobnicator Turbo to pretend to be another app:
    Browser wants to access your location.

Especially while people are used to hardly anything happening in the background, this might often fail. People would think, "Huh? I'm not using Browser at the moment. Why is it asking me now?"

Showing the app icon would help now, but it would lose its effectiveness once bug 1453795 is fixed.

Including the application id might protect geeks, but I expect most people would ignore it, or think it was a bug, on the grounds that it looks like code. If it was embedded in the prompt text,
    <appname> (<appid>) wants to access <property>.
then an app could even explain it away with a devious name:
    Browser (downloadable from
producing the prompt
    Browser (downloadable from (frobnicator-turbo.comorg) wants to access your location.
The profusion of TLDs leaves that plausible even to geeks who aren't familiar with the exact format of the prompt. Few would notice the unmatched bracket. So if it's included at all, I think it should be secondary text, like in the "Details" section for PolicyKit prompts. <https://wiki.ubuntu.com/AccountPrivileges#Details>

Meanwhile, an app could do much more devious things with its name. Maybe we can address these at the same time, or maybe they need to be tackled separately. For example, an app could give itself a name something like
Browser wants to access only your bookmarks. It does not
which would produce prompt text of the form
Browser wants to access only your bookmarks. It does not wants to access your location.
This would be slightly ungrammatical ("does not wants"), but would still fool many people.

How to mitigate this? We could put the app name in quote marks:
    “Browser wants to access only your bookmarks. It does not” wants to access your location.
But then the app could jimmy its own opposing quote marks into its name:
    Browser” wants to access only your bookmarks. It does “*not*
producing the only-slightly-less-believable prompt:
    “Browser” wants to access only your bookmarks. It does “*not*” wants to access your location.
(This idea adapted from <https://www.squarefree.com/dialogs2010/exec-warning-injected.png>.)

(We couldn't prevent that by banning use of quote marks, because there are many other Unicode characters that look like quote marks, including apostrophes: Baldur’s Gate, Sid Meier's Civilization, Tony Hawk's Pro Skater 2, etc.)

We could limit the length of app names to something like 30 characters:
“Browser wants to access only
That would put the kibosh on those obfuscation attacks ... in most languages. Not in kanji ones, unfortunately:
浏览器要访问您的书签。它不希望访问您的位置。
But maybe mitigating the attack in most but not all languages is better than mitigating it in none of them.

We could put the app name in color, while the rest of the text is the normal UI color. But apparently that hasn't stopped malware in the past. <https://www.squarefree.com/dialogs2010/activex.png>

Perhaps a har...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Thomas Voß

Ubuntu Phablet Team

 === modified file 'CMakeLists.txt'
 --- CMakeLists.txt	2015-11-30 10:46:27 +0000
 +++ CMakeLists.txt	2015-11-30 10:46:27 +0000
@@ -28,7 +28,7 @@
  ENDIF(CMAKE_BUILD_TYPE MATCHES [cC][oO][vV][eE][rR][aA][gG][eE])
  find_package(PkgConfig)
--find_package(Boost COMPONENTS program_options system REQUIRED)
++find_package(Boost COMPONENTS filesystem program_options system REQUIRED)
  add_subdirectory(3rd_party/xdg)
 === modified file 'debian/control'
 --- debian/control	2015-11-30 10:46:27 +0000
 +++ debian/control	2015-11-30 10:46:27 +0000
@@ -14,6 +14,7 @@
                 libdbus-cpp-dev (>= 4.0.0),
                 libdbus-1-dev,
                 libgflags-dev,
++               libglib2.0-dev,
                 libgoogle-glog-dev,
                 libgtest-dev,
                 libjson-c-dev,
 === modified file 'po/trust-store.pot'
 --- po/trust-store.pot	2015-08-20 17:46:04 +0000
 +++ po/trust-store.pot	2015-11-30 10:46:27 +0000
@@ -8,7 +8,7 @@
  msgstr ""
  "Project-Id-Version: trust-store\n"
  "Report-Msgid-Bugs-To: \n"
--"POT-Creation-Date: 2015-08-20 13:41-0400\n"
++"POT-Creation-Date: 2015-11-27 13:56+0100\n"
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
  "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,15 +17,14 @@
  "Content-Type: text/plain; charset=CHARSET\n"
  "Content-Transfer-Encoding: 8bit\n"
--#: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265
--#, boost-format
--msgid "Application %1% is trying to access"
--msgstr ""
--
--#: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42
--msgid "Deny"
--msgstr ""
--
--#: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:49
++#: /home/tvoss/ubuntu/scratch/fix-1504022/src/core/trust/daemon.cpp:265
++msgid "is trying to access"
++msgstr ""
++
++#: /home/tvoss/ubuntu/scratch/fix-1504022/src/core/trust/mir/prompt_main.qml:78
  msgid "Allow"
  msgstr ""
++
++#: /home/tvoss/ubuntu/scratch/fix-1504022/src/core/trust/mir/prompt_main.qml:83
++msgid "Don't Allow"
++msgstr ""
 === modified file 'src/CMakeLists.txt'
 --- src/CMakeLists.txt	2015-11-30 10:46:27 +0000
 +++ src/CMakeLists.txt	2015-11-30 10:46:27 +0000
@@ -20,6 +20,8 @@
  pkg_check_modules(DBUS_CPP dbus-cpp REQUIRED)
  pkg_check_modules(DBUS dbus-1 REQUIRED)
++pkg_check_modules(GLIB glib-2.0 REQUIRED)
++pkg_check_modules(GOBJECT gobject-2.0 REQUIRED)
  pkg_check_modules(LIBAPPARMOR libapparmor REQUIRED)
  pkg_check_modules(SQLITE3 sqlite3 REQUIRED)
@@ -28,6 +30,8 @@
  include_directories(
    ${DBUS_CPP_INCLUDE_DIRS}
    ${DBUS_INCLUDE_DIRS}
++  ${GLIB_INCLUDE_DIRS}
++  ${GOBJECT_INCLUDE_DIRS}
    ${LIBAPPARMOR_INCLUDE_DIRS}
    ${SQLITE3_INCLUDE_DIRS}
+ )
@@ -70,6 +74,7 @@
      # to prompt the user for trusting an application to access a trusted
      # system service.
      core/trust/mir/agent.cpp
++    core/trust/mir/click_desktop_entry_app_info_resolver.cpp
+   )
    # Make sure Qt does not inject evil macros like 'signals' and 'slots'.
@@ -186,6 +191,8 @@
    ${DBUS_LIBRARIES}
    ${GFLAGS_LDFLAGS}
    ${GLOG_LDFLAGS}
++  ${GLIB_LDFLAGS}
++  ${GOBJECT_LDFLAGS}
    ${LIBAPPARMOR_LDFLAGS}
    ${MIR_CLIENT_LDFLAGS}
    ${PROCESS_CPP_LDFLAGS}
 === modified file 'src/core/trust/daemon.cpp'
 --- src/core/trust/daemon.cpp	2015-08-31 14:00:41 +0000
 +++ src/core/trust/daemon.cpp	2015-11-30 10:46:27 +0000
@@ -262,7 +262,7 @@
                      core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),
                      dict.count("description-pattern") > 0 ?
                              dict.at("description-pattern") :
--                            core::trust::i18n::tr("Application %1% is trying to access") + " " + service_name + ".",
++                            core::trust::i18n::tr("is trying to access") + " " + service_name + ".",
                      dict.count("verify-process-timestamp") > 0
                  };
 === modified file 'src/core/trust/mir/agent.cpp'
 --- src/core/trust/mir/agent.cpp	2015-08-31 13:16:20 +0000
 +++ src/core/trust/mir/agent.cpp	2015-11-30 10:46:27 +0000
@@ -33,6 +33,11 @@
  namespace mir = core::trust::mir;
++bool mir::operator==(const mir::AppInfo& lhs, const mir::AppInfo& rhs)
++{
++    return lhs.icon == rhs.icon && lhs.id == rhs.id && lhs.name == rhs.name;
++}
++
  // Invoked whenever a request for creation of pre-authenticated fds succeeds.
  void mir::PromptSessionVirtualTable::mir_client_fd_callback(MirPromptSession */*prompt_session*/, size_t count, int const* fds, void* context)
+ {
@@ -134,27 +139,15 @@
+ {
      static auto child_setup = []() {};
--    // We translate to human readable strings here, and do it a non-translateable way first
--    // We post-process the application id and try to extract the unversioned package name.
--    // Please see https://wiki.ubuntu.com/AppStore/Interfaces/ApplicationId.
--    static const std::regex regex_full_app_id{"(.*)_(.*)_(.*)"};
--    static const std::regex regex_short_app_id{"(.*)_(.*)"};
--    static constexpr std::size_t index_app{2};
--
--    auto app_name = args.application_id;
--
--    std::smatch match;
--    if (std::regex_match(app_name, match, regex_full_app_id))
--        app_name = std::string{match[index_app]};
--    else if (std::regex_match(app_name, match, regex_short_app_id))
--        app_name = std::string{match[index_app]};
--
--    auto description = (boost::format(i18n::tr(args.description, i18n::service_text_domain())) % app_name).str();
++    auto app_name = args.app_info.name;
++    auto description = i18n::tr(args.description, i18n::service_text_domain());
      std::vector<std::string> argv
+     {
          "--" + std::string{core::trust::mir::cli::option_server_socket}, "fd://" + std::to_string(args.fd),
--        "--" + std::string{core::trust::mir::cli::option_title}, app_name,
++        "--" + std::string{core::trust::mir::cli::option_icon}, args.app_info.icon,
++        "--" + std::string{core::trust::mir::cli::option_name}, args.app_info.name,
++        "--" + std::string{core::trust::mir::cli::option_id}, args.app_info.id,
          "--" + std::string{core::trust::mir::cli::option_description}, description
      };
@@ -219,17 +212,8 @@
      };
+ }
--mir::Agent::Agent(
--        // VTable object providing access to Mir's trusted prompting functionality.
--        const mir::ConnectionVirtualTable::Ptr& connection_vtable,
--        // Exec helper for starting up prompt provider child processes with the correct setup
--        // of command line arguments and environment variables.
--        const mir::PromptProviderHelper::Ptr& exec_helper,
--        // A translator function for mapping child process exit states to trust::Request answers.
--        const std::function<core::trust::Request::Answer(const core::posix::wait::Result&)>& translator)
--    : connection_vtable(connection_vtable),
--      exec_helper(exec_helper),
--      translator(translator)
++mir::Agent::Agent(const mir::Agent::Configuration& config)
++    : config(config)
+ {
+ }
@@ -260,7 +244,7 @@
      } scope
+     {
          // We setup the prompt session and wire up to our own internal callback helper.
--        connection_vtable->create_prompt_session_sync(
++        config.connection_vtable->create_prompt_session_sync(
                      parameters.application.pid,
                      Agent::on_trust_session_changed_state,
                      &cb_context)
@@ -273,24 +257,25 @@
      mir::PromptProviderHelper::InvocationArguments args
+     {
          fd,
--        parameters.application.id,
++        config.app_info_resolver->resolve(parameters.application.id),
          parameters.description
      };
      // Ask the helper to fire up the prompt provider.
--    cb_context.prompt_provider_process = exec_helper->exec_prompt_provider_with_arguments(args);
++    cb_context.prompt_provider_process = config.exec_helper->exec_prompt_provider_with_arguments(args);
      // And subsequently wait for it to finish.
      auto result = cb_context.prompt_provider_process.wait_for(core::posix::wait::Flags::untraced);
--    return translator(result);
++    return config.translator(result);
+ }
  bool mir::operator==(const mir::PromptProviderHelper::InvocationArguments& lhs, const mir::PromptProviderHelper::InvocationArguments& rhs)
+ {
--    return std::tie(lhs.application_id, lhs.description, lhs.fd) == std::tie(rhs.application_id, rhs.description, rhs.fd);
++    return std::tie(lhs.app_info, lhs.description, lhs.fd) == std::tie(rhs.app_info, rhs.description, rhs.fd);
+ }
  #include "config.h"
++#include "click_desktop_entry_app_info_resolver.h"
  MirConnection* mir::connect(const std::string& endpoint, const std::string& name)
+ {
@@ -318,13 +303,8 @@
+         }
      };
--    return mir::Agent::Ptr
--    {
--        new mir::Agent
--        {
--            cvt,
--            pph,
--            mir::Agent::translator_only_accepting_exit_status_success()
--        }
--    };
++    mir::AppInfoResolver::Ptr anr{new mir::ClickDesktopEntryAppInfoResolver{}};
++
++    mir::Agent::Configuration config{cvt, pph, mir::Agent::translator_only_accepting_exit_status_success(), anr};
++    return mir::Agent::Ptr{new mir::Agent{config}};
+ }
 === modified file 'src/core/trust/mir/agent.h'
 --- src/core/trust/mir/agent.h	2014-10-07 19:27:18 +0000
 +++ src/core/trust/mir/agent.h	2015-11-30 10:46:27 +0000
@@ -27,6 +27,8 @@
  #include <mirclient/mir_toolkit/mir_client_library.h>
  #include <mirclient/mir_toolkit/mir_prompt_session.h>
++#include <boost/filesystem.hpp>
++
  #include <condition_variable>
  #include <functional>
  #include <mutex>
@@ -37,6 +39,17 @@
+ {
  namespace mir
+ {
++// Info bundles information about an application.
++struct AppInfo
++{
++    std::string icon; // The icon of the application.
++    std::string name; // The human-readable, localized name of the application.
++    std::string id; // The unique id of the application.
++};
++
++// operator== returns true iff lhs is exactly equal to rhs.
++bool operator==(const AppInfo& lhs, const AppInfo& rhs);
++
  // We wrap the Mir prompt session API into a struct to
  // ease with testing and mocking.
  class CORE_TRUST_DLL_PUBLIC PromptSessionVirtualTable
@@ -129,8 +142,8 @@
          // The pre-authenticated fd that the helper
          // should use for connecting to Mir.
          int fd;
--        // The application id of the requesting app.
--        std::string application_id;
++        // Application-specific information goes here.
++        AppInfo app_info;
          // The extended description that should be presented to the user.
          std::string description;
      };
@@ -146,6 +159,17 @@
      CreationArguments creation_arguments;
  };
++// An AppNameResolver resolves an application id to a localized application name.
++struct AppInfoResolver
++{
++    // Save us some typing.
++    typedef std::shared_ptr<AppInfoResolver> Ptr;
++
++    virtual ~AppInfoResolver() = default;
++    // resolve maps app_id to a localized application name.
++    virtual AppInfo resolve(const std::string& app_id) = 0;
++};
++
  // Implements the trust::Agent interface and dispatches calls to a helper
  // prompt provider, tying it together with the requesting service and app
  // by leveraging Mir's trusted session/prompting support.
@@ -154,6 +178,20 @@
      // Convenience typedef
      typedef std::shared_ptr<Agent> Ptr;
++    // A Configuration bundles creation-time configuration options.
++    struct Configuration
++    {
++        // VTable object providing access to Mir's trusted prompting functionality.
++        ConnectionVirtualTable::Ptr connection_vtable;
++        // Exec helper for starting up prompt provider child processes with the correct setup
++        // of command line arguments and environment variables.
++        PromptProviderHelper::Ptr exec_helper;
++        // A translator function for mapping child process exit states to trust::Request answers.
++        std::function<core::trust::Request::Answer(const core::posix::wait::Result&)> translator;
++        // AppNameResolver used by the agent to map incoming request app ids to application names.
++        AppInfoResolver::Ptr app_info_resolver;
++    };
++
      // Helper struct for injecting state into on_trust_changed_state_state callbacks.
      // Used in prompt_user_for_request to wait for the trust session to be stopped.
      struct OnTrustSessionStateChangedCallbackContext
@@ -177,26 +215,16 @@
      // Throws std::logic_error if the process did not exit but was signaled.
      static std::function<core::trust::Request::Answer(const core::posix::wait::Result&)> translator_only_accepting_exit_status_success();
--    // Creates a new MirAgent instance with the given MirConnectionVirtualTable instance.
--    Agent(// VTable object providing access to Mir's trusted prompting functionality.
--          const ConnectionVirtualTable::Ptr& connection_vtable,
--          // Exec helper for starting up prompt provider child processes with the correct setup
--          // of command line arguments and environment variables.
--          const PromptProviderHelper::Ptr& exec_helper,
--          // A translator function for mapping child process exit states to trust::Request answers.
--          const std::function<core::trust::Request::Answer(const core::posix::wait::Result&)>& translator);
++    // Creates a new MirAgent instance with the given Configuration.
++    Agent(const Configuration& config);
      // From core::trust::Agent:
      // Throws a std::logic_error if anything unforeseen happens during execution, thus
      // indicating that no conclusive answer could be obtained from the user.
      core::trust::Request::Answer authenticate_request_with_parameters(const RequestParameters& parameters) override;
--    // The connection VTable used for creating trusted prompting sessions.
--    ConnectionVirtualTable::Ptr connection_vtable;
--    // Execution helper for firing up prompt provider executables.
--    PromptProviderHelper::Ptr exec_helper;
--    // Translator instance.
--    std::function<core::trust::Request::Answer(const core::posix::wait::Result&)> translator;
++    // The configured options.
++    Configuration config;
  };
  CORE_TRUST_DLL_PUBLIC bool operator==(const PromptProviderHelper::InvocationArguments&, const PromptProviderHelper::InvocationArguments&);
 === added file 'src/core/trust/mir/click_desktop_entry_app_info_resolver.cpp'
 --- src/core/trust/mir/click_desktop_entry_app_info_resolver.cpp	1970-01-01 00:00:00 +0000
 +++ src/core/trust/mir/click_desktop_entry_app_info_resolver.cpp	2015-11-30 10:46:27 +0000
@@ -0,0 +1,139 @@
++/*
++ * Copyright © 2015 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ */
++
++#include <core/trust/mir/click_desktop_entry_app_info_resolver.h>
++
++#include <glib.h>
++#include <xdg.h>
++
++#include <core/posix/this_process.h>
++
++#include <boost/algorithm/string.hpp>
++#include <boost/filesystem.hpp>
++#include <boost/format.hpp>
++
++#include <memory>
++#include <regex>
++#include <string>
++#include <stdexcept>
++#include <vector>
++
++namespace env = core::posix::this_process::env;
++namespace fs = boost::filesystem;
++namespace mir = core::trust::mir;
++
++namespace
++{
++fs::path resolve_desktop_entry_or_throw(const std::string& app_id)
++{
++    auto p = xdg::data().home() / "applications" / (app_id + ".desktop");
++    if (fs::is_regular_file(p))
++        return p;
++
++    fs::path applications{xdg::data().home() / "applications"};
++    fs::directory_iterator it(applications), itE;
++    while (it != itE)
++    {
++        if (it->path().filename().string().find(app_id) == 0)
++            return it->path();
++        ++it;
++    }
++
++    for (auto dir : xdg::data().dirs())
++    {
++        auto p = dir / "applications" / (app_id + ".desktop");
++        if (fs::is_regular_file(p))
++            return p;
++    }
++
++    throw std::runtime_error{"Could not resolve desktop entry for " + app_id};
++}
++
++// Wrap up a GError with an RAII approach, easing
++// cleanup if we throw an exception.
++struct Error
++{
++    ~Error() { clear(); }
++    void clear() { g_clear_error(&error); }
++
++    GError* error = nullptr;
++};
++
++std::string name_from_desktop_entry_or_throw(const fs::path& fn)
++{
++    Error g;
++    std::shared_ptr<GKeyFile> key_file{g_key_file_new(), [](GKeyFile* file) { if (file) g_key_file_free(file); }};
++
++    if (not g_key_file_load_from_file(key_file.get(), fn.string().c_str(), G_KEY_FILE_NONE, &g.error)) throw std::runtime_error
++    {
++        "Failed to load desktop entry [" + std::string(g.error->message) + "]"
++    };
++
++    auto app_name = g_key_file_get_locale_string(key_file.get(), G_KEY_FILE_DESKTOP_GROUP, G_KEY_FILE_DESKTOP_KEY_NAME, nullptr, &g.error);
++
++    if (g.error) throw std::runtime_error
++    {
++        "Failed to query localized name [" + std::string(g.error->message) + "]"
++    };
++
++    return app_name;
++}
++
++std::string icon_from_desktop_entry_or_throw(const fs::path& fn)
++{
++    Error g;
++    std::shared_ptr<GKeyFile> key_file{g_key_file_new(), [](GKeyFile* file) { if (file) g_key_file_free(file); }};
++
++    if (not g_key_file_load_from_file(key_file.get(), fn.string().c_str(), G_KEY_FILE_NONE, &g.error)) throw std::runtime_error
++    {
++        "Failed to load desktop entry [" + std::string(g.error->message) + "]"
++    };
++
++    auto app_icon = g_key_file_get_locale_string(key_file.get(), G_KEY_FILE_DESKTOP_GROUP, G_KEY_FILE_DESKTOP_KEY_ICON, nullptr, &g.error);
++
++    if (g.error) throw std::runtime_error
++    {
++        "Failed to query icon [" + std::string(g.error->message) + "]"
++    };
++
++    // We expect an absolute path to a regular file representing the icon. Ideally, we should
++    // also run further checks like the file not being part of another app for example.
++    fs::path p{app_icon};
++    if (not p.is_absolute() || not fs::is_regular_file(fs::status(p))) throw std::runtime_error
++    {
++        "Icon path is either not absolute or not pointing to a regular file [" + std::string{app_icon} + "]"
++    };
++
++    return app_icon;
++}
++}
++
++mir::ClickDesktopEntryAppInfoResolver::ClickDesktopEntryAppInfoResolver()
++{
++}
++
++mir::AppInfo mir::ClickDesktopEntryAppInfoResolver::resolve(const std::string& app_id)
++{
++    auto de = resolve_desktop_entry_or_throw(app_id);
++    return mir::AppInfo
++    {
++        icon_from_desktop_entry_or_throw(de),
++        name_from_desktop_entry_or_throw(de),
++        app_id
++    };
++}
 === added file 'src/core/trust/mir/click_desktop_entry_app_info_resolver.h'
 --- src/core/trust/mir/click_desktop_entry_app_info_resolver.h	1970-01-01 00:00:00 +0000
 +++ src/core/trust/mir/click_desktop_entry_app_info_resolver.h	2015-11-30 10:46:27 +0000
@@ -0,0 +1,49 @@
++/*
++ * Copyright © 2015 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ */
++
++#ifndef CORE_TRUST_MIR_CLICK_DESKTOP_ENTRY_APP_NAME_RESOLVER_H_
++#define CORE_TRUST_MIR_CLICK_DESKTOP_ENTRY_APP_NAME_RESOLVER_H_
++
++#include <core/trust/mir/agent.h>
++
++namespace core
++{
++namespace trust
++{
++namespace mir
++{
++// A ClickDesktopEntryAppNameResolver queries the click database of installed
++// packages to resolve an app's installation folder in the local filesystem.
++// The directory is searched for a .desktop file, that is then loaded and queried
++// for the app's localized name.
++class CORE_TRUST_DLL_PUBLIC ClickDesktopEntryAppInfoResolver : public AppInfoResolver
++{
++public:
++    // ClickDesktopEntryAppNameResolver sets up an instance with default dbs.
++    ClickDesktopEntryAppInfoResolver();
++
++    // resolve queries the click index and an apps desktop file entry for
++    // obtaining a localized application name. Throws std::runtime_error in
++    // case of issues.
++    AppInfo resolve(const std::string& app_id) override;
++};
++}
++}
++}
++
++#endif // CORE_TRUST_MIR_CLICK_DESKTOP_ENTRY_APP_NAME_RESOLVER_H_
 === modified file 'src/core/trust/mir/prompt_main.cpp'
 --- src/core/trust/mir/prompt_main.cpp	2015-08-31 13:16:20 +0000
 +++ src/core/trust/mir/prompt_main.cpp	2015-11-30 10:46:27 +0000
@@ -74,9 +74,19 @@
+ {
      // We are throwing exceptions here, which immediately calls abort and still gives a
      // helpful error message on the terminal.
--    if (vm.count(cli::option_title) == 0) throw std::logic_error
--    {
--        "Missing option title."
++    if (vm.count(cli::option_icon) == 0) throw std::logic_error
++    {
++        "Missing option icon."
++    };
++
++    if (vm.count(cli::option_name) == 0) throw std::logic_error
++    {
++        "Missing option name."
++    };
++
++    if (vm.count(cli::option_id) == 0) throw std::logic_error
++    {
++        "Missing option id."
      };
      if (vm.count(cli::option_description) == 0) throw std::logic_error
@@ -84,17 +94,13 @@
          "Missing option description"
      };
--    if (vm.count(cli::option_server_socket) == 0) throw std::logic_error
--    {
--        "Missing option mir_server_socket"
--    };
--
--    std::string mir_server_socket = vm[cli::option_server_socket].as<std::string>();
--
--    if (mir_server_socket.find("fd://") != 0) throw std::logic_error
--    {
--        "mir_server_socket does not being with fd://"
--    };
++    if (vm.count(cli::option_server_socket) > 0)
++    {
++        if (vm[cli::option_server_socket].as<std::string>().find("fd://") != 0) throw std::logic_error
++        {
++            "mir_server_socket does not being with fd://"
++        };
++    }
+ }
+ }
+ }
@@ -104,8 +110,10 @@
      boost::program_options::options_description options;
      options.add_options()
              (cli::option_server_socket, boost::program_options::value<std::string>(), "Mir server socket to connect to.")
++            (cli::option_icon, boost::program_options::value<std::string>(), "Icon of the requesting application.")
++            (cli::option_name, boost::program_options::value<std::string>(), "Name of the requesting application.")
++            (cli::option_id, boost::program_options::value<std::string>(), "Id of the requesting application.")
              (cli::option_description, boost::program_options::value<std::string>(), "Extended description of the prompt.")
--            (cli::option_title, boost::program_options::value<std::string>(), "Title of the prompt.")
              (cli::option_testing, "Only checks command-line parameters and does not execute any actions.")
              (cli::option_testability, "Loads the Qt Testability plugin if provided.");
@@ -124,30 +132,29 @@
      boost::program_options::store(parsed_options, vm);
      boost::program_options::notify(vm);
++    // We immediately bail out if verification of command line arguments fails.
++    testing::validate_command_line_arguments(vm);
++
      // We just verify command line arguments in testing and immediately return.
      if (vm.count(cli::option_testing) > 0)
--    {
--        testing::validate_command_line_arguments(vm); return 0;
--    }
--
--    // Let's validate the arguments.
--    if (vm.count(cli::option_title) == 0)
--        abort(); // We have to call abort here to make sure that we get signalled.
--
--    std::string title = vm[cli::option_title].as<std::string>();
--
--    std::string description;
--    if (vm.count(cli::option_description) > 0)
--        description = vm[cli::option_description].as<std::string>();
++        return 0;
++
++    auto icon = vm[cli::option_icon].as<std::string>();
++    auto name = vm[cli::option_name].as<std::string>();
++    auto id = vm[cli::option_id].as<std::string>();
++    // As per design, we replace "_" in app ids with a "/", thereby
++    // rendering the app id a little nicer. See:
++    //
++    //   http://pasteboard.co/2qhB6op7.png
++    //
++    // for an example.
++    std::replace(id.begin(), id.end(), '_', '/');
++    auto description = vm[cli::option_description].as<std::string>();
      if (vm.count(cli::option_server_socket) > 0)
+     {
--        // We make sure that the env variable is not set prior to adusting it.
          this_env::unset_or_throw(env::option_mir_socket);
--
--        this_env::set_or_throw(
--                    env::option_mir_socket,
--                    vm[cli::option_server_socket].as<std::string>());
++        this_env::set_or_throw(env::option_mir_socket, vm[cli::option_server_socket].as<std::string>());
+     }
      // We install our default gettext domain prior to anything qt.
@@ -202,14 +209,10 @@
      view->setTitle(QGuiApplication::applicationName());
      // Make some properties known to the root context.
--    // The title of the dialog.
--    view->rootContext()->setContextProperty(
--                cli::option_title,
--                title.c_str());
--    // The description of the dialog.
--    view->rootContext()->setContextProperty(
--                    cli::option_description,
--                    description.c_str());
++    view->rootContext()->setContextProperty(cli::option_icon, icon.c_str());
++    view->rootContext()->setContextProperty(cli::option_name, name.c_str());
++    view->rootContext()->setContextProperty(cli::option_id, id.c_str());
++    view->rootContext()->setContextProperty(cli::option_description, description.c_str());
      // Point the engine to the right directory. Please note that
      // the respective value changes with the installation state.
 === modified file 'src/core/trust/mir/prompt_main.h'
 --- src/core/trust/mir/prompt_main.h	2015-02-11 13:04:24 +0000
 +++ src/core/trust/mir/prompt_main.h	2015-11-30 10:46:27 +0000
@@ -46,10 +46,22 @@
      "mir_server_socket"
  };
--/** @brief Title of the prompt. */
--static constexpr const char* option_title
--{
--    "title"
++/** @brief Icon of the requesting app. */
++static constexpr const char* option_icon
++{
++    "icon"
++};
++
++/** @brief Name of the requesting app. */
++static constexpr const char* option_name
++{
++    "name"
++};
++
++/** @brief Id of the requesting app. */
++static constexpr const char* option_id
++{
++    "id"
  };
  /** @brief Extended description of the prompt. */
 === modified file 'src/core/trust/mir/prompt_main.qml'
 --- src/core/trust/mir/prompt_main.qml	2014-11-06 10:38:33 +0000
 +++ src/core/trust/mir/prompt_main.qml	2015-11-30 10:46:27 +0000
@@ -15,40 +15,76 @@
   */
  import QtQuick 2.0
--import Ubuntu.Components 1.1
--import Ubuntu.Components.Popups 1.0
--
--Rectangle {
--    width: units.gu(40)
--    height: units.gu(71)
--    color: "transparent"
--
--    property var dialogTitle: title
--    property var dialogDescription: description
++import Ubuntu.Components 1.3
++import Ubuntu.Components.Popups 1.3
++
++Item {
++
++    property var appIcon: icon
++    property var appName: name
++    property var appId: id
++    property var serviceDescription: description
      signal quit(int code)
--    Component.onCompleted: dialog.show();
--
--    Dialog {
++    Component {
          id: dialog
--
--        title: dialogTitle
--        text: dialogDescription
--        fadingAnimation: PropertyAnimation { duration: 0 }
--
--        Button {
--            objectName: "deny"
--            text: i18n.tr("Deny")
--            color: UbuntuColors.red
--            onClicked: quit(1)
--        }
--
--        Button {
--            objectName: "allow"
--            text: i18n.tr("Allow")
--            color: UbuntuColors.green
--            onClicked: quit(0)
++        Dialog {
++            id: dialogue
++            Column {
++                spacing: units.gu(0.5)
++                UbuntuShape {
++                    anchors.horizontalCenter: parent.horizontalCenter
++                    id: iconShape
++                    radius: "medium"
++                    aspect: UbuntuShape.DropShadow
++                    anchors.margins: units.gu(1)
++                    sourceFillMode: UbuntuShape.PreserveAspectCrop
++                    source: Image {
++                        id: icon
++                        sourceSize.width: iconShape.width
++                        sourceSize.height: iconShape.height
++                        source: appIcon
++                    }
++                }
++                Label {
++                    anchors.horizontalCenter: parent.horizontalCenter
++                    text: appName
++                    horizontalAlignment: Text.AlignHCenter
++                    width: parent.width
++                    elide: Text.ElideRight
++                    wrapMode: Text.Wrap
++                    maximumLineCount: 2
++                }
++                Label {
++                    anchors.horizontalCenter: parent.horizontalCenter
++                    text: appId
++                    color: UbuntuColors.lightGrey
++                    fontSize: "small"
++                    width: parent.width
++                    horizontalAlignment: Text.AlignHCenter
++                    elide: Text.ElideMiddle
++                    maximumLineCount: 1
++                }
++            }
++            Label {
++                anchors.horizontalCenter: parent.horizontalCenter
++                text: serviceDescription
++                horizontalAlignment: Text.AlignHCenter
++                width: parent.width
++                wrapMode: Text.Wrap
++            }
++            Button {
++                text: i18n.tr("Allow")
++                color: UbuntuColors.green
++                onClicked: quit(0)
++            }
++            Button {
++                text: i18n.tr("Don’t Allow")
++                color: UbuntuColors.lightGrey
++                onClicked: quit(1)
++            }
+         }
+     }
++    Component.onCompleted: PopupUtils.open(dialog)
+ }
 === modified file 'tests/CMakeLists.txt'
 --- tests/CMakeLists.txt	2015-11-30 10:46:27 +0000
 +++ tests/CMakeLists.txt	2015-11-30 10:46:27 +0000
@@ -242,6 +242,11 @@
      mir_agent_test.cpp
+   )
++  add_executable(
++    click_desktop_entry_app_name_resolver_test
++    click_desktop_entry_app_name_resolver_test.cpp
++  )
++
    target_link_libraries(
      mir_agent_test
@@ -256,7 +261,22 @@
      ${PROCESS_CPP_LIBRARIES}
+   )
++  target_link_libraries(
++    click_desktop_entry_app_name_resolver_test
++
++    trust-store
++
++    gmock
++
++    gtest
++    gtest_main
++
++    ${PROCESS_CPP_LIBRARIES}
++  )
++
++
    add_test(mir_agent_test ${CMAKE_CURRENT_BINARY_DIR}/mir_agent_test --gtest_filter=*-*requires_mir)
++  add_test(click_desktop_entry_app_name_resolver_test ${CMAKE_CURRENT_BINARY_DIR}/click_desktop_entry_app_name_resolver_test)
    install(
      TARGETS mir_agent_test
 === added file 'tests/click_desktop_entry_app_name_resolver_test.cpp'
 --- tests/click_desktop_entry_app_name_resolver_test.cpp	1970-01-01 00:00:00 +0000
 +++ tests/click_desktop_entry_app_name_resolver_test.cpp	2015-11-30 10:46:27 +0000
@@ -0,0 +1,75 @@
++/*
++ * Copyright © 2013 Canonical Ltd.
++ *
++ * This program is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU Lesser General Public License version 3,
++ * as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ * Authored by: Thomas Voß <thomas.voss@canonical.com>
++ */
++
++#include <core/trust/mir/click_desktop_entry_app_info_resolver.h>
++#include <core/posix/this_process.h>
++#include "test_data.h"
++
++#include <gtest/gtest.h>
++
++#include <fstream>
++
++namespace env = core::posix::this_process::env;
++namespace mir = core::trust::mir;
++
++namespace
++{
++bool ensure_icon_file()
++{
++    std::ofstream out{"/tmp/test.icon"};
++    out << "test.icon";
++    return out.good();
++}
++}
++
++TEST(ClickDesktopEntryAppInfoResolver, throws_for_invalid_app_id)
++{
++    ASSERT_TRUE(ensure_icon_file());
++    mir::ClickDesktopEntryAppInfoResolver resolver;
++    EXPECT_THROW(resolver.resolve("something:not:right"), std::runtime_error);
++}
++
++TEST(ClickDesktopEntryAppInfoResolver, resolves_existing_desktop_entry_from_xdg_data_home)
++{
++    ASSERT_TRUE(ensure_icon_file());
++    env::unset_or_throw("XDG_DATA_HOME");
++    env::set_or_throw("XDG_DATA_HOME", core::trust::testing::current_source_dir + std::string("/share"));
++    mir::ClickDesktopEntryAppInfoResolver resolver;
++    EXPECT_NO_THROW(resolver.resolve("valid.pkg_app_0.0.0"));
++}
++
++TEST(ClickDesktopEntryAppInfoResolver, robustly_resolves_existing_desktop_entry_from_xdg_data_home)
++{
++    ASSERT_TRUE(ensure_icon_file());
++    env::unset_or_throw("XDG_DATA_HOME");
++    env::set_or_throw("XDG_DATA_HOME", core::trust::testing::current_source_dir + std::string("/share"));
++
++    mir::ClickDesktopEntryAppInfoResolver resolver;
++    EXPECT_NO_THROW(resolver.resolve("valid.pkg_app"));
++}
++
++TEST(ClickDesktopEntryAppInfoResolver, resolves_existing_desktop_entry_from_xdg_data_dirs)
++{
++    ASSERT_TRUE(ensure_icon_file());
++    env::unset_or_throw("XDG_DATA_HOME"); env::unset_or_throw("XDG_DATA_DIRS");
++    env::set_or_throw("XDG_DATA_HOME", core::trust::testing::current_source_dir + std::string("/empty"));
++    env::set_or_throw("XDG_DATA_DIRS", core::trust::testing::current_source_dir + std::string("/share"));
++
++    mir::ClickDesktopEntryAppInfoResolver resolver;
++    resolver.resolve("valid.pkg_app_0.0.0");
++}
 === added directory 'tests/empty'
 === added directory 'tests/empty/applications'
 === modified file 'tests/mir_agent_test.cpp'
 --- tests/mir_agent_test.cpp	2015-11-30 10:46:27 +0000
 +++ tests/mir_agent_test.cpp	2015-11-30 10:46:27 +0000
@@ -99,6 +99,11 @@
      MOCK_METHOD1(translate, core::trust::Request::Answer(const core::posix::wait::Result&));
  };
++struct MockAppInfoResolver : public core::trust::mir::AppInfoResolver
++{
++    MOCK_METHOD1(resolve, core::trust::mir::AppInfo(const std::string&));
++};
++
  std::shared_ptr<MockConnectionVirtualTable> a_mocked_connection_vtable()
+ {
      return std::make_shared<testing::NiceMock<MockConnectionVirtualTable>>();
@@ -117,6 +122,11 @@
                      "/bin/false"
                  });
+ }
++
++std::shared_ptr<MockAppInfoResolver> a_mocked_app_info_resolver()
++{
++    return std::make_shared<MockAppInfoResolver>();
++}
+ }
  TEST(DefaultProcessStateTranslator, throws_for_signalled_process)
@@ -172,7 +182,11 @@
      core::trust::mir::PromptProviderHelper::InvocationArguments iargs
+     {
 ,
--        "does.not.exist.application",
++        {
++            "/tmp",
++            "Does not exist",
++            "does.not.exist.application"
++        },
          "Just an extended description for %1%"
      };
@@ -193,6 +207,8 @@
      using namespace ::testing;
      const core::trust::Pid app_pid {21};
++    const std::string app_icon{"/tmp"};
++    const std::string app_name {"Does not exist"};
      const std::string app_id {"does.not.exist.application"};
      const core::trust::Feature feature{42};
      const std::string app_description {"This is just an extended description %1%"};
@@ -201,7 +217,11 @@
      const core::trust::mir::PromptProviderHelper::InvocationArguments reference_invocation_args
+     {
          pre_authenticated_fd,
--        app_id,
++        {
++            app_icon,
++            app_name,
++            app_id
++        },
          app_description
      };
@@ -209,6 +229,7 @@
      auto prompt_session_vtable = a_mocked_prompt_session_vtable();
      auto prompt_provider_exec_helper = a_mocked_prompt_provider_calling_bin_false();
++    auto app_info_resolver = a_mocked_app_info_resolver();
      ON_CALL(*connection_vtable, create_prompt_session_sync(_, _, _))
              .WillByDefault(Return(prompt_session_vtable));
@@ -219,6 +240,9 @@
      ON_CALL(*prompt_session_vtable, add_prompt_provider_sync(_))
              .WillByDefault(Return(true));
++    ON_CALL(*app_info_resolver, resolve(_))
++            .WillByDefault(Return(core::trust::mir::AppInfo{app_icon, app_name, app_id}));
++
      EXPECT_CALL(*connection_vtable, create_prompt_session_sync(app_pid, _, _)).Times(1);
      EXPECT_CALL(*prompt_session_vtable, new_fd_for_prompt_provider()).Times(1);
@@ -228,21 +252,94 @@
      core::trust::mir::Agent agent
+     {
--        connection_vtable,
--        prompt_provider_exec_helper,
--        core::trust::mir::Agent::translator_only_accepting_exit_status_success()
--    };
--
--    EXPECT_EQ(core::trust::Request::Answer::denied, // /bin/false exits with failure.
--              agent.authenticate_request_with_parameters(
--                  core::trust::Agent::RequestParameters
--                  {
--                     core::trust::Uid{::getuid()},
--                     app_pid,
--                     app_id,
--                     feature,
--                     app_description
--                  }));
++        core::trust::mir::Agent::Configuration
++        {
++            connection_vtable,
++            prompt_provider_exec_helper,
++            core::trust::mir::Agent::translator_only_accepting_exit_status_success(),
++            app_info_resolver
++        }
++    };
++
++    EXPECT_EQ(core::trust::Request::Answer::denied, // /bin/false exits with failure.
++              agent.authenticate_request_with_parameters(
++                  core::trust::Agent::RequestParameters
++                  {
++                     core::trust::Uid{::getuid()},
++                     app_pid,
++                     app_id,
++                     feature,
++                     app_description
++                  }));
++}
++
++TEST(MirAgent, calls_into_app_info_resolver_with_app_id)
++{
++    using namespace ::testing;
++
++    const core::trust::Pid app_pid {21};
++    const std::string app_id {"does.not.exist.application"};
++    const std::string app_icon{"/tmp"};
++    const std::string app_name{"MeMyselfAndI"};
++    const core::trust::Feature feature{42};
++    const std::string app_description {"This is just an extended description for %1%"};
++    const int pre_authenticated_fd {42};
++
++    const core::trust::mir::PromptProviderHelper::InvocationArguments reference_invocation_args
++    {
++        pre_authenticated_fd,
++        {
++            app_icon,
++            app_name,
++            app_id
++        },
++        app_description
++    };
++
++    auto connection_vtable = a_mocked_connection_vtable();
++    auto prompt_session_vtable = a_mocked_prompt_session_vtable();
++
++    auto prompt_provider_exec_helper = a_mocked_prompt_provider_calling_bin_false();
++    auto app_info_resolver = a_mocked_app_info_resolver();
++
++    ON_CALL(*connection_vtable, create_prompt_session_sync(_, _, _))
++            .WillByDefault(Return(prompt_session_vtable));
++
++    ON_CALL(*prompt_session_vtable, new_fd_for_prompt_provider())
++            .WillByDefault(Return(pre_authenticated_fd));
++
++    ON_CALL(*prompt_session_vtable, add_prompt_provider_sync(_))
++            .WillByDefault(Return(true));
++
++    EXPECT_CALL(*app_info_resolver, resolve(app_id)).Times(1)
++            .WillRepeatedly(
++                Return(core::trust::mir::AppInfo{app_icon, app_name, app_id}));
++    EXPECT_CALL(*prompt_provider_exec_helper,
++                exec_prompt_provider_with_arguments(
++                    reference_invocation_args)).Times(1);
++
++    core::trust::mir::Agent agent
++    {
++        core::trust::mir::Agent::Configuration
++        {
++            connection_vtable,
++            prompt_provider_exec_helper,
++            core::trust::mir::Agent::translator_only_accepting_exit_status_success(),
++            app_info_resolver
++        }
++    };
++
++    EXPECT_EQ(core::trust::Request::Answer::denied, // /bin/false exits with failure.
++              agent.authenticate_request_with_parameters(
++                  core::trust::Agent::RequestParameters
++                  {
++                     core::trust::Uid{::getuid()},
++                     app_pid,
++                     app_id,
++                     feature,
++                     app_description
++                  }));
++
+ }
  TEST(MirAgent, sig_kills_prompt_provider_process_on_status_change)
@@ -250,6 +347,8 @@
      using namespace ::testing;
      const core::trust::Pid app_pid {21};
++    const std::string app_icon{"/tmp"};
++    const std::string app_name{"MeMyselfAndI"};
      const std::string app_id {"does.not.exist.application"};
      const core::trust::Feature feature{42};
      const std::string app_description {"This is just an extended description for %1%"};
@@ -270,6 +369,8 @@
      auto prompt_provider_helper = std::make_shared<MockPromptProviderHelper>(
                  core::trust::mir::PromptProviderHelper::CreationArguments{"/bin/false"});
++    auto app_info_resolver = a_mocked_app_info_resolver();
++
      void* prompt_session_state_callback_context{nullptr};
      ON_CALL(*prompt_provider_helper, exec_prompt_provider_with_arguments(_))
@@ -289,6 +390,9 @@
                  Return(
                      true));
++    ON_CALL(*app_info_resolver, resolve(_))
++            .WillByDefault(Return(core::trust::mir::AppInfo{app_icon, app_name, app_id}));
++
      // An invocation results in a session being created. In addition,
      // we store pointers to callback and context provided by the implementation
      // for being able to later trigger the callback.
@@ -300,9 +404,13 @@
      core::trust::mir::Agent agent
+     {
--        connection_vtable,
--        prompt_provider_helper,
--        core::trust::mir::Agent::translator_only_accepting_exit_status_success()
++        core::trust::mir::Agent::Configuration
++        {
++            connection_vtable,
++            prompt_provider_helper,
++            core::trust::mir::Agent::translator_only_accepting_exit_status_success(),
++            app_info_resolver
++        }
      };
      std::thread asynchronously_stop_the_prompting_session
@@ -416,7 +524,9 @@
      std::vector<std::string> argv
+     {
          "--" + std::string{core::trust::mir::cli::option_server_socket} + "=" + mir_socket(),
--        "--" + std::string{core::trust::mir::cli::option_title} + "=" + pretty_function,
++        "--" + std::string{core::trust::mir::cli::option_icon}, pretty_function,
++        "--" + std::string{core::trust::mir::cli::option_name}, pretty_function,
++        "--" + std::string{core::trust::mir::cli::option_id}, pretty_function,
          "--" + std::string{core::trust::mir::cli::option_description} + "=" + pretty_function,
          // We have to circumvent unity8's authentication mechanism and just provide
          // the desktop_file_hint as part of the command line.
 === added directory 'tests/share'
 === added directory 'tests/share/applications'
 === added file 'tests/share/applications/valid.pkg_app_0.0.0.desktop'
 --- tests/share/applications/valid.pkg_app_0.0.0.desktop	1970-01-01 00:00:00 +0000
 +++ tests/share/applications/valid.pkg_app_0.0.0.desktop	2015-11-30 10:46:27 +0000
@@ -0,0 +1,56 @@
++[Desktop Entry]
++Type=Application
++Icon=/tmp/test.icon
++Name=Camera
++Name[am]=ካሜራ
++Name[ar]=الكاميرا
++Name[ast]=Cámara
++Name[az]=Kamera
++Name[bg]=Камера
++Name[br]=Kamera
++Name[bs]=Kamera
++Name[ca]=Càmera
++Name[ca@valencia]=Càmera
++Name[cs]=Fotoaparát
++Name[cy]=Camera
++Name[da]=Kamera
++Name[de]=Kamera
++Name[el]=Κάμερα
++Name[en_AU]=Camera
++Name[en_GB]=Camera
++Name[es]=Cámara
++Name[eu]=Kamera
++Name[fa]=دوربین
++Name[fi]=Kamera
++Name[fr]=Appareil photo
++Name[gd]=Camara
++Name[gl]=Cámara
++Name[he]=מצלמה
++Name[hi]=कैमरा
++Name[hr]=Fotoaparat
++Name[hu]=Kamera
++Name[hy]=Կամերա
++Name[is]=Myndavél
++Name[it]=Fotocamera
++Name[ja]=カメラ
++Name[km]=ម៉ាស៊ីន<U+200B>ថ<U+200B>ត
++Name[ko]=카메라
++Name[lo]=ກ້ອງ
++Name[lv]=Fotokamera
++Name[ml]=ക്യാമറ
++Name[ms]=Kamera
++Name[my]=ကင<U+103A>မရာ
++Name[nb]=Kamera
++Name[nl]=Camera
++Name[pa]=ਕੈਮਰਾ
++Name[pl]=Aparat
++Name[pt]=Câmara
++Name[pt_BR]=Câmera
++Name[ro]=Aparat foto
++Name[ru]=Камера
++Name[sl]=Fotoaparat
++Name[sr]=Камера
++Name[sv]=Kamera
++Name[ta]=புகைப்பட கருவி
++Name[te]=కెమేరా
++Name[tr]=Fotoğraf Makinesi
 === modified file 'tests/test_data.h.in'
 --- tests/test_data.h.in	2014-08-12 14:25:41 +0000
 +++ tests/test_data.h.in	2015-11-30 10:46:27 +0000
@@ -25,6 +25,11 @@
+ {
  namespace testing
+ {
++static constexpr const char* current_source_dir
++{
++    "@CMAKE_CURRENT_SOURCE_DIR@"
++};
++
  static constexpr const char* trust_prompt_executable_in_build_dir
+ {
      "@CMAKE_BINARY_DIR@/src/trust-prompt"