Created by Ubuntu Package Importer on 2014-04-26 and last modified on 2014-10-22
Get this branch:
bzr branch lp:ubuntu/utopic/apparmor-easyprof-ubuntu
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

95. By Jamie Strandboge on 2014-10-22

ubuntu/networking: add rules for app-specific ubuntu-download-manager
file downloads (LP: #1384349)

94. By Jamie Strandboge on 2014-10-14

ubuntu/audio: also allow access to GetArtistArt when accessing the
thumbnailer (LP: #1381102)

93. By Jamie Strandboge on 2014-10-08

* ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
  /com/google/code/AccountsSSO/SingleSignOn/** (LP: #1378809)
* ubuntu/ubuntu-*, pending/ubuntu-scope-local-content, ubuntu/webview: also
  allow read on /android/system/build.prop (LP: #1378838)

92. By Jamie Strandboge on 2014-10-06

* ubuntu/1.2/push-notification-client: don't deny access to the clipboard
  since sdk apps are supposed to be able to specify this policy group
* ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among
  other things) explicitly disables access to the clipboard (LP: #1371170)
* adjust autopackagetest for ubuntu-push-helper
* ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: also
  add remaining libhybris paths (/{,var/}run/shm/hybris_shm_data and
* ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access
  (LP: #1378115)

91. By Jamie Strandboge on 2014-10-06

ubuntu/1.[12]/ubuntu-{sdk,webapp}: re-add still needed rule for
/{,run/}shm/shm/WK2SharedMemory.[0-9]*. This needs to stay until qtwebkit
is removed from the image (LP: #1377648)

90. By Jamie Strandboge on 2014-10-03

* ubuntu/accounts: allow access to GetAll on org.freedesktop.DBus.Properties
  for /com/google/code/AccountsSSO/SingleSignOn (LP: #1377205)
* ubuntu/webview: also deny access to /custom/etc/dconf_profile. This is
  fallout from Oxide trying to use gsettings, but we've been silently
  denying that access since the webview policy group was added, so just
  silence this denial too (LP: #1260101)
* ubuntu/ubuntu-{sdk,webapp}: also allow talking to clipboard on freedesktop
  interface (LP: #1377221)
* tests/test-data.py: update hardware dir handling and also adjust policy
  groups to use tmpdir
* debian/control: Build-Depends on apparmor so we can check syntax during

89. By Jamie Strandboge on 2014-10-01

* ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content:
  allow access to android libraries (LP: #1376430)
* ubuntu/ubuntu-{sdk,webapp}: allow read access for thumbnailer icons
  (LP: #1376436)

88. By Jamie Strandboge on 2014-09-30

* ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218)
* ubuntu/microphone: remove shmfd access since it is in the templates now

87. By Jamie Strandboge on 2014-09-29

ubuntu/webview: explicitly deny write access to @{PROC}/[0-9]*/oom_adj
and @{PROC}/[0-9]*/oom_score_adj. This is confirmed as a way to escape
application lifecycle (LP: #1260115)

86. By Jamie Strandboge on 2014-09-26

* ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable
  on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623)
* ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for
  /{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060)
* ubuntu/microphone:
  - add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder
    (LP: #1370218)
  - explicitly deny read on /dev/
* ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
  webapp-container needs corresponding 'bind' call on
  org.freedesktop.Application, which we block elsewhere. webapp-container
  shouldn't be doing this under confinement, but we allow this rule in
  content_exchange, so just allow it to avoid confusion. (LP: #1357371)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.