Merge lp:~verzegnassi-stefano/ubuntu-docviewer-app/fix-deletion-from-external-storage into lp:ubuntu-docviewer-app

Proposed by Stefano Verzegnassi on 2015-12-26
Status: Merged
Approved by: Roman Shchekin on 2015-12-27
Approved revision: 242
Merged at revision: 242
Proposed branch: lp:~verzegnassi-stefano/ubuntu-docviewer-app/fix-deletion-from-external-storage
Merge into: lp:ubuntu-docviewer-app
Diff against target: 13 lines (+2/-1)
1 file modified
click/docviewer.apparmor (+2/-1)
To merge this branch: bzr merge lp:~verzegnassi-stefano/ubuntu-docviewer-app/fix-deletion-from-external-storage
Reviewer Review Type Date Requested Status
Roman Shchekin Approve on 2015-12-27
Jenkins Bot continuous-integration Approve on 2015-12-26
Alan Pope 🍺🐧🐱 πŸ¦„ 2015-12-26 Pending
Review via email: mp+281360@code.launchpad.net

Commit Message

Updated AppArmor template. It fixes the deletion of a document stored on a SD card.

Description of the Change

Updated AppArmor template.
It fixes the deletion of a document stored on a SD card (which currently drops a DENIAL).

This would give us write permissions to the Documents folder in any external storage. Similar rights are already used by gallery-app and camera-app for similar reasons, through the 'picture_files' policy[1].
From the DocViewer perspective, this represents a move from an hypothetical 'document_files_read' to a 'document_files' policy.

@Alan: I'm expressly asking you as reviewer for the reason above, since we may need a authorization from the security team (this would probably be the first case of confined core app using a less restrictive policy).

[1] http://bazaar.launchpad.net/~ubuntu-security/apparmor-easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.1/picture_files

To post a comment you must log in.
review: Approve (continuous-integration)
Roman Shchekin (mrqtros) wrote :

Ok.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'click/docviewer.apparmor'
2--- click/docviewer.apparmor 2015-12-04 11:39:06 +0000
3+++ click/docviewer.apparmor 2015-12-26 17:41:49 +0000
4@@ -10,7 +10,8 @@
5 "/dev/disk/by-label/"
6 ],
7 "write_path": [
8- "@{HOME}/Documents/"
9+ "@{HOME}/Documents/",
10+ "/media/*/*/[Dd][Oo][Cc][Uu][Mm][Ee][Nn][Tt][Ss]/"
11 ],
12 "policy_version": 1.3
13 }

Subscribers

People subscribed via source and target branches