← Back to branch summary

~ken-vandine/apparmor-easyprof-ubuntu/content_exchange_mir

« back to all changes in this revision

Viewing changes to data/policygroups/ubuntu/1.0/contacts

  • Committer: Jamie Strandboge
  • Date: 2015-02-03 22:08:27 UTC
  • Revision ID: jamie@ubuntu.com-20150203220827-rfz4540yx2c1kbzt
Tags: 1.3.1
* ubuntu/ubuntu-sdk:
  - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
    Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src
  - explicitly deny dbus bind on name="org.freedesktop.Application" since
    it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
* ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use
  webapp-container and specify the 'webview' policy group with 1.3 (15.04)
  policy (LP: #1392461)
* ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow
  scopes to read data from the apps data dir (LP: #1384286)
* adjust all dbus rules to use peer=(label=unconfined) to prevent
  coordinated communications between apps over DBus (LP: #1383824)
* ubuntu/{music,pictures,video}_files*: allow access to global SD card
  directories (LP: #1391930)
* debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
  changes (we need at least apparmor_parser 2.9.beta4 for these)

Show diffs side-by-side

added added

removed removed

Lines of Context:
data/policygroups/ubuntu/1.0/contacts
4
4
# Usage: reserved
5
5
dbus (receive, send)
6
6
     bus=session
7
 
     path=/com/canonical/pim/AddressBook,
 
7
     path=/com/canonical/pim/AddressBook
 
8
     peer=(label=unconfined),
8
9
dbus (receive, send)
9
10
     bus=session
10
 
     path=/com/canonical/pim/AddressBookView/**,
 
11
     path=/com/canonical/pim/AddressBookView/**
 
12
     peer=(label=unconfined),
11
13
 
12
14
# FIXME: LP: #1227818. Clients shouldn't access Telepathy directly. Remove
13
15
#        these when LP: #1227818 is fixed in address-book-app.
14
16
dbus (send)
15
17
     bus=session
16
18
     path=/org/freedesktop/Telepathy/AccountManager
17
 
     peer=(name=org.freedesktop.Telepathy.AccountManager),
18
 
dbus (receive)
19
 
     bus=session
20
 
     path=/org/freedesktop/Telepathy/AccountManager,
21
 
dbus (send)
22
 
     bus=session
23
 
     path=/org/freedesktop/Telepathy/ChannelDispatcher
24
 
     peer=(name=org.freedesktop.Telepathy.ChannelDispatcher),
25
 
dbus (receive)
26
 
     bus=session
27
 
     path=/org/freedesktop/Telepathy/ChannelDispatcher,
28
 
dbus (send)
29
 
     bus=session
30
 
     path=/org/freedesktop/Telepathy/Account/**
31
 
     member=Get{,All}
32
 
     peer=(name=org.freedesktop.Telepathy.AccountManager),
33
 
dbus (receive)
34
 
     bus=session
35
 
     path=/org/freedesktop/Telepathy/Account/**
36
 
     member=Get{,All},
 
19
     peer=(name=org.freedesktop.Telepathy.AccountManager,label=unconfined),
 
20
dbus (receive)
 
21
     bus=session
 
22
     path=/org/freedesktop/Telepathy/AccountManager
 
23
     peer=(label=unconfined),
 
24
dbus (send)
 
25
     bus=session
 
26
     path=/org/freedesktop/Telepathy/ChannelDispatcher
 
27
     peer=(name=org.freedesktop.Telepathy.ChannelDispatcher,label=unconfined),
 
28
dbus (receive)
 
29
     bus=session
 
30
     path=/org/freedesktop/Telepathy/ChannelDispatcher
 
31
     peer=(label=unconfined),
 
32
dbus (send)
 
33
     bus=session
 
34
     path=/org/freedesktop/Telepathy/Account/**
 
35
     member=Get{,All}
 
36
     peer=(name=org.freedesktop.Telepathy.AccountManager,label=unconfined),
 
37
dbus (receive)
 
38
     bus=session
 
39
     path=/org/freedesktop/Telepathy/Account/**
 
40
     member=Get{,All}
 
41
     peer=(label=unconfined),
37
42
 
38
43
# LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for
39
44
# now for trusted apps until sync-monitor is integrated with push
41
46
# status until this rule is removed.
42
47
dbus (receive, send)
43
48
     bus=session
44
 
     path=/com/canonical/SyncMonitor{,/**},
 
49
     path=/com/canonical/SyncMonitor{,/**}
 
50
     peer=(label=unconfined),