← Back to branch summary

~ken-vandine/apparmor-easyprof-ubuntu/content_exchange_mir

~ken-vandine/apparmor-easyprof-ubuntu/content_exchange_mir

« back to all changes in this revision

Viewing changes to data/policygroups/ubuntu/1.0/content_exchange_source

Committer: Jamie Strandboge
Date: 2015-02-03 22:08:27 UTC
Revision ID: jamie@ubuntu.com-20150203220827-rfz4540yx2c1kbzt

Tags: 1.3.1

* ubuntu/ubuntu-sdk:
  - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
    Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src
  - explicitly deny dbus bind on name="org.freedesktop.Application" since
    it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
* ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use
  webapp-container and specify the 'webview' policy group with 1.3 (15.04)
  policy (LP: #1392461)
* ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow
  scopes to read data from the apps data dir (LP: #1384286)
* adjust all dbus rules to use peer=(label=unconfined) to prevent
  coordinated communications between apps over DBus (LP: #1383824)
* ubuntu/{music,pictures,video}_files*: allow access to global SD card
  directories (LP: #1391930)
* debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
  changes (we need at least apparmor_parser 2.9.beta4 for these)

files modified:
data/policygroups/ubuntu/1.0/accounts

data/policygroups/ubuntu/1.0/audio

data/policygroups/ubuntu/1.0/calendar

data/policygroups/ubuntu/1.0/camera

data/policygroups/ubuntu/1.0/contacts

data/policygroups/ubuntu/1.0/content_exchange

data/policygroups/ubuntu/1.0/content_exchange_source

data/policygroups/ubuntu/1.0/friends

data/policygroups/ubuntu/1.0/history

data/policygroups/ubuntu/1.0/location

data/policygroups/ubuntu/1.0/music_files

data/policygroups/ubuntu/1.0/music_files_read

data/policygroups/ubuntu/1.0/networking

data/policygroups/ubuntu/1.0/picture_files

data/policygroups/ubuntu/1.0/picture_files_read

data/policygroups/ubuntu/1.0/usermetrics

data/policygroups/ubuntu/1.0/video

data/policygroups/ubuntu/1.0/video_files

data/policygroups/ubuntu/1.0/video_files_read

data/policygroups/ubuntu/1.1/contacts

data/policygroups/ubuntu/1.1/content_exchange

data/policygroups/ubuntu/1.1/music_files

data/policygroups/ubuntu/1.1/music_files_read

data/policygroups/ubuntu/1.1/video_files

data/policygroups/ubuntu/1.1/video_files_read

data/policygroups/ubuntu/1.1/webview

data/policygroups/ubuntu/1.2/accounts

data/policygroups/ubuntu/1.2/connectivity

data/policygroups/ubuntu/1.2/push-notification-client

data/policygroups/ubuntu/1.2/sensors

data/templates/ubuntu/1.0/ubuntu-sdk

data/templates/ubuntu/1.0/ubuntu-webapp

data/templates/ubuntu/1.1/ubuntu-sdk

data/templates/ubuntu/1.1/ubuntu-webapp

data/templates/ubuntu/1.2/ubuntu-scope-network

data/templates/ubuntu/1.3/ubuntu-sdk

debian/changelog

debian/control

pending/templates/ubuntu-scope-local-content

Show diffs side-by-side

added added

removed removed

data/policygroups/ubuntu/1.0/content_exchange_source

4

4

bus=session

5

5

interface=org.freedesktop.DBus

6

6

path=/org/freedesktop/DBus

7

member=RequestName,

7

member=RequestName

8

peer=(label=unconfined),

8

9

dbus (bind)

9

10

bus=session

10

11

name=com.ubuntu.content.handler.@{APP_ID_DBUS},

11

12

dbus (receive)

12

13

bus=session

13

14

path=/com/ubuntu/content/handler/@{APP_ID_DBUS}

14

interface=com.ubuntu.content.dbus.Handler,

15

interface=com.ubuntu.content.dbus.Handler

16

peer=(label=unconfined),

15

17

dbus (receive, send)

16

18

bus=session

17

19

interface=com.ubuntu.content.dbus.Transfer

18

path=/transfers/@{APP_ID_DBUS}/export/*,

20

path=/transfers/@{APP_ID_DBUS}/export/*

21

peer=(label=unconfined),

19

22

dbus (receive, send)

20

23

bus=session

21

interface=com.ubuntu.content.dbus.Service,

24

interface=com.ubuntu.content.dbus.Service

25

peer=(label=unconfined),

Older »