~ken-vandine/apparmor-easyprof-ubuntu/content_exchange

~ken-vandine/apparmor-easyprof-ubuntu/content_exchange_mir

Viewing changes to data/policygroups/ubuntu/1.0/friends

Committer: Jamie Strandboge
Date: 2015-02-03 22:08:27 UTC
Revision ID: jamie@ubuntu.com-20150203220827-rfz4540yx2c1kbzt

Tags: 1.3.1

* ubuntu/ubuntu-sdk:
  - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
    Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src
  - explicitly deny dbus bind on name="org.freedesktop.Application" since
    it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
* ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use
  webapp-container and specify the 'webview' policy group with 1.3 (15.04)
  policy (LP: #1392461)
* ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow
  scopes to read data from the apps data dir (LP: #1384286)
* adjust all dbus rules to use peer=(label=unconfined) to prevent
  coordinated communications between apps over DBus (LP: #1383824)
* ubuntu/{music,pictures,video}_files*: allow access to global SD card
  directories (LP: #1391930)
* debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
  changes (we need at least apparmor_parser 2.9.beta4 for these)

files modified:
data/policygroups/ubuntu/1.0/accounts

data/policygroups/ubuntu/1.0/audio

data/policygroups/ubuntu/1.0/calendar

data/policygroups/ubuntu/1.0/camera

data/policygroups/ubuntu/1.0/contacts

data/policygroups/ubuntu/1.0/content_exchange

data/policygroups/ubuntu/1.0/content_exchange_source

data/policygroups/ubuntu/1.0/friends

data/policygroups/ubuntu/1.0/history

data/policygroups/ubuntu/1.0/location

data/policygroups/ubuntu/1.0/music_files

data/policygroups/ubuntu/1.0/music_files_read

data/policygroups/ubuntu/1.0/networking

data/policygroups/ubuntu/1.0/picture_files

data/policygroups/ubuntu/1.0/picture_files_read

data/policygroups/ubuntu/1.0/usermetrics

data/policygroups/ubuntu/1.0/video

data/policygroups/ubuntu/1.0/video_files

data/policygroups/ubuntu/1.0/video_files_read

data/policygroups/ubuntu/1.1/contacts

data/policygroups/ubuntu/1.1/content_exchange

data/policygroups/ubuntu/1.1/music_files

data/policygroups/ubuntu/1.1/music_files_read

data/policygroups/ubuntu/1.1/video_files

data/policygroups/ubuntu/1.1/video_files_read

data/policygroups/ubuntu/1.1/webview

data/policygroups/ubuntu/1.2/accounts

data/policygroups/ubuntu/1.2/connectivity

data/policygroups/ubuntu/1.2/push-notification-client

data/policygroups/ubuntu/1.2/sensors

data/templates/ubuntu/1.0/ubuntu-sdk

data/templates/ubuntu/1.0/ubuntu-webapp

data/templates/ubuntu/1.1/ubuntu-sdk

data/templates/ubuntu/1.1/ubuntu-webapp

data/templates/ubuntu/1.2/ubuntu-scope-network

data/templates/ubuntu/1.3/ubuntu-sdk

debian/changelog

debian/control

pending/templates/ubuntu-scope-local-content

Show diffs side-by-side

added added

removed removed

data/policygroups/ubuntu/1.0/friends

# Usage: reserved

dbus (send)

path=/com/canonical/friends/Dispatcher

interface=org.freedesktop.DBus.Properties,

path=/com/canonical/friends/Dispatcher

interface=org.freedesktop.DBus.Properties

peer=(label=unconfined),

dbus (send)

path=/com/canonical/friends/Dispatcher

peer=(name=com.canonical.Friends.Dispatcher),

path=/com/canonical/friends/Dispatcher

peer=(name=com.canonical.Friends.Dispatcher,label=unconfined),

dbus (send)

bus=session

path=/org/freedesktop/DBus

interface=org.freedesktop.DBus

member=RequestName

peer=(name=org.freedesktop.DBus),

peer=(name=org.freedesktop.DBus,label=unconfined),

dbus (bind)

bus=session

name=com.canonical.Friends.Streams,

bus=session

path=/com/canonical/dee/peer/com/canonical/Friends/Streams

interface=com.canonical.Dee.Peer

peer=(name=com.canonical.Friends.Streams),

peer=(name=com.canonical.Friends.Streams,label=unconfined),

dbus (receive)

bus=session

path=/com/canonical/dee/peer/com/canonical/Friends/Streams

interface=com.canonical.Dee.Peer,

interface=com.canonical.Dee.Peer

peer=(label=unconfined),

dbus (send)

bus=session

path=/com/canonical/dee/model/com/canonical/Friends/Streams

interface=com.canonical.Dee.Model

peer=(name=com.canonical.Friends.Streams),

peer=(name=com.canonical.Friends.Streams,label=unconfined),

dbus (receive)

bus=session

path=/com/canonical/dee/model/com/canonical/Friends/Streams

interface=com.canonical.Dee.Model,

interface=com.canonical.Dee.Model

peer=(label=unconfined),

# Access required for using freedesktop notifications

# (perhaps move out to templates?)

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=GetServerInformation,

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=Notify,

dbus (receive)

bus=session

member="Notify"

peer=(name="org.freedesktop.DBus"),

dbus (receive)

bus=session

path=/org/freedesktop/Notifications

member=NotificationClosed,

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=CloseNotification,

dbus (receive)

bus=session

path=/org/freedesktop/Notifications

member=dataChanged,

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=GetServerInformation

peer=(label=unconfined),

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=Notify

peer=(label=unconfined),

dbus (receive)

bus=session

member="Notify"

peer=(name="org.freedesktop.DBus",label=unconfined),

dbus (receive)

bus=session

path=/org/freedesktop/Notifications

member=NotificationClosed

peer=(label=unconfined),

dbus (send)

bus=session

path=/org/freedesktop/Notifications

member=CloseNotification

peer=(label=unconfined),

dbus (receive)

bus=session

path=/org/freedesktop/Notifications

member=dataChanged

peer=(label=unconfined),

Older »