[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Changed in: canonical-devices-system-image
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Fix Released
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Released
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Jean-Baptiste Lallement]

** Changed in: canonical-devices-system-image
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Fix Committed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Released
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Launchpad Bug Tracker]

This bug was fixed in the package ubuntu-ui-toolkit -
1.3.2073+16.10.20160824

---
ubuntu-ui-toolkit (1.3.2073+16.10.20160824) yakkety; urgency=medium

  [ Zsombor Egri ]
  * No need to check the setting anymore when vibrate. Fixes LP: #1433590.

  [ Albert Astals Cid ]
  * AbstractButton: Bind mouse area signals earlier. Otherwise it can happen 
that
someone clicks on button and the binding is still not done, i.e. 22911213 .
Fixes LP: #1610165.

  [ Christian Dywan ]
  * Fix build warnings.
  * Remove unused Q_Q(UCAbtractButton) declaration.

  [ Larry Price ]
  * Address documentation issue in UbuntuListView - pullToRefresh has "enabled"
property. Fixes LP: #1387679

  [ Loïc Molinari ]
  * Added new C++ UbuntuMetrics library.
This library allows the monitoring of various metrics in QtQuick 2
applications. It allows the logging of different metrics as well as
overlaying these metrics on top of each QtQuick windows.
  * Added LTTng support to UbuntuMetrics.
  * Added support for logging generic events. Made use of it to log predefined
ApplicationMonitor events. Predefined events only define UserInterfaceReady
for now, as it's needed to track start-up time.
  * Wrapped libUbuntuMetrics to QML.

  [ Florian Boucault ]
  * Icon, Switch and ProgressBar: enable use of texture atlas.
  * ActivityIndicator: do not load the image until the ActivityIndicator is
made visible. Load it asynchronously.

  [ Tim Peeters ]
  * Remove unused CHANGES, CHANGES.syntax and NEWS files.

 -- Zoltán Balogh   Wed, 24 Aug 2016
11:35:29 +

** Changed in: ubuntu-ui-toolkit (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Released
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Launchpad Bug Tracker]

This bug was fixed in the package ubuntu-system-settings -
0.4+16.10.20160824.1-0ubuntu1

---
ubuntu-system-settings (0.4+16.10.20160824.1-0ubuntu1) yakkety; urgency=medium

  [ Florian Boucault ]
  * Crossbuilding packaging fixes.

  [ Pat McGowan ]
  * allows uss to be built by crossbuilder (LP: #1433590, #1614637)

  [ jonas-drange ]
  * use python3 in mock click command
  * force python3 to run by refering to it in the shebang of
test_code.py

 -- jonas.dra...@canonical.com (Jonas G. Drange)  Wed, 24 Aug 2016
13:52:14 +

** Changed in: ubuntu-system-settings (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Fix Released
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Committed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Branch linked: lp:~pat-mcgowan/ubuntu-system-settings/other-
vibrations

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  In Progress
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Committed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Changed in: ubuntu-system-settings (Ubuntu)
   Status: Confirmed => In Progress

** Changed in: ubuntu-system-settings (Ubuntu)
 Assignee: Jonas G. Drange (jonas-drange) => Pat McGowan (pat-mcgowan)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  In Progress
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Committed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Launchpad Bug Tracker]

** Branch linked: lp:~ci-train-bot/ubuntu-ui-toolkit/ubuntu-ui-toolkit-
ubuntu-yakkety-landing-094

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Committed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Christian Dywan]

** Changed in: ubuntu-ui-toolkit (Ubuntu)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Fix Committed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Launchpad Bug Tracker]

** Branch linked: lp:~zsombi/ubuntu-ui-toolkit/vibrateAgain

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this bug go 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Changed in: canonical-devices-system-image
 Assignee: Yuan-Chen Cheng (ycheng-twn) => Zsombor Egri (zsombi)

** Changed in: usensord (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Fix Committed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zsombor Egri]

@zhang woh!!! It works!!! Thanks for that! We can finally
proceed on UITK and System Settings app side then.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Pat,
The ci-train ticket is created and package built 
successfully(https://requests.ci-train.ubuntu.com/#/silo/017).
@Zsombor, you could use silo17 for testing if you like. Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Pat,
I have got the permission to work on Bileto. Will learn how to make a landing.
Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Pat,
I think yes because I don't know how to request a landing. Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

@zheng could you request a landing for this or do you need some help?
@zsombor any progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Zsombor，
Here is the latest usensord binary. Could you please help verify?
I verified unconfined apps, I cannot verify confined apps since this needs code 
change from Toolkit.
Thanks a lot.

** Attachment added: "usensord.zip"
   
https://bugs.launchpad.net/ubuntu/+source/usensord/+bug/1433590/+attachment/4707427/+files/usensord.zip

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Tyler and Seth,
Could you please help review current solution again? This bug is tagged ota13 
so I don't have much time left. Thanks a lot.
Hi Zsombor,
Have you verified the binary I sent to you? Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Seth,
Since Tyler is on vacation, could you please help review?
https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590/+merge/299959
Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Thanks Seth.
Do you have any suggestion what we can use in this case?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Seth Arnold]

/proc/pid/exe is also not suitable for security use.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this bug go to:

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Yuan-Chen Cheng]

** Changed in: canonical-devices-system-image
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Proposition from James Henstridge (jamesh)
"If you want to identify the executable, calling os.Readlink() on 
/proc/$PID/exe would be more appropriate:

$ ps x | grep maliit
 5823 ? Ssl 2:38 maliit-server
25788 pts/16 S+ 0:00 grep --color=auto maliit
$ ls -l /proc/5823/exe
lrwxrwxrwx 1 phablet phablet 0 Jul 7 11:47 /proc/5823/exe -> 
/usr/bin/maliit-server

I'd combine that with the a check that the security label is
"unconfined" as Tyler suggested (which you can do using the code
fragment I gave via mail). That should be enough to ensure you aren't
being faked out by an untrusted application, and are talking to the
expected system service."

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Thanks Seth and Tyler.
IMHO the start time of one process may always be different value. So... this 
solution is not correct.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Tyler Hicks]

Seth is right about PIDs not being sufficient for identifying a process.
Additionally, you cannot trust a /proc/PID/comm to identify what binary
was used to start the process. See the proc(5) man page for details on
how to trivially change your own comm to something that would trick the
check added in the merge proposal.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Seth Arnold]

A pid alone does not suffice to uniquely identify a process. pid+process
start time can uniquely identify a process. Without looking deeply this
probably needs to be reworked.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

I have compiled the usensord binary based on current solution.
I did some tests and it works well.
Since settings part is not ready, I am using below command to change the 
property whose default value is 0(means not vibrate).
dbus-send --session --print-reply --type=method_call 
--dest='com.canonical.usensord' /com/canonical/usensord/haptic 
org.freedesktop.DBus.Properties.Set string:"com.canonical.usensord.haptic" 
string:"OtherVibrate" uint32:1

Code is here: https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590
and the logic is
do vibration for OSK always.
do vibration for others only when the property is 1(means enabled in settings)

The property is saved in file, /home/phablet/.config/usensord/prop so
that it will be restored after factory reset.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

** Changed in: usensord (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this 

Re: [Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zsombor Egri]

On Wed, Jul 13, 2016 at 10:41 AM, Zhang Enwei 
wrote:

> I am now investigating if org.freedesktop.DBus.GetConnectionUnixProcessID
> is supported in go-dbus.
> If it is supported, we can use pid to get the name of the process or path
> of the binary.
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1433590
>
> Title:
>   apparmor dbus denial for org.freedesktop.Accounts and make Other
>   vibrations work
>
> Status in Canonical System Image:
>   Triaged
> Status in apparmor-easyprof-ubuntu package in Ubuntu:
>   Fix Released
> Status in ubuntu-system-settings package in Ubuntu:
>   Confirmed
> Status in ubuntu-ui-toolkit package in Ubuntu:
>   Confirmed
> Status in usensord package in Ubuntu:
>   Confirmed
>
> Bug description:
>   This affects vivid and (somewhat recently?) 14.09.
>
>   At some point, apps started to request access to
>   org.freedesktop.Accounts for something, but I'm not sure what. It has
>   been conjectured in this bug that it is due to vibration settings.
>   Filing against ubuntu-system-settings for now, but please feel free to
>   move to the correct package.
>
>   This happens with webapps:
>   Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts"
> interface="org.freedesktop.DBus.Introspectable" member="Introspect"
> mask="send" name="org.freedesktop.Accounts" pid=2632
> profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
> peer_pid=1596 peer_profile="unconfined"
>   Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts"
> interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
> name="org.freedesktop.Accounts" pid=2632
> profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
> peer_pid=1596 peer_profile="unconfined"
>
>   and QML apps:
>   Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts"
> interface="org.freedesktop.DBus.Introspectable" member="Introspect"
> mask="send" name="org.freedesktop.Accounts" pid=3377
> profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
> peer_profile="unconfined"
>   Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts"
> interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
> name="org.freedesktop.Accounts" pid=3377
> profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
> peer_profile="unconfined"
>
>   The following rules allow the requested access:
> dbus (send)
>  bus=system
>  path="/org/freedesktop/Accounts"
>  interface="org.freedesktop.DBus.{Introspectable,Properties}"
>  member=Introspect
>  peer=(name=org.freedesktop.Accounts,label=unconfined),
> dbus (send)
>  bus=system
>  path="/org/freedesktop/Accounts"
>  interface="org.freedesktop.Accounts"
>  member=FindUserById
>  peer=(name=org.freedesktop.Accounts,label=unconfined),
> dbus (send)
>  bus=system
>  path="/org/freedesktop/Accounts/User[0-9]*"
>  interface="org.freedesktop.DBus.Properties"
>  member=Get
>  peer=(name=org.freedesktop.Accounts,label=unconfined),
>
>   However, the above is too lenient and constitutes a privacy leak for
>   apps. FindUserById could be used by a malicious app to enumerate
>   usernames on multiuser systems and because we can't mediate method
>   data with apparmor, the Get() method can be used to obtain any
>   information provided by this interface.
>
>   The following can be used to see what can be leaked to a malicious app:
>   gdbus introspect --system -d org.freedesktop.Accounts -o
> /org/freedesktop/Accounts/User`id -u phablet`
>
>   This can be solved in a couple of ways:
>   1. add whatever information the app is trying to access to a new helper
> service that only exposes things that the app needs. This could be a single
> standalone service, perhaps something from ubuntu-system-settings, that
> could expose any number of things-- the current locale, if the locale
> changed, if the grid units changed, the vibration settings, etc. Since this
> service wouldn't have any sensitive information, you could use standard
> dbus properties/Get()/etc
>   2. add a new dbus API to an existing service such that apparmor rules
> can then be used to allow by method (eg, GetVibration() or something)
>
>   I won't dictate the implementation except to mention that '1' seems
>   like something generally useful and I believe that it was something
>   the ubuntu-system-settings devs were already looking at for detecting
>   locale changes without rebooting.
>
>
>   Original description
>   starting an app in vivid 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

I am now investigating if org.freedesktop.DBus.GetConnectionUnixProcessID is 
supported in go-dbus.
If it is supported, we can use pid to get the name of the process or path of 
the binary.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Yuan-Chen Cheng]

** Changed in: usensord (Ubuntu)
   Status: In Progress => Confirmed

** Changed in: canonical-devices-system-image
   Status: In Progress => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Thanks Zsombor explaining a lot about this bug to me.
According to comment #13, I am now blocked because in usensord, based on 
currently info we could get from dbus message, we don't have a method to judge 
if the peer(caller） is OSK or the app.
The call flow is app--->toolkit>Qt Haptics-->uSensord
If the app or OSK don't send info for usensord to make the differentiation, I 
cannot achieve the goal.


** Changed in: usensord (Ubuntu)
 Assignee: Penk Chen (penk) => Zhang Enwei (zhangew401)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Zhang Enwei]

Hi Pat,
I have exposed the property OtherVibrate from Object Path: 
com.canonical.usensord.haptic.
For remaining logic part about when to do vibration, I am contacting Zsombor. 
May be ready soon.
https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

Pushing for 3rd time, is this still being worked?

** Changed in: canonical-devices-system-image
Milestone: 12 => 13

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Yuan-Chen Cheng]

** Changed in: canonical-devices-system-image
Milestone: 11 => 12

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Yuan-Chen Cheng]

** Changed in: canonical-devices-system-image
Milestone: ww08-2016 => 11

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Penk Chen]

@pat, I have exposed otherVibrate property in usensord from my local
branch, and am working on the haptic logic. Should be able to finish it
soon.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

@penk any update?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this bug go to:

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Changed in: canonical-devices-system-image
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Penk Chen]

** Changed in: usensord (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  In Progress

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Yuan-Chen Cheng]

** Changed in: canonical-devices-system-image
   Importance: High => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about 

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Christian Dywan]

Any news on the usensord work? More apps are hitting this.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so transient)

  http://paste.ubuntu.com/10620834/

To manage notifications about this bug go to:

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Changed in: canonical-devices-system-image
Milestone: None => ww08-2016

** Changed in: canonical-devices-system-image
 Assignee: John McAleely (john.mcaleely) => Yuan-Chen Cheng (ycheng-twn)

** Changed in: usensord (Ubuntu)
 Assignee: Canonical Phone Foundations (canonical-phonedations-team) => 
Penk Chen (penk)

** Changed in: ubuntu-system-settings (Ubuntu)
 Assignee: (unassigned) => Jonas G. Drange (jonas-drange)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  

[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work

[Pat McGowan]

** Summary changed:

- apparmor dbus denial for org.freedesktop.Accounts
+ apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations 
work

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590

Title:
  apparmor dbus denial for org.freedesktop.Accounts and make Other
  vibrations work

Status in Canonical System Image:
  Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Fix Released
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
  Confirmed
Status in usensord package in Ubuntu:
  Confirmed

Bug description:
  This affects vivid and (somewhat recently?) 14.09.

  At some point, apps started to request access to
  org.freedesktop.Accounts for something, but I'm not sure what. It has
  been conjectured in this bug that it is due to vibration settings.
  Filing against ubuntu-system-settings for now, but please feel free to
  move to the correct package.

  This happens with webapps:
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"
  Apr  7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=2632 
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" 
peer_pid=1596 peer_profile="unconfined"

  and QML apps:
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"
  Apr  7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts" 
interface="org.freedesktop.Accounts" member="FindUserById" mask="send" 
name="org.freedesktop.Accounts" pid=3377 
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 
peer_profile="unconfined"

  The following rules allow the requested access:
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.DBus.{Introspectable,Properties}"
 member=Introspect
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts"
 interface="org.freedesktop.Accounts"
 member=FindUserById
 peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
 bus=system
 path="/org/freedesktop/Accounts/User[0-9]*"
 interface="org.freedesktop.DBus.Properties"
 member=Get
 peer=(name=org.freedesktop.Accounts,label=unconfined),

  However, the above is too lenient and constitutes a privacy leak for
  apps. FindUserById could be used by a malicious app to enumerate
  usernames on multiuser systems and because we can't mediate method
  data with apparmor, the Get() method can be used to obtain any
  information provided by this interface.

  The following can be used to see what can be leaked to a malicious app:
  gdbus introspect --system -d org.freedesktop.Accounts -o 
/org/freedesktop/Accounts/User`id -u phablet`

  This can be solved in a couple of ways:
  1. add whatever information the app is trying to access to a new helper 
service that only exposes things that the app needs. This could be a single 
standalone service, perhaps something from ubuntu-system-settings, that could 
expose any number of things-- the current locale, if the locale changed, if the 
grid units changed, the vibration settings, etc. Since this service wouldn't 
have any sensitive information, you could use standard dbus 
properties/Get()/etc 
  2. add a new dbus API to an existing service such that apparmor rules can 
then be used to allow by method (eg, GetVibration() or something)

  I won't dictate the implementation except to mention that '1' seems
  like something generally useful and I believe that it was something
  the ubuntu-system-settings devs were already looking at for detecting
  locale changes without rebooting.


  Original description
  starting an app in vivid (image 135 on arale currently)

  produces a bunch of dbus denials in syslog ... (there is also a
  /dev/tty one but i think this is just because soemthing tries to write
  an error to console ... so