[Touch-packages] [Bug 1645548] [NEW] click cannot correctly install clicks that have special version format
Public bug reported: I am using click 0.4.43+16.04.20160203-0ubuntu2 in arm64 environment while building arm 64bit custom tarball(https://jenkins.canonical.com /ues-phone/job/arm64-custom-tarball-test/) I found this click cannot install below click correctly. com.ubuntu.scopes.youtube_1.5.1-154_arm64.click The apparmor profile it generated is click_com.ubuntu.scopes.youtube_youtube_1.5.1- while the expected should be click_com.ubuntu.scopes.youtube_youtube_1.5.1-154 The apparmor json file is generated as com.ubuntu.scopes.youtube_youtube_1.5.1-.json while the expected should be com.ubuntu.scopes.youtube_youtube_1.5.1-154.json We don't have this issue on armhf(vivid). Thanks. ** Affects: click (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1645548 Title: click cannot correctly install clicks that have special version format Status in click package in Ubuntu: New Bug description: I am using click 0.4.43+16.04.20160203-0ubuntu2 in arm64 environment while building arm 64bit custom tarball(https://jenkins.canonical.com /ues-phone/job/arm64-custom-tarball-test/) I found this click cannot install below click correctly. com.ubuntu.scopes.youtube_1.5.1-154_arm64.click The apparmor profile it generated is click_com.ubuntu.scopes.youtube_youtube_1.5.1- while the expected should be click_com.ubuntu.scopes.youtube_youtube_1.5.1-154 The apparmor json file is generated as com.ubuntu.scopes.youtube_youtube_1.5.1-.json while the expected should be com.ubuntu.scopes.youtube_youtube_1.5.1-154.json We don't have this issue on armhf(vivid). Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1645548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1628042] Re: Doesn't vibrate on incoming calls if "Other vibrations" not active
Landing for usensord:https://bileto.ubuntu.com/#/ticket/2014 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to usensord in Ubuntu. https://bugs.launchpad.net/bugs/1628042 Title: Doesn't vibrate on incoming calls if "Other vibrations" not active Status in Canonical System Image: Confirmed Status in ubuntu-system-settings package in Ubuntu: New Status in usensord package in Ubuntu: In Progress Bug description: Steps: 1. Set "Vibrate on ring" and "Vibrate in silent mode" active under "Ringtone" in System settings > Sound. 2. Make sure "Other vibrations" is NOT active in System settings > Sound. 3. Get an incoming call. Expected: Phone vibrates. What happens: Phone doesn't vibrate. If the "Other vibrations" is set active, then the vibration works. Device: E5, stable, OTA-13. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1628042/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1628042] Re: Doesn't vibrate on incoming calls if "Other vibrations" not active
** Changed in: usensord (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to usensord in Ubuntu. https://bugs.launchpad.net/bugs/1628042 Title: Doesn't vibrate on incoming calls if "Other vibrations" not active Status in Canonical System Image: Confirmed Status in ubuntu-system-settings package in Ubuntu: New Status in usensord package in Ubuntu: In Progress Bug description: Steps: 1. Set "Vibrate on ring" and "Vibrate in silent mode" active under "Ringtone" in System settings > Sound. 2. Make sure "Other vibrations" is NOT active in System settings > Sound. 3. Get an incoming call. Expected: Phone vibrates. What happens: Phone doesn't vibrate. If the "Other vibrations" is set active, then the vibration works. Device: E5, stable, OTA-13. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1628042/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Landing:https://requests.ci-train.ubuntu.com/#/ticket/1930 I verified vivid debian package on below images by creating 6 simultaneous alarms that will ring one minute later. current build number: 827 device name: krillin channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed last update: 2016-09-09 23:42:32 version version: 827 version ubuntu: 20160907 version device: 20160606-ab415b2 version custom: 20160831-991-38-18 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to platform-api in Ubuntu. https://bugs.launchpad.net/bugs/1620553 Title: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work) Status in Canonical System Image: In Progress Status in platform-api package in Ubuntu: In Progress Status in usensord package in Ubuntu: In Progress Bug description: Krillin, rc-proposed/bq_aquaris.en r422 TEST CASE: 1. Create to alarms that'll trigger at the same time 2. Wait until they go off 3. Dismiss the alarms 4. Verify that there is still haptic feedback and OSK is still responsive ACTUAL RESULT Step 4 fails. UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus calls and blocking the UI thread when the dbus service does not reply or the replies come with a big delay Description: All at once taps have become incredibly delayed, by 1 or 2 secs. Gestures still work ok, no delay there. Swiping the greeter -> no delay. Tapping numbers to input code on the greeter --> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to only be a problem of unity8 clients, but also unity8 itself. I have no idea why horizontal/vertical swipes would be unaffected, though. The virtual keyboard is also completely unusable because of the huge delay that each tap has. Also noticed that the vibration is gone, taps don't trigger vibration anymore. Webview also seemed to be unaffected by the delays (although I'm not entirely sure, the bug is now gone) I also restarted unity8 and unity8-dash with Mir input logging enabled. That showed that the touch events were being delivered as expected, no delay. restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log Restarting lightdm (that forces the restart of unity-system- compositor) fixed the issue. Additional info: I had Mir touchspots visualization enabled, which are known to cause more stuttering, but I think they're unlikely to be the cause of this bug, I had them enabled for 2 weeks and haven't noticed any problem like this before. This is the log from a tap on an icon in the shell: [2016-09-06 10:52:51.876400] input-receiver: Received event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0, action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.953821] input-receiver: Received event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0, action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.954343] input-receiver: Received event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0, action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) SEE VIDEO ATTACHMENT BELOW To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Thanks Andrea. I am using a similar way with that of yours, only four commands executed simultaneously. #!/bin/bash dbus-send --session --print-reply --type=method_call --dest='com.canonical.usensord' /com/canonical/usensord/haptic com.canonical.usensord.haptic.Vibrate uint32:100 & dbus-send --session --print-reply --type=method_call --dest='com.canonical.usensord' /com/canonical/usensord/haptic com.canonical.usensord.haptic.Vibrate uint32:100 & dbus-send --session --print-reply --type=method_call --dest='com.canonical.usensord' /com/canonical/usensord/haptic com.canonical.usensord.haptic.Vibrate uint32:100 & dbus-send --session --print-reply --type=method_call --dest='com.canonical.usensord' /com/canonical/usensord/haptic com.canonical.usensord.haptic.Vibrate uint32:100 & I think this could simulate the operation in clock/alarm I found the rule is that two or more senders(thread or process) calls the dbus function at the same time. It freezes at below code, http://bazaar.launchpad.net/~phablet-team/usensord/trunk/view/head:/haptic/haptic.go#L146 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to platform-api in Ubuntu. https://bugs.launchpad.net/bugs/1620553 Title: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work) Status in Canonical System Image: In Progress Status in platform-api package in Ubuntu: In Progress Status in usensord package in Ubuntu: In Progress Bug description: Krillin, rc-proposed/bq_aquaris.en r422 TEST CASE: 1. Create to alarms that'll trigger at the same time 2. Wait until they go off 3. Dismiss the alarms 4. Verify that there is still haptic feedback and OSK is still responsive ACTUAL RESULT Step 4 fails. UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus calls and blocking the UI thread when the dbus service does not reply or the replies come with a big delay Description: All at once taps have become incredibly delayed, by 1 or 2 secs. Gestures still work ok, no delay there. Swiping the greeter -> no delay. Tapping numbers to input code on the greeter --> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to only be a problem of unity8 clients, but also unity8 itself. I have no idea why horizontal/vertical swipes would be unaffected, though. The virtual keyboard is also completely unusable because of the huge delay that each tap has. Also noticed that the vibration is gone, taps don't trigger vibration anymore. Webview also seemed to be unaffected by the delays (although I'm not entirely sure, the bug is now gone) I also restarted unity8 and unity8-dash with Mir input logging enabled. That showed that the touch events were being delivered as expected, no delay. restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log Restarting lightdm (that forces the restart of unity-system- compositor) fixed the issue. Additional info: I had Mir touchspots visualization enabled, which are known to cause more stuttering, but I think they're unlikely to be the cause of this bug, I had them enabled for 2 weeks and haven't noticed any problem like this before. This is the log from a tap on an icon in the shell: [2016-09-06 10:52:51.876400] input-receiver: Received event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0, action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.953821] input-receiver: Received event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0, action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.954343] input-receiver: Received event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0, action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) SEE VIDEO ATTACHMENT BELOW To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Thanks Pat telling me how to reproduce it. I have reproduced it. I am trying to figuring out the reason and at the same time I wrote to James for help. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to platform-api in Ubuntu. https://bugs.launchpad.net/bugs/1620553 Title: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work) Status in Canonical System Image: In Progress Status in platform-api package in Ubuntu: In Progress Status in usensord package in Ubuntu: In Progress Bug description: Krillin, rc-proposed/bq_aquaris.en r422 TEST CASE: 1. Create to alarms that'll trigger at the same time 2. Wait until they go off 3. Dismiss the alarms 4. Verify that there is still haptic feedback and OSK is still responsive ACTUAL RESULT Step 4 fails. UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus calls and blocking the UI thread when the dbus service does not reply or the replies come with a big delay Description: All at once taps have become incredibly delayed, by 1 or 2 secs. Gestures still work ok, no delay there. Swiping the greeter -> no delay. Tapping numbers to input code on the greeter --> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to only be a problem of unity8 clients, but also unity8 itself. I have no idea why horizontal/vertical swipes would be unaffected, though. The virtual keyboard is also completely unusable because of the huge delay that each tap has. Also noticed that the vibration is gone, taps don't trigger vibration anymore. Webview also seemed to be unaffected by the delays (although I'm not entirely sure, the bug is now gone) I also restarted unity8 and unity8-dash with Mir input logging enabled. That showed that the touch events were being delivered as expected, no delay. restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log Restarting lightdm (that forces the restart of unity-system- compositor) fixed the issue. Additional info: I had Mir touchspots visualization enabled, which are known to cause more stuttering, but I think they're unlikely to be the cause of this bug, I had them enabled for 2 weeks and haven't noticed any problem like this before. This is the log from a tap on an icon in the shell: [2016-09-06 10:52:51.876400] input-receiver: Received event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0, action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.953821] input-receiver: Received event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0, action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.954343] input-receiver: Received event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0, action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) SEE VIDEO ATTACHMENT BELOW To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
** Changed in: usensord (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to platform-api in Ubuntu. https://bugs.launchpad.net/bugs/1620553 Title: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work) Status in Canonical System Image: In Progress Status in platform-api package in Ubuntu: In Progress Status in usensord package in Ubuntu: In Progress Bug description: Krillin, rc-proposed/bq_aquaris.en r422 TEST CASE: 1. Create to alarms that'll trigger at the same time 2. Wait until they go off 3. Dismiss the alarms 4. Verify that there is still haptic feedback and OSK is still responsive ACTUAL RESULT Step 4 fails. UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus calls and blocking the UI thread when the dbus service does not reply or the replies come with a big delay Description: All at once taps have become incredibly delayed, by 1 or 2 secs. Gestures still work ok, no delay there. Swiping the greeter -> no delay. Tapping numbers to input code on the greeter --> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to only be a problem of unity8 clients, but also unity8 itself. I have no idea why horizontal/vertical swipes would be unaffected, though. The virtual keyboard is also completely unusable because of the huge delay that each tap has. Also noticed that the vibration is gone, taps don't trigger vibration anymore. Webview also seemed to be unaffected by the delays (although I'm not entirely sure, the bug is now gone) I also restarted unity8 and unity8-dash with Mir input logging enabled. That showed that the touch events were being delivered as expected, no delay. restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log Restarting lightdm (that forces the restart of unity-system- compositor) fixed the issue. Additional info: I had Mir touchspots visualization enabled, which are known to cause more stuttering, but I think they're unlikely to be the cause of this bug, I had them enabled for 2 weeks and haven't noticed any problem like this before. This is the log from a tap on an icon in the shell: [2016-09-06 10:52:51.876400] input-receiver: Received event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0, action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.953821] input-receiver: Received event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0, action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) [2016-09-06 10:52:51.954343] input-receiver: Received event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0, action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963, minor=0, size=19.963}, modifiers=1) SEE VIDEO ATTACHMENT BELOW To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat, The ci-train ticket is created and package built successfully(https://requests.ci-train.ubuntu.com/#/silo/017). @Zsombor, you could use silo17 for testing if you like. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat, I have got the permission to work on Bileto. Will learn how to make a landing. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so transient) http://paste.ubuntu.com/10620834/ To manage no
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat, I think yes because I don't know how to request a landing. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so transient) http://paste.ubuntu.com/10620834/ To manage notifications about th
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Zsombor, Here is the latest usensord binary. Could you please help verify? I verified unconfined apps, I cannot verify confined apps since this needs code change from Toolkit. Thanks a lot. ** Attachment added: "usensord.zip" https://bugs.launchpad.net/ubuntu/+source/usensord/+bug/1433590/+attachment/4707427/+files/usensord.zip -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on ara
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Tyler and Seth, Could you please help review current solution again? This bug is tagged ota13 so I don't have much time left. Thanks a lot. Hi Zsombor, Have you verified the binary I sent to you? Thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Seth, Since Tyler is on vacation, could you please help review? https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590/+merge/299959 Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so tran
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Seth. Do you have any suggestion what we can use in this case? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so transient) http://paste.ubuntu.com/10620834/ To manage notifications about this bu
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Proposition from James Henstridge (jamesh) "If you want to identify the executable, calling os.Readlink() on /proc/$PID/exe would be more appropriate: $ ps x | grep maliit 5823 ? Ssl 2:38 maliit-server 25788 pts/16 S+ 0:00 grep --color=auto maliit $ ls -l /proc/5823/exe lrwxrwxrwx 1 phablet phablet 0 Jul 7 11:47 /proc/5823/exe -> /usr/bin/maliit-server I'd combine that with the a check that the security label is "unconfined" as Tyler suggested (which you can do using the code fragment I gave via mail). That should be enough to ensure you aren't being faked out by an untrusted application, and are talking to the expected system service." -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: Triaged Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or so
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Seth and Tyler. IMHO the start time of one process may always be different value. So... this solution is not correct. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: Triaged Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so transient) http://paste.ubuntu.
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
I have compiled the usensord binary based on current solution. I did some tests and it works well. Since settings part is not ready, I am using below command to change the property whose default value is 0(means not vibrate). dbus-send --session --print-reply --type=method_call --dest='com.canonical.usensord' /com/canonical/usensord/haptic org.freedesktop.DBus.Properties.Set string:"com.canonical.usensord.haptic" string:"OtherVibrate" uint32:1 Code is here: https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590 and the logic is do vibration for OSK always. do vibration for others only when the property is 1(means enabled in settings) The property is saved in file, /home/phablet/.config/usensord/prop so that it will be restored after factory reset. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: Triaged Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an ex
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
** Changed in: usensord (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: Triaged Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write an error to console ... so transient) http://paste.ubuntu.com/10620834/ To manage notifications about this bug
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
I am now investigating if org.freedesktop.DBus.GetConnectionUnixProcessID is supported in go-dbus. If it is supported, we can use pid to get the name of the process or path of the binary. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: Triaged Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: Confirmed Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also a /dev/tty one but i think this is just because soemthing tries to write
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Zsombor explaining a lot about this bug to me. According to comment #13, I am now blocked because in usensord, based on currently info we could get from dbus message, we don't have a method to judge if the peer(caller) is OSK or the app. The call flow is app--->toolkit>Qt Haptics-->uSensord If the app or OSK don't send info for usensord to make the differentiation, I cannot achieve the goal. ** Changed in: usensord (Ubuntu) Assignee: Penk Chen (penk) => Zhang Enwei (zhangew401) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the curre
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat, I have exposed the property OtherVibrate from Object Path: com.canonical.usensord.haptic. For remaining logic part about when to do vibration, I am contacting Zsombor. May be ready soon. https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work Status in Canonical System Image: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in ubuntu-system-settings package in Ubuntu: Confirmed Status in ubuntu-ui-toolkit package in Ubuntu: Confirmed Status in usensord package in Ubuntu: In Progress Bug description: This affects vivid and (somewhat recently?) 14.09. At some point, apps started to request access to org.freedesktop.Accounts for something, but I'm not sure what. It has been conjectured in this bug that it is due to vibration settings. Filing against ubuntu-system-settings for now, but please feel free to move to the correct package. This happens with webapps: Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=2632 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" peer_pid=1596 peer_profile="unconfined" and QML apps: Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member="FindUserById" mask="send" name="org.freedesktop.Accounts" pid=3377 profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 peer_profile="unconfined" The following rules allow the requested access: dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.DBus.{Introspectable,Properties}" member=Introspect peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts" interface="org.freedesktop.Accounts" member=FindUserById peer=(name=org.freedesktop.Accounts,label=unconfined), dbus (send) bus=system path="/org/freedesktop/Accounts/User[0-9]*" interface="org.freedesktop.DBus.Properties" member=Get peer=(name=org.freedesktop.Accounts,label=unconfined), However, the above is too lenient and constitutes a privacy leak for apps. FindUserById could be used by a malicious app to enumerate usernames on multiuser systems and because we can't mediate method data with apparmor, the Get() method can be used to obtain any information provided by this interface. The following can be used to see what can be leaked to a malicious app: gdbus introspect --system -d org.freedesktop.Accounts -o /org/freedesktop/Accounts/User`id -u phablet` This can be solved in a couple of ways: 1. add whatever information the app is trying to access to a new helper service that only exposes things that the app needs. This could be a single standalone service, perhaps something from ubuntu-system-settings, that could expose any number of things-- the current locale, if the locale changed, if the grid units changed, the vibration settings, etc. Since this service wouldn't have any sensitive information, you could use standard dbus properties/Get()/etc 2. add a new dbus API to an existing service such that apparmor rules can then be used to allow by method (eg, GetVibration() or something) I won't dictate the implementation except to mention that '1' seems like something generally useful and I believe that it was something the ubuntu-system-settings devs were already looking at for detecting locale changes without rebooting. Original description starting an app in vivid (image 135 on arale currently) produces a bunch of dbus denials in syslog ... (there is also
[Touch-packages] [Bug 1590188] Re: Widgets is are in wrong order after posting one comment in Preview Page
Thanks Pawel. I verified silo001 on Instagram and Flickr. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-shell in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in Canonical System Image: In Progress Status in unity-scopes-shell package in Ubuntu: In Progress Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1590188] Re: Widgets is are in wrong order after posting one comment in Preview Page
So Pawel, Marcus, do you need me to test https://launchpad.net/~unity- api-team/+archive/ubuntu/dev-build-1/+build/10027020/+files/unity- plugin-scopes_0.5.7+16.10.20160525-0~327~ubuntu15.04.1_armhf.deb? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-shell in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in Canonical System Image: In Progress Status in unity-scopes-shell package in Ubuntu: In Progress Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1590188] [NEW] Widgets is are in wrong order after posting one comment in Preview Page
Public bug reported: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. ** Affects: unity8 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "unity8-dash.log" https://bugs.launchpad.net/bugs/1590188/+attachment/4679275/+files/unity8-dash.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in unity8 package in Ubuntu: New Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1549056] [NEW] content sharing cannot work in scopes
Public bug reported: I tried to share one picture according to instructions in https://developer.ubuntu.com/api/scopes/cpp/sdk-15.04.1/previewwidgets/ in my scope, Code is as below: PreviewWidget w_art("artId", "image"); w_art.add_attribute_mapping("source", "art"); w_art.add_attribute_value("zoomable", us::Variant(true)); VariantMap share_data; share_data["uri"] = result()["art"]; qDebug() << "arturi:" << QString::fromStdString(result()["art"].get_string()); share_data["content-type"] = Variant("pictures"); w_art.add_attribute_value("share-data", us::Variant(share_data)); widgets.emplace_back(w_art); I check the uri is correct. When I tried to share the image, the Content Hub gives me some options and when I choose facebook, twitter or message, the image cannot be sent to them. system info: current build number: 431 device name: mako channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed last update: 2016-02-03 14:41:40 version version: 431 version ubuntu: 20160203 version device: 20160112 version custom: 20160201-5-vivid ** Affects: unity8 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1549056 Title: content sharing cannot work in scopes Status in unity8 package in Ubuntu: New Bug description: I tried to share one picture according to instructions in https://developer.ubuntu.com/api/scopes/cpp/sdk-15.04.1/previewwidgets/ in my scope, Code is as below: PreviewWidget w_art("artId", "image"); w_art.add_attribute_mapping("source", "art"); w_art.add_attribute_value("zoomable", us::Variant(true)); VariantMap share_data; share_data["uri"] = result()["art"]; qDebug() << "arturi:" << QString::fromStdString(result()["art"].get_string()); share_data["content-type"] = Variant("pictures"); w_art.add_attribute_value("share-data", us::Variant(share_data)); widgets.emplace_back(w_art); I check the uri is correct. When I tried to share the image, the Content Hub gives me some options and when I choose facebook, twitter or message, the image cannot be sent to them. system info: current build number: 431 device name: mako channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed last update: 2016-02-03 14:41:40 version version: 431 version ubuntu: 20160203 version device: 20160112 version custom: 20160201-5-vivid To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1549056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp