[Touch-packages] [Bug 1645548] [NEW] click cannot correctly install clicks that have special version format
Public bug reported: I am using click 0.4.43+16.04.20160203-0ubuntu2 in arm64 environment while building arm 64bit custom tarball(https://jenkins.canonical.com /ues-phone/job/arm64-custom-tarball-test/) I found this click cannot install below click correctly. com.ubuntu.scopes.youtube_1.5.1-154_arm64.click The apparmor profile it generated is click_com.ubuntu.scopes.youtube_youtube_1.5.1- while the expected should be click_com.ubuntu.scopes.youtube_youtube_1.5.1-154 The apparmor json file is generated as com.ubuntu.scopes.youtube_youtube_1.5.1-.json while the expected should be com.ubuntu.scopes.youtube_youtube_1.5.1-154.json We don't have this issue on armhf(vivid). Thanks. ** Affects: click (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1645548 Title: click cannot correctly install clicks that have special version format Status in click package in Ubuntu: New Bug description: I am using click 0.4.43+16.04.20160203-0ubuntu2 in arm64 environment while building arm 64bit custom tarball(https://jenkins.canonical.com /ues-phone/job/arm64-custom-tarball-test/) I found this click cannot install below click correctly. com.ubuntu.scopes.youtube_1.5.1-154_arm64.click The apparmor profile it generated is click_com.ubuntu.scopes.youtube_youtube_1.5.1- while the expected should be click_com.ubuntu.scopes.youtube_youtube_1.5.1-154 The apparmor json file is generated as com.ubuntu.scopes.youtube_youtube_1.5.1-.json while the expected should be com.ubuntu.scopes.youtube_youtube_1.5.1-154.json We don't have this issue on armhf(vivid). Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1645548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1628042] Re: Doesn't vibrate on incoming calls if "Other vibrations" not active
Landing for usensord:https://bileto.ubuntu.com/#/ticket/2014 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to usensord in Ubuntu. https://bugs.launchpad.net/bugs/1628042 Title: Doesn't vibrate on incoming calls if "Other vibrations" not active Status in Canonical System Image: Confirmed Status in ubuntu-system-settings package in Ubuntu: New Status in usensord package in Ubuntu: In Progress Bug description: Steps: 1. Set "Vibrate on ring" and "Vibrate in silent mode" active under "Ringtone" in System settings > Sound. 2. Make sure "Other vibrations" is NOT active in System settings > Sound. 3. Get an incoming call. Expected: Phone vibrates. What happens: Phone doesn't vibrate. If the "Other vibrations" is set active, then the vibration works. Device: E5, stable, OTA-13. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1628042/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1628042] Re: Doesn't vibrate on incoming calls if "Other vibrations" not active
** Changed in: usensord (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to usensord in Ubuntu. https://bugs.launchpad.net/bugs/1628042 Title: Doesn't vibrate on incoming calls if "Other vibrations" not active Status in Canonical System Image: Confirmed Status in ubuntu-system-settings package in Ubuntu: New Status in usensord package in Ubuntu: In Progress Bug description: Steps: 1. Set "Vibrate on ring" and "Vibrate in silent mode" active under "Ringtone" in System settings > Sound. 2. Make sure "Other vibrations" is NOT active in System settings > Sound. 3. Get an incoming call. Expected: Phone vibrates. What happens: Phone doesn't vibrate. If the "Other vibrations" is set active, then the vibration works. Device: E5, stable, OTA-13. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1628042/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Landing:https://requests.ci-train.ubuntu.com/#/ticket/1930
I verified vivid debian package on below images by creating 6 simultaneous
alarms that will ring one minute later.
current build number: 827
device name: krillin
channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed
last update: 2016-09-09 23:42:32
version version: 827
version ubuntu: 20160907
version device: 20160606-ab415b2
version custom: 20160831-991-38-18
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to platform-api in Ubuntu.
https://bugs.launchpad.net/bugs/1620553
Title:
OSK becomes unusable as taps are delayed by 1-2 seconds and vibration
doesn't occur any more (although gestures continue to work)
Status in Canonical System Image:
In Progress
Status in platform-api package in Ubuntu:
In Progress
Status in usensord package in Ubuntu:
In Progress
Bug description:
Krillin, rc-proposed/bq_aquaris.en r422
TEST CASE:
1. Create to alarms that'll trigger at the same time
2. Wait until they go off
3. Dismiss the alarms
4. Verify that there is still haptic feedback and OSK is still responsive
ACTUAL RESULT
Step 4 fails.
UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus
calls and blocking the UI thread when the dbus service does not reply or the
replies come with a big delay
Description:
All at once taps have become incredibly delayed, by 1 or 2 secs.
Gestures still work ok, no delay there.
Swiping the greeter -> no delay. Tapping numbers to input code on the greeter
--> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to
only be a problem of unity8 clients, but also unity8 itself.
I have no idea why horizontal/vertical swipes would be unaffected, though.
The virtual keyboard is also completely unusable because of the huge
delay that each tap has.
Also noticed that the vibration is gone, taps don't trigger vibration
anymore.
Webview also seemed to be unaffected by the delays (although I'm not
entirely sure, the bug is now gone)
I also restarted unity8 and unity8-dash with Mir input logging enabled. That
showed that the touch events were being delivered as expected, no delay.
restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and
restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log
Restarting lightdm (that forces the restart of unity-system-
compositor) fixed the issue.
Additional info: I had Mir touchspots visualization enabled, which are
known to cause more stuttering, but I think they're unlikely to be the
cause of this bug, I had them enabled for 2 weeks and haven't noticed
any problem like this before.
This is the log from a tap on an icon in the shell:
[2016-09-06 10:52:51.876400] input-receiver: Received
event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0,
action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963,
minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.953821] input-receiver: Received
event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0,
action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137,
major=19.963, minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.954343] input-receiver: Received
event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0,
action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963,
minor=0, size=19.963}, modifiers=1)
SEE VIDEO ATTACHMENT BELOW
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Thanks Andrea. I am using a similar way with that of yours, only four
commands executed simultaneously.
#!/bin/bash
dbus-send --session --print-reply --type=method_call
--dest='com.canonical.usensord' /com/canonical/usensord/haptic
com.canonical.usensord.haptic.Vibrate uint32:100 &
dbus-send --session --print-reply --type=method_call
--dest='com.canonical.usensord' /com/canonical/usensord/haptic
com.canonical.usensord.haptic.Vibrate uint32:100 &
dbus-send --session --print-reply --type=method_call
--dest='com.canonical.usensord' /com/canonical/usensord/haptic
com.canonical.usensord.haptic.Vibrate uint32:100 &
dbus-send --session --print-reply --type=method_call
--dest='com.canonical.usensord' /com/canonical/usensord/haptic
com.canonical.usensord.haptic.Vibrate uint32:100 &
I think this could simulate the operation in clock/alarm
I found the rule is that two or more senders(thread or process) calls the dbus
function at the same time.
It freezes at below code,
http://bazaar.launchpad.net/~phablet-team/usensord/trunk/view/head:/haptic/haptic.go#L146
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to platform-api in Ubuntu.
https://bugs.launchpad.net/bugs/1620553
Title:
OSK becomes unusable as taps are delayed by 1-2 seconds and vibration
doesn't occur any more (although gestures continue to work)
Status in Canonical System Image:
In Progress
Status in platform-api package in Ubuntu:
In Progress
Status in usensord package in Ubuntu:
In Progress
Bug description:
Krillin, rc-proposed/bq_aquaris.en r422
TEST CASE:
1. Create to alarms that'll trigger at the same time
2. Wait until they go off
3. Dismiss the alarms
4. Verify that there is still haptic feedback and OSK is still responsive
ACTUAL RESULT
Step 4 fails.
UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus
calls and blocking the UI thread when the dbus service does not reply or the
replies come with a big delay
Description:
All at once taps have become incredibly delayed, by 1 or 2 secs.
Gestures still work ok, no delay there.
Swiping the greeter -> no delay. Tapping numbers to input code on the greeter
--> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to
only be a problem of unity8 clients, but also unity8 itself.
I have no idea why horizontal/vertical swipes would be unaffected, though.
The virtual keyboard is also completely unusable because of the huge
delay that each tap has.
Also noticed that the vibration is gone, taps don't trigger vibration
anymore.
Webview also seemed to be unaffected by the delays (although I'm not
entirely sure, the bug is now gone)
I also restarted unity8 and unity8-dash with Mir input logging enabled. That
showed that the touch events were being delivered as expected, no delay.
restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and
restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log
Restarting lightdm (that forces the restart of unity-system-
compositor) fixed the issue.
Additional info: I had Mir touchspots visualization enabled, which are
known to cause more stuttering, but I think they're unlikely to be the
cause of this bug, I had them enabled for 2 weeks and haven't noticed
any problem like this before.
This is the log from a tap on an icon in the shell:
[2016-09-06 10:52:51.876400] input-receiver: Received
event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0,
action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963,
minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.953821] input-receiver: Received
event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0,
action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137,
major=19.963, minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.954343] input-receiver: Received
event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0,
action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963,
minor=0, size=19.963}, modifiers=1)
SEE VIDEO ATTACHMENT BELOW
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
Thanks Pat telling me how to reproduce it.
I have reproduced it. I am trying to figuring out the reason and at the same
time I wrote to James for help.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to platform-api in Ubuntu.
https://bugs.launchpad.net/bugs/1620553
Title:
OSK becomes unusable as taps are delayed by 1-2 seconds and vibration
doesn't occur any more (although gestures continue to work)
Status in Canonical System Image:
In Progress
Status in platform-api package in Ubuntu:
In Progress
Status in usensord package in Ubuntu:
In Progress
Bug description:
Krillin, rc-proposed/bq_aquaris.en r422
TEST CASE:
1. Create to alarms that'll trigger at the same time
2. Wait until they go off
3. Dismiss the alarms
4. Verify that there is still haptic feedback and OSK is still responsive
ACTUAL RESULT
Step 4 fails.
UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus
calls and blocking the UI thread when the dbus service does not reply or the
replies come with a big delay
Description:
All at once taps have become incredibly delayed, by 1 or 2 secs.
Gestures still work ok, no delay there.
Swiping the greeter -> no delay. Tapping numbers to input code on the greeter
--> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to
only be a problem of unity8 clients, but also unity8 itself.
I have no idea why horizontal/vertical swipes would be unaffected, though.
The virtual keyboard is also completely unusable because of the huge
delay that each tap has.
Also noticed that the vibration is gone, taps don't trigger vibration
anymore.
Webview also seemed to be unaffected by the delays (although I'm not
entirely sure, the bug is now gone)
I also restarted unity8 and unity8-dash with Mir input logging enabled. That
showed that the touch events were being delivered as expected, no delay.
restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and
restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log
Restarting lightdm (that forces the restart of unity-system-
compositor) fixed the issue.
Additional info: I had Mir touchspots visualization enabled, which are
known to cause more stuttering, but I think they're unlikely to be the
cause of this bug, I had them enabled for 2 weeks and haven't noticed
any problem like this before.
This is the log from a tap on an icon in the shell:
[2016-09-06 10:52:51.876400] input-receiver: Received
event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0,
action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963,
minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.953821] input-receiver: Received
event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0,
action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137,
major=19.963, minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.954343] input-receiver: Received
event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0,
action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963,
minor=0, size=19.963}, modifiers=1)
SEE VIDEO ATTACHMENT BELOW
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1620553] Re: OSK becomes unusable as taps are delayed by 1-2 seconds and vibration doesn't occur any more (although gestures continue to work)
** Changed in: usensord (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to platform-api in Ubuntu.
https://bugs.launchpad.net/bugs/1620553
Title:
OSK becomes unusable as taps are delayed by 1-2 seconds and vibration
doesn't occur any more (although gestures continue to work)
Status in Canonical System Image:
In Progress
Status in platform-api package in Ubuntu:
In Progress
Status in usensord package in Ubuntu:
In Progress
Bug description:
Krillin, rc-proposed/bq_aquaris.en r422
TEST CASE:
1. Create to alarms that'll trigger at the same time
2. Wait until they go off
3. Dismiss the alarms
4. Verify that there is still haptic feedback and OSK is still responsive
ACTUAL RESULT
Step 4 fails.
UPDATE: see comment #5, it turns out it's the haptics plugin doing SYNC dbus
calls and blocking the UI thread when the dbus service does not reply or the
replies come with a big delay
Description:
All at once taps have become incredibly delayed, by 1 or 2 secs.
Gestures still work ok, no delay there.
Swiping the greeter -> no delay. Tapping numbers to input code on the greeter
--> 2 secs delay. Even though both are parts of unity8. So it doesn't seem to
only be a problem of unity8 clients, but also unity8 itself.
I have no idea why horizontal/vertical swipes would be unaffected, though.
The virtual keyboard is also completely unusable because of the huge
delay that each tap has.
Also noticed that the vibration is gone, taps don't trigger vibration
anymore.
Webview also seemed to be unaffected by the delays (although I'm not
entirely sure, the bug is now gone)
I also restarted unity8 and unity8-dash with Mir input logging enabled. That
showed that the touch events were being delivered as expected, no delay.
restart unity8 MIR_CLIENT_INPUT_RECEIVER_REPORT=log and
restart unity8-dash MIR_CLIENT_INPUT_RECEIVER_REPORT=log
Restarting lightdm (that forces the restart of unity-system-
compositor) fixed the issue.
Additional info: I had Mir touchspots visualization enabled, which are
known to cause more stuttering, but I think they're unlikely to be the
cause of this bug, I had them enabled for 2 weeks and haven't noticed
any problem like this before.
This is the log from a tap on an icon in the shell:
[2016-09-06 10:52:51.876400] input-receiver: Received
event:touch_event(when=54593678129000 (6.030520ms ago), from=3, touch = {{id=0,
action=down, tool=finger, x=426.211, y=292.695, pressure=0.85098, major=19.963,
minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.953821] input-receiver: Received
event:touch_event(when=54593751953000 (9.709366ms ago), from=3, touch = {{id=0,
action=change, tool=finger, x=426.211, y=292.695, pressure=0.843137,
major=19.963, minor=0, size=19.963}, modifiers=1)
[2016-09-06 10:52:51.954343] input-receiver: Received
event:touch_event(when=54593761256000 (0.958751ms ago), from=3, touch = {{id=0,
action=up, tool=finger, x=426.211, y=292.695, pressure=0.843137, major=19.963,
minor=0, size=19.963}, modifiers=1)
SEE VIDEO ATTACHMENT BELOW
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1620553/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat,
The ci-train ticket is created and package built
successfully(https://requests.ci-train.ubuntu.com/#/silo/017).
@Zsombor, you could use silo17 for testing if you like. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat,
I have got the permission to work on Bileto. Will learn how to make a landing.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so transient)
http://paste.ubuntu.com/10620834/
To manage no
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat,
I think yes because I don't know how to request a landing. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so transient)
http://paste.ubuntu.com/10620834/
To manage notifications about th
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Zsombor,
Here is the latest usensord binary. Could you please help verify?
I verified unconfined apps, I cannot verify confined apps since this needs code
change from Toolkit.
Thanks a lot.
** Attachment added: "usensord.zip"
https://bugs.launchpad.net/ubuntu/+source/usensord/+bug/1433590/+attachment/4707427/+files/usensord.zip
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on ara
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Tyler and Seth,
Could you please help review current solution again? This bug is tagged ota13
so I don't have much time left. Thanks a lot.
Hi Zsombor,
Have you verified the binary I sent to you? Thank you.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Seth,
Since Tyler is on vacation, could you please help review?
https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590/+merge/299959
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so tran
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Seth.
Do you have any suggestion what we can use in this case?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so transient)
http://paste.ubuntu.com/10620834/
To manage notifications about this bu
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Proposition from James Henstridge (jamesh)
"If you want to identify the executable, calling os.Readlink() on
/proc/$PID/exe would be more appropriate:
$ ps x | grep maliit
5823 ? Ssl 2:38 maliit-server
25788 pts/16 S+ 0:00 grep --color=auto maliit
$ ls -l /proc/5823/exe
lrwxrwxrwx 1 phablet phablet 0 Jul 7 11:47 /proc/5823/exe ->
/usr/bin/maliit-server
I'd combine that with the a check that the security label is
"unconfined" as Tyler suggested (which you can do using the code
fragment I gave via mail). That should be enough to ensure you aren't
being faked out by an untrusted application, and are talking to the
expected system service."
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or so
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Seth and Tyler.
IMHO the start time of one process may always be different value. So... this
solution is not correct.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so transient)
http://paste.ubuntu.
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
I have compiled the usensord binary based on current solution.
I did some tests and it works well.
Since settings part is not ready, I am using below command to change the
property whose default value is 0(means not vibrate).
dbus-send --session --print-reply --type=method_call
--dest='com.canonical.usensord' /com/canonical/usensord/haptic
org.freedesktop.DBus.Properties.Set string:"com.canonical.usensord.haptic"
string:"OtherVibrate" uint32:1
Code is here: https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590
and the logic is
do vibration for OSK always.
do vibration for others only when the property is 1(means enabled in settings)
The property is saved in file, /home/phablet/.config/usensord/prop so
that it will be restored after factory reset.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an ex
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
** Changed in: usensord (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
an error to console ... so transient)
http://paste.ubuntu.com/10620834/
To manage notifications about this bug
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
I am now investigating if org.freedesktop.DBus.GetConnectionUnixProcessID is
supported in go-dbus.
If it is supported, we can use pid to get the name of the process or path of
the binary.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
Triaged
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
Confirmed
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a
/dev/tty one but i think this is just because soemthing tries to write
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Thanks Zsombor explaining a lot about this bug to me.
According to comment #13, I am now blocked because in usensord, based on
currently info we could get from dbus message, we don't have a method to judge
if the peer(caller) is OSK or the app.
The call flow is app--->toolkit>Qt Haptics-->uSensord
If the app or OSK don't send info for usensord to make the differentiation, I
cannot achieve the goal.
** Changed in: usensord (Ubuntu)
Assignee: Penk Chen (penk) => Zhang Enwei (zhangew401)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the curre
[Touch-packages] [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work
Hi Pat,
I have exposed the property OtherVibrate from Object Path:
com.canonical.usensord.haptic.
For remaining logic part about when to do vibration, I am contacting Zsombor.
May be ready soon.
https://code.launchpad.net/~zhangew401/usensord/fix-lp-1433590
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1433590
Title:
apparmor dbus denial for org.freedesktop.Accounts and make Other
vibrations work
Status in Canonical System Image:
In Progress
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in ubuntu-system-settings package in Ubuntu:
Confirmed
Status in ubuntu-ui-toolkit package in Ubuntu:
Confirmed
Status in usensord package in Ubuntu:
In Progress
Bug description:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method
data with apparmor, the Get() method can be used to obtain any
information provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper
service that only exposes things that the app needs. This could be a single
standalone service, perhaps something from ubuntu-system-settings, that could
expose any number of things-- the current locale, if the locale changed, if the
grid units changed, the vibration settings, etc. Since this service wouldn't
have any sensitive information, you could use standard dbus
properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can
then be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems
like something generally useful and I believe that it was something
the ubuntu-system-settings devs were already looking at for detecting
locale changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also
[Touch-packages] [Bug 1590188] Re: Widgets is are in wrong order after posting one comment in Preview Page
Thanks Pawel. I verified silo001 on Instagram and Flickr. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-shell in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in Canonical System Image: In Progress Status in unity-scopes-shell package in Ubuntu: In Progress Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1590188] Re: Widgets is are in wrong order after posting one comment in Preview Page
So Pawel, Marcus, do you need me to test https://launchpad.net/~unity- api-team/+archive/ubuntu/dev-build-1/+build/10027020/+files/unity- plugin-scopes_0.5.7+16.10.20160525-0~327~ubuntu15.04.1_armhf.deb? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-shell in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in Canonical System Image: In Progress Status in unity-scopes-shell package in Ubuntu: In Progress Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1590188] [NEW] Widgets is are in wrong order after posting one comment in Preview Page
Public bug reported: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. ** Affects: unity8 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "unity8-dash.log" https://bugs.launchpad.net/bugs/1590188/+attachment/4679275/+files/unity8-dash.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1590188 Title: Widgets is are in wrong order after posting one comment in Preview Page Status in unity8 package in Ubuntu: New Bug description: I am testing on some golang scopes such as doubanbook(https://code.launchpad.net/~hanloon-team/hanloon/douban) flickr(https://code.launchpad.net/~hanloon-team/hanloon/unity-scope-flickr) After I post one comment and the Preview page refreshes, the order of Preview Widgets is reversed. For example, before I post comment, Art is on the up most position, while after I post comment, Art is the last widget in the page. I can see from the log, the order of widgets is adjusted(art at first is 0, and at last is 15). But i don't know why. AS Pawel's suggestion, I used scopes.ColumnLayout as workaround which could fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1590188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1549056] [NEW] content sharing cannot work in scopes
Public bug reported:
I tried to share one picture according to instructions in
https://developer.ubuntu.com/api/scopes/cpp/sdk-15.04.1/previewwidgets/ in my
scope,
Code is as below:
PreviewWidget w_art("artId", "image");
w_art.add_attribute_mapping("source", "art");
w_art.add_attribute_value("zoomable", us::Variant(true));
VariantMap share_data;
share_data["uri"] = result()["art"];
qDebug() << "arturi:" <<
QString::fromStdString(result()["art"].get_string());
share_data["content-type"] = Variant("pictures");
w_art.add_attribute_value("share-data", us::Variant(share_data));
widgets.emplace_back(w_art);
I check the uri is correct.
When I tried to share the image, the Content Hub gives me some options and when
I choose facebook, twitter or message, the image cannot be sent to them.
system info:
current build number: 431
device name: mako
channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed
last update: 2016-02-03 14:41:40
version version: 431
version ubuntu: 20160203
version device: 20160112
version custom: 20160201-5-vivid
** Affects: unity8 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1549056
Title:
content sharing cannot work in scopes
Status in unity8 package in Ubuntu:
New
Bug description:
I tried to share one picture according to instructions in
https://developer.ubuntu.com/api/scopes/cpp/sdk-15.04.1/previewwidgets/ in my
scope,
Code is as below:
PreviewWidget w_art("artId", "image");
w_art.add_attribute_mapping("source", "art");
w_art.add_attribute_value("zoomable", us::Variant(true));
VariantMap share_data;
share_data["uri"] = result()["art"];
qDebug() << "arturi:" <<
QString::fromStdString(result()["art"].get_string());
share_data["content-type"] = Variant("pictures");
w_art.add_attribute_value("share-data", us::Variant(share_data));
widgets.emplace_back(w_art);
I check the uri is correct.
When I tried to share the image, the Content Hub gives me some options and
when I choose facebook, twitter or message, the image cannot be sent to them.
system info:
current build number: 431
device name: mako
channel: ubuntu-touch/rc-proposed/bq-aquaris.en-proposed
last update: 2016-02-03 14:41:40
version version: 431
version ubuntu: 20160203
version device: 20160112
version custom: 20160201-5-vivid
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1549056/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
