[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-07-27 Thread Pat McGowan 
** Changed in: canonical-devices-system-image
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-06-19 Thread Nekhelesh Ramananthan 
** Tags added: bluetooth

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-26 Thread Robin Heroldich 
@Michael: Does this mean after OTA-11 you can publich your Bluetooth app
to the official Ubuntu Store? :) Or we will still need to use wich is
published in the OpenStore?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-23 Thread Timo Jyrinki 
apparmor-easyprof-ubuntu (16.04.6) xenial; urgency=medium

  * add reserved ubuntu/bluetooth (LP: #1569582)

 -- Jamie Strandboge   Tue, 10 May 2016 17:02:27 -0500

apparmor-easyprof-ubuntu (1.3.17) vivid; urgency=medium

  * add reserved ubuntu/bluetooth (LP: #1569582)

 -- Jamie Strandboge   Tue, 10 May 2016 15:24:12 -0500

** Changed in: canonical-devices-system-image
   Status: Confirmed => Fix Committed

** Changed in: canonical-devices-system-image
Milestone: None => 12

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-12 Thread Jamie Strandboge 
FYI, this is ready for QA signoff: https://requests.ci-
train.ubuntu.com/#/ticket/1404

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-11 Thread Jamie Strandboge 
To test these clicks, we either need new clicks that specify the
'bluetooth' reserved policy or, modify /var/lib/apparmor/clicks/...json
to add "bluetooth" to the policy_groups, then rm -f
/var/lib/apparmor/profiles/click_..., then do 'sudo aa-clickhook' (this
modifies the installed security manifest and regenerates the profile).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package apparmor-easyprof-ubuntu - 16.10.1

---
apparmor-easyprof-ubuntu (16.10.1) yakkety; urgency=medium

  * add 16.10 policy
  * add bluetooth-net and bluetooth-file-transfer to pending/
  * add reserved ubuntu/bluetooth (LP: #1569582)

 -- Jamie Strandboge   Tue, 10 May 2016 16:21:46 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-10 Thread Jamie Strandboge 
FYI, vivid packages are here: https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/landing-015

I'm still turning the crank on xenial and the landings.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-10 Thread Jamie Strandboge 
Ok, I examined all the policy and created a very broad profile called
"bluetooth": http://bazaar.launchpad.net/~ubuntu-security/apparmor-
easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.3/bluetooth

This gives all access to bluez and is therefore reserved. I was able to
successfully transfer a file to my laptop from the device using the
shareapp from click #1. I was also able to run both the client and the
server of click #2 without denials (but the apps couldn't communicate
after connecting (unrelated to apparmor)).

In addition, for future reference and so the investigation is not lost,
I committed 'bluetooth-net' and 'bluetooth-file-transfer' in the
'pending/' directory: http://bazaar.launchpad.net/~ubuntu-security
/apparmor-easyprof-ubuntu/trunk/files/head:/pending/policygroups/

This policy is not read for consumption-- we need trust-store
integration in bluez for these to become 'common', but again, wanted to
capture the work somewhere in case it is useful in the future.

I'll work on getting these things landed in silos, etc next.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-10 Thread Jamie Strandboge 
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Jamie Strandboge 
FYI, I'm working through the policy in a very fine-grained manner to
understand it and will post my results here. I can say that the first
click example seems to work ok on the sender, but all transfers fails--
either to my laptop (even after enabling bluetooth and visibility and
using gnome-file-share-properties to allow receiving files with
notifications) or to another phone and using the app from the first
click (both are makos). In both cases, there are no apparmor denials for
the shareapp.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Jamie Strandboge 
FYI, we decided on IRC that we would add a single reserved policy group
for now, named 'bluetooth'. This will allow full access to bluez. This
will be reserved in the first iteration because there are information
leaks and the device can be placed into discovery mode. Other accesses
were not investigated but are presumably present.

In the future, bluez will gain trust-store integration (with
corresponding system settings updates) so that access to bluez can be
safely granted to apps. We might leave 'bluetooth' as reserved and
create new policy groups like bluetooth-file-transfer, bluetooth-input,
etc.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Michael Zanetti 
Note, I have not played with Low Energies profiles yet. So that needs to
be added too but I don't have any LE devices handy right now. Will add
more details when I get there.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Michael Zanetti 
Attaching another click that can establish a bluetooth connection
between 2 devices. One side creates an SPP chat server, the other can
connect to it as a client.

This can be used to exercise:
On the server side, 
* the local Bluetooth device is made visible so that the client can scan for it
* registering a new SPP service endpoint

On the client side:
* scanning for nearby Bluetooth devices
* doing service discovery on remote devices
* connecting to the SPP server

This should work on all our supported devices too. Stable should be ok
although I only really tested it on rc-proposed.

** Attachment added: "bluetoothtest.mzanetti_0.1_armhf.click"
   
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+attachment/4659446/+files/bluetoothtest.mzanetti_0.1_armhf.click

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Michael Zanetti 
Ok, the attached .click should work on all our supported devices. You do
need rc-proposed in order for receiving files to work. Sending files via
content hub should work on stable too (assuming apparmor policies are in
place).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-09 Thread Jamie Strandboge 
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-05-06 Thread Jamie Strandboge 
Is there a click I can use to play with this? Will it work on mako? Do I
need rc-proposed, silos, etc?

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => High

** Package changed: apparmor (Ubuntu) => apparmor-easyprof-ubuntu
(Ubuntu)

** Changed in: canonical-devices-system-image
 Assignee: Jamie Strandboge (jdstrand) => (unassigned)

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-04-15 Thread Michael Zanetti 
Oh, some more info:

For the device discovery, it uses the "BluetoothDeviceDiscoveryModel"
[1], for sending the file it uses QBluetoothTransferManager [2], both
from the Qt API

[1] http://doc.qt.io/qt-5/qml-qtbluetooth-bluetoothdiscoverymodel.html
[2] http://doc.qt.io/qt-5/qbluetoothtransfermanager.html


While in theory such a OBEX Push share plugin could be provided by the platform 
and hence run unconfined, both of the above mentioned APIs are useful for 3rd 
Party app developers to enable Bluetooth features in their Apps.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-04-14 Thread Launchpad Bug Tracker 
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-04-13 Thread Michael Zanetti 
Oh, some more info:

For the device discovery, it uses the "BluetoothDeviceDiscoveryModel"
[1], for sending the file it uses QBluetoothTransferManager [2], both
from the Qt API

[1] http://doc.qt.io/qt-5/qml-qtbluetooth-bluetoothdiscoverymodel.html
[2] http://doc.qt.io/qt-5/qbluetoothtransfermanager.html


While in theory such a OBEX Push share plugin could be provided by the platform 
and hence run unconfined, both of the above mentioned APIs are useful for 3rd 
Party app developers to enable Bluetooth features in their Apps.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1569582] Re: Add Bluetooth apparmor policy

2016-04-12 Thread Pat McGowan 
** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: canonical-devices-system-image
   Importance: Undecided => High

** Changed in: canonical-devices-system-image
   Status: New => Confirmed

** Changed in: canonical-devices-system-image
 Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569582

Title:
  Add Bluetooth apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs