After discussion with Jamie, I think we merely want to restrict ofono usage to a particular set of system processes.
AppArmor is not capable of restricting individual properties, and unfortunately "Online" is a property of the top-level org.ofono.Modem interface which we really can't restrict to just urfkill. Our current plan of record is that we will provide basic unrestrictive AppArmor profiles to the following system/session processes: - NetworkManager - telepathy-ofono ( or related telepathy process/component ) - urfkill - indicator-network - nuntium ( MMS daemon ) - powerd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296415 Title: [security] please use apparmor to restrict access to ofono to approved services To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1296415/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs