Is this actually an issue for confined apps? Mirco and I looked at this
before and I thought there was a separate DBus API for snap decisions.
Apps aren't allowed to use snap decisions IIRC, but may use the push-
notification-client policy group:
# Description: Can use push notifications as a client
# Usage: common
dbus (receive, send)
bus=session
interface=com.ubuntu.PushNotifications
path=/com/ubuntu/PushNotifications/@{APP_PKGNAME_DBUS}{,/**},
dbus (receive, send)
bus=session
interface=com.ubuntu.Postal
path=/com/ubuntu/Postal/@{APP_PKGNAME_DBUS}{,/**},
Are snap decisions somehow following under the above paths/interfaces?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1306769
Title:
pinlock snap decision potentially allows malicious app to gain access
to user PIN and Passcode
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
