You have been subscribed to a public bug:
This affects vivid and (somewhat recently?) 14.09.
At some point, apps started to request access to
org.freedesktop.Accounts for something, but I'm not sure what. It has
been conjectured in this bug that it is due to vibration settings.
Filing against ubuntu-system-settings for now, but please feel free to
move to the correct package.
This happens with webapps:
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=2632
profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26"
peer_pid=1596 peer_profile="unconfined"
and QML apps:
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts" member="FindUserById" mask="send"
name="org.freedesktop.Accounts" pid=3377
profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596
peer_profile="unconfined"
The following rules allow the requested access:
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.DBus.{Introspectable,Properties}"
member=Introspect
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts"
interface="org.freedesktop.Accounts"
member=FindUserById
peer=(name=org.freedesktop.Accounts,label=unconfined),
dbus (send)
bus=system
path="/org/freedesktop/Accounts/User[0-9]*"
interface="org.freedesktop.DBus.Properties"
member=Get
peer=(name=org.freedesktop.Accounts,label=unconfined),
However, the above is too lenient and constitutes a privacy leak for
apps. FindUserById could be used by a malicious app to enumerate
usernames on multiuser systems and because we can't mediate method data
with apparmor, the Get() method can be used to obtain any information
provided by this interface.
The following can be used to see what can be leaked to a malicious app:
gdbus introspect --system -d org.freedesktop.Accounts -o
/org/freedesktop/Accounts/User`id -u phablet`
This can be solved in a couple of ways:
1. add whatever information the app is trying to access to a new helper service
that only exposes things that the app needs. This could be a single standalone
service, perhaps something from ubuntu-system-settings, that could expose any
number of things-- the current locale, if the locale changed, if the grid units
changed, the vibration settings, etc. Since this service wouldn't have any
sensitive information, you could use standard dbus properties/Get()/etc
2. add a new dbus API to an existing service such that apparmor rules can then
be used to allow by method (eg, GetVibration() or something)
I won't dictate the implementation except to mention that '1' seems like
something generally useful and I believe that it was something the
ubuntu-system-settings devs were already looking at for detecting locale
changes without rebooting.
Original description
starting an app in vivid (image 135 on arale currently)
produces a bunch of dbus denials in syslog ... (there is also a /dev/tty
one but i think this is just because soemthing tries to write an error
to console ... so transient)
http://paste.ubuntu.com/10620834/
** Affects: apparmor-easyprof-ubuntu (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Affects: ubuntu-ui-toolkit (Ubuntu)
Importance: Undecided
Status: New
** Tags: application-confinement
--
apparmor dbus denial for org.freedesktop.Accounts
https://bugs.launchpad.net/bugs/1433590
You received this bug notification because you are a member of Ubuntu SDK bug
tracking, which is subscribed to ubuntu-ui-toolkit in Ubuntu.
--
Mailing list: https://launchpad.net/~ubuntu-sdk-bugs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-sdk-bugs
More help : https://help.launchpad.net/ListHelp
