FYI, attached is the apparmor policy needed for the current
implementation of the connectivity API. I compiled
example_networking_status.cpp as example_networking_status.armhf, then
on mako, I ran:
$ sudo apparmor_parser -r ./example_networking_status.profile && aa-exec -p
example_networking_status -- ./example_networking_status.armhfSystem networking
status changed to: offline
System networking status changed to: connecting
System networking status changed to: online
...
Currently there are a lot of accesses that the connectivity-api example app
needs:
# URfkill
dbus (receive, send)
bus=system
path=/org/freedesktop/URfkill/*
interface=org.freedesktop.DBus.Properties
member={Get,PropertiesChanged},
dbus (receive)
bus=system
path=/org/freedesktop/URfkill
interface=org.freedesktop.URfkill
member=DeviceChanged,
dbus (receive)
bus=system
path=/org/freedesktop/URfkill/*
interface=org.freedesktop.URfkill.Killswitch
member=StateChanged,
dbus (send)
bus=system
path=/org/freedesktop/URfkill
interface=org.freedesktop.URfkill
member=IsFlightMode,
dbus (receive)
bus=system
path=/org/freedesktop/URfkill
interface=org.freedesktop.URfkill
member=FlightModeChanged,
# NetworkManager
dbus (send)
bus=system
path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=GetDevices,
dbus (send)
bus=system
path=/org/freedesktop/NetworkManager{,/Devices/*}
interface=org.freedesktop.DBus.Properties
member=Get,
dbus (receive)
bus=system
path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member={PropertiesChanged,StateChanged},
dbus (receive)
bus=system
path=/org/freedesktop/NetworkManager/Devices/*
interface=org.freedesktop.NetworkManager.Device{,.*}
member={PropertiesChanged,StateChanged},
dbus (send)
bus=system
path=/org/freedesktop/NetworkManager/Devices/*
interface=org.freedesktop.NetworkManager.Device.Wireless
member=GetAccessPoints,
dbus (receive)
bus=system
path=/org/freedesktop/NetworkManager/Devices/*
interface=org.freedesktop.NetworkManager.Device.Wireless
member={AccessPointAdded,AccessPointRemoved,ScanDone},
dbus (send)
bus=system
path=/org/freedesktop/NetworkManager/AccessPoint/*
interface=org.freedesktop.NetworkManager
member=Get,
dbus (send)
bus=system
path=/org/freedesktop/NetworkManager/{AccessPoint,ActiveConnection}/*
interface=org.freedesktop.DBus.Properties
member=Get,
dbus (receive)
bus=system
path=/org/freedesktop/NetworkManager/AccessPoint/*
interface=org.freedesktop.NetworkManager.AccessPoint
member=PropertiesChanged,
dbus (receive)
bus=system
path=/org/freedesktop/NetworkManager/ActiveConnection/*
interface=org.freedesktop.NetworkManager.Connection.Active
member=PropertiesChanged,
As you can see, the NetworkManager DBus API is vast and AppArmor policy for it
would be brittle. More importantly, the Get methods leak information that apps
should not have. If the simplified helper is very simple-- ie, it provides if
offline, connecting, online, on expensive connections, etc along with
PropertiesChanged, etc, then it won't need trust-store support, and just be a
helper that any app could have unrestricted access to. As such, instead of the
above rules (which we can't allow), we could do something like:
dbus (receive, send)
bus=session
path=/com/ubuntu/Connectivity,
Thanks!
--
You received this bug notification because you are a member of Unity API
bugs, which is subscribed to Network Menu.
https://bugs.launchpad.net/bugs/1341548
Title:
Online detection does not work with confined apps on Nexus 4
Status in dekko:
Incomplete
Status in Network Menu:
Triaged
Bug description:
Dekko is not detecting if Online correctly. If I look at the server
logs, I don't see anything in the email server logs for dekko to
connect. If I look in ~/.cache/upstart/application-click-
com.ubuntu.developer.dpniel.dekko_dekko_0.2.2.log, I don't see
anything about connecting. If I click the globe in dekko, I see that
it is in offline mode and selecting one of the others seems to make no
difference (I see nothing in the server logs and the upstart logs) and
the setting doesn't stick (ie, it *always* says 'Offline mode').
I thought this might be bug #1226844, but if I adjust
/var/lib/apparmor/profiles/*dekko* to remove 'deny' from in front of
the NetworkManager and ofono rules and run apparmor_parser -r
/var/lib/apparmor/profiles/*dekko*, there are no denials but it still
doesn't detect if I am online or not when on 3G.
If I get on wifi instead of 3G, dekko can detect if I am online if I
apply the apparmor changes I mentioned above (though, there are still
NetworkManager dbus denials).
For dekko to work as a confined application (ie, shipped in the Ubuntu
App Store) it is going to need to operate without these NetworkManager
and ofono DBus APIs, because they are not allowed to app store apps.
Previous description:
In addidtion to TLS on port 143, it would be nice to support imaps on port
993.
To manage notifications about this bug go to:
https://bugs.launchpad.net/dekko/+bug/1341548/+subscriptions
--
Mailing list: https://launchpad.net/~unity-api-bugs
Post to : unity-api-bugs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~unity-api-bugs
More help : https://help.launchpad.net/ListHelp
