Public bug reported: The trust-store currently caches the full APP_ID. For most trusted helpers this will likely result in too many prompts (eg, an app that is frequently updated will require users to answer questions they previously answered). In addition to a less than ideal user experience, it also desensitizes the user wrt the prompting. We should strive to prompt just enough and at the right time.
Per the security team, trust-store should by default use versionless caching, with the option to use the version for those trusted helpers that may need it. As such, if the APP_ID is '<pkgname>_<appname>_<version>', then by default the user should be prompted for '<pkgname>_<appname>', and this is the value that should be cached. Precaching should also support this. It should be easy for a trusted helper to opt into using a version if that is needed. Note: versionless caching does mean that an earlier version of an app might have one set of permissions and then a later version might have expanded permissions which could somehow expose the now cached access to information. Users aren't expected to review app security policy though and as such, prompting on version doesn't actually solve this. Users sensitive to this issue are in a position to revoke trust-store permissions and to apply policy group overrides. If it is determined that versionless caching with expanding future permissions is a real concern, the trust-store can be adjusted to cache the click security policy from /var/lib/apparmor/clicks of the connecting app as well, and only reprompt if it changes. ** Affects: trust-store Importance: Undecided Status: New ** Affects: trust-store (Ubuntu) Importance: Critical Status: New ** Tags: rtm14 ** Tags added: rtm14 ** Also affects: trust-store (Ubuntu) Importance: Undecided Status: New ** Changed in: trust-store (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1356343 Title: please support versionless APP_ID caching/precaching To manage notifications about this bug go to: https://bugs.launchpad.net/trust-store/+bug/1356343/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs