I can create an evernote account with these rules: owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/ rw, owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/** mrwkl, dbus (send) bus=session path="/com/google/code/AccountsSSO/Accounts/Manager" interface="com.google.code.AccountsSSO.Accounts.Manager" member="store" peer=(name=com.google.code.AccountsSSO.Accounts.Manager,label=unconfined),
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1219644 Title: Account plugins should be made confinable by apparmor Status in tools to review click packages: Confirmed Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in ubuntu-system-settings-online-accounts package in Ubuntu: New Bug description: With the current implementation, the QML files for account plugins are executed by the Online Accounts QML applet which in turn is executed within the System Settings process, which probably means that malicious account plugins could control everything that the System Settings process can (like entering/exiting the flight mode). Account plugins (or the Online Accounts applet itself) should probably be run in a separate process, which could then be assigned a stricter confinement with apparmor. To manage notifications about this bug go to: https://bugs.launchpad.net/click-reviewers-tools/+bug/1219644/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp