On 07/05/2013 04:34 PM, Jamie Strandboge wrote: > On 07/02/2013 05:06 PM, Jamie Strandboge wrote: > >> ... >> >> In essence, packaging is updated to include a JSON manifest file and then >> updated to produce/install the apparmor policy and then load it into the >> kernel. >> The JSON security manifest will be a part of the larger click package >> manifest, >> but can also stand alone and be used with traditional packaging. Tools for >> using >> the security manifest with traditional Debian/Ubuntu packaging are in saucy >> now, >> with click package hooks coming online soon. >> >> I've created a wiki page[2] to describe the JSON structure, the meaning of >> the >> various parts, and how to use aa-easyprof in Click and traditional packaging. >> Some ideas on integrating this work: >> * generate a preliminary security manifest based on the type of application >> that is being created. If Ubuntu Simple/Tabbed Touch UI, use the >> ubuntu-sdk template with the qmlscene and qmlscene-sqlite policy groups. >> If >> a Ubuntu HTML5 Touch UI, use the ubuntu-sdk-html5 template with the >> qmlscene, qmlscene-webview and networking policy groups >> * prefill the manifest with entries based on the click packaging manifest[3] >> * follow the guidelines for using the manifest in traditional packaging[4] >> * in the short term, app developers could then modify the manifest from the >> SDK (nice JSON syntax highlighting and checking would be helpful), but >> eventually, provide some sort of a GUI that the app developer could use to >> pick and choose different policy groups. Right now, there aren't very many >> policy groups, but you can enumerate them with aa-easyprof and then expose >> them to the user as checkboxes. In the long run, it would be cool for the >> SDK to detect which policy groups are needed based on what the developer >> is doing with the code. >> * start fixing paths used by SDK applications to work within our application >> confinement strategy[5] (against ubuntu-qtcreator-plugins and tagged with >> 'application-confinement') > > We've simplified this even more for click packaging[1] with a very reduced > security section of the manifest with many required sections handled > automatically. This should allow for the SDK to prefill the security section > of > the manifest with the basename of the desktop file as the profile name and set > the policy version (which could also be automated to use the highest version > on > the system). The click package apparmor hook will take care of the rest. > Policy > groups are now simplified such that the SDK could take the output of > 'aa-easyprof --policy-vendor=ubuntu --policy-version=1.0 --list-policy-groups' > and shove that list into GUI checkboxes for developers to choose from (ie, it > could be dynamic and the SDK wouldn't be required to have any knowledge of the > app or apparmor policy groups, but new policy groups would show up > automatically > without code changes). > > Traditional Debian/Ubuntu packaging will still need to prefill more fields > for now. > > [1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click >
After more discussions surrounding click packaging hooks, desktop files and apparmor policy[1], the click manifest changed in a way that affects the SDK work and click packaging for core apps. Please see the security manifest documentation for details[2] for our part. Click documentation should be updated soon. (sorry, but this should be it and it will hopefully not be too difficult to change) Jamie [1]https://lists.launchpad.net/ubuntu-appstore-developers/msg00280.html [2]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss