Ubuntu
address-book-app package

client apps using qtdeclarative5-ubuntu-contacts0.1 accesses the /org/freedesktop/Telepathy DBus API

Bug #1227818 reported by Jamie Strandboge on 2013-09-19

10

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	address-book-app (Ubuntu)	Fix Released	High	Renato Araujo Oliveira Filho
	Saucy	Won't Fix	High	Renato Araujo Oliveira Filho
	Trusty	Fix Released	Undecided	Unassigned
	apparmor-easyprof-ubuntu (Ubuntu)	Fix Released	Undecided	Jamie Strandboge
	Saucy	Fix Released	Undecided	Unassigned
	Trusty	Won't Fix	Undecided	Unassigned

Bug Description

Using this:

import Ubuntu.Contacts 0.1
...
Tab {
title: i18n.tr("Contacts")

    page: Page {
        ContactListView {
            anchors.fill: parent
            onContactClicked: console.debug("Contact ID:" + contact.contactId)
        }
}

In addition to using com.canonical.pim, it also accesses:
org.freedesktop.Telepathy.AccountManager
org.freedesktop.Telepathy.ChannelDispatcher

I saw this when profiling applications for apparmor policy groups. Here are the apparmor rules I needed to list the contacts on my desktop system:
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/AccountManager
     peer=(name=org.freedesktop.Telepathy.AccountManager),
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/ChannelDispatcher
     peer=(name=org.freedesktop.Telepathy.ChannelDispatcher),
dbus (receive, send)
     bus=session
     path=/org/freedesktop/Telepathy/Account/**
     member=Get{,All}
     peer=(name=org.freedesktop.Telepathy.AccountManager),

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-09-19:

#1

Adding a task for apparmor-easyprof-ubuntu. It is going to ship a reserved policy group for contacts and as a workaround it will include these accesses. It would be nice to have clients not access org.freedesktop.Telepathy directly.

Bill Filler (bfiller) on 2013-09-19

Changed in address-book-app (Ubuntu Saucy):
importance:	Undecided → High
assignee:	nobody → Renato Araujo Oliveira Filho (renatofilho)
status:	New → Confirmed

Revision history for this message

Renato Araujo Oliveira Filho (renatofilho) wrote on 2013-09-19:

#2

removing the package; libfolks-telepathy25

should avoid that.

Revision history for this message

Renato Araujo Oliveira Filho (renatofilho) wrote on 2013-09-19:

#3

I found the problem the contact list is importing the telephony module, I am not sure the reason for that I need to confirm with boiko or tiago tomorrow.

This diff fix the problem:

=== modified file 'src/imports/Ubuntu/Contacts/ContactSimpleListView.qml'
--- src/imports/Ubuntu/Contacts/ContactSimpleListView.qml 2013-09-12 21:46:40 +0000
+++ src/imports/Ubuntu/Contacts/ContactSimpleListView.qml 2013-09-19 23:23:14 +0000
@@ -18,7 +18,7 @@
import QtContacts 5.0
import Ubuntu.Components 0.1
import Ubuntu.Components.ListItems 0.1 as ListItem
-import Ubuntu.Telephony 0.1
+//import Ubuntu.Telephony 0.1

import "ContactList.js" as Sections

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-10-11:

#4

Adding t tasks since this doesn't look like it will be fixed for 13.10.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status:	New → Won't Fix

Revision history for this message

Bill Filler (bfiller) wrote on 2013-10-11:

#5

this is actually fixed with address-book-app release 0.2+13.10.20131011-0ubuntu1 which should hit an image soon

Changed in address-book-app (Ubuntu Saucy):
status:	Confirmed → Fix Committed
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status:	Won't Fix → Fix Committed

Pat McGowan (pat-mcgowan) on 2014-01-13

Changed in address-book-app (Ubuntu Trusty):
status:	New → Fix Released
Changed in address-book-app (Ubuntu Saucy):
status:	Fix Committed → Won't Fix

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-29:

#6

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status:	New → Confirmed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-08-06:

#7

Workaround policy was added to apparmor-easyprof-ubuntu in 13.10 so marking Fix Released. This policy was not removed in 14.04 like it should've been when address-book-app was fixed, so marking "Won't Fix". I'll fix 14.10 policy in 1.2.16.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status:	Fix Committed → Fix Released
Changed in apparmor-easyprof-ubuntu (Ubuntu Trusty):
status:	Confirmed → Won't Fix
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status:	Confirmed → In Progress
assignee:	nobody → Jamie Strandboge (jdstrand)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-08-11:

#8

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.16

---------------
apparmor-easyprof-ubuntu (1.2.16) utopic; urgency=medium

  * ubuntu/1.2/connectivity: update to use upcoming connectivity DBus API
    (LP: #1341548)
  * ubuntu/1.[12]/contacts: remove workaround policy since address-book-app
    no longer uses the telepathy API (LP: #1227818)
  * ubuntu/*: explicitly deny rw access to /dev/fb0. It is both dangerous and
    noisy with the camera app
  * ubuntu/ubuntu-webapp: receive application-specific Open on
    org.freedesktop.Application to allow url-dispatcher working with already
    running webapps (LP: #1342129)
-- Jamie Strandboge <email address hidden> Thu, 07 Aug 2014 13:19:59 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.