Ubuntu
qtdeclarative-opensource-src package

XmlListModel with xml string triggers AppArmor denials

Bug #1661743 reported by Adnane Belmadiaf
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
qtdeclarative-opensource-src (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

XmlListModel with xml string triggers AppArmor denials, when the xml prop is set no network call should be made since the source is a just a string not a url and no source prop is set

import QtQuick 2.4
import Ubuntu.Components 1.3
import Ubuntu.Components.ListItems 1.3 as ListItem

import QtQuick.XmlListModel 2.0

import "servers_list.js" as Servers

MainView {
    objectName: "mainView"
    applicationName: "demo.daker"

    width: units.gu(50)
    height: units.gu(75)

    automaticOrientation: true
    implicitWidth: units.gu(90)
    implicitHeight: units.gu(71)

    ListItem.ItemSelector {
        id: srvSelector
        model: XmlListModel {
            id: srvModel
            xml: Servers.list
                query: "/servers/server"
                XmlRole { name: "hostname"; query: "host/string()" }
                XmlRole { name: "port"; query: "port/string()" }
            }
            containerHeight: srvSelector.itemHeight * 4

        delegate: OptionSelectorDelegate {
            text: hostname + ":" + port;
        }
    }
}

# servers_list.js
.pragma library

var list = '<?xml version="1.0" encoding="utf-8"?><servers>' +
'<server><port>80</port><host>google.com</host></server>' +
'<server><port>80</port><host>facebook.com</host></server>' +
'<server><port>80</port><host>twitter.com</host></server></servers>';

AppArmor denials :

QNetworkManagerInterface::QNetworkManagerInterface(QObject*) propsReply "An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.3076" (uid=32011 pid=4922 comm="/usr/lib/arm-linux-gnueabihf/qt5/bin/qmlscene demo") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=1705 comm="NetworkManager ")"
QNetworkManagerInterface::QNetworkManagerInterface(QObject*) nmReply "An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.3076" (uid=32011 pid=4922 comm="/usr/lib/arm-linux-gnueabihf/qt5/bin/qmlscene demo") interface="org.freedesktop.NetworkManager" member="GetDevices" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=1705 comm="NetworkManager ")"

Adnane Belmadiaf (daker)
affects: ubuntu-sdk-ide → ubuntu-ui-toolkit
affects: ubuntu-ui-toolkit → ubuntu-ui-toolkit (Ubuntu)
Cris Dywan (kalikiana)
affects: ubuntu-ui-toolkit (Ubuntu) → qtdeclarative-opensource-src (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qtdeclarative-opensource-src (Ubuntu):
status: New → Confirmed
Cris Dywan (kalikiana)
Changed in qtdeclarative-opensource-src (Ubuntu):
assignee: nobody → Timo Jyrinki (timo-jyrinki)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, IIRC this would happen on Touch but on Touch we would explicitly deny access to network manager in the networking policy group which suppressed the apparmor denial. Due to the way apparmor works and how snappy builds up interfaces, we use explicit denials extremely sparingly, which is why you may be seeing this only now.

Revision history for this message
Adnane Belmadiaf (daker) wrote :

@jdstrand the issue is not with apparmor but with XmlListModel trying to make a request(or access NM) while i am only using `xml` prop, the content provided as string so no network calls should be made i think.

https://doc.qt.io/qt-5/qml-qtquick-xmllistmodel-xmllistmodel.html#xml-prop

Timo Jyrinki (timo-jyrinki)
Changed in qtdeclarative-opensource-src (Ubuntu):
assignee: Timo Jyrinki (timo-jyrinki) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.