Display manager security work in support of application isolation

Registered by Jamie Strandboge on 2013-03-25

Work tracking security hooks/AppArmor integration with the display manager.

Blueprint information

Status:
Started
Approver:
Jamie Strandboge
Priority:
High
Drafter:
Steve Beattie
Direction:
Approved
Assignee:
Steve Beattie
Definition:
Approved
Series goal:
Accepted for trusty
Implementation:
Started
Milestone target:
milestone icon ubuntu-14.04
Started by
Jamie Strandboge on 2013-10-17

Related branches

Sprints

Whiteboard

Finish postponed work items from https://blueprints.launchpad.net/ubuntu/+spec/appdev-1303-appisolation-display-manager

2013-08-01 jdstrand> Mir will handle keyboard/mouse/screen grab (no security hooks required at this time)
2013-08-01 jdstrand> drag and drop currently deferred
2013-08-01 jdstrand> clipboard under discussions (possibly via content picker for 13.10)

(?)

Work Items

Work items for ubuntu-13.07:
[jdstrand] identify high-level mediation points for Mir: DONE

Work items for ubuntu-13.09:
[seth-arnold] review Mir client protocol: DONE
[seth-arnold] review display manager ipc security: DONE

Work items for ubuntu-13.11:
[jdstrand] review current maliit implementation and /dev/input/* (ie, try to break keyboard/mouse sniffing barrier): DONE

Work items for ubuntu-14.03:
[seth-arnold] review new maliit/mir implementation (ie, try to break keyboard/mouse sniffing barrier): POSTPONED

Work items for later:
finish audit (ie logging) portion of test prototype: POSTPONED
submit initial libapparmor API for clipboard access: BLOCKED
[sbeattie] implement clipboard AppArmor mediation for Mir - policy language: BLOCKED
[sbeattie] implement clipboard AppArmor mediation for Mir - parser: BLOCKED
[sbeattie] implement clipboard AppArmor mediation for Mir - libapparmor: BLOCKED
[sbeattie] implement clipboard AppArmor mediation for Mir - kernel: BLOCKED
[sbeattie] submit initial libapparmor API for drag&drop access: BLOCKED
[sbeattie] implement drag&drop AppArmor mediation for Mir - policy language: BLOCKED
[sbeattie] implement drag&drop AppArmor mediation for Mir - parser: BLOCKED
[sbeattie] implement drag&drop AppArmor mediation for Mir - libapparmor: BLOCKED
[sbeattie] implement drag&drop AppArmor mediation for Mir - kernel: BLOCKED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.