Application isolation for Ubuntu

Registered by Jamie Strandboge on 2014-05-02

Work for application confinement for Ubuntu application ecosystem

Blueprint information

Status:
Complete
Approver:
Marc Deslauriers
Priority:
High
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
Jamie Strandboge
Definition:
Approved
Series goal:
Accepted for utopic
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-14.10
Started by
Jamie Strandboge on 2014-05-23
Completed by
Jamie Strandboge on 2014-10-23

Related branches

Sprints

Whiteboard

jdstrand> work carried over from https://blueprints.launchpad.net/ubuntu/+spec/security-t-appisolation-sdk
jdstrand> appstore submissions: no signing, https verification, not charging, etc
jdstrand> as of 2014-06-17, global media collection, global calendar and global contacts will not be supported for RTM.
jdstrand> 'move hardware/ snippets to lxc-android-config (ie, finish LP: #1197133)' is blocked on phonedations. Per ogra on 2014-07-16, we should be "shipping them per device in the device tarball and bind mount[ing] them on boot"

(?)

Work Items

Work items for ubuntu-14.05:
[jdstrand] adjust apparmor-easyprof-ubuntu to add 1.2 policy: DONE
[jdstrand] adjust click-apparmor for 14.10 (1.2) policy: DONE
[jdstrand] add temporary apparmor policy for mediascanner2 (bug #1319065): DONE
[jdstrand] update apparmor-easyprof-ubuntu to work with new autopilot rules: DONE
[jdstrand] write ubuntu-scope-filesystem apparmor template: DONE
[jdstrand] write ubuntu-scope-network apparmor template: DONE

Work items for ubuntu-14.06:
[jdstrand] remove temp policy and add real policy for mediascanner2 (LP: #1303962): DONE
[jdstrand] add policy for mediascanner2 service (LP: #1319065): DONE
[jdstrand] investigate limiting ofono access (bug #1296415): DONE
[mdeslaur] review appstore submission and upload process and submit to list: DONE
[thomas-voss] ensure media playback binder service has apparmor integration if needed (contact: tvoss, jhodapp): DONE
[jdstrand] ensure mediascanner2 has trust store integration for access to global media collection (contact: jamesh, LP: #1303962, LP: #1315381, not for RTM): DONE
[jdstrand] ensure media-hub has trust store integration for access to global media collection (LP: #1315381, contact: jhodapp, not for RTM): DONE
[jdstrand] ensure e-d-s has trust store integration for global calendar (contact: bfiller, LP: #1227824, not for RTM): DONE
[jdstrand] ensure address-book-app/contacts service/e-d-s has trust store integration for global contacts (contact: bfiller, LP: #1227821, not for RTM): DONE
[jdstrand] adjust click-apparmor to add APP_PKGNAME_DBUS: DONE
[jdstrand] adjust click-apparmor to add APP_APPNAME: DONE
[tyhicks] review trust session and lp:trust-store for pid/APP_ID/apparmor/etc: DONE

Work items for ubuntu-14.07:
[tyhicks] review location-service use of lp:trust-store: DONE
[seth-arnold] review trust-store implementation: DONE
[jdstrand] add policy group override (blacklist) functionality: DONE
[jdstrand] add push-notification-client policy group and adjust click-reviewers-tools for push-helper policy: DONE
[jdstrand] ensure camera-service has trust store/apparmor integration (LP: #1230366, contact: jhodapp): DONE
[jdstrand] ensure online accounts has mir trusted session support (contact: mardy): DONE
[jdstrand] ensure location-service has trust store integration (contact: tvoss, LP: #1219164): DONE
[jdstrand] ensure pulseaudio has trust store integration (LP: #1224756, contact: tvoss): DONE
[pat-mcgowan] ensure friends has trust store integration if friends is needed (LP: #1231737 - not needed): DONE
[jdstrand] adjust click reviewers tools to be self-contained wrt policy and frameworks: DONE

Work items for ubuntu-14.08:
[tyhicks] adjust apparmor to ship /etc/apparmor/parser.conf to specify hardware specific accesses include directory: DONE
[seth-arnold] review scopes proxy: POSTPONED
[jdstrand] adjust apparmor-easyprof-ubuntu to use relative paths for hardware specific includes: POSTPONED

Work items for later:
[sbeattie] click-apparmor should maybe handle better when apparmor is not enabled/available/ (eg, apparmor disabled, parser uninstalled, in lxc, etc): POSTPONED
[jdstrand] add --dbus-path option to apparmor-easyprof: POSTPONED
[jdstrand] adjust click-apparmor to use libclick: POSTPONED
[jdstrand] create a policy group override daemon: POSTPONED
[jdstrand] create a policy group override GUI: POSTPONED
[jdstrand] move hardware/ snippets to lxc-android-config (ie, finish LP: #1197133): POSTPONED
[jdstrand] add policy for InfographicConfinement: BLOCKED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.