Application confinement, manifests and the Ubuntu SDK

Fri Jul 5 21:34:56 UTC 2013

On 07/02/2013 05:06 PM, Jamie Strandboge wrote:

> ...
> 
> In essence, packaging is updated to include a JSON manifest file and then
> updated to produce/install the apparmor policy and then load it into the kernel.
> The JSON security manifest will be a part of the larger click package manifest,
> but can also stand alone and be used with traditional packaging. Tools for using
> the security manifest with traditional Debian/Ubuntu packaging are in saucy now,
> with click package hooks coming online soon.
> 
> I've created a wiki page[2] to describe the JSON structure, the meaning of the
> various parts, and how to use aa-easyprof in Click and traditional packaging.
> Some ideas on integrating this work:
>  * generate a preliminary security manifest based on the type of application
>    that is being created. If Ubuntu Simple/Tabbed Touch UI, use the
>    ubuntu-sdk template with the qmlscene and qmlscene-sqlite policy groups. If
>    a Ubuntu HTML5 Touch UI, use the ubuntu-sdk-html5 template with the
>    qmlscene, qmlscene-webview and networking policy groups
>  * prefill the manifest with entries based on the click packaging manifest[3]
>  * follow the guidelines for using the manifest in traditional packaging[4]
>  * in the short term, app developers could then modify the manifest from the
>    SDK (nice JSON syntax highlighting and checking would be helpful), but
>    eventually, provide some sort of a GUI that the app developer could use to
>    pick and choose different policy groups. Right now, there aren't very many
>    policy groups, but you can enumerate them with aa-easyprof and then expose
>    them to the user as checkboxes. In the long run, it would be cool for the
>    SDK to detect which policy groups are needed based on what the developer
>    is doing with the code.
>  * start fixing paths used by SDK applications to work within our application
>    confinement strategy[5] (against ubuntu-qtcreator-plugins and tagged with
>    'application-confinement')

We've simplified this even more for click packaging[1] with a very reduced
security section of the manifest with many required sections handled
automatically. This should allow for the SDK to prefill the security section of
the manifest with the basename of the desktop file as the profile name and set
the policy version (which could also be automated to use the highest version on
the system). The click package apparmor hook will take care of the rest. Policy
groups are now simplified such that the SDK could take the output of
'aa-easyprof --policy-vendor=ubuntu --policy-version=1.0 --list-policy-groups'
and shove that list into GUI checkboxes for developers to choose from (ie, it
could be dynamic and the SDK wouldn't be required to have any knowledge of the
app or apparmor policy groups, but new policy groups would show up automatically
without code changes).

Traditional Debian/Ubuntu packaging will still need to prefill more fields for now.

[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20130705/86201dd7/attachment.sig>