Application Confinement (Online Accounts)

Registered by Marc Deslauriers

Acceptance criteria for July:
Goal: Developers can integrate AppArmor into online accounts

Acceptance criteria for August:
Goal: Users receive a contextual runtime prompt when an app uses online accounts

Blueprint information

Status:
Started
Approver:
Jamie Strandboge
Priority:
High
Drafter:
Marc Deslauriers
Direction:
Approved
Assignee:
Tyler Hicks
Definition:
Approved
Series goal:
Accepted for trusty
Implementation:
Needs Code Review
Milestone target:
milestone icon ubuntu-14.04
Started by
Jamie Strandboge

Related branches

Sprints

Whiteboard

Previous description: "
Discuss how to improve Online Accounts security for applications running within the same user context. For example, if application 'facebook-foo' is installed from extras, how can we:
 * prevent it from accessing account information for Twitter?
 * prevent it from accessing all online accounts information (is DBus mediation via apparmor enough?)
 * allow access to only account information for facebook

Why do we have two different ways of handling credentials (online accounts and gnome-keyring)? What other scenarios should be handled? Should this be integrated with AppArmor and if so, what would it look like?
"

jdstrand, 2013-04-10> Retargeted from raring to s-series
jdstrand, 2013-10-03> blocked on bug #1230091

(?)

Work Items

Work items for ubuntu-13.07:
[mardy] investigate how to protect the accounts db (ie, the settings. maybe dbus api, maybe only allows read-only access to the accounts db via apparmor, maybe use the hash. first iteration, ro?): DONE

Work items for ubuntu-13.08:
[mardy] extend signond's plugin interface to allow the security plugins to make run-time decisions, asynchronously: DONE
[mpt] design contextual runtime prompt for online accounts: DONE
[jdstrand] add accounts policy group to apparmor-easyprof-ubuntu: DONE

Work items for ubuntu-13.10:
[jdstrand] adjust evilapp to test online accounts access: POSTPONED

Work items:
[jdstrand] adjust security checks to verify desktop files don't specify the interpreter (AppDevUploadProcess) (high) (0.5): DONE

Work items for ubuntu-14.08:
[mardy] write a security plugin for online accounts: DONE
[mardy] add security plugin to Ubuntu package: DONE
[mardy] add ability in online accounts to display contextual runtime prompt and use the answer to grant/deny access to an account: DONE
[thomas-voss] implement trust session support (formerly LP: #1230091): DONE

Dependency tree

* Blueprints in grey have been implemented.