Trying to revive 'ubtd' (Bluetooth file transfer)
-
Well, good news! With the "unconfined" AA profile, the app works
The phone successfully received a
.jpegfile sent over BT from my laptop:
Xiaomi Mi A2 (16.04 OTA-25/stable) with 2 SIMs
Daily driver: Google Pixel 3a (20.04 OTA-11/stable) [was: Nokia N900 (Maemo) from 2009]. -
Great ! have happy file exchanges with your car
-
@PhAndersson said in Trying to revive 'ubtd' (Bluetooth file transfer):
Well, good news! With the "unconfined" AA profile, the app works
The phone successfully received a
.jpegfile sent over BT from my laptop:Congrats, So some changes are needed on UT to make it work ?
-
@gpatel-fr said in Trying to revive 'ubtd' (Bluetooth file transfer):
Great ! have happy file exchanges with your car
That won't work yet, unfortunately. For this, I need the SharePlugin to work. That one still crashes as soon as I select it which causes the phone to restart.
More troubleshooting needed
-
@lduboeuf said in Trying to revive 'ubtd' (Bluetooth file transfer):
Congrats, So some changes are needed on UT to make it work ?
If your question is: did I need to hack my phone to make the app work in its current state, then the answer is no. As suggested by @gpatel-fr, I just gave it an "unconfined" AA profile (which I understand would prevent me from publishing it on the OpenStore).
So eventually an updated
bluetoothAppArmor Policy Group would be needed, I guess (or a extra one dedicated to OBEX). -
@PhAndersson I think any spawning of external processes that are not inside the app's
~/.local/sharedirectory require unconfined. And in this case, unconfined would be required since it's using some system executable. -
@projectmoon said in Trying to revive 'ubtd' (Bluetooth file transfer):
I think any spawning of external processes that are not inside the app's ~/.local/share directory require unconfined.
If 'running an external process' means 'activating a service' via dbusk, not 'spawning', it can be done from confined I think. I did not check how exactly is working this application.
-
@PhAndersson said in Trying to revive 'ubtd' (Bluetooth file transfer):
prevent me from publishing it on the OpenStore
Not sure of that actually, there are applications with a big red scary warning, that do not prevent them to be published.
Also, IIRC the idea on phone OS is that the app is shipped with granular authorizations policy and the user grant these rights or not. I don't see why you could not ship a granular apparmor policy for the app if you wanted to do so.
-
@gpatel-fr said in Trying to revive 'ubtd' (Bluetooth file transfer):
@PhAndersson said in Trying to revive 'ubtd' (Bluetooth file transfer):
prevent me from publishing it on the OpenStore
Not sure of that actually, there are applications with a big red scary warning, that do not prevent them to be published.
Also, IIRC the idea on phone OS is that the app is shipped with granular authorizations policy and the user grant these rights or not. I don't see why you could not ship a granular apparmor policy for the app if you wanted to do so.
For such application to be exposed to the Openstore one will have to ask the Openstore team for validation/ review
-
@gpatel-fr said in Trying to revive 'ubtd' (Bluetooth file transfer):
@projectmoon said in Trying to revive 'ubtd' (Bluetooth file transfer):
I think any spawning of external processes that are not inside the app's ~/.local/share directory require unconfined.
If 'running an external process' means 'activating a service' via dbusk, not 'spawning', it can be done from confined I think. I did not check how exactly is working this application.
Yes, that was my experience as well. Even with an enforcing AA profile, my app was able to ask D-Bus to start the OBEX daemon if needed.
Only certain types of D-Bus requested are blocked by AA (such as
AuthorizePush-- see log extract in one of my posts above). -
@PhAndersson said in Trying to revive 'ubtd' (Bluetooth file transfer):
certain types of D-Bus requested are blocked by AA (such as AuthorizePush
I have actually taken a look at the ubtd code and as I understand it AuthorizePush is a method defined by ubtd for obex.
Looking at the Ubuntu touch bluez code with some dismay, it seems that this method is defined quite officially to allow the obex daemon to send data to a client, squarely fitting your use case, so why is there no apparmor policy for that ? As a wild guess, it looks like an oversight by Canonical that was forwarded by Ubuntu Touch - or even an oversight by Debian, forwarded by Canonical, forwarded by Ubuntu Touch. Maybe a bluetooth policy should exist.
Or maybe it already exists ? looking at usr.sbin.cupsd in my Kubuntu 24.04 installation, I see a string 'network bluetooth'. Maybe adding that to your apparmor profile could strike gold ? Absolutely wild guess of course
