Webview apparmor
-
Hi,
I use UBports RC release with my pixel3a and when I start application with a custom WebEngineProfile as uteezer https://github.com/Tafitson/uteezer/blob/main/app/Main.qml apparmor denied access.phablet@ubuntu-phablet:~$ dmesg | grep denied [ 4.820103] init: Command 'write /sys/devices/system/cpu/cpu0/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:106) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu0/online': open() failed: Permission denied [ 4.820280] init: Command 'write /sys/devices/system/cpu/cpu1/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:107) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu1/online': open() failed: Permission denied [ 4.820433] init: Command 'write /sys/devices/system/cpu/cpu2/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:108) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu2/online': open() failed: Permission denied [ 4.820582] init: Command 'write /sys/devices/system/cpu/cpu3/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:109) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu3/online': open() failed: Permission denied [ 4.820871] init: Command 'write /sys/devices/system/cpu/cpu4/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:110) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu4/online': open() failed: Permission denied [ 4.821022] init: Command 'write /sys/devices/system/cpu/cpu5/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:111) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu5/online': open() failed: Permission denied [ 4.823653] init: Command 'write /sys/devices/system/cpu/cpu6/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:112) took 2ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu6/online': open() failed: Permission denied [ 4.823881] init: Command 'write /sys/devices/system/cpu/cpu7/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:113) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu7/online': open() failed: Permission denied [ 75.263007] audit: type=1400 audit(1666041558.975:142): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/proc/6378/setgroups" pid=6378 comm="qmlscene" requested_mask="w" denied_mask="w" fsuid=32011 ouid=32011 [ 75.361540] audit: type=1400 audit(1666041559.071:143): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/proc/sys/kernel/yama/ptrace_scope" pid=6381 comm="QtWebEngineProc" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0 [ 75.390934] audit: type=1400 audit(1666041559.101:144): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/sys/devices/system/cpu/cpu0/regs/identification/midr_el1" pid=6347 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0 [ 75.425676] audit: type=1400 audit(1666041559.138:145): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/proc/sys/fs/inotify/max_user_watches" pid=6347 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0 [ 75.755764] audit: type=1400 audit(1666041559.468:147): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/proc/6347/loginuid" pid=6347 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011 [ 75.896404] audit: type=1400 audit(1666041559.608:148): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/proc/6401/oom_score_adj" pid=6347 comm="ThreadPoolSingl" requested_mask="wc" denied_mask="wc" fsuid=32011 ouid=32011 [ 75.900533] audit: type=1400 audit(1666041559.611:149): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/sys/devices/system/cpu/cpu0/regs/identification/midr_el1" pid=6401 comm="QtWebEngineProc" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0 [ 75.942251] audit: type=1400 audit(1666041559.654:150): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/home/phablet/.cache/qtshadercache-arm64-little_endian-lp64/5cc098bc5354d98253495e89cc26ca4ba78a3a15" pid=6347 comm="QSGRenderThread" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011 [ 75.991330] audit: type=1400 audit(1666041559.701:151): apparmor="DENIED" operation="open" profile="uteezer.tafitson_uteezer_0.7.3" name="/home/phablet/.cache/qtshadercache-arm64-little_endian-lp64/#2557890" pid=6347 comm="QSGRenderThread" requested_mask="wr" denied_mask="wr" fsuid=32011 ouid=32011
The policy https://github.com/Tafitson/uteezer/blob/main/uteezer.apparmor seems good and I've this problem with all applications started with a custom custom WebEngineProfile.
If someone have an idea -
Hello,
I've installed with the installer 0.9.7-beta the stable/rc and devel version on my pixel3a and I've some errors with apparmor. For each version I've wipe datahablet@ubuntu-phablet:~$ sudo dmesg | grep denied [ 5.052271] init: Command 'write /sys/devices/system/cpu/cpu0/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:106) took 1ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu0/online': open() failed: Permission denied [ 5.052995] init: Command 'write /sys/devices/system/cpu/cpu1/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:107) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu1/online': open() failed: Permission denied [ 5.054302] init: Command 'write /sys/devices/system/cpu/cpu2/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:108) took 1ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu2/online': open() failed: Permission denied [ 5.054536] init: Command 'write /sys/devices/system/cpu/cpu3/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:109) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu3/online': open() failed: Permission denied [ 5.054751] init: Command 'write /sys/devices/system/cpu/cpu4/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:110) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu4/online': open() failed: Permission denied [ 5.054909] init: Command 'write /sys/devices/system/cpu/cpu5/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:111) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu5/online': open() failed: Permission denied [ 5.055574] init: Command 'write /sys/devices/system/cpu/cpu6/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:112) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu6/online': open() failed: Permission denied [ 5.055749] init: Command 'write /sys/devices/system/cpu/cpu7/online 1' action=vendor.skip.init=0 && init (/vendor/etc/init/hw/init.sdm670.rc:113) took 0ms and failed: Unable to write to file '/sys/devices/system/cpu/cpu7/online': open() failed: Permission denied [ 17.087618] audit: type=1400 audit(1666711957.650:72): apparmor="DENIED" operation="open" profile="/usr/bin/media-hub-server" name="/proc/4338/timerslack_ns" pid=4121 comm="gst-plugin-scan" requested_mask="w" denied_mask="w" fsuid=32011 ouid=32011 [ 18.492002] audit: type=1400 audit(1666711959.053:73): apparmor="DENIED" operation="open" profile="/usr/bin/media-hub-server" name="/proc/4656/timerslack_ns" pid=4651 comm="gst-plugin-scan" requested_mask="w" denied_mask="w" fsuid=32011 ouid=32011 [ 19.548700] audit: type=1400 audit(1666711960.110:74): apparmor="DENIED" operation="open" profile="/usr/bin/media-hub-server" name="/proc/4837/timerslack_ns" pid=4108 comm="media-hub-serve" requested_mask="w" denied_mask="w" fsuid=32011 ouid=32011 [ 19.549695] audit: type=1400 audit(1666711960.110:75): apparmor="DENIED" operation="open" profile="/usr/bin/media-hub-server" name="/proc/4839/timerslack_ns" pid=4108 comm="Binder:4108_1" requested_mask="w" denied_mask="w" fsuid=32011 ouid=32011
Am I the only one with this problem ?