AppArmor Policy Groups¶
This document contains a full list of Ubuntu Touch’s available policy groups and a description of what they give your app permission to access.
Each entry follows this format
Title
-----
Description: Description from apparmor file
Usage: How common it is to use this policy (from apparmor file)
Optional longer description
Policy usage affects whether your app will be accepted by the OpenStore. Apps containing policies with common usage are generally accepted immediately, while reserved usage policies will need to be manually reviewed.
Observera
Coding tip: Everytime you change your apparmor policy file you need to update your app’s version for this to be taken into account.
konton¶
Description: Can use Online Accounts.
Användningsområde: common
The accounts policy gives your app the permissions it needs to access the Online Accounts API.
ljud¶
Description: Can play audio (allows playing remote content via media-hub)
Användningsområde: common
The audio policy is needed for your app to play audio via pulseaudio or media-hub. The permission also gives it the ability to send album art to the thumbnailer service, which is then shown on the sound indicator.
blåtand¶
Description: Use bluetooth (bluez5) as an administrator.
Användningsområde: reserverat
This policy grants unrestricted access to Bluetooth devices. It is provided for administration of bluetooth and as a stepping stone towards developing a safe bluetooth API all apps can access.
kalender¶
Description: Can access the calendar.
Användningsområde: reserverat
Calendar grants access to the Evolution dataserver’s calendar and alarms APIs. It also grants access to sync-monitor.
This policy is reserved since it grants free access to all calendars on the device at any time. The legacy bug about this situation is LP #1227824 .
kamera¶
Description: Can access the camera(s)
Användningsområde: common
The camera policy grants access to device cameras.
anslutbarhet¶
Description: Can access coarse network connectivity information
Användningsområde: common
The connectivity policy allows apps to determine rough information about the device’s connectivity. This includes whether the device is connected to the Internet and whether it is connected via a Wi-Fi or mobile data connection.
kontakter¶
Description: Can access contacts.
Användningsområde: reserverat
The contacts policy allows apps to access the device user’s contacts list. It is marked as reserved because it allows access to sync-monitor and unfettered access to the address book.
content_exchange¶
Description: Can request/import data from other applications
Användningsområde: common
Using the content_exchange policy allows your app to be a consumer of content on content-hub.
content_exchange_source¶
Description: Can provide/export data to other applications
Användningsområde: common
The content_exchange_source policy allows your app to provide content on content-hub.
avlusa¶
Description: Use special debugging tools. This should only be used in development and not for production packages. Note: use of this policy group provides significantly different confinement than normal and is not considered secure. You should never run untrusted programs using this policy group.
Användningsområde: reserverat
document_files¶
Description: Can read and write to document files. This policy group is reserved for certain applications, such as document viewers. Developers should typically use the content_exchange policy group and API to access document files instead.
Användningsområde: reserverat
This policy allows apps to read and write to the ”Documents” folders in the user’s home directory and external media.
document_files_read¶
Description: Can read all document files. This policy group is reserved for certain applications, such as document viewers. Developers should typically use the content_exchange policy group and API to access document files instead.
Användningsområde: reserverat
This policy allows apps to read the ”Documents” folders in the user’s home directory and external media.
historik¶
Description: Can access the history-service. This policy group is reserved for vetted applications only in this version of the policy. A future version of the policy may move this out of reserved status.
Användningsområde: reserverat
behåll skärmen på¶
Description: Can request keeping the screen on
Användningsområde: common
plats¶
Description: Can access Location
Användningsområde: common
Allows an app to request access to the device’s current location.
mikrofon¶
Description: Can access the microphone
Användningsområde: common
musik_filer¶
Description: Can read and write to music files. This policy group is reserved for certain applications, such as music players. Developers should typically use the content_exchange policy group and API to access music files instead.
Användningsområde: reserverat
The music_files policy group allows an app to read or write to the Music directories in the user’s home folder or on external media.
music_files_read¶
Description: Can read all music files. This policy group is reserved for certain applications, such as music players. Developers should typically use the content_exchange policy group and API to access music files instead.
Användningsområde: reserverat
The music_files_read policy group allows an app to read the Music directories in the user’s home folder or on external media.
nätverk¶
Description: Can access the network
Användningsområde: common
The networking policy group allows an app to contact network devices and use the download manager.
nfc¶
Description: Can access the NFC functionality
Användningsområde: common
The nfc policy group allows an app to read and write NFC tags via NDEF data as well as establishing a peer-to-peer connection between two devices.
bild_filer¶
Description: Can read and write to picture files. This policy group is reserved for certain applications, such as gallery applications. Developers should typically use the content_exchange policy group and API to access picture files instead.
Användningsområde: reserverat
The picture_files policy group allows an app to read and write to the Pictures directories in the user’s home folder or on external media.
picture_files_read¶
Description: Can read all picture files. This policy group is reserved for certain applications, such as gallery applications. Developers should typically use the content_exchange policy group and API to access picture files instead.
Användningsområde: reserverat
The picture_files_read policy group allows an app to read the Pictures directories in the user’s home folder or on external media.
push-notification-client¶
Description: Can use push notifications as a client
Användningsområde: common
sensorer¶
Description: Can access the sensors
Användningsområde: common
Allows apps to access device sensors
användarstatistik¶
Description: Can use UserMetrics to update the InfoGraphic
Användningsområde: common
Allows an app to write metrics to the UserMetrics service so they can be displayed on the InfoGraphic.
video¶
Description: Can play video (allows playing remote content via media-hub)
Användningsområde: common
video_filer¶
Description: Can read and write to video files. This policy group is reserved for certain applications, such as gallery applications. Developers should typically use the content_exchange policy group and API to access video files instead.
Användningsområde: reserverat
The video_files policy group allows an app to read and write to the Videos directories in the user’s home folder or on external media.
video_files_read¶
Description: Can read all video files. This policy group is reserved for certain applications, such as gallery applications. Developers should typically use the content_exchange policy group and API to access video files instead.
Användningsområde: reserverat
The video_files_read policy group allows an app to read the Videos directories in the user’s home folder or on external media.
webbvy¶
Description: Can use the UbuntuWebview
Användningsområde: common
The webview policy group allows apps to embed a web browser view.