Manual Review from Open - Store

[suraj-yadav0]

TimeManagement App - Unconfined Template Justification

App Name: Time Management (UBTMS)
App ID: ubtms
Version: 1.2.1
Developer: CIT-Services

---

Summary

We are requesting approval for the "unconfined" AppArmor template for the Time Management app. This app provides background synchronization with Odoo ERP servers and requires elevated system access to deliver real-time push notifications and persistent background operation—features that cannot be achieved with standard confined templates.

---

Features Requiring Unconfined Access

1. Background Daemon Service

The app runs a persistent Python daemon (daemon.py) that:

• Syncs data from Odoo ERP servers every minute
• Continues running even when the main app is closed
• Survives device sleep/wake cycles

Why unconfined is needed:

• The daemon uses systemd user services to ensure restart resilience
• It requires access to /proc/self/oom_score_adj for OOM protection
• Standard confined templates do not allow spawning detached background processes

2. DBus System Bus Access

The daemon requires system DBus access for:

• com.lomiri.Repowerd - To acquire wakelocks and prevent the daemon from being killed during device sleep
• org.freedesktop.login1 - To receive PrepareForSleep signals for graceful sleep/wake handling

Why unconfined is needed:

• System bus access is blocked by the standard ubuntu-sdk template
• These capabilities are essential for reliable background sync on mobile devices

3. Push Notifications via Postal

The app sends persistent push notifications through:

• com.lomiri.Postal - For notification popups and badge counts
• org.freedesktop.Notifications - As a fallback notification mechanism

Why unconfined is needed:

• While push-notification-client is in our policy_groups, the daemon's background process needs broader DBus session bus access to post notifications when the main app is not running

4. Process Management

The daemon:

• Writes PID files for process tracking
• Uses signal handlers (SIGTERM, SIGHUP, SIGINT) for lifecycle management
• Spawns using setsid for session detachment

Why unconfined is needed:

• Process detachment and signal manipulation require capabilities not available in confined apps

---

Security Mitigations

Despite requiring unconfined access, we implement several security best practices:

1. No root access required - All operations run as the user
2. Local data only - SQLite database stored in standard app directory (~/.local/share/ubtms/)
3. HTTPS only - All Odoo API communication uses encrypted connections
4. No arbitrary code execution - The daemon only syncs predefined data models
5. API key authentication - Credentials stored locally, never transmitted insecurely
6. Open source - Full source code available for review at the repository

---

Alternatives Considered

Approach	Why It Doesn't Work
Standard ubuntu-sdk template	Cannot spawn background processes or access system DBus
Using only session DBus	Wakelocks require system bus access
Push Helper approach	Ubuntu Touch push helpers are for server-initiated pushes; our app needs client-initiated periodic sync
Foreground-only operation	Defeats the purpose of a time management app that needs to notify users of task updates

---

Conclusion

The Time Management app requires the unconfined template to provide essential background synchronization and notification features that users expect from a productivity app. Without these capabilities, the app cannot:

• Notify users of new tasks/activities when the app is closed
• Sync data reliably in the background
• Survive device sleep cycles

We believe the security mitigations in place, combined with the open-source nature of the project, justify the need for elevated permissions.

---

This discussion was created from the release Manual Review from Open - Store.