v1.2.1
TimeManagement App - Unconfined Template Justification
App Name: Time Management (UBTMS)
App ID: ubtms
Version: 1.2.1
Developer: CIT-Services
Summary
We are requesting approval for the "unconfined" AppArmor template for the Time Management app. This app provides background synchronization with Odoo ERP servers and requires elevated system access to deliver real-time push notifications and persistent background operation—features that cannot be achieved with standard confined templates.
Features Requiring Unconfined Access
1. Background Daemon Service
The app runs a persistent Python daemon (daemon.py) that:
- Syncs data from Odoo ERP servers every minute
- Continues running even when the main app is closed
- Survives device sleep/wake cycles
Why unconfined is needed:
- The daemon uses systemd user services to ensure restart resilience
- It requires access to
/proc/self/oom_score_adjfor OOM protection - Standard confined templates do not allow spawning detached background processes
2. DBus System Bus Access
The daemon requires system DBus access for:
- com.lomiri.Repowerd - To acquire wakelocks and prevent the daemon from being killed during device sleep
- org.freedesktop.login1 - To receive PrepareForSleep signals for graceful sleep/wake handling
Why unconfined is needed:
- System bus access is blocked by the standard
ubuntu-sdktemplate - These capabilities are essential for reliable background sync on mobile devices
3. Push Notifications via Postal
The app sends persistent push notifications through:
- com.lomiri.Postal - For notification popups and badge counts
- org.freedesktop.Notifications - As a fallback notification mechanism
Why unconfined is needed:
- While push-notification-client is in our policy_groups, the daemon's background process needs broader DBus session bus access to post notifications when the main app is not running
4. Process Management
The daemon:
- Writes PID files for process tracking
- Uses signal handlers (SIGTERM, SIGHUP, SIGINT) for lifecycle management
- Spawns using
setsidfor session detachment
Why unconfined is needed:
- Process detachment and signal manipulation require capabilities not available in confined apps
Security Mitigations
Despite requiring unconfined access, we implement several security best practices:
- No root access required - All operations run as the user
- Local data only - SQLite database stored in standard app directory (
~/.local/share/ubtms/) - HTTPS only - All Odoo API communication uses encrypted connections
- No arbitrary code execution - The daemon only syncs predefined data models
- API key authentication - Credentials stored locally, never transmitted insecurely
- Open source - Full source code available for review at the repository
Alternatives Considered
| Approach | Why It Doesn't Work |
|---|---|
Standard ubuntu-sdk template |
Cannot spawn background processes or access system DBus |
| Using only session DBus | Wakelocks require system bus access |
| Push Helper approach | Ubuntu Touch push helpers are for server-initiated pushes; our app needs client-initiated periodic sync |
| Foreground-only operation | Defeats the purpose of a time management app that needs to notify users of task updates |
Conclusion
The Time Management app requires the unconfined template to provide essential background synchronization and notification features that users expect from a productivity app. Without these capabilities, the app cannot:
- Notify users of new tasks/activities when the app is closed
- Sync data reliably in the background
- Survive device sleep cycles
We believe the security mitigations in place, combined with the open-source nature of the project, justify the need for elevated permissions.