[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Changed in: pulseaudio (Ubuntu Xenial)
   Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Won't Fix
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.

  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
  10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented which will be in a different bug).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential]
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected.

  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

@Simon, thanks for the updates. It looks I did not have the module-
snappy-policy module loaded and appreciate the update to default.pa and
the updated patch that addresses the other issues.

The only remaining issue is making sure that recording continues to work
in devmode. I think you will want to use aa_getcon() for this. Please
discuss with Tyler before implementing however.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.

  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
  10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented which will be in a different bug).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential]
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected.

  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Simon Fels]

Updated the patch. We now add snappy-policy always to default.pa. I
couldn't figure out what I have to change to make the ifelse statement
work properly to add the snappy policy module only conditionally to
default.pa

Also fixed the compiler warnings and other small things.

** Patch added: "pa-snappy-policy.patch"
   
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4696316/+files/pa-snappy-policy.patch

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.

  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
  10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented which will be in a different bug).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential]
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected.

  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Simon Fels]

@Jamie: Works fine here for me. Using a simple snap

name: pulseaudio-clients
version: 8.0-1
summary: Clients for PulseAudio
description: |
 Contains PulseAudio client utilities

apps:
  pactl:
command: usr/bin/pactl
plugs: [pulseaudio]
  paplay:
command: usr/bin/paplay
plugs: [pulseaudio]
  parec:
command: usr/bin/parec
plugs: [pulseaudio]

parts:
  packages:
plugin: nil
stage-packages:
  - pulseaudio


to test.

Make sure that  the module is loaded:

simon@nirvana ~/Work/ubuntu/snappy/paplay-snap $ pactl list modules | grep 
snappy
Name: module-snappy-policy

If not you can load it with

$ pactl load-module module-snappy-policy

If you now install the snap from above and run

$ pulseaudio-clients.parec

you will see the client hangs. If you unload the module

$ pactl unload-module module-snappy-policy

you will see the client can record now and doesn't hang any longer.

The only thing which might have went wrong with the package debdiff is
that the module for the snappy policy wasn't added to
/etc/pulse/daemon.pa. Will check that now.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.

  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
  10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented which will be in a different bug).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential]
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected.

  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Description changed:

- [Impact] 
+ [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.
  
  [Test Case]
+ First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.
+ 
  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
- 9. click can play audio (eg, SnapRecorder)
- 10. click can record audio if trust-store allows
+ 9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
+ 10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)
  
  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until phase
- 2 is implemented).
+ 2 is implemented which will be in a different bug).
  
  The attached script tests 1-7. 9 and 10 require testing on a device and
  using
  
- [Regression Potential] 
- The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected. 
- 
+ [Regression Potential]
+ The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected.
  
  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.
  
  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on connection
  if the apparmor security label of the connecting peer starts with
  "snap." which will identify it as a snap application.
  
  Pulseaudio with the patch is available as part of the landing request at
  https://requests.ci-train.ubuntu.com/#/ticket/1428

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact]
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' 
from within your session or logout then killall pulseaudio from a vt and then 
log back in). pulseaudio needs to be restarted for the changes to be in effect 
and a reboot is the easiest way to achieve that.

  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the 
store)
  10. click can play audio (eg, playback of recording from 'SnapRecorder' from 
the store)

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented which will be in a different bug).

  The attached script tests 1-7. 

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

@Simon, per the SRU process, I've done the paperwork to pursue the SRU
but leaving this as 'In Progress' due to my comments. Please attach an
updated debdiff and I'll review and adjust the bug as appropriate.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact] 
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can play audio (eg, SnapRecorder)
  10. click can record audio if trust-store allows

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential] 
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected. 

  
  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

@Simon, finally, in reading the patch this will affect both strict and
devmode and so the patch should "if startswith 'snap.' and process is in
enforce mode ; then block recording".

This will be needed for the phase 2 implementation as well, so it is not
wasted effort. I've asked the apparmor devs to comment in the trello
card if there is an apparmor API for this. Be cognizant of TOUCTOU here
but also understand that a snap is not able to change its enforcement
mode so a TOCTOU is not security relevant for this particular change.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact] 
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can play audio (eg, SnapRecorder)
  10. click can record audio if trust-store allows

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential] 
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected. 

  
  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Description changed:

- Until we have a proper trust-store implementation with snappy and on the
- desktop/ubuntu core we want pulseaudio to simply deny any audio
- recording request coming from an app shipped as part of a snap.
+ [Impact] 
+ Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.
+ 
+ [Test Case]
+ 1. unconfined can play audio
+ 2. unconfined can record audio
+ 3. non-snap confined can play audio
+ 4. non-snap confined can record audio
+ 5. snap confined can play audio
+ 6. snap confined cannot record audio
+ 7. snap confined devmode can record audio
+ 8. indicator-sound and 'Sound Settings... works'
+ 9. click can play audio (eg, SnapRecorder)
+ 10. click can record audio if trust-store allows
+ 
+ Currently '6' is not implemented and all snaps may record audio. When
+ this bug is fixed, no snaps should be able to record audio (until phase
+ 2 is implemented).
+ 
+ The attached script tests 1-7. 9 and 10 require testing on a device and
+ using
+ 
+ [Regression Potential] 
+ The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected. 
+ 
+ 
+ Original description:
+ Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.
  
  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on connection
  if the apparmor security label of the connecting peer starts with
  "snap." which will identify it as a snap application.
  
  Pulseaudio with the patch is available as part of the landing request at
  https://requests.ci-train.ubuntu.com/#/ticket/1428

** Attachment removed: "1583057-test.sh"
   
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4696048/+files/1583057-test.sh

** Attachment added: "1583057-test.sh"
   
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4696049/+files/1583057-test.sh

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  [Impact] 
  Currently snaps on Ubuntu Classic may declare in their snap.yaml that they 
want access to pulseaudio. When installed, snapd will auto-connect the 
pulseaudio interface giving the snap access to the pulseaudio server for 
playback and recording. Because recording is allowed, snaps are allowed to 
eavesdrop on users without the user knowing. Phase 1 of the pulseaudio 
interface should block recording for snaps while the details of phase 2 (which 
combines pulseaudio/snappy interfaces and trust-store) are worked out.

  [Test Case]
  1. unconfined can play audio
  2. unconfined can record audio
  3. non-snap confined can play audio
  4. non-snap confined can record audio
  5. snap confined can play audio
  6. snap confined cannot record audio
  7. snap confined devmode can record audio
  8. indicator-sound and 'Sound Settings... works'
  9. click can play audio (eg, SnapRecorder)
  10. click can record audio if trust-store allows

  Currently '6' is not implemented and all snaps may record audio. When
  this bug is fixed, no snaps should be able to record audio (until
  phase 2 is implemented).

  The attached script tests 1-7. 9 and 10 require testing on a device
  and using

  [Regression Potential] 
  The patch is quite small and easy to understand and is implemented to only 
affect processes that want to record and are running with a security label that 
starts with 'snap.' Unconfined processes and process running under other 
security labels should not be affected. 

  
  Original description:
  Until we have a proper trust-store implementation with snappy and on the 
desktop/ubuntu core we want pulseaudio to simply deny any audio recording 
request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

The functionality does not work as expected and I am able to record when
running parecord under an apparmor profile that starts with 'snap.' (see
attached).

** Attachment added: "1583057-test.sh"
   
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4696048/+files/1583057-test.sh

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

The functionality does not work as expected and I am able to record when
running parecord under an apparmor profile that starts with 'snap.' (see
attached).

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

I should mention that when testing this installed test packages then
logged out of my session, killed my user's pulseaudio then logged back
in. I suppose I could have also done 'killall pulseaudio' and have it
restart automatically instead.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Changed in: pulseaudio (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: pulseaudio (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Fels (morphis)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

@Simon, couple of small things:
* you should use 8.0-0ubuntu3.1 as the version instead of 8.0-0ubuntu4
* the changelog has a date of 'Tue, 17 May 2016 17:59:58 +0200' which is quite 
old, yet the diff was only recently uploaded. You can use 'dch -r' to update 
the date

More importantly:
 * the patch introduces compiler warnings. These should be cleaned up:
+modules/module-snappy-policy.c: In function ‘connect_record_hook’:
+modules/module-snappy-policy.c:57:5: warning: ISO C90 forbids mixed 
declarations and code [-Wdeclaration-after-statement]
+ char *label = NULL;
+ ^
+modules/module-snappy-policy.c:65:5: warning: ISO C90 forbids mixed 
declarations and code [-Wdeclaration-after-statement]
+ pa_hook_result_t decision = PA_HOOK_OK;
+ ^


* configure shows:
+Enable Snappy support: no
+Enable Apparmor:   yes

Can you comment on why snappy support was added to configure in this
patch if you aren't going to use it? It seems that snappy support is
compiled though, cause I see '-DHAVE_SNAPPY=1' in the build logs and see
usr/lib/pulse-8.0/modules/module-snappy-policy.so is now shipped.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Changed in: pulseaudio (Ubuntu Xenial)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

@Simon, thanks, I'll work on sponsoring this.

@Zygmunt, I'm not sure this is the patch to upstream-- it is the phase 1
approach and the phase 2 approach is pulseaudion/trust-store/snappy
interfaces which we will be discussing this week.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  In Progress
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Zygmunt Krynicki]

Can we please try to upstream this patch? This will help with making
other distributions share the security features and advantages of snaps.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Triaged
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Simon Fels]

@Jamie: Attached is a debdiff to update the pulse pacakge with snappy
support.

** Patch added: "pulseaudio-snappy-deny-recording.diff"
   
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4695115/+files/pulseaudio-snappy-deny-recording.diff

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Triaged
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

Ping, who will be providing this update to xenial?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Triaged
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

** Changed in: pulseaudio (Ubuntu Xenial)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Triaged
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

Adding xenial task and marking triaged since a fix is available in
yakkety. Who will be providing this update?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  New
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Jamie Strandboge]

Thanks for working on this! Per the snappy team, this will also need a
SRU for xenial.

** Also affects: pulseaudio (Ubuntu Yakkety)
   Importance: High
 Assignee: Luke Yelavich (themuso)
   Status: Fix Released

** Also affects: pulseaudio (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Tags added: snapd-interface

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  New
Status in pulseaudio source package in Yakkety:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Luke Yelavich]

I was under the impression that this had been tested given its waiting
to be landed in overlays etc.

If it has not beentested, I am happy to back it out, since I am not in a
position to test this right now.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Simon Fels]

@Luke: How did you test the change before landing it?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Launchpad Bug Tracker]

This bug was fixed in the package pulseaudio - 1:8.0-2ubuntu2

---
pulseaudio (1:8.0-2ubuntu2) yakkety; urgency=medium

  [ Simon Fels ]
  * debian/patches/0700-modules-add-snappy-policy-module.patch:
- Add initial support for a snappy specific policy manager
  which will deny all audio recording from snaps for now
  until real integration with the trust-store is available. (LP: #1583057)
  * debian/rules:
- Build with snappy support
  * debian/pulseaudio.install:
- Include new snappy policy module

 -- Luke Yelavich   Wed, 01 Jun 2016 12:04:14 +1000

** Changed in: pulseaudio (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  Fix Released

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1583057] Re: Deny audio recording for all snap applications

[Sebastien Bacher]

Hey Luke, could you work with Simon to help landing that to yakkety and
probably SRU to xenial (needed for snappy)?

** Changed in: pulseaudio (Ubuntu)
   Importance: Undecided => High

** Changed in: pulseaudio (Ubuntu)
 Assignee: (unassigned) => Luke Yelavich (themuso)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057

Title:
  Deny audio recording for all snap applications

Status in pulseaudio package in Ubuntu:
  New

Bug description:
  Until we have a proper trust-store implementation with snappy and on
  the desktop/ubuntu core we want pulseaudio to simply deny any audio
  recording request coming from an app shipped as part of a snap.

  The implementation adds a module-snappy-policy module to pulseaudio
  which adds a hook for audio recording requests and checks on
  connection if the apparmor security label of the connecting peer
  starts with "snap." which will identify it as a snap application.

  Pulseaudio with the patch is available as part of the landing request
  at https://requests.ci-train.ubuntu.com/#/ticket/1428

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp