** Also affects: media-hub (Ubuntu)
Importance: Undecided
Status: New
** Changed in: media-hub (Ubuntu)
Status: New => Fix Released
** Also affects: media-hub (Ubuntu RTM)
Importance: Undecided
Status: New
** No longer affects: media-hub
** Changed in: media-hub
** Changed in: thumbnailer
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
please integrate mediascanner2 and media-hub with apparmor
To
The new thumbnailer uses apparmor queries to determine whether the
caller is allowed to access the original file. If not, it denies access
to the thumbnail too.
** Changed in: thumbnailer
Status: New = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Does Thaumbnailer still need apparmor integration? I believe it is
blocking the music-app from going under confinement at the moment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
I believe mediascanner handles the thumbnailing and does not need any
special confinement wrt music-app.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
please integrate mediascanner2
Mediascanner does not do thumbnailing at all. All of that is done by the
thumbnailer library + service. Those should be confined already, but in
case they are not, here's the skinny:
- there are two kinds of thumbnails: those created from files and those that
are downloaded (album art)
- for
Ok, so there is a thumbnailer service and apps using the audio policy
group can already talk to it. Apps are also able to use libthumbnailer's
vs-thumb under confinement, so I don't think that anything more needs to
be done special for music-app. I will follow up with Jussi on if we need
to add
In case it helps, the thumbnailer's D-Bus interface is at:
Bus name: com.canonical.Thumbnailer
Path: /com/canonical/Thumbnailer
Interface: com.canonical.Thumbnailer
The method calls pass read-only file descriptors into a shared cache.
The only art exposed via this interface at the moment is
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.4
---
apparmor-easyprof-ubuntu (1.2.4) utopic; urgency=medium
* ubuntu/1.2: refinements to scopes policy
- use private-files-strict abstraction
- finetune client endpoint policy
- explicitly deny access to
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
please integrate
** Changed in: mediascanner2 (Ubuntu)
Assignee: (unassigned) = James Henstridge (jamesh)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
please integrate mediascanner2 and
The MediaScanner 2 D-Bus interface is hooked up as:
name = com.canonical.MediaScanner2
path = /com/canonical/MediaScanner2
interface = com.canonical.MediaScanner2
There are only read-only methods made available through this interface,
all of which call the security policy method. So it would be
The audio and video policy groups have this for media-hub:
# Allow communications with media-hub
dbus (receive, send)
bus=session
path=/core/ubuntu/media/Service{,/**},
and this for thumbnailer:
# Allow communications with thumbnailer for retrieving album art
dbus (send)
So, with the 0.101+14.10.20140530-0ubuntu1 release now in the archive,
mediascanner2's QML API now works through a D-Bus API. The D-Bus
service checks its peer's AppArmor context and implements a rudimentary
security policy (which I'd be happier with if I could delegate out to a
central policy).
Jussi and I discussed this quite a bit this morning. He explained that this is
the process:
1. mediascanner2 scans files on the filesystem (eg, ~/Music and ~/Videos) and
stores paths, file metadata (artist, album, etc) in ~/.cache/mediascanner2
2. apps use the QML plugin (which uses
It should be noted that there is one case which would break for third
party music apps: album art embedded inside MP3 files. In order to read
that the app would need read access to the actual music file.
The proper solution for this would be to expand the thumbnailer dbus
service to also provide
Regarding embedded album art: well, that is what the mediascanner is for
no? An app can always read its own files (eg, a music app that downloads
to its own directory) but if the file is stored in the global media
collection (ie, ~/Music), then mediascanner can scan it, extract the
album art and
Mediascanner2 does not index appstore apps' contents. It only deals with
public information in ~/Music ~/Videos and mounted drives. It has
nothing to do with the playback path, that is dealt entirely by media
hub/music app.
There are three ways of accessing Mediascanner's stored data:
1. issue a
** Also affects: thumbnailer
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
Title:
please integrate mediascanner2 and media-hub with apparmor
To
The ~/.cache/media-art/ accesses should be gone when music-app converts
to the new API: we're directing access via D-Bus helper now.
We don't have any AppArmor integration for that helper though. I'm not
sure whether we'd need any user prompts though, since the data returned
by the helper is
As a follow-on, here is the introspection data for the thumbnailer D-Bus
service:
http://bazaar.launchpad.net/~unity-
team/thumbnailer/trunk/view/head:/src/service/dbus-interface.xml
The file data is returned by passing a read-only file descriptor for a
file in ~/.cache/media-art, and the
** Summary changed:
- please integrate mediascanner2 and media-hub with trust-store
+ please integrate mediascanner2 and media-hub with apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1303962
** Description changed:
media-hub and mediascanner are separate processes from apps and are used
to play and scan music and video files respectively. Up until now, apps
would have to use the music_files_read or video_files_read reserved
policy groups to access media. The problem is, these
23 matches
Mail list logo
