All that is needed is this (based on these scripts):
/android/micshm w,
I understand that pulseaudio is on the other end of this pipe, but what
is the interface to pulseaudio there? Is this just another way to get at
/run/user/*/pulse/native or is this a different interface to pulse? If a
different interface, is an app able to (ab)use this interface beyond
what is exposed via /run/user/*/pulse/native? Also, if a different
interface, trust-store integration (LP: #1224756) will like need to
happen at this point as well. Using a well known named pipe also doesn't
provide isolation, so in theory two apps would be able to communicate
with pulseaudio over this socket and possible interfere with each other.
AIUI, pulseaudio is not really designed to provide this level of
isolation, but it is an improvement we would like to move towards, so it
would be good if we didn't complicate things more here. I'm not sure
what the implementation is going to look like, but perhaps there is a
way to pass an fd to the app via pulseaudio so that the app doesn't need
direct access like this which might simplify the issue of an alternate
interface when pulseaudio uses lp:trust-store.
Put another way: if we give unconditional access to /android/micshm to a
malicious app (which we would be if adding to the common camera (and
possibly audio) policy groups), is that app able to circumvent security
by abusing this access to eavesdrop on the user behind the scenes?
** Tags added: application-confinement
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1337582
Title:
camera-app needs access to shared pipe
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1337582/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
