touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Description changed:

- I recently wrote a small application[1] to spot an ancient issue I had
- using QAudioRecorder on Ubuntu devices.
+ QAudioRecoder currently needs the following rules:
+  owner /{run,dev}/shm/shmfd* rwk,
+ 
+ The rules are this way because the shared memory files are not app
+ specific and is possible for one app to access another app's shared
+ memory file. It would be better if the files were app-specific to better
+ isolation the apps (this is something we are doing elsewhere).
+ 
+ However, this should be fixed once microphone recording is handled via
+ the media-hub trusted helper.
+ 
+ Original report:
+ I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
  
  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"
  
  I've checked for some denials from apparmor (using 'dmesg | grep DEN'),
  but none was found.
  
  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.
  
  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).
  
  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html
  
  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
-     "policy_version": 1.2,
-     "template": "unconfined",
-     "policy_groups": []
+     "policy_version": 1.2,
+     "template": "unconfined",
+     "policy_groups": []
  }

** Also affects: qtmultimedia-opensource-src (Ubuntu)
   Importance: Undecided
       Status: New

** Tags added: application-confinement

** Description changed:

  QAudioRecoder currently needs the following rules:
-  owner /{run,dev}/shm/shmfd* rwk,
+  owner /{run,dev}/shm/shmfd* rwk,
  
  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
  memory file. It would be better if the files were app-specific to better
  isolation the apps (this is something we are doing elsewhere).
  
  However, this should be fixed once microphone recording is handled via
- the media-hub trusted helper.
+ the media-hub trusted helper. I won't be fixing this until trust-store
+ integration is in media-hub and it can be verified safe on devices.
  
  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
  
  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"
  
  I've checked for some denials from apparmor (using 'dmesg | grep DEN'),
  but none was found.
  
  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.
  
  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).
  
  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html
  
  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }

** Description changed:

  QAudioRecoder currently needs the following rules:
   owner /{run,dev}/shm/shmfd* rwk,
  
  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
- memory file. It would be better if the files were app-specific to better
- isolation the apps (this is something we are doing elsewhere).
- 
- However, this should be fixed once microphone recording is handled via
- the media-hub trusted helper. I won't be fixing this until trust-store
- integration is in media-hub and it can be verified safe on devices.
+ memory file. Please update qtmultimedia-opensource-src so the files are
+ app-specific to better isolation the apps (this is something we are
+ doing elsewhere).
  
  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
  
  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"
  
  I've checked for some denials from apparmor (using 'dmesg | grep DEN'),
  but none was found.
  
  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.
  
  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).
  
  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html
  
  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1370218

Title:
  QAudioRecorder does not work properly under 'microphone' security
  policy

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
  New

Bug description:
  QAudioRecoder currently needs the following rules:
   owner /{run,dev}/shm/shmfd* rwk,

  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
  memory file. Please update qtmultimedia-opensource-src so the files
  are app-specific to better isolation the apps (this is something we
  are doing elsewhere).

  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.

  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"

  I've checked for some denials from apparmor (using 'dmesg | grep
  DEN'), but none was found.

  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.

  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).

  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html

  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1370218/+subscriptions