touch-packages team mailing list archive

Thread
Date

[Bug 1370218] Re: QAudioRecorder does not work properly under 'microphone' security policy

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1370218@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2014 15:50:22 -0000
Reply-to: Bug 1370218 <1370218@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.28

---------------
apparmor-easyprof-ubuntu (1.2.28) utopic; urgency=medium

  * ubuntu/calendar: add missing rule for org.freedesktop.DBus.Introspectable
    on path /com/canonical/indicator/datetime/AlarmProperties (LP: #1374623)
  * ubuntu/1.[12]/ubuntu-{sdk,webapp}: remove no longer needed rule for
    /{,run/}shm/shm/WK2SharedMemory.[0-9]* (LP: #1197060)
  * ubuntu/microphone:
    - add temporary write access to /{run,dev}/shm/shmfd-* for QAudioRecorder
      (LP: #1370218)
    - explicitly deny read on /dev/
  * ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
    webapp-container needs corresponding 'bind' call on
    org.freedesktop.Application, which we block elsewhere. webapp-container
    shouldn't be doing this under confinement, but we allow this rule in
    content_exchange, so just allow it to avoid confusion. (LP: #1357371)
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Fri, 26 Sep 2014 15:21:37 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218

Title:
  QAudioRecorder does not work properly under 'microphone' security
  policy

Status in “apparmor” package in Ubuntu:
  Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released
Status in “qtmultimedia-opensource-src” package in Ubuntu:
  Triaged

Bug description:
  QAudioRecoder currently needs the following rules:
   owner /{run,dev}/shm/shmfd* rwk,

  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
  memory file. Please update qtmultimedia-opensource-src so the files
  are app-specific to better isolation the apps (this is something we
  are doing elsewhere).

  Longer term we'd like to have shared memory file mediation in
  AppArmor.

  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.

  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"

  I've checked for some denials from apparmor (using 'dmesg | grep
  DEN'), but none was found.

  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.

  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).

  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html

  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions

References

[Bug 1370218] [NEW] QAudioRecorder does not work properly under 'microphone' security policy
From: Stefano Verzegnassi, 2014-09-16