← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #33800

[Bug 1387734] Re: Location service uses the cached authorization, even if the user denied location access to an app

  Thread PreviousDate PreviousThread Next 
This is CVE-2014-1422

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1422

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to location-service in
Ubuntu.
https://bugs.launchpad.net/bugs/1387734

Title:
  Location service uses the cached authorization, even if the user
  denied location access to an app

Status in trust-store:
  Confirmed
Status in “location-service” package in Ubuntu:
  Invalid
Status in “trust-store” package in Ubuntu:
  Confirmed
Status in “trust-store” package in Ubuntu RTM:
  Confirmed

Bug description:
  The bug occurs after removing location access authorization to an
  application. The location is still available to the application,
  despite the user having revoked access from within USS > Privacy >
  Location.

  To reproduce:

  1. Open a map application, like Here map
  2. Allow access to location
  3. Switch to System Settings > Privacy > Location
  4. Disable location access for Maps
  5. Kill Here map, and restart it

  What should happen: you should not have access anymore (and should not see a prompt)
  What happens instead: the app still has access to your location, as shown in the logs:

  I1030 16:15:38.167752  3100 cached_agent_glog_reporter.cpp:32]
  CachedAgent::authenticate_request_with_parameters: Application pid:
  27975 Application uid: 32011 Application id:  com.nokia.heremaps_here
  Cached request:   Request(from: com.nokia.heremaps_here, feature: 0,
  when: 1414682114882519283, answer: granted)

  I confirmed that the trust store had recorded the authorization change
  as in:

  phablet@ubuntu-phablet:~$ sqlite3 ~/.local/share/UbuntuLocationService/trust.db "select * from requests"
  1|unconfined|0|1414098093331252474|1
  2|com.nokia.heremaps_here|0|1414682114882519283|1
  3|com.nokia.heremaps_here|0|1414682131206341515|0

To manage notifications about this bug go to:
https://bugs.launchpad.net/trust-store/+bug/1387734/+subscriptions

References

  Thread PreviousDate PreviousThread Next