touch-packages team mailing list archive

Thread
Date

[Bug 1387734] Re: Location service uses the cached authorization, even if the user denied location access to an app

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Selene Scriven <selene.scriven@xxxxxxxxxxxxx>
Date: Sun, 25 Jan 2015 00:45:37 -0000
Reply-to: Bug 1387734 <1387734@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It's great that users can now disable access...  but I see two other
issues now:

- After disabling access to an app, the app is still shown as being
allowed to access location services.  Just exit the settings app and re-
start it, and the UI shows access as enabled again.

- After disabling access to an app, the user cannot re-enable access.
It's shown as enabled, but it no longer works.  Toggling the checkbox no
longer seems to do anything.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to location-service in
Ubuntu.
https://bugs.launchpad.net/bugs/1387734

Title:
  Location service uses the cached authorization, even if the user
  denied location access to an app

Status in the base for Ubuntu mobile products:
  In Progress
Status in trust-store:
  In Progress
Status in location-service package in Ubuntu:
  Invalid
Status in trust-store package in Ubuntu:
  Fix Released
Status in location-service source package in Utopic:
  Invalid
Status in trust-store source package in Utopic:
  In Progress
Status in location-service source package in Vivid:
  Invalid
Status in trust-store source package in Vivid:
  Fix Released
Status in trust-store package in Ubuntu RTM:
  In Progress

Bug description:
  The bug occurs after removing location access authorization to an
  application. The location is still available to the application,
  despite the user having revoked access from within USS > Privacy >
  Location.

  To reproduce:

  1. Open a map application, like Here map
  2. Allow access to location
  3. Switch to System Settings > Privacy > Location
  4. Disable location access for Maps
  5. Kill Here map, and restart it

  What should happen: you should not have access anymore (and should not see a prompt)
  What happens instead: the app still has access to your location, as shown in the logs:

  I1030 16:15:38.167752  3100 cached_agent_glog_reporter.cpp:32]
  CachedAgent::authenticate_request_with_parameters: Application pid:
  27975 Application uid: 32011 Application id:  com.nokia.heremaps_here
  Cached request:   Request(from: com.nokia.heremaps_here, feature: 0,
  when: 1414682114882519283, answer: granted)

  I confirmed that the trust store had recorded the authorization change
  as in:

  phablet@ubuntu-phablet:~$ sqlite3 ~/.local/share/UbuntuLocationService/trust.db "select * from requests"
  1|unconfined|0|1414098093331252474|1
  2|com.nokia.heremaps_here|0|1414682114882519283|1
  3|com.nokia.heremaps_here|0|1414682131206341515|0

  From a user's perspective: Despite having explicitly rejected trust to
  an application, the app would still be able to access services.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1387734/+subscriptions

References

[Bug 1387734] [NEW] Location service uses the cached authorization, even if the user denied location access to an app
From: David Barth, 2014-10-30