ubuntu-phone team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 06/17/2014 03:10 PM, Jamie Strandboge wrote:
...
>> For the camera service, to solve the spying problem, we need to have trust store
>> integration in the camera service[4] for when an app tries to record video.
>> Because there is no Ubuntu camera service, the trust store integration must
>> happen in the binder camera service. This would require writing a little bit of
>> the apparmor API and the trust-store in bionic and then updating the camera
>> service to use both. Alternatively, an out of process Ubuntu camera shim service
>> could be written such that the app would talk to the shim service and then the
>> camera binder service would only allow communications from this shim service
>> (akin to media-hub and the media playback binder service). This requires a
>> little bit of the apparmor API in bionic, a few lines of code in the camera
>> service to restrict access and writing the small shim service.
>>
> Based on conversations with tvoss and jjohansen, it sounds like the best course
> of action is to implement option #2 here: write a shim on the Ubuntu side that
> apps talk to the binder camera service and have the binder camera service verify
> the apparmor label (profile name) of the connecting process to limit access to
> it to only the shim. We can take further discussions to the bug[4].
> 
Sigh, this was not clear. Option #2 is: write a shim on the Ubuntu side that
apps talk to. The shim talks to the binder camera service. The binder camera
service verifies the apparmor label of the connecting process.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature