Updated the patch. We now add snappy-policy always to default.pa. I couldn't figure out what I have to change to make the ifelse statement work properly to add the snappy policy module only conditionally to default.pa
Also fixed the compiler warnings and other small things. ** Patch added: "pa-snappy-policy.patch" https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+attachment/4696316/+files/pa-snappy-policy.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1583057 Title: Deny audio recording for all snap applications Status in pulseaudio package in Ubuntu: Fix Released Status in pulseaudio source package in Xenial: In Progress Status in pulseaudio source package in Yakkety: Fix Released Bug description: [Impact] Currently snaps on Ubuntu Classic may declare in their snap.yaml that they want access to pulseaudio. When installed, snapd will auto-connect the pulseaudio interface giving the snap access to the pulseaudio server for playback and recording. Because recording is allowed, snaps are allowed to eavesdrop on users without the user knowing. Phase 1 of the pulseaudio interface should block recording for snaps while the details of phase 2 (which combines pulseaudio/snappy interfaces and trust-store) are worked out. [Test Case] First, install pulseaudio then reboot (alternatively can 'killall pulseaudio' from within your session or logout then killall pulseaudio from a vt and then log back in). pulseaudio needs to be restarted for the changes to be in effect and a reboot is the easiest way to achieve that. 1. unconfined can play audio 2. unconfined can record audio 3. non-snap confined can play audio 4. non-snap confined can record audio 5. snap confined can play audio 6. snap confined cannot record audio 7. snap confined devmode can record audio 8. indicator-sound and 'Sound Settings... works' 9. click can record audio if trust-store allows (eg, 'SnapRecorder' from the store) 10. click can play audio (eg, playback of recording from 'SnapRecorder' from the store) Currently '6' is not implemented and all snaps may record audio. When this bug is fixed, no snaps should be able to record audio (until phase 2 is implemented which will be in a different bug). The attached script tests 1-7. 9 and 10 require testing on a device and using [Regression Potential] The patch is quite small and easy to understand and is implemented to only affect processes that want to record and are running with a security label that starts with 'snap.' Unconfined processes and process running under other security labels should not be affected. Original description: Until we have a proper trust-store implementation with snappy and on the desktop/ubuntu core we want pulseaudio to simply deny any audio recording request coming from an app shipped as part of a snap. The implementation adds a module-snappy-policy module to pulseaudio which adds a hook for audio recording requests and checks on connection if the apparmor security label of the connecting peer starts with "snap." which will identify it as a snap application. Pulseaudio with the patch is available as part of the landing request at https://requests.ci-train.ubuntu.com/#/ticket/1428 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
