On 06/17/2014 03:10 PM, Jamie Strandboge wrote: ... >> For the camera service, to solve the spying problem, we need to have trust >> store >> integration in the camera service[4] for when an app tries to record video. >> Because there is no Ubuntu camera service, the trust store integration must >> happen in the binder camera service. This would require writing a little bit >> of >> the apparmor API and the trust-store in bionic and then updating the camera >> service to use both. Alternatively, an out of process Ubuntu camera shim >> service >> could be written such that the app would talk to the shim service and then >> the >> camera binder service would only allow communications from this shim service >> (akin to media-hub and the media playback binder service). This requires a >> little bit of the apparmor API in bionic, a few lines of code in the camera >> service to restrict access and writing the small shim service. >> > Based on conversations with tvoss and jjohansen, it sounds like the best > course > of action is to implement option #2 here: write a shim on the Ubuntu side that > apps talk to the binder camera service and have the binder camera service > verify > the apparmor label (profile name) of the connecting process to limit access to > it to only the shim. We can take further discussions to the bug[4]. > Sigh, this was not clear. Option #2 is: write a shim on the Ubuntu side that apps talk to. The shim talks to the binder camera service. The binder camera service verifies the apparmor label of the connecting process.
-- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
