Pulseaudio should integrate with trust-store
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
Critical
|
John McAleely | ||
pulseaudio (Ubuntu) |
Fix Released
|
Critical
|
David Henningsson |
Bug Description
Currently the 'audio' policy group allows access to pulseaudio which allows apps to use the microphone and eavesdrop on the user. Pulseaudio needs to be modified to use trust-store, like location-service does. Integrating with trust-store means that when an app tries use the microphone via pulseaudio, pulseaudio will contact trust-store, the trust-store will prompt the user ("Foo wants to use the microphone. Is this ok? Yes|No"), optionally cache the result and return the result to pulseaudio. In this manner the user is given a contextual prompt at the time of access by the app. Using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in settings.
Targeting to T-Series for now, since the trust-store is not in a reusable form yet.
Original description:
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough).
<https:/
Changed in indicator-sound (Ubuntu Saucy): | |
status: | New → Confirmed |
status: | Confirmed → New |
description: | updated |
description: | updated |
Changed in indicator-sound (Ubuntu Saucy): | |
assignee: | nobody → Matthew Paul Thomas (mpt) |
status: | New → Incomplete |
summary: |
- pulseaudio should give a visual indication when it is recording + pulseaudio should indicate to the user it is recording |
summary: |
- pulseaudio should indicate to the user it is recording + pulseaudio should indicate to the user it is accessing the microphone |
description: | updated |
no longer affects: | indicator-sound (Ubuntu) |
no longer affects: | indicator-sound (Ubuntu Saucy) |
Changed in pulseaudio (Ubuntu Saucy): | |
status: | Invalid → Won't Fix |
summary: |
- pulseaudio should indicate to the user it is accessing the microphone + pulseaudio should integrate with trust-store |
summary: |
- pulseaudio should integrate with trust-store + Pulseaudio should integrate with trust-store |
Changed in pulseaudio (Ubuntu Trusty): | |
status: | Confirmed → Won't Fix |
Changed in pulseaudio (Ubuntu Utopic): | |
status: | Invalid → Triaged |
Changed in pulseaudio (Ubuntu Utopic): | |
importance: | High → Critical |
no longer affects: | pulseaudio (Ubuntu Saucy) |
no longer affects: | pulseaudio (Ubuntu Trusty) |
no longer affects: | pulseaudio (Ubuntu Utopic) |
Changed in pulseaudio (Ubuntu): | |
assignee: | nobody → Ricardo Salveti (rsalveti) |
tags: | added: touch-2014-10-9 |
tags: |
added: touch-2014-10-23 removed: touch-2014-10-9 |
Changed in canonical-devices-system-image: | |
assignee: | nobody → Canonical Devices Products (canonical-devices-products-team) |
importance: | Undecided → High |
milestone: | none → r1 |
status: | New → Confirmed |
Changed in canonical-devices-system-image: | |
milestone: | ww03-2015 → ww05-2015 |
Changed in canonical-devices-system-image: | |
milestone: | ww05-2015 → ww09-2015 |
milestone: | ww09-2015 → ww07-2015 |
Changed in canonical-devices-system-image: | |
milestone: | ww07-2015 → ww09-2015 |
Changed in canonical-devices-system-image: | |
assignee: | Canonical Devices Products (canonical-devices-products-team) → Michael Frey (mfrey) |
Changed in canonical-devices-system-image: | |
milestone: | ww09-2015 → ww13-2015 |
Changed in canonical-devices-system-image: | |
assignee: | Michael Frey (mfrey) → Canonical Phone Foundations (canonical-phonedations-team) |
Changed in canonical-devices-system-image: | |
milestone: | ww13-2015 → ww17-2015 |
Changed in canonical-devices-system-image: | |
milestone: | ww17-2015 → ww21-2015 |
Changed in canonical-devices-system-image: | |
assignee: | Canonical Phone Foundations (canonical-phonedations-team) → John McAleely (john.mcaleely) |
Changed in canonical-devices-system-image: | |
milestone: | ww21-2015 → ww28-2015 |
description: | updated |
tags: | added: lorcha |
Changed in canonical-devices-system-image: | |
milestone: | ww28-2015 → ww34-2015 |
Changed in pulseaudio (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → David Henningsson (diwic) |
Changed in canonical-devices-system-image: | |
status: | Confirmed → In Progress |
Changed in pulseaudio (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in canonical-devices-system-image: | |
status: | In Progress → Fix Committed |
Changed in canonical-devices-system-image: | |
status: | Fix Committed → Fix Released |
Adding an indicator-sound task in case there is work to do there to support this. If the API is there already, please mark 'Invalid'.