All SDK applications require access to /dev/binder
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor-easyprof-ubuntu (Ubuntu) |
Confirmed
|
High
|
Unassigned | ||
| Saucy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Trusty |
Won't Fix
|
Undecided
|
Unassigned | ||
| Utopic |
Won't Fix
|
Undecided
|
Unassigned | ||
| lxc-android-config (Ubuntu) |
Confirmed
|
High
|
Ubuntu Phonedations bugs | ||
| Saucy |
Won't Fix
|
High
|
Ubuntu Phonedations bugs | ||
| Trusty |
Won't Fix
|
High
|
Ubuntu Phonedations bugs | ||
| Utopic |
Won't Fix
|
High
|
Ubuntu Phonedations bugs | ||
Bug Description
SDK applications sometimes need the following AppArmor policy to run:
/dev/binder rw,
The writes to /dev/binder allow applications to attack binder directly which weakens our application confinement policy because there is no mediation between binder services.
The following are the binder services that Ubuntu currently uses:
- camera
- media playback service (used by media-hub)
location was in this group but is already moved away. surface flinger was used as a fallback but has been removed. vibrate is not implemented but when it is it will only use our API (ie, not binder). sensors was implemented as usensors in 14.10. Of the remaining binder services listed above, camera is still present for video recording and media playback service implements a subset of the android API for media playback (it is used by media-hub).
This bug will be resolved when /dev/binder is no longer used or it is only used by one service and therefore the /dev/binder access can move into the appropriate policy group.
Right now, because all apps needs access to /dev/binder, all apps end up with access to the camera and media playback services even when these policy groups are not specified. Getting rid of /dev/binder access is for fine-grained application confinement to work correctly.
| tags: | added: application-confinement |
| description: | updated |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| status: | New → Triaged |
| Jamie Strandboge (jdstrand) wrote | #1 |
| description: | updated |
| Changed in lxc-android-config (Ubuntu Saucy): | |
| importance: | Undecided → High |
| status: | New → Confirmed |
| description: | updated |
| Changed in lxc-android-config (Ubuntu Saucy): | |
| assignee: | nobody → Ubuntu Phonedations bugs (ubuntu-phonedations-bugs) |
| description: | updated |
| Jamie Strandboge (jdstrand) wrote | #2 |
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy): | |
| status: | Triaged → Won't Fix |
| summary: |
- SDK applications require access to /dev/binder + All SDK applications require access to /dev/binder, even when using mir |
| summary: |
- All SDK applications require access to /dev/binder, even when using mir + All SDK applications require access to /dev/binder |
| description: | updated |
| description: | updated |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in lxc-android-config (Ubuntu Saucy): | |
| status: | Confirmed → Won't Fix |
| Changed in lxc-android-config (Ubuntu Trusty): | |
| assignee: | nobody → Ubuntu Phonedations bugs (ubuntu-phonedations-bugs) |
| importance: | Undecided → High |
| description: | updated |
| Changed in lxc-android-config (Ubuntu Trusty): | |
| status: | Confirmed → Won't Fix |
| Changed in apparmor-easyprof-ubuntu (Ubuntu Trusty): | |
| status: | Confirmed → Won't Fix |
| no longer affects: | touch-preview-images |
| Changed in apparmor-easyprof-ubuntu (Ubuntu Utopic): | |
| status: | Triaged → Won't Fix |
| Changed in lxc-android-config (Ubuntu Utopic): | |
| status: | Confirmed → Won't Fix |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| importance: | Undecided → High |
| status: | Triaged → Confirmed |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Changed in lxc-android-config (Ubuntu): | |
| status: | Confirmed → New |
| Jamie Strandboge (jdstrand) wrote | #5 |
| Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
| status: | Fix Released → Confirmed |
| Changed in lxc-android-config (Ubuntu): | |
| status: | New → Confirmed |
Adding lxc-android-config taks since it provides the udev rule. This is almost certainly the wrong package and will have to be retargeted, but at least this puts the bug in Phone Foundations court.