Ubuntu
mediascanner2 package

  1. Bug #1303962
  2. Comment #0

Comment 0 for bug 1303962

Revision history for this message
Jamie Strandboge (jdstrand) wrote : please integrate mediascanner2 and media-hub with trust-store

media-hub and mediascanner are separate processes from apps and are used to play and scan music and video files respectively. Up until now, apps would have to use the music_files_read or video_files_read reserved policy groups to access this files. These policy groups are reserved and not available to normal apps to prevent information leaks (this user has this video installed) and theft (can access the music and video directly). media-hub and mediascanner are helpers that apps can use and they should integrate with the trust store.

ApStore apps:
 1. should not be able to access, play or otherwise enumerate other apps' media (ie, app 'foo' should not be able to play the facebook app's sound file
 2. AppStore apps should be able to enumerate the global music (~/Music) and video (~/Video) library via the mediascanner helper with permission from the user
 3. AppStore apps should be able to play the global music (~/Music) and video (~/Video) library via the media-hub with permission from the user
 4. AppStore apps should be able to have access to media files with permission from the user. This is already handled by the content-hub paradigm (though someone would need to add a media content provider for the content-hub to have this work)

Both media-hub and mediascanner should do something like the below pseudo code:

apparmor_profile = aa_getcon() # from libapparmor-dev
pkgname = apparmor_profile.split('_')[0]
if apparmor_profile == unconfined: # unconfined apps can access all the files
    allow access
elif playback_file in ~/.local/share/$pkgname/... or playback_file in ~/.cache/$pkgname/..: # apps can access their own files
    allow access
elif $pkgname can access playback_file in trust store: # apps can access the files if user said so previously
    allow access
elif playback_file in ~/Music:
    answer = prompt user for access to global music files
    if $answer == yes
        update trust store for $pkgname can enumerate/play ~/Music
        allow access
    else:
        deny access
elif playback_file in ~/Videos:
    answer = prompt user for access to global music files
    if $answer == yes
        update trust store for $pkgname can enumerate/play ~/Videos
        allow access
    else:
        deny access
else:
    deny access

To have the best user experience and prevent multiple prompting, mediascanner and media-hub should use the same trust store database. I'm not sure that mediascanner2 offers a DBus API for enumerating global media files yet or not (music-app seems to be accessing files in ~/.cache/media-art/ and ~/.cache/mediascanner directly).

Until this is added, I will temporarily add access to the reserved policy groups for access to the media-hub DBus API and mediascanner files so that the music-app can run confined but with reserved policy groups. Once the media-hub and mediascanner are implemented with the trust store, these we can add the mediascanner and media-hub DBus APIs to the audio and video common policy groups.