qtdeclarative5-qtlocation-plugin does not use trust-store on session bus

Bug #1223371 reported by Jamie Strandboge on 2013-09-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
location-service
Invalid
Undecided
Unassigned
apparmor-easyprof-ubuntu (Ubuntu)
High
Unassigned
Saucy
High
Unassigned
location-service (Ubuntu)
High
Thomas Voß
Saucy
High
Thomas Voß
qtlocation-opensource-src (Ubuntu)
High
Unassigned
Saucy
High
Unassigned

Bug Description

Right now, qtdeclarative5-qtlocation-plugin connects to the system bus instead of the trust-store on the session bus. This is entirely understandable, since the trust store is not implemented yet. :) Indeed, the location service code has:

if (credentials.pid != pid || credentials.uid != uid)
        return Result::granted; // FIXME(tvoss): This should return rejected.

In order to provide contextual runtime prompting and per app access to the location service such that the user is aware that an app is using the location API, a trust-store will be implemented that the location service will integrate with and then the qtdeclarative5-qtlocation-plugin should connect on the session bus rather than the system bus.

Right now to bug #1223211, I am updating the location policy group to have (but this will need to be fixed):
# Description: Can access Location
# Usage: common
# session bus gives access to via the trust-store
dbus (receive, send)
     bus=session
     path="/com/ubuntu/location/Service"
     interface="com.ubuntu.location.Service"
     peer=(name="com.ubuntu.location.Service"),
dbus (receive, send)
     bus=session
     interface="com.ubuntu.location.Service.Session",

# FIXME: remove when trust-store is available since this would circumvent the
# trust-store
dbus (send)
     bus=system
     path=/org/freedesktop/DBus
     interface=org.freedesktop.DBus
     member=Hello
     peer=(name=org.freedesktop.DBus),
dbus (receive, send)
     bus=system
     path="/com/ubuntu/location/Service"
     interface="com.ubuntu.location.Service"
     peer=(name="com.ubuntu.location.Service"),
dbus (receive, send)
     bus=system
     interface="com.ubuntu.location.Service.Session",

Jamie Strandboge (jdstrand) wrote :

Adding apparmor-easyprof-ubuntu task to update the policy group once qtdeclarative5-qtlocation-plugin starts using the session bus.

tags: added: application-confinement
description: updated
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Triaged
importance: Undecided → High
Jamie Strandboge (jdstrand) wrote :

Adding location-service task for it to integrate with the trust-store.

Changed in location-service (Ubuntu Saucy):
status: New → Triaged
importance: Undecided → High
status: Triaged → In Progress
Changed in qtlocation-opensource-src (Ubuntu Saucy):
status: New → Confirmed
importance: Undecided → High
Changed in location-service (Ubuntu Saucy):
assignee: nobody → Thomas Voß (thomas-voss)
Jamie Strandboge (jdstrand) wrote :

For anyone implementing various parts of this, you can see a simple qml test program here: lp:~jdstrand/+junk/test-location/

Jamie Strandboge (jdstrand) wrote :

I forgot about bug #1219164, so I marked it as a duplicate since this bug more fully captures everything that is needed.

Changed in location-service:
status: New → Confirmed
description: updated
Jamie Strandboge (jdstrand) wrote :

Ok, after discussions with Thomas Voss I removed the duplicate bug status and marked this bug as Invalid. We want the location service to be one service on the system bus. It is the location service's job to call out to a service on the session bus to prompt the user (this is part of the trust-store design). As such, there is no need for qtdeclarative5-qtlocation-plugin or apparmor-easyprof-ubuntu to be updated.

Changed in qtlocation-opensource-src (Ubuntu Saucy):
status: Confirmed → Invalid
Changed in location-service (Ubuntu Saucy):
status: In Progress → Invalid
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Invalid
Changed in location-service:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers