Comment 4 for bug 1374577
Revision history for this message
| David Barth (dbarth) wrote Re: [Bug 1374577] Re: 'unconfined' should be precached and not listed under 'Location access' (or 'Other app access') | #4 |
Indeed, the Location plugin in System settings does /hide/ unconfined
entries, because:
1. there is no way to get back to the actual application desktop file to
display its name and icon: we just know that an undefined "unconfined"
application was granted access
2. in theory unconfined applications can bypass the location service to
obtain the information they want; so an on/off toggle would give a false
sense of control
On Fri, Sep 26, 2014 at 11:09 PM, Jamie Strandboge <email address hidden> wrote:
> Ok, I was wrong, after reseting the db, I can see that while the
> location service does incorrectly prompt, system settings does not show
> it. This is somewhat worse than I thought because if you choose the
> wrong thing with the location trust store, you cannot undo it (without
> resetting the db). Marking system settings task as invalid.
>
> ** Changed in: ubuntu-
> Status: Confirmed => Invalid
>
> ** Summary changed:
>
> - 'unconfined' should be precached and not listed under 'Location access'
> (or 'Other app access')
> + 'unconfined' should be precached for trusted helpers
>
> ** Changed in: location-service (Ubuntu)
> Importance: Undecided => Critical
>
> ** Description changed:
>
> - If I go to Location access under Security & Privacy, I have an entry in
> - the list that is blank which corresponds to 'unconfined' ('unconfined'
> - should be precached to default to 'allow' anyway).
> -
> We should not prompt the user for unconfined or allow the user to adjust
> entries for 'unconfined' processes in System Settings since this might
> break things in unexpected ways. Marking as Critical and for rtm14
> because this is user facing, confusing to have a blank entry, can lead
> - to unexpected behavior, it should be trivial to filter this out in
> - system settings and because it should be easy to precache this.
> + to unexpected behavior, and because it should be easy to precache this.
>
> Steps to reproduce (this resets the location trust-store db):
> 1. $ stop ubuntu-
> 2. mv ~/.local/
> ~/.local/
> 3. $ start ubuntu-
> 4. launch webbrowser-app (it is unconfined)
> 5. navigate to maps.google.com. it will prompt to access location
> (browser prompt). Say yes
>
> At this point I am presented with a trust session prompt:
> "unconfined
>
> An unconfined application wants to access your current location.
>
> Deny
>
> Allow"
>
> 6. tap 'Allow'
>
> This adds the following to the trust store:
> 3|unconfined|
>
> location service shouldn't be prompting for this for the reasons
> outlined above. Adding location-service task.
>
> This will likely affect camera and mic in 'Other app access'.
>
> --
> You received this bug notification because you are a bug assignee.
> https:/
>
> Title:
> 'unconfined' should be precached for trusted helpers
>
> To manage notifications about this bug go to:
>
> https:/
>