Public bug reported: Appstore apps currently use media-hub to playback files and media-hub has apparmor integration to make sure that apps are only allowed to playback files according to their apparmor policy (or when trust-store support lands, what the user decides). This is great!
However, apps all currently need access to /dev/binder (LP: #1197134) which means that a malicious app can use raw binder calls over /dev/binder to access the media playback binder service directly instead of going through media-hub. This allows an app to enumerate files on the device and is an information leak (eg, facebook app ships a media file and the malicious app can try to access it via the media playback binder service and determine if the facebook app is installed or not. Same can happen with any files in the file system which could be used to data mine our users). There are two ways to solve this. Either: * adjust the media playback binder service to use libapparmor to verify the apparmor label of the connecting service is media-hub (and possibly unconfined) and reject all other access, or * adjust the media playback service to use libapparmor to verify the apparmor label of the connecting process is allowed to access the specified file In the first case, we are making sure only the media-hub service is allowed to contact the media playback binder service (and optionally unconfined, but what legitimate unconfined process will access the media playback binder service?). In the second, we make the media playback binder service mirror some of the checks that the media-hub is doing. Both require a small subset of the libapparmor API to be ported to bionic. I prefer the first option since it protects the media playback service from untrusted access and reduces code duplication. ** Affects: media-hub (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1329913 Title: Please integrate mediaplayback binder service with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/media-hub/+bug/1329913/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs