[Bug 1329913] [NEW] Please integrate mediaplayback binder service with apparmor

Jamie Strandboge Fri, 13 Jun 2014 11:56:51 -0700

Public bug reported:

Appstore apps currently use media-hub to playback files and media-hub
has apparmor integration to make sure that apps are only allowed to
playback files according to their apparmor policy (or when trust-store
support lands, what the user decides). This is great!


However, apps all currently need access to /dev/binder (LP: #1197134)
which means that a malicious app can use raw binder calls over
/dev/binder to access the media playback binder service directly instead
of going through media-hub. This allows an app to enumerate files on the
device and is an information leak (eg, facebook app ships a media file
and the malicious app can try to access it via the media playback binder
service and determine if the facebook app is installed or not. Same can
happen with any files in the file system which could be used to data
mine our users).

There are two ways to solve this. Either:
 * adjust the media playback binder service to use libapparmor to verify the 
apparmor label of the connecting service is media-hub (and possibly unconfined) 
and reject all other access, or
 * adjust the media playback service to use libapparmor to verify the apparmor 
label of the connecting process is allowed to access the specified file

In the first case, we are making sure only the media-hub service is
allowed to contact the media playback binder service (and optionally
unconfined, but what legitimate unconfined process will access the media
playback binder service?). In the second, we make the media playback
binder service mirror some of the checks that the media-hub is doing.
Both require a small subset of the libapparmor API to be ported to
bionic. I prefer the first option since it protects the media playback
service from untrusted access and reduces code duplication.

** Affects: media-hub (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1329913

Title:
  Please integrate mediaplayback binder service with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/media-hub/+bug/1329913/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1329913] [NEW] Please integrate mediaplayback binder service with apparmor

Reply via email to