All SDK applications require access to /dev/binder

Bug #1197134 reported by Jamie Strandboge
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Confirmed
High
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
lxc-android-config (Ubuntu)
Confirmed
High
Ubuntu Phonedations bugs
Saucy
Won't Fix
High
Ubuntu Phonedations bugs
Trusty
Won't Fix
High
Ubuntu Phonedations bugs
Utopic
Won't Fix
High
Ubuntu Phonedations bugs

Bug Description

SDK applications sometimes need the following AppArmor policy to run:

  /dev/binder rw,

The writes to /dev/binder allow applications to attack binder directly which weakens our application confinement policy because there is no mediation between binder services.

The following are the binder services that Ubuntu currently uses:
- camera
- media playback service (used by media-hub)

location was in this group but is already moved away. surface flinger was used as a fallback but has been removed. vibrate is not implemented but when it is it will only use our API (ie, not binder). sensors was implemented as usensors in 14.10. Of the remaining binder services listed above, camera is still present for video recording and media playback service implements a subset of the android API for media playback (it is used by media-hub).

This bug will be resolved when /dev/binder is no longer used or it is only used by one service and therefore the /dev/binder access can move into the appropriate policy group.

Right now, because all apps needs access to /dev/binder, all apps end up with access to the camera and media playback services even when these policy groups are not specified. Getting rid of /dev/binder access is for fine-grained application confinement to work correctly.

tags: added: application-confinement
description: updated
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Adding lxc-android-config taks since it provides the udev rule. This is almost certainly the wrong package and will have to be retargeted, but at least this puts the bug in Phone Foundations court.

description: updated
Changed in lxc-android-config (Ubuntu Saucy):
importance: Undecided → High
status: New → Confirmed
description: updated
Changed in lxc-android-config (Ubuntu Saucy):
assignee: nobody → Ubuntu Phonedations bugs (ubuntu-phonedations-bugs)
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is still an issue on update to date mako system-image and booting into mir after creating ~/.display-mir.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Adding a t-series task since this looks like it won't be fixed for 13.10.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Won't Fix
summary: - SDK applications require access to /dev/binder
+ All SDK applications require access to /dev/binder, even when using mir
summary: - All SDK applications require access to /dev/binder, even when using mir
+ All SDK applications require access to /dev/binder
description: updated
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lxc-android-config (Ubuntu Saucy):
status: Confirmed → Won't Fix
Changed in lxc-android-config (Ubuntu Trusty):
assignee: nobody → Ubuntu Phonedations bugs (ubuntu-phonedations-bugs)
importance: Undecided → High
description: updated
Changed in lxc-android-config (Ubuntu Trusty):
status: Confirmed → Won't Fix
Changed in apparmor-easyprof-ubuntu (Ubuntu Trusty):
status: Confirmed → Won't Fix
no longer affects: touch-preview-images
Changed in apparmor-easyprof-ubuntu (Ubuntu Utopic):
status: Triaged → Won't Fix
Changed in lxc-android-config (Ubuntu Utopic):
status: Confirmed → Won't Fix
Changed in apparmor-easyprof-ubuntu (Ubuntu):
importance: Undecided → High
status: Triaged → Confirmed
sha (sharecash1023)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Confirmed → Fix Released
Changed in lxc-android-config (Ubuntu):
status: Confirmed → New
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

sharecash1023, you closed this bug by mistake.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Fix Released → Confirmed
Changed in lxc-android-config (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.