location-service

Merge lp://qastaging/~thomas-voss/location-service/fix-1219164 into lp://qastaging/location-service/trunk

  1. fix-1219164
  2. Merge into trunk
Proposed by Thomas Voß
Status: Merged
Approved by: Thomas Voß
Approved revision: 90
Merged at revision: 82
Proposed branch: lp://qastaging/~thomas-voss/location-service/fix-1219164
Merge into: lp://qastaging/location-service/trunk
Diff against target: 1037 lines (+616/-37)
20 files modified
CMakeLists.txt (+7/-1)
data/CMakeLists.txt (+9/-0)
data/com.ubuntu.location.Service.conf (+5/-1)
data/ubuntu-location-service-trust-stored.conf.in (+13/-0)
debian/control (+4/-0)
debian/ubuntu-location-service-bin.install (+1/-0)
examples/service/service.cpp (+1/-1)
include/location_service/com/ubuntu/location/service/interface.h (+1/-1)
src/location_service/com/ubuntu/location/CMakeLists.txt (+7/-0)
src/location_service/com/ubuntu/location/service/config.h.in (+38/-0)
src/location_service/com/ubuntu/location/service/daemon.cpp (+11/-2)
src/location_service/com/ubuntu/location/service/default_configuration.cpp (+3/-10)
src/location_service/com/ubuntu/location/service/default_configuration.h (+18/-13)
src/location_service/com/ubuntu/location/service/session/skeleton.cpp (+3/-3)
src/location_service/com/ubuntu/location/service/trust_store_permission_manager.cpp (+176/-0)
src/location_service/com/ubuntu/location/service/trust_store_permission_manager.h (+85/-0)
tests/CMakeLists.txt (+1/-0)
tests/acceptance_tests.cpp (+26/-5)
tests/app_armor_testing_profile (+3/-0)
tests/trust_store_permission_manager_test.cpp (+204/-0)
To merge this branch: bzr merge lp://qastaging/~thomas-voss/location-service/fix-1219164
Reviewer Review Type Date Requested Status
PS Jenkins bot continuous-integration Needs Fixing
Seth Arnold (community) Approve
Jamie Strandboge Pending
Marc Deslauriers Pending
Manuel de la Peña Pending
Review via email: mp+228861@code.qastaging.launchpad.net

Commit message

Make the location service a trusted helper.

Description of the change

Make the location-service a trusted helper.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:74
http://jenkins.qa.ubuntu.com/job/location-service-ci/236/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/143/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/143/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/143/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/236/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
75. By Thomas Voß

Add missing build dependencies.
Add tests for TrustStorePermissionManager.
Add tests for AppArmorProfileResolver together with testing apparmor profiles.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:75
http://jenkins.qa.ubuntu.com/job/location-service-ci/237/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/144/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/144/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/144/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/237/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
76. By Thomas Voß

[ thomas-voss ]
* Make sure that logging directories are created on service startup.
  (LP: #1349704)
* Fix build warnings.
* Add a vanilla gps.conf file and install it to /etc/gps.conf. Make
  sure that expections thrown while trying to download GPS Xtra data
  do not abort the service. (LP: #1347887)
[ Pete Woods ]
* Add libdbus-cpp and libdbus as dependencies on devel package.
* Enable building on arm64, powerpc and ppc64el.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:76
http://jenkins.qa.ubuntu.com/job/location-service-ci/238/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/145/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/145/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/145/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/238/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
77. By Thomas Voß

Make sure that acceptance tests do not fail due to missing trust.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:77
http://jenkins.qa.ubuntu.com/job/location-service-ci/240/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/147/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/147/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/147/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/240/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
78. By Thomas Voß

Make sure that upstart configuration for trust-stored is shipped with -bin package.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:78
http://jenkins.qa.ubuntu.com/job/location-service-ci/241/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/148/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/148/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/148/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/241/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
79. By Thomas Voß

42 as a pid really does not work well, use getpid() instead.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:79
http://jenkins.qa.ubuntu.com/job/location-service-ci/242/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/149/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/149/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/149/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/242/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
80. By Thomas Voß

Execute the incoming connection on a pool of 3 threads.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:80
http://jenkins.qa.ubuntu.com/job/location-service-ci/243/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/150/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/150/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/150/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/243/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
81. By Thomas Voß

Adjust dispatching policy for service implementation.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:81
http://jenkins.qa.ubuntu.com/job/location-service-ci/244/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/151/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/151/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/151/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/244/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
82. By Thomas Voß

Wait at most 60 seconds for creating a session with the location service.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:82
http://jenkins.qa.ubuntu.com/job/location-service-ci/245/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/152/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/152/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/152/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/245/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
83. By Thomas Voß

Dispatch updates from providers instead of calling directly into the client.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:83
http://jenkins.qa.ubuntu.com/job/location-service-ci/246/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/153/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/153/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/153/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/246/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
84. By Thomas Voß

Revert dispatcher changes.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:84
http://jenkins.qa.ubuntu.com/job/location-service-ci/247/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/154/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/154/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/154/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/247/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
85. By Thomas Voß

Adjust timeout for session creation.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:85
http://jenkins.qa.ubuntu.com/job/location-service-ci/248/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/155/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/155/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/155/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/248/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The AppArmor policies are being looked up by pid which can be a racy interface. Do the races matter to us? Will something else in the system prevent the following chain of events?

A process with pid 4242 running with AppArmor profile Foo makes a location request
A process dies from some event
B process with any pid spawns children until one has pid 4242
C process with pid 4242 running with AppArmor profile Bar receives permission to use location from previous request

It seems fairly unlikely, I'll admit, but if an attacker can chew up enough CPU time, some race conditions can become arbitrarily easy to exploit.

Thanks

review: Needs Information
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
86. By Thomas Voß

Asynchronously deliver position/heading/velocity updates.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:86
http://jenkins.qa.ubuntu.com/job/location-service-ci/249/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/156/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/156/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/156/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/249/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
87. By Thomas Voß

Add trust-store-bin as build- and runtime-dependency.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:87
http://jenkins.qa.ubuntu.com/job/location-service-ci/250/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/157/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/157/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/157/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/250/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
88. By Thomas Voß

Finishing touches to the user-session upstart job for starting the trust-stored skeleton.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:88
http://jenkins.qa.ubuntu.com/job/location-service-ci/251/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/158/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/158/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/158/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/251/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
89. By Thomas Voß

Adjust description strings.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:89
http://jenkins.qa.ubuntu.com/job/location-service-ci/252/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/159/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/159/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/159/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/252/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Thomas Voß (thomas-voss) wrote :

> The AppArmor policies are being looked up by pid which can be a racy
> interface. Do the races matter to us? Will something else in the system
> prevent the following chain of events?
>
> A process with pid 4242 running with AppArmor profile Foo makes a location
> request
> A process dies from some event
> B process with any pid spawns children until one has pid 4242
> C process with pid 4242 running with AppArmor profile Bar receives permission
> to use location from previous request
>
> It seems fairly unlikely, I'll admit, but if an attacker can chew up enough
> CPU time, some race conditions can become arbitrarily easy to exploit.
>

It's a very good point. To address it, I would propose:

  (1.) Query pid*, uid*, apparmor* profile from dbus daemon
  (2.) Query agent
  (3.) Query pid, uid, apparmor and compare to pid*, uid*, apparmor*

Issue and task is captured here: https://bugs.launchpad.net/location-service/+bug/1352978. However, I would think that we should land the MP as is to make sure we have fixed the critical RTM bug.
> Thanks

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Addressing the potential race in an update is fine with me, thanks for already filing the bug.

We may wish to reconsider the "<profile> is trying to access your location" string -- while this is nicely unambiguous, it's also going to be incomprehensible for the average user.

Are there human-legible strings that uniquely identify the application? Say, APP_ID and a publisher id?

review: Approve
lp://qastaging/~thomas-voss/location-service/fix-1219164 updated
90. By Thomas Voß

We really should store the app id, not the service name.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:90
http://jenkins.qa.ubuntu.com/job/location-service-ci/253/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-amd64-ci/160/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-armhf-ci/160/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/location-service-utopic-i386-ci/160/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/location-service-ci/253/rebuild

review: Needs Fixing (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches