[Bug 1781428] Re: please enable snap mediation support

James Henstridge james.henstridge at canonical.com
Fri Nov 8 09:13:02 UTC 2019 

Attached is a debdiff for the Xenial version of the backport.  In
addition to the snap policy module patches, this includes a backport of
the libjson-c dependency removal changes from Pulse Audio 10.0 (which
applied cleanly without modification).  This is required because
libjson-c and libjson-glib declare a few symbols with the same name,
causing problems for the policy module.

Based on discussion in
https://bugs.freedesktop.org/show_bug.cgi?id=95135, the libjson-c
dependency was causing problems for other applications too.

I was able to complete @jdstrand's test plan on a clean 16.04 install
with these updates.

pulseaudio (1:8.0-0ubuntu3.11) xenial; urgency=medium

  * Backport the snap policy module to make access to audio recording
    conditional on plugging the "pulseaudio" or "audio-record" interfaces
    (LP: #1781428):
    - 0450-modules-add-snappy-policy-module.patch: rewrite to query
      snapd for the client's plugged interfaces.
    - 0451-enable-snap-policy-module.patch: enable the module in the
      default configuration.
    - Build depend on libsnapd-glib-dev.
  * Backport libjson-c dependency removal from Pulse Audio 10. This is
    required by the snap policy module due to a symbol name clash with
    libjson-glib.
    - 0805-remove-libjson-c-dependency.patch: new file.

 -- James Henstridge <james.henstridge at canonical.com>  Tue, 05 Nov 2019
17:16:22 +0800

** Bug watch added: freedesktop.org Bugzilla #95135
   https://bugs.freedesktop.org/show_bug.cgi?id=95135

** Patch added: "pulseaudio_8.0-0ubuntu3.10_8.0-0ubuntu3.11.diff"
   https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1781428/+attachment/5303806/+files/pulseaudio_8.0-0ubuntu3.10_8.0-0ubuntu3.11.diff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1781428

Title:
  please enable snap mediation support

Status in pulseaudio package in Ubuntu:
  Fix Released
Status in pulseaudio source package in Xenial:
  Triaged
Status in pulseaudio source package in Bionic:
  Triaged

Bug description:
  [Impact]
  Ubuntu 16.10 added rudimentary snap support to disable audio recording if the connecting process was a snap. By Ubuntu 18.04, something changed in the build resulting in 'Enable Snappy support: no' with audio recording no longer being mediated by pulseaudio (access to the pulseaudio socket continued to be mediated by snapd's apparmor policy). This resulted in any application with the pulseaudio interface connected to be able to also record. Ubuntu 16.04 never had mediation patches and always allowed recording when the pulseaudio interface was connected.

  To correct this situation but not regress existing behavior, Ubuntu
  19.04's pulseaudio was updated patch to allow playback to all
  connected clients (snaps or not), record by classic snaps (see bug
  1787324) and record by strict mode snaps if either the pulseaudio or
  new-in-snapd-2.41 audio-record interfaces were connected. With this
  change, snapd is in a position to migrate snaps to the new audio-
  playback and audio-record interfaces and properly mediate audio
  recording (see https://forum.snapcraft.io/t/upcoming-pulseaudio-
  interface-deprecation/13418).

  The patch to pulseaudio consists of adding a module, enabling it in
  default.pa and then when it is enabled, pulseaudio when faced with a
  record operation will, when the connecting process is a snap (ie, its
  security label (ie, apparmor label) starts with 'snap.'), query snapd
  via its control socket to ask if the snap is classic and if not,
  whether the pulseaudio or audio-record interfaces are connected.
  Adjusting pulseaudio in the manner does not require coordination with
  any release of snapd. It does need a newer version of snapd-glib,
  which was recently updated to 1.49 in the last SRU.

  [Test Case]

  IMPORTANT: if updating pulseaudio while the session is running, either
  need to reboot for the test or kill pulseaudio so it can restart with
  the new snap policy

  For unconfined applications:
  $ paplay /usr/share/sounds/alsa/Noise.wav && echo "yes"
  yes

  $ rm -f /tmp/out.wav ; parecord /tmp/out.wav && echo "yes"  # ctrl-c to stop recording
  ^Cyes

  $ paplay /tmp/out.wav && echo "yes"
  yes

  For confined, non-snap applications:
  $ sudo apt-get install evince

  $ aa-exec -p /usr/bin/evince -- paplay
  /usr/share/sounds/alsa/Noise.wav && echo yes

  $ rm -f /tmp/out.wav ; aa-exec -p /usr/bin/evince -- parecord /tmp/out.wav && echo "yes"  # ctrl-c to stop recording
  ^Cyes

  $ aa-exec -p /usr/bin/evince -- paplay /tmp/out.wav && echo "yes"
  yes

  For classic snaps:
  $ sudo snap install test-snapd-classic-confinement --classic

  $ snap run --shell test-snapd-classic-confinement

  $ cat /proc/self/attr/current   # verify we are classic confined
  snap.test-snapd-classic-confinement.test-snapd-classic-confinement (complain)

  $ paplay /usr/share/sounds/alsa/Noise.wav && echo "yes"
  yes

  $ rm -f /tmp/out.wav ; parecord /tmp/out.wav && echo "yes"  # ctrl-c to stop recording
  ^Cyes

  $ paplay /tmp/out.wav && echo "yes"
  yes

  For strict snaps with pulseaudio:
  $ sudo snap install --dangerous ./test-snapd-pulseaudio_1_amd64.snap

  $ snap connections test-snapd-pulseaudio
  Interface   Plug                              Slot         Notes
  pulseaudio  test-snapd-pulseaudio:pulseaudio  :pulseaudio  -

  $ test-snapd-pulseaudio.play --help  # ensure SNAP dirs are created
  ...

  $ sudo cp /usr/share/sounds/alsa/Noise.wav /var/snap/test-snapd-
  pulseaudio/common/

  $ test-snapd-pulseaudio.play /var/snap/test-snapd-pulseaudio/common/Noise.wav && echo yes
  xcb_connection_has_error() returned true
  yes

  (note, the xcb_connection_has_error() message is due to the x11
  interface not being connecting which is unrelated to mediation. x11 is
  left out to ensure that just audio-playback/audio-record are tested)

  $ test-snapd-pulseaudio.record /tmp/out.wav && echo yes # should pass
  ...
  ^Cyes

  $ test-snapd-pulseaudio.play /tmp/out.wav && echo yes
  ...
  yes

  For strict snaps with audio-playback/audio-record:
  $ sudo snap refresh core --candidate # make sure have 2.41. 'install' on 16.04
  $ sudo snap install --dangerous ./test-snapd-audio-record_1_amd64.snap

  $ snap connections test-snapd-audio-record  # record not connected
  Interface       Plug                                    Slot             Notes
  audio-playback  test-snapd-audio-record:audio-playback  :audio-playback  -
  audio-record    test-snapd-audio-record:audio-record    -                -

  $ test-snapd-audio-record.play --help  # ensure SNAP dirs are created
  ...

  $ sudo cp /usr/share/sounds/alsa/Noise.wav /var/snap/test-snapd-audio-
  record/common/

  $ test-snapd-audio-record.play /var/snap/test-snapd-audio-record/common/Noise.wav && echo yes
  xcb_connection_has_error() returned true
  yes

  (note, the xcb_connection_has_error() message is due to the x11
  interface not being connecting which is unrelated to mediation. x11 is
  left out to ensure that just audio-playback/audio-record are tested)

  $ test-snapd-audio-record.record /tmp/out.wav  # should fail
  ...
  Stream error: Access denied

  $ sudo snap connect test-snapd-audio-record:audio-record

  $ test-snapd-audio-record.record /tmp/out.wav && echo yes  # should pass
  ...
  ^Cyes

  $ test-snapd-audio-record.play /tmp/out.wav && echo yes
  ...
  yes

  [Regression Potential]

  The regression potential consists of pulseaudio playback and record
  functionality no longer working for snaps and non-snaps. This is
  easily tested via the test cases. Furthermore, the patches have seen 5
  months real world testing since Ubuntu 19.04's release. Note that the
  patches for 18.04 and 16.04 include the fixes to 19.04 for classic
  snaps (and the above test cases verify the correct behavior).

  # Original summary: pulseaudio built with --enable-snappy but 'Enable
  Snappy support: no'

  # Original description

  From https://launchpadlibrarian.net/377100864/buildlog_ubuntu-cosmic-
  amd64.pulseaudio_1%3A12.0-1ubuntu1_BUILDING.txt.gz:

  ...
  dh_auto_configure -- --enable-x11 --disable-hal-compat --libdir=\${prefix}/lib/x86_64-linux-gnu --with-module-dir=\${prefix}/lib/pulse-12.0/modules --with-zsh-completion-dir=\${datadir}/zsh/vendor-completions --with-bash-completion-dir=\${datadir}/bash-completion/completions --with-systemduserunitdir=\${prefix}/lib/systemd/user --enable-snappy --disable-bluez4 --enable-gsettings --disable-gconf
   ./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=\${prefix}/include --mandir=\${prefix}/share/man --infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libdir=\${prefix}/lib/x86_64-linux-gnu --libexecdir=\${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking --enable-x11 --disable-hal-compat --libdir=\${prefix}/lib/x86_64-linux-gnu --with-module-dir=\${prefix}/lib/pulse-12.0/modules --with-zsh-completion-dir=\${datadir}/zsh/vendor-completions --with-bash-completion-dir=\${datadir}/bash-completion/completions --with-systemduserunitdir=\${prefix}/lib/systemd/user --enable-snappy --disable-bluez4 --enable-gsettings --disable-gconf
  ...
      Enable Ubuntu trust store:     no
      Enable Snappy support:         no
      Enable Apparmor:               yes

  At this point, the patch should probably be dropped, otherwise
  applications like chromium, etc will no longer be able to record.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1781428/+subscriptions

More information about the Ubuntu-sponsors mailing list