[Touch-packages] [Bug 1387734] Re: Location service uses the cached authorization, even if the user denied location access to an app

Mon, 13 Apr 2015 02:31:57 -0700 

** Changed in: trust-store (Ubuntu Utopic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to location-service in
Ubuntu.
https://bugs.launchpad.net/bugs/1387734

Title:
  Location service uses the cached authorization, even if the user
  denied location access to an app

Status in the base for Ubuntu mobile products:
  Fix Released
Status in trust-store:
  Fix Released
Status in location-service package in Ubuntu:
  Invalid
Status in trust-store package in Ubuntu:
  Fix Released
Status in location-service source package in Utopic:
  Invalid
Status in trust-store source package in Utopic:
  Fix Released
Status in location-service source package in Vivid:
  Invalid
Status in trust-store source package in Vivid:
  Fix Released
Status in trust-store package in Ubuntu RTM:
  Fix Released

Bug description:
  The bug occurs after removing location access authorization to an
  application. The location is still available to the application,
  despite the user having revoked access from within USS > Privacy >
  Location.

  To reproduce:

  1. Open a map application, like Here map
  2. Allow access to location
  3. Switch to System Settings > Privacy > Location
  4. Disable location access for Maps
  5. Kill Here map, and restart it

  What should happen: you should not have access anymore (and should not see a 
prompt)
  What happens instead: the app still has access to your location, as shown in 
the logs:

  I1030 16:15:38.167752  3100 cached_agent_glog_reporter.cpp:32]
  CachedAgent::authenticate_request_with_parameters: Application pid:
  27975 Application uid: 32011 Application id:  com.nokia.heremaps_here
  Cached request:   Request(from: com.nokia.heremaps_here, feature: 0,
  when: 1414682114882519283, answer: granted)

  I confirmed that the trust store had recorded the authorization change
  as in:

  phablet@ubuntu-phablet:~$ sqlite3 
~/.local/share/UbuntuLocationService/trust.db "select * from requests"
  1|unconfined|0|1414098093331252474|1
  2|com.nokia.heremaps_here|0|1414682114882519283|1
  3|com.nokia.heremaps_here|0|1414682131206341515|0

  From a user's perspective: Despite having explicitly rejected trust to
  an application, the app would still be able to access services.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1387734/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to