'unconfined' should be precached for trusted helpers

$ sqlite3 ~/.local/share/UbuntuLocationService/trust.db
sqlite> select * from requests;
1|me.yohanboniface.osmtouch_OSMTouch_0.1.3|0|1407594143985062864|1
2|fi.cloudsystems.timppa.googlemaps_googleMaps_0.7.2|0|1407594284243997688|1
3|com.ubuntu.camera_camera_3.0.0.347|0|1407762755913505092|1
4|unconfined|0|1407773425648433663|1
5|webbrowser-app|0|1407953353319275412|1
6|fi.cloudsystems.timppa.googlemaps_googleMaps_0.7.2|0|1410614256964689451|0
7|fi.cloudsystems.timppa.googlemaps_googleMaps|0|1410614280151138404|1
8|com.ubuntu.developer.frecelto.heremaps_example|0|1410614316898155033|1
9|webbrowser-app|0|1410614369892600319|0
10|me.yohanboniface.osmtouch_OSMTouch_0.1.3|0|1410614370453320599|0
11|com.ubuntu.camera_camera_3.0.0.347|0|1410614372739327014|0
12|me.yohanboniface.sensorsstatus_SensorsStatus|0|1410614854678927136|0
13|me.yohanboniface.sensorsstatus_SensorsStatus|0|1410614893678194642|1
14|com.ubuntu.camera_camera|0|1410836436824164955|1
15|me.yohanboniface.osmtouch_OSMTouch|0|1410837518970472846|1
16|com.popey.forecast_forecast|0|1411317182811928554|1
17|fi.cloudsystems.timppa.googlemaps_googleMaps|0|1411680736314580089|0
18|fi.cloudsystems.timppa.googlemaps_googleMaps|0|1411680737063580547|1
19|fi.cloudsystems.timppa.googlemaps_googleMaps_0.7.2|0|1411680737830679586|1
20|fi.cloudsystems.timppa.googlemaps_googleMaps_0.7.2|0|1411680738672339895|0
21|me.yohanboniface.osmtouch_OSMTouch_0.1.3|0|1411680805495871093|1

It could be historical indeed. To verify, you could remove the Trust.db file and re-authorize each of your applications using Location to see if one of them still re-creates the unconfined entry.

However, being unconfined it should have been filtered out anyway. so I'll mark the bug confirmed for now.

Ok, I was wrong, after reseting the db, I can see that while the location service does incorrectly prompt, system settings does not show it. This is somewhat worse than I thought because if you choose the wrong thing with the location trust store, you cannot undo it (without resetting the db). Marking system settings task as invalid.

Indeed, the Location plugin in System settings does /hide/ unconfined
entries, because:
1. there is no way to get back to the actual application desktop file to
display its name and icon: we just know that an undefined "unconfined"
application was granted access
2. in theory unconfined applications can bypass the location service to
obtain the information they want; so an on/off toggle would give a false
sense of control

On Fri, Sep 26, 2014 at 11:09 PM, Jamie Strandboge <email address hidden> wrote:

> Ok, I was wrong, after reseting the db, I can see that while the
> location service does incorrectly prompt, system settings does not show
> it. This is somewhat worse than I thought because if you choose the
> wrong thing with the location trust store, you cannot undo it (without
> resetting the db). Marking system settings task as invalid.
>
> ** Changed in: ubuntu-system-settings (Ubuntu)
> Status: Confirmed => Invalid
>
> ** Summary changed:
>
> - 'unconfined' should be precached and not listed under 'Location access'
> (or 'Other app access')
> + 'unconfined' should be precached for trusted helpers
>
> ** Changed in: location-service (Ubuntu)
> Importance: Undecided => Critical
>
> ** Description changed:
>
> - If I go to Location access under Security & Privacy, I have an entry in
> - the list that is blank which corresponds to 'unconfined' ('unconfined'
> - should be precached to default to 'allow' anyway).
> -
> We should not prompt the user for unconfined or allow the user to adjust
> entries for 'unconfined' processes in System Settings since this might
> break things in unexpected ways. Marking as Critical and for rtm14
> because this is user facing, confusing to have a blank entry, can lead
> - to unexpected behavior, it should be trivial to filter this out in
> - system settings and because it should be easy to precache this.
> + to unexpected behavior, and because it should be easy to precache this.
>
> Steps to reproduce (this resets the location trust-store db):
> 1. $ stop ubuntu-location-service-trust-stored
> 2. mv ~/.local/share/UbuntuLocationService/trust.db
> ~/.local/share/UbuntuLocationService/trust.db.bak
> 3. $ start ubuntu-location-service-trust-stored
> 4. launch webbrowser-app (it is unconfined)
> 5. navigate to maps.google.com. it will prompt to access location
> (browser prompt). Say yes
>
> At this point I am presented with a trust session prompt:
> "unconfined
>
> An unconfined application wants to access your current location.
>
> Deny
>
> Allow"
>
> 6. tap 'Allow'
>
> This adds the following to the trust store:
> 3|unconfined|0|1411758762544069109|1
>
> location service shouldn't be prompting for this for the reasons
> outlined above. Adding location-service task.
>
> This will likely affect camera and mic in 'Other app access'.
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1374577
>
> Title:
> 'unconfined' should be precached for trusted helpers
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/location-service/+bug/1374577/+subscriptions
>

Status changed to 'Confirmed' because the bug affects multiple users.

This bug was fixed in the package trust-store - 1.1.0+14.10.20141015-0ubuntu1

---------------
trust-store (1.1.0+14.10.20141015-0ubuntu1) utopic; urgency=low

  [ Ubuntu daily release ]
  * debian/libtrust-store1.symbols: auto-update to released version

  [ thomas-voss ]
  * Add an agent implementation that allows for selectively whitelisting
    certain apps. (LP: #1374577)
  * Do not prompt or cache accesses being issued by the camera app. (LP:
    #1374397)
 -- Ubuntu daily release <email address hidden> Wed, 15 Oct 2014 18:23:41 +0000