Camera & raw-usb plugs auto-connect for qtchildid


#1

Needed to access the webcam as well as the necessary usb fingerprint scanner to create the Child ID. Without this access, the ID cannot be generated, so it’s a must-have.
@kyrofa


#2

Thanks @sfabel, this is fine by me, but @jdstrand will have a look soon.


#3

It does seem reasonable that the snap needs a camera and a fingerprint scanner (if one is available). raw-usb is definitely a ‘last resort’ interface and I think that perhaps we should create a new interface for biometrics (biometrics-observe?).

https://www.kernel.org/doc/Documentation/admin-guide/devices.txt lists /dev/usb/idmouse and /dev/biometric/sensor[0-9]*/{fingerprint,iris,retina,voiceprint,facial,hand} for fingerprint (and other biometric) scanners. Are these the devices that your snap uses?


#4

Yes, these are the types of devices intended to be used (fingerprint only). FWIW, I’m using libfprint to get the data into the application, which I’m assuming will pick up on these devices.


#5

@niemeyer - this developer is requesting auto-connection for raw-usb since it needs access to fingerprint readers and we don’t have interfaces for that. I think ultimately we want to do something along the lines of serial-port where each device is individually assignable, but that won’t help this developer until hotplug is implemented (to support classic distro). I think we have a few options:

  1. grant use of raw-usb to this snap and add /dev/biometric/sensor* (see my previous comment) to the list of things for hotplug to support
  2. write a raw-biometrics (or similar) transitional interface to give access to all /dev/biometric/sensor* devices
  3. write raw-biometrics-fingerprint, raw-biometrics-iris, etc (or similar) transitional interfaces to give access to all fingerprint, iris, and other scanners via individual interfaces

Since ‘3’ is just a more fine-grained version of ‘2’ (perhaps we would only implement fingerprint today), it may not be worth it unless hotplug is very far out.

@niemeyer, thoughts?


#6

@niemeyer @jdstrand - can you let me know what you decided? I’d like to finalize the snap and start testing it with the new interface(s). Thanks!


#7

@niemeyer - ping. Can you comment on Camera & raw-usb plugs auto-connect for qtchildid?


#8

Checking in on this… any update?


#9

@niemeyer - thoughts?


#10

@niemeyer - what do you think?


#11

Sorry for not providing proper feedback here before.

Do we know if biometric devices consistently offer the same APIs via /dev? If so, fine-tuned interfaces feels like the best option.

That said, does it really need access to the webcam? If so, there’s already a strong assumption of trust on whoever publishes the application and also the application code base (we trust @sfabel, we and we need to trust whoever else maintains this snap if it ever changes hands), so we might as well grant raw-usb for now and research further for the fine tuned interfaces.


#12

From upstrem’s website:

"Introduction

QtChildID is free software for the purpose of supporting “Child ID” events. Read more about the National Child Identification program on their website. A lot of volunteer organizations participate in this program and help thousands of children world wide have their most vital stats, picture and fingerprints taken so that in case of an abduction or missing person, the police has immediate access the the most valuable identification data. Most Child ID kits are tedious to set up. This software is intended to speed processing up.

Requirements

* Fingerprint Reader supported by libfprint
* Any Linux supported (web) camera
* X11

Note: The application will start without either a webcam or fingerprint scanner present, but the functionality will obviously be greatly reduced."

So, ‘yes’, camera and fingerprint are fundamental to its operation.

I think Gustavo is right here. We should have fine-grained access (provided they provide the function with predictable APIs) but because we will be granting camera auto-connect to this snap anyway and it is a highly trusted interface, granting raw-usb isn’t that much more of a leap and would allow the software to operate today.

+1 to auto-connect camera and raw-usb

Once dynamic slots are supports on classic distro, we can look at adding biometrics interface(s).


#13

2 votes for, 0 against. Granting auto-connect for camera and raw-usb. This is now live.


#14

If this snap is transferred to someone else, we need to vet the new publisher wrt auto-connect.


#15

@jdstrand @noise We need to make that a general rule for transfers. The trust from the prior publisher also needs to be transferred to the new one according to the automatic connections granted to the snap, and connections undone if necessary.