Comment 21 for bug 1224756

So, I guess one could insert a check in the call to command_create_record_stream (src/pulsecore/protocol-native.c), that would deny access if trust-store says so.
However, there is still a way around that. Any app that can access the shm file can potentially look at audio data currently streaming to *another* app, i e, malicious app Eve can see what PulseAlice sends to the legitmate app Bob.
I'm not sure how much this SHM file is cleaned up (zeroed out) either, so there is a possibility the shm file contains old recorded data too.

As for PulseAudio clients telling PulseAudio to access random files on the file system, I don't think that's true, but I could have missed something. Could you be more specific about where this functionality lies and I'll have a closer look?

As for the LED, any app with access to both the LED and PulseAudio should be able to do this.