/snapd forked from snapcore/snapd

Permalink
Browse files

New interface.

  • Loading branch information...
1 parent ac504ce commit 198974dddac4e30a971f893b7fb402d662acf637 Renato Araujo Oliveira Filho committed Jul 21, 2016
Unified Split
Showing with 201 additions and 0 deletions.
  1. +1 −0 interfaces/builtin/all.go
  2. +199 −0 interfaces/builtin/eds-calendar.go
  3. +1 −0 snap/implicit.go
View
1 interfaces/builtin/all.go
@@ -27,6 +27,7 @@ var allInterfaces = []interfaces.Interface{
&BoolFileInterface{},
&BluezInterface{},
&ContentInterface{},
+ &EDSCalendarInterface{},
&LocationControlInterface{},
&LocationObserveInterface{},
&ModemManagerInterface{},
View
199 interfaces/builtin/eds-calendar.go
@@ -0,0 +1,199 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2016 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package builtin
+
+import (
+ "bytes"
+
+ "github.com/snapcore/snapd/interfaces"
+)
+
+var edsCalendarPermanentSlotAppArmor = []byte(`
+# Description: Can access the calendar. This policy group is reserved for
+# vetted applications only in this version of the policy. Once LP: #1227824
+# is fixed, this can be moved out of reserved status.
+# Usage: reserved
+`)
@jdstrand

jdstrand Jul 25, 2016

Since you are only implementing this for talking to a system-supplied eds, you can omit this.
+
+var edsCalendarConnectedPlugAppArmor = []byte(`
+# Description: Can access the calendar. This policy group is reserved for
+# vetted applications only in this version of the policy. Once LP: #1227824
+# is fixed, this can be moved out of reserved status.
+# Usage: reserved
+
+# DBus accesses
+#include <abstractions/dbus-session-strict>
+
+# Allow all access to eds service
+dbus (receive, send)
+ bus=session
+ peer=(label=###SLOT_SECURITY_TAGS###),
+
+dbus (send)
+ bus=session
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Request,Release}Name
+ peer=(name=org.freedesktop.DBus),
+dbus (send)
+ bus=session
+ path=/org/freedesktop/*
+ interface=org.freedesktop.DBus.Properties
+ peer=(label=unconfined),
+
+# Evolution calendar interface
+dbus (receive, send)
+ bus=session
+ path=/org/gnome/evolution/dataserver/SourceManager{,/**}
+ peer=(label=unconfined),
+dbus (receive, send)
+ bus=session
+ path=/org/gnome/evolution/dataserver/CalendarFactory
+ peer=(label=unconfined),
+dbus (receive, send)
+ bus=session
+ path=/org/gnome/evolution/dataserver/Subprocess/**
+ peer=(label=unconfined),
+dbus (receive, send)
+ bus=session
+ path=/org/gnome/evolution/dataserver/CalendarView/**
+ peer=(label=unconfined),
+`)
@jdstrand

jdstrand Jul 25, 2016

As per IRC, the calendar-specific policy should be in a separate variable and conditionally added based on interface attribute.
+
+var edsCalendarPermanentSlotSecComp = []byte(`
+# Description: Can access the calendar. This policy group is reserved for
+# vetted applications only in this version of the policy. Once LP: #1227824
+# is fixed, this can be moved out of reserved status.
+# Usage: reserved
+`)
@jdstrand

jdstrand Jul 25, 2016

Since you are only implementing this for talking to a system-supplied eds, you can omit this.
+
+var edsCalendarConnectedPlugSecComp = []byte(`
+# Description: Can access the calendar. This policy group is reserved for
+# vetted applications only in this version of the policy. Once LP: #1227824
+# is fixed, this can be moved out of reserved status.
+# Usage: reserved
+
+# Can communicate with DBus system service
+accept
+accept4
+bind
+connect
+getpeername
+getsockname
+getsockopt
+listen
+recv
+recvfrom
+recvmmsg
+recvmsg
+send
+sendmmsg
+sendmsg
+sendto
+setsockopt
+shutdown
+socketpair
+socket
+`)
+
+var edsCalendarPermanentSlotDBus = []byte(`
+<policy user="default">
+ <!-- SourceRegistry -->
+ <allow send_destination="org.gnome.evolution.dataserver.Sources5"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.gnome.evolution.dataserver.Sources5"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.gnome.evolution.dataserver.Sources5"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+
+ <!-- CalendarFactory -->
+ <allow send_interface="org.gnome.evolution.dataserver.Calendar7"/>
+
+</policy>
+`)
@jdstrand

jdstrand Jul 25, 2016

Since you are only implementing this for talking to a system-supplied eds, you can omit this.
+
+type EDSCalendarInterface struct{}
+
+func (iface *EDSCalendarInterface) Name() string {
+ return "eds-calendar"
@jdstrand

jdstrand Jul 25, 2016

Per IRC, rename this simply 'eds'. It's possible when this goes through review it will be renamed again, but the idea is that eds is a service that provides at least calendar and contacts, and while we could easily create eds-calendar and eds-contacts interfaces for the plugs side, that doesn't make sense for when eds itself and is a snap for the slot side (since it would provide both). I suggested for now to call this 'eds' and then have 'common' policy (for talking to eds at all) always added on the plugs side and then have interface attributes for specifying calendar and/or contact and we add that policy conditionally. In this manner, the eds snap can implement the eds interface on the slot side and the clients can plugs calendar or contacts or both and the interface contract between eds and client is maintained in one place.
+}
+
+func (iface *EDSCalendarInterface) PermanentPlugSnippet(plug *interfaces.Plug, securitySystem interfaces.SecuritySystem) ([]byte, error) {
+ switch securitySystem {
+ case interfaces.SecurityDBus, interfaces.SecurityAppArmor, interfaces.SecuritySecComp, interfaces.SecurityUDev, interfaces.SecurityMount:
+ return nil, nil
+ default:
+ return nil, interfaces.ErrUnknownSecurity
+ }
+}
+
+func (iface *EDSCalendarInterface) ConnectedPlugSnippet(plug *interfaces.Plug, slot *interfaces.Slot, securitySystem interfaces.SecuritySystem) ([]byte, error) {
+ switch securitySystem {
+ case interfaces.SecurityAppArmor:
+ old := []byte("###SLOT_SECURITY_TAGS###")
+ new := slotAppLabelExpr(slot)
+ snippet := bytes.Replace(edsCalendarConnectedPlugAppArmor, old, new, -1)
+ return snippet, nil
+ case interfaces.SecuritySecComp:
+ return edsCalendarConnectedPlugSecComp, nil
+ case interfaces.SecurityDBus:
+ return edsCalendarPermanentSlotDBus, nil
@jdstrand

jdstrand Jul 25, 2016

This can be nil, nil as per above.
+ case interfaces.SecurityUDev, interfaces.SecurityMount:
+ return nil, nil
+ default:
+ return nil, interfaces.ErrUnknownSecurity
+ }
+}
+
+func (iface *EDSCalendarInterface) PermanentSlotSnippet(slot *interfaces.Slot, securitySystem interfaces.SecuritySystem) ([]byte, error) {
+ switch securitySystem {
+ case interfaces.SecurityAppArmor:
+ return edsCalendarPermanentSlotAppArmor, nil
+ case interfaces.SecuritySecComp:
+ return edsCalendarPermanentSlotSecComp, nil
+ case interfaces.SecurityDBus:
+ return edsCalendarPermanentSlotDBus, nil
@jdstrand

jdstrand Jul 25, 2016

nil, nil for now.
+ case interfaces.SecurityUDev, interfaces.SecurityMount:
+ return nil, nil
+ default:
+ return nil, interfaces.ErrUnknownSecurity
+ }
+}
+
+func (iface *EDSCalendarInterface) ConnectedSlotSnippet(plug *interfaces.Plug, slot *interfaces.Slot, securitySystem interfaces.SecuritySystem) ([]byte, error) {
+ switch securitySystem {
+ case interfaces.SecurityDBus, interfaces.SecurityAppArmor, interfaces.SecuritySecComp, interfaces.SecurityUDev, interfaces.SecurityMount:
+ return nil, nil
+ default:
+ return nil, interfaces.ErrUnknownSecurity
+ }
+}
+
+func (iface *EDSCalendarInterface) SanitizePlug(plug *interfaces.Plug) error {
+ return nil
+}
+
+func (iface *EDSCalendarInterface) SanitizeSlot(slot *interfaces.Slot) error {
+ return nil
+}
+
+func (iface *EDSCalendarInterface) AutoConnect() bool {
+ return true
@jdstrand

jdstrand Jul 25, 2016
Edited 1 time

This should be false since it gives privileged access to the user's calendar (and contacts). Once there is trust-store integration, etc this can be true (this is what we do now instead of 'reserved' in policy groups).

UPDATE: IIRC this is for migrating phone policy to snappy so my comment stands. However, if this is for snapping existing desktop applications as snaps, then you could make auto-connect conditional OnClassic since classic represents transitional policy. See home.go as an example. This will be discussed further in PR review.
+}
View
1 snap/implicit.go
@@ -55,6 +55,7 @@ var implicitClassicSlots = []string{
"modem-manager",
"optical-drive",
"camera",
+ "eds-calendar",
}
// AddImplicitSlots adds implicitly defined slots to a given snap.

0 comments on commit 198974d

Please sign in to comment.