Remove `old-security`. Use proper interfaces.

examples/busybox/snapcraft.yaml

@@ -8,19 +8,8 @@ description:
 apps:
   ls:
     command: ls
-    plugs: [rw-all]
   touch:
     command: touch
-    plugs: [rw-all]
-
-plugs:
-  rw-all:
-    interface: old-security
-    security-override:
-      read-paths:
-        - /
-      write-paths:
-        - /
 
 parts:
   busybox:
@@ -33,4 +22,3 @@ parts:
      - CONFIG_HTTPD=n
     snap:
      -  bin/*
-

examples/downloader-with-wiki-parts/snapcraft.yaml

@@ -6,6 +6,7 @@ icon: icon.png
 apps:
     test:
         command: bin/test
+        plugs: [network]
 
 parts:
     main:

examples/gopaste/snapcraft.yaml

@@ -9,16 +9,8 @@ apps:
     command: bin/gopaste
     daemon: simple
     plugs:
-      - old-security
-
-plugs:
-  old-security:
-    caps:
-      - network-listener
-      - network-service
-      - network-management
-    security-override:
-      syscalls: [fchown]
+      - network
+      - network-bind
 
 parts:
   gopaste:

examples/mosquitto/snapcraft.yaml

@@ -7,25 +7,13 @@ apps:
   mosquitto:
     command: usr/sbin/mosquitto -c $SNAP/mosquitto.conf
     daemon: simple
-    plugs: [listener-service]
+    plugs: [network, network-bind]
   subscribe:
     command: bin/subscribe
-    plugs: [listener]
+    plugs: [network, network-bind]
   publish:
     command: bin/publish
-    plugs: [listener]
-
-plugs:
-  listener:
-    interface: old-security
-    caps: [network-listener]
-  listener-service:
-    interface: old-security
-    caps: [network-listener, network-service]
-    security-override:
-      read-paths:
-        - /etc/hosts.deny
-        - /etc/hosts.allow
+    plugs: [network, network-bind]
 
 
 parts:

examples/qmldemo/snapcraft.yaml

@@ -9,14 +9,7 @@ icon: icon.png
 apps:
   qmldemo:
     command: qmlscene demo.qml --
-    uses: [mir]
 
-uses:
-  mir:
-      type: migration-skill
-      caps:
-        - mir_client
-        - network-client
 parts:
   qml:
     plugin: qml

examples/ros/snapcraft.yaml

@@ -6,12 +6,7 @@ description: Contains talker/listener ROS packages and a .launch file.
 apps:
   launch-project:
     command: roslaunch listener talk_and_listen.launch
-    plugs: [listener]
-
-plugs:
-  listener:
-    interface: old-security
-    caps: [network-listener]
+    plugs: [network-bind]
 
 parts:
   ros-project:

examples/shout/snapcraft.yaml

@@ -8,12 +8,7 @@ apps:
   server:
     command: bin/shout --home $SNAP_DATA
     daemon: simple
-    plugs: [listener]
-
-plugs:
-  listener:
-    interface: old-security
-    caps: [network-listener]
+    plugs: [network, network-bind]
 
 parts:
   shout:

examples/tomcat-maven-webapp/snapcraft.yaml

@@ -10,12 +10,7 @@ apps:
  tomcat:
    command: bin/wrapper
    daemon: simple
-   plugs: [listener-service]
-
-plugs:
-  listener-service:
-    interface: old-security
-    caps: [network-listener, network-service]
+   plugs: [network-bind]
 
 parts:
     webapp:

examples/webcam-webui/snapcraft.yaml

@@ -8,12 +8,7 @@ apps:
   webcam-webui:
     command: bin/webcam-webui
     daemon: simple
-    plugs: [listener]
-
-plugs:
-  listener:
-    interface: old-security
-    caps: [network-listener]
+    plugs: [network-bind]
 
 parts:
   cam:

examples/webchat/snapcraft.yaml

@@ -8,12 +8,7 @@ apps:
   webchat:
     command: bin/webchat-for-a-snap
     daemon: simple
-    plugs: [listener]
-
-plugs:
-  listener:
-    interface: old-security
-    caps: [network-listener]
+    plugs: [network-bind]
 
 parts:
   webchat:

schema/snapcraft.yaml

@@ -1,86 +1,5 @@
 $schema: http://json-schema.org/draft-04/schema#
 
-definitions:
-  security-policy:
-    type: object
-    required:
-      - apparmor
-      - seccomp
-    properties:
-      apparmor:
-        type: string
-        format: file-path
-      seccomp:
-        type: string
-        format: file-path
-  security-override:
-      type: object
-      properties:
-        read-paths:
-          type: array
-          description: a list of additional paths that the app can read.
-          minItems: 1
-          uniqueItems: true
-          items:
-              type: string
-        write-paths:
-          type: array
-          description: a list of additional paths that the app can write.
-          minItems: 1
-          uniqueItems: true
-          items:
-              type: string
-        abstractions:
-          type: array
-          description: a list of additional AppArmor abstractions for the app.
-          minItems: 1
-          uniqueItems: true
-          items:
-              type: string
-        syscalls:
-          type: array
-          description: a list of additional syscalls the app can use.
-          minItems: 1
-          uniqueItems: true
-          items:
-              type: string
-  security-caps:
-    type: array
-    description: Security caps.
-    minItems: 1
-    uniqueItems: true
-    items:
-      type: string
-  security-template:
-      type: string
-      description: alternate security template to use instead of default.
-  old-security:
-    type: object
-    additionalProperties: false
-    properties:
-        interface:
-          type: string
-          enum:
-            - old-security
-        security-policy:
-          $ref: "#definitions/security-policy"
-        security-override:
-          $ref: "#definitions/security-override"
-        security-template:
-          $ref: "#definitions/security-template"
-        caps:
-          $ref: "#definitions/security-caps"
-    not:
-      anyOf:
-        - required:
-            - security-policy
-            - security-override
-            - security-template
-            - caps
-        - required: [security-policy, security-override]
-        - required: [security-policy, security-template]
-        - required: [security-policy, caps]
-
 title: snapcraft schema
 type: object
 properties:
@@ -250,20 +169,9 @@ properties:
           slots:
             type: object
             description: used to offer interfaces
-          uses:
-            type: object
-            description: legacy skills, use interfaces and plugs
   plugs:
     type: object
-    additionalProperties: false
-    patternProperties:
-      ^(?!plugins$)[a-z0-9][a-z0-9+-]*$:
-        oneOf:
-          - $ref: "#definitions/old-security"
   slots:
-  # TODO: We have no real use case for this now, but when the snappy
-  # functionality comes we don't want to block people from experimenting
-  # with it right away
     type: object
 required:
   - name

snapcraft/meta.py

@@ -155,10 +155,6 @@ def _compose_snap_yaml(meta_dir, config_data):
     if config_data.get('type', '') == 'kernel':
         snap_yaml.update(_get_kernel_keys())
 
-    if 'uses' in config_data:
-        snap_yaml['uses'] = \
-            _copy_security_profiles(meta_dir, config_data['uses'])
-
     return snap_yaml
 
 
@@ -179,21 +175,6 @@ def _copy(meta_dir, relpath, new_relpath=None):
     return os.path.join('meta', os.path.basename(relpath))
 
 
-def _copy_security_profiles(meta_dir, uses):
-    # TODO: remove once skills are implemented.
-    for slot_name in uses:
-        slot_type = uses[slot_name].get('type', '')
-        if slot_type != 'migration-skill' and slot_name != 'migration-skill':
-            continue
-        if 'security-policy' in uses[slot_name]:
-            uses[slot_name]['security-policy']['apparmor'] = \
-                _copy(meta_dir, uses[slot_name]['security-policy']['apparmor'])
-            uses[slot_name]['security-policy']['seccomp'] = \
-                _copy(meta_dir, uses[slot_name]['security-policy']['seccomp'])
-
-    return uses
-
-
 def _write_wrap_exe(wrapexec, wrappath, shebang=None, args=None, cwd=None):
     args = ' '.join(args) + ' $*' if args else '$*'
     cwd = 'cd {}'.format(cwd) if cwd else ''