Merge pull request #11843 from jhenstridge/cups-control-iface-dbus-na…

…me-fix interfaces/builtin: remove the name=org.freedesktop.DBus restriction in cups-control AppArmor rules
snapcore · Jun 7, 2022 · cafc226 · cafc226
2 parents 9d2958f + a6725ea
commit cafc226
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/interfaces/builtin/cups_control.go b/interfaces/builtin/cups_control.go
@@ -81,7 +81,7 @@ dbus (send)
     bus=system
     path=/org/cups/cupsd/Notifier
     interface=org.cups.cupsd.Notifier
-    peer=(name=org.freedesktop.DBus,label=unconfined),
+    peer=(label=unconfined),
 
 # Allow daemon to send signals to its snap_daemon processes
 capability kill,
@@ -96,7 +96,7 @@ dbus (send)
     bus=system
     path=/org/cups/cupsd/Notifier
     interface=org.cups.cupsd.Notifier
-    peer=(name=org.freedesktop.DBus,label=###PLUG_SECURITY_TAGS###),
+    peer=(label=###PLUG_SECURITY_TAGS###),
 `
 
 const cupsControlConnectedPlugAppArmor = `
@@ -111,7 +111,7 @@ dbus (receive)
     bus=system
     path=/org/cups/cupsd/Notifier
     interface=org.cups.cupsd.Notifier
-    peer=(name=org.freedesktop.DBus,label=###SLOT_SECURITY_TAGS###),
+    peer=(label=###SLOT_SECURITY_TAGS###),
 `
 
 type cupsControlInterface struct {

diff --git a/interfaces/builtin/cups_control_test.go b/interfaces/builtin/cups_control_test.go
@@ -106,7 +106,7 @@ func (s *cupsControlSuite) TestAppArmorSpecCore(c *C) {
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
-	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.provider.app\"")
+	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(label=\"snap.provider.app\"")
 	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
 
 	// provider to consumer on core for PermanentSlot
@@ -120,7 +120,7 @@ func (s *cupsControlSuite) TestAppArmorSpecCore(c *C) {
 	spec = &apparmor.Specification{}
 	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.providerSlot), IsNil)
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
-	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.consumer.app\"")
+	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(label=\"snap.consumer.app\"")
 }
 
 func (s *cupsControlSuite) TestAppArmorSpecClassic(c *C) {
@@ -133,7 +133,7 @@ func (s *cupsControlSuite) TestAppArmorSpecClassic(c *C) {
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
-	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"{unconfined,/usr/sbin/cupsd,cupsd}\"")
+	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(label=\"{unconfined,/usr/sbin/cupsd,cupsd}\"")
 	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
 
 	// core to consumer on classic is empty for PermanentSlot
@@ -152,7 +152,7 @@ func (s *cupsControlSuite) TestAppArmorSpecClassic(c *C) {
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
 	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
-	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.provider.app\"")
+	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(label=\"snap.provider.app\"")
 	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
 
 	// provider to consumer on classic for PermanentSlot
@@ -166,7 +166,7 @@ func (s *cupsControlSuite) TestAppArmorSpecClassic(c *C) {
 	spec = &apparmor.Specification{}
 	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.providerSlot), IsNil)
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
-	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.consumer.app\"")
+	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(label=\"snap.consumer.app\"")
 }
 
 func (s *cupsControlSuite) TestStaticInfo(c *C) {