New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
interfaces/desktop: allow access to Mutter IdleMonitor idle time #13304
interfaces/desktop: allow access to Mutter IdleMonitor idle time #13304
Conversation
Whilst other methods on the Mutter IdleMonitor look potentially problematic, GetIdletime should be relatively safe to expose to all desktop applications - in particular this is used by firefox nowadays as seen in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2037655 Signed-off-by: Alex Murray <alex.murray@canonical.com>
Codecov Report
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. @@ Coverage Diff @@
## master #13304 +/- ##
==========================================
- Coverage 78.81% 78.80% -0.01%
==========================================
Files 1019 1019
Lines 126593 126603 +10
==========================================
+ Hits 99768 99772 +4
- Misses 20589 20594 +5
- Partials 6236 6237 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 5 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems relatively safe.
Looking at the Firefox source, it looks like it's only using the one method, so there's presumably not going to be a follow up denial once this is allowed:
https://searchfox.org/mozilla-central/source/widget/gtk/nsUserIdleServiceGTK.cpp#160-162
Longer term, it'd be good to see if apps like this could instead use the Idle portal:
https://github.com/flatpak/xdg-desktop-portal/blob/main/data/org.freedesktop.impl.portal.Inhibit.xml
It's not clear whether it directly maps to what Firefox wants though: the CreateMonitor() method can tell you when the screensaver activates, but doesn't give the exact idle time.
interfaces/builtin/desktop.go
Outdated
# Allow to get the current idle time only from Mutter | ||
dbus (send) | ||
bus=session | ||
path="/org/gnome/Mutter/IdleMonitor/Core" | ||
interface="org.gnome.Mutter.IdleMonitor" | ||
member="GetIdletime" | ||
peer=(label=unconfined), | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like something that'd make sense to include in desktopConnectedPlugAppArmor
rather than desktopConnectedPlugAppArmorClassic
. We'd need to use something other than label=unconfined
when it's not an implicit slot.
We can always handle this later if you'd prefer though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that is a good point. So ideally we want this in desktopConnectedPlugAppArmor
but then to handle the label=unconfined
case properly - the only snap which provides this DBus name currently is the ubuntu-desktop-session snap - in which case the label would be snap.ubuntu-desktop-session
right? - I'll see what I can come up with to handle that properly in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or we just drop the peer=(label=...)
restriction on this rule entirely / switch it to peer=(name=org.gnome.Mutter.IdleMonitor),
instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went with the option to change this to peer=(name=org.gnome.Mutter.IdleMonitor),
instead - let me know what you think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is closer to what I was thinking of (although probably using implicitSystemConnectedSlot(slot)
rather than release.OnClassic
):
snapd/interfaces/builtin/network_manager.go
Lines 522 to 532 in 6d1a3ce
old := "###SLOT_SECURITY_TAGS###" | |
var new string | |
if release.OnClassic { | |
// If we're running on classic NetworkManager will be part | |
// of the OS snap and will run unconfined. | |
new = "unconfined" | |
} else { | |
new = slotAppLabelExpr(slot) | |
} | |
snippet := strings.Replace(networkManagerConnectedPlugAppArmor, old, new, -1) | |
spec.AddSnippet(snippet) |
It's a little more involved than your current patch, since we haven't yet got the boilerplate for this in the interface. That's why I said I'd understand if you left it as something to deal with in future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I had assumed you meant something like this - I also prefer this approach to be honest as it ends up being more strictly correct than my current proposal. Will try and rework it along these lines. Thanks @jhenstridge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hopefully b56a612 is what you had in mind.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Move this rule into desktopConnectedPlugAppArmor and change the peer label restriction to be a name instead so that it matches both classic and Ubuntu Core based desktops. Signed-off-by: Alex Murray <alex.murray@canonical.com>
Thanks @jhenstridge for the suggestion. Signed-off-by: Alex Murray <alex.murray@canonical.com>
@alexmurray I hope you don't mind, I merged master in your branch to pull in some spread test fixes so this can merge |
Of course not, thanks @MiguelPires |
…pcore#13304) * interfaces/desktop: allow access to Mutter IdleMonitor idle time Whilst other methods on the Mutter IdleMonitor look potentially problematic, GetIdletime should be relatively safe to expose to all desktop applications - in particular this is used by firefox nowadays as seen in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2037655 Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: support Mutter Idletime on Ubuntu Core Desktop Move this rule into desktopConnectedPlugAppArmor and change the peer label restriction to be a name instead so that it matches both classic and Ubuntu Core based desktops. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: Use correct label for Mutter on both classic and UC Thanks @jhenstridge for the suggestion. Signed-off-by: Alex Murray <alex.murray@canonical.com> --------- Signed-off-by: Alex Murray <alex.murray@canonical.com> Co-authored-by: Miguel Pires <miguel.pires@canonical.com>
) * interfaces/desktop: allow access to Mutter IdleMonitor idle time Whilst other methods on the Mutter IdleMonitor look potentially problematic, GetIdletime should be relatively safe to expose to all desktop applications - in particular this is used by firefox nowadays as seen in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2037655 Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: support Mutter Idletime on Ubuntu Core Desktop Move this rule into desktopConnectedPlugAppArmor and change the peer label restriction to be a name instead so that it matches both classic and Ubuntu Core based desktops. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: Use correct label for Mutter on both classic and UC Thanks @jhenstridge for the suggestion. Signed-off-by: Alex Murray <alex.murray@canonical.com> --------- Signed-off-by: Alex Murray <alex.murray@canonical.com> Co-authored-by: Miguel Pires <miguel.pires@canonical.com>
…pcore#13304) * interfaces/desktop: allow access to Mutter IdleMonitor idle time Whilst other methods on the Mutter IdleMonitor look potentially problematic, GetIdletime should be relatively safe to expose to all desktop applications - in particular this is used by firefox nowadays as seen in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2037655 Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: support Mutter Idletime on Ubuntu Core Desktop Move this rule into desktopConnectedPlugAppArmor and change the peer label restriction to be a name instead so that it matches both classic and Ubuntu Core based desktops. Signed-off-by: Alex Murray <alex.murray@canonical.com> * interfaces/desktop: Use correct label for Mutter on both classic and UC Thanks @jhenstridge for the suggestion. Signed-off-by: Alex Murray <alex.murray@canonical.com> --------- Signed-off-by: Alex Murray <alex.murray@canonical.com> Co-authored-by: Miguel Pires <miguel.pires@canonical.com>
Whilst other methods on the Mutter IdleMonitor look potentially problematic,
GetIdletime should be relatively safe to expose to all desktop applications - in
particular this is used by firefox nowadays as seen in
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2037655
Signed-off-by: Alex Murray alex.murray@canonical.com
Thanks for helping us make a better snapd!
Have you signed the license agreement and read the contribution guide?