interfaces: put base policy fragments inside each interface

[zyga]

This change completes the work towards making interface modules self-contained. Now each interface
can define a fragment of the base policy that applies to its plugs and slots.

Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com

[codecov-io]

Codecov Report

Merging #3464 into master will decrease coverage by 0.09%.
The diff coverage is 32.04%.

@@            Coverage Diff            @@
##           master    #3464     +/-   ##
=========================================
- Coverage   76.93%   76.84%   -0.1%     
=========================================
  Files         378      378             
  Lines       26116    26217    +101     
=========================================
+ Hits        20093    20147     +54     
- Misses       4243     4290     +47     
  Partials     1780     1780

Impacted Files	Coverage Δ
interfaces/policy/basedeclaration.go	40.74% <ø> (ø)	⬆️
interfaces/builtin/storage_framework_service.go	78.94% <0%> (-2.14%)	⬇️
interfaces/builtin/io_ports_control.go	77.77% <0%> (-2.23%)	⬇️
interfaces/builtin/modem_manager.go	53.48% <0%> (-1.28%)	⬇️
interfaces/builtin/ubuntu_download_manager.go	52.63% <0%> (-1.43%)	⬇️
interfaces/builtin/udisks2.go	80.48% <0%> (-2.02%)	⬇️
interfaces/builtin/time_control.go	75.75% <0%> (-2.37%)	⬇️
interfaces/builtin/ppp.go	42.85% <0%> (-2.15%)	⬇️
interfaces/builtin/pulseaudio.go	48.27% <0%> (-1.73%)	⬇️
interfaces/builtin/hardware_random_observe.go	74.19% <0%> (-2.48%)	⬇️
... and 85 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 84227d0...d3f3c2c. Read the comment docs.

[jdstrand]

Looks good. In addition to the review I compared the output with 'snap debug get-base-declaration' and it all looks fine.

As an aside, I was surprised that I needed 'sudo' when using 'snap debug get-base-declaration'-- there is nothing privileged there, the info is static and public.

[stolowski]

Looks good, thanks for these changes! Just one question about a regex, see below.

[stolowski]

Shouldn't this regex be more strict?

[jdstrand]

It could be, but all it is really saying is that 'name' must be present. The interface slot code verifies this for us.

[stolowski]

I wasn't sure what is the real purpose of all these changes until I reached this... Very nice, it's great we get rid of this big blob :)

[zyga]

:-)

[zyga]

@jdstrand thank you for commenting, I think you are right but perhaps the nature of the debug endpoint is special enough to warrant this. All the debug interactions are done through one API endpoint. We could explore how to make specific actions require authentication but for now that is all-or-nothing for the debug endpoint.