interfaces: support D-Bus activation

cmd/snap-mgmt/snap-mgmt.sh.in

@@ -119,6 +119,10 @@ purge() {
         rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
     done
 
+    # dbus activation configuration
+    rm -f /etc/dbus-1/session.d/snapd.session-services.conf
+    rm -f /etc/dbus-1/system.d/snapd.system-services.conf
+
     echo "Discarding preserved snap namespaces"
     # opportunistic as those might not be actually mounted
     if [ -d /run/snapd/ns ]; then
@@ -143,6 +147,8 @@ purge() {
     rm -rf /var/snap
 
     echo "Removing leftover snap shared state data"
+    rm -rf /var/lib/snapd/dbus/services/*
+    rm -rf /var/lib/snapd/dbus/system-services/*
     rm -rf /var/lib/snapd/desktop/applications/*
     rm -rf /var/lib/snapd/seccomp/bpf/*
     rm -rf /var/lib/snapd/device/*

cmd/snap-preseed/reset.go

@@ -70,6 +70,8 @@ func resetPreseededChroot(preseedChroot string) error {
 		filepath.Join(dirs.SnapCacheDir, "*"),
 		filepath.Join(apparmor_sandbox.CacheDir, "*"),
 		filepath.Join(dirs.SnapDesktopFilesDir, "*"),
+		filepath.Join(dirs.SnapDBusSessionServicesDir, "*"),
+		filepath.Join(dirs.SnapDBusSystemServicesDir, "*"),
 	}
 
 	for _, gl := range globs {

data/dbus/Makefile

@@ -14,7 +14,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 BINDIR := /usr/bin
-DBUSSERVICESDIR := /usr/share/dbus-1/services
+DBUSDIR = /usr/share/dbus-1
+DBUSSERVICESDIR := ${DBUSDIR}/services
 
 SERVICES_GENERATED := $(patsubst %.service.in,%.service,$(wildcard *.service.in))
 SERVICES := ${SERVICES_GENERATED}
@@ -24,10 +25,18 @@ SERVICES := ${SERVICES_GENERATED}
 
 all: ${SERVICES}
 
-install: ${SERVICES}
+install:: ${SERVICES}
 	# NOTE: old (e.g. 14.04) GNU coreutils doesn't -D with -t
 	install -d -m 0755 ${DESTDIR}/${DBUSSERVICESDIR}
 	install -m 0644 -t ${DESTDIR}/${DBUSSERVICESDIR} $^
 
+install:: snapd.session-services.conf
+	install -d -m 0755 ${DESTDIR}/${DBUSDIR}/session.d
+	install -m 0644 -t ${DESTDIR}/${DBUSDIR}/session.d $^
+
+install:: snapd.system-services.conf
+	install -d -m 0755 ${DESTDIR}/${DBUSDIR}/system.d
+	install -m 0644 -t ${DESTDIR}/${DBUSDIR}/system.d $^
+
 clean:
 	rm -f ${SERVICES_GENERATED}

data/dbus/snapd.session-services.conf

@@ -0,0 +1,4 @@
+<!-- keep in sync with interfaces/dbus/backend.go:setupHostDBusConf() -->
+<busconfig>
+  <servicedir>/var/lib/snapd/dbus/services/</servicedir>
+</busconfig>

data/dbus/snapd.system-services.conf

@@ -0,0 +1,4 @@
+<!-- keep in sync with interfaces/dbus/backend.go:setupHostDBusConf() -->
+<busconfig>
+  <servicedir>/var/lib/snapd/dbus/system-services/</servicedir>
+</busconfig>

dirs/dirs.go

@@ -91,7 +91,11 @@ var (
 	SnapSystemdConfDir  string
 	SnapDesktopFilesDir string
 	SnapDesktopIconsDir string
-	SnapBusPolicyDir    string
+
+	SnapBusPolicyDir           string
+	SnapBusSessionPolicyDir    string
+	SnapDBusSessionServicesDir string
+	SnapDBusSystemServicesDir  string
 
 	SnapModeenvFile string
 
@@ -288,6 +292,10 @@ func SetRootDir(rootdir string) {
 	// freedesktop.org specifications
 	SnapDesktopFilesDir = filepath.Join(rootdir, snappyDir, "desktop", "applications")
 	SnapDesktopIconsDir = filepath.Join(rootdir, snappyDir, "desktop", "icons")
+	// Use 'dbus/services' and `dbus/system-services' to mirror
+	// '/usr/share/dbus-1' hierarchy.
+	SnapDBusSessionServicesDir = filepath.Join(rootdir, snappyDir, "dbus", "services")
+	SnapDBusSystemServicesDir = filepath.Join(rootdir, snappyDir, "dbus", "system-services")
 	SnapRunDir = filepath.Join(rootdir, "/run/snapd")
 	SnapRunNsDir = filepath.Join(SnapRunDir, "/ns")
 	SnapRunLockDir = filepath.Join(SnapRunDir, "/lock")
@@ -332,6 +340,7 @@ func SetRootDir(rootdir string) {
 	SnapUserServicesDir = filepath.Join(rootdir, "/etc/systemd/user")
 	SnapSystemdConfDir = SnapSystemdConfDirUnder(rootdir)
 	SnapBusPolicyDir = filepath.Join(rootdir, "/etc/dbus-1/system.d")
+	SnapBusSessionPolicyDir = filepath.Join(rootdir, "/etc/dbus-1/session.d")
 
 	CloudMetaDataFile = filepath.Join(rootdir, "/var/lib/cloud/seed/nocloud-net/meta-data")
 	CloudInstanceDataFile = filepath.Join(rootdir, "/run/cloud-init/instance-data.json")

features/features.go

@@ -49,6 +49,8 @@ const (
 	RobustMountNamespaceUpdates
 	// UserDaemons controls availability of user mode service support.
 	UserDaemons
+	// DbusActivation controls whether snaps daemons can be activated via D-Bus
+	DbusActivation
 	// lastFeature is the final known feature, it is only used for testing.
 	lastFeature
 )
@@ -75,7 +77,8 @@ var featureNames = map[SnapdFeature]string{
 	ClassicPreservesXdgRuntimeDir: "classic-preserves-xdg-runtime-dir",
 	RobustMountNamespaceUpdates:   "robust-mount-namespace-updates",
 
-	UserDaemons: "user-daemons",
+	UserDaemons:    "user-daemons",
+	DbusActivation: "dbus-activation",
 }
 
 // featuresEnabledWhenUnset contains a set of features that are enabled when not explicitly configured.

features/features_test.go

@@ -48,6 +48,7 @@ func (*featureSuite) TestName(c *C) {
 	c.Check(features.ClassicPreservesXdgRuntimeDir.String(), Equals, "classic-preserves-xdg-runtime-dir")
 	c.Check(features.RobustMountNamespaceUpdates.String(), Equals, "robust-mount-namespace-updates")
 	c.Check(features.UserDaemons.String(), Equals, "user-daemons")
+	c.Check(features.DbusActivation.String(), Equals, "dbus-activation")
 	c.Check(func() { _ = features.SnapdFeature(1000).String() }, PanicMatches, "unknown feature flag code 1000")
 }
 
@@ -70,6 +71,7 @@ func (*featureSuite) TestIsExported(c *C) {
 	c.Check(features.RefreshAppAwareness.IsExported(), Equals, true)
 	c.Check(features.ClassicPreservesXdgRuntimeDir.IsExported(), Equals, true)
 	c.Check(features.UserDaemons.IsExported(), Equals, false)
+	c.Check(features.DbusActivation.IsExported(), Equals, false)
 }
 
 func (*featureSuite) TestIsEnabled(c *C) {
@@ -101,6 +103,7 @@ func (*featureSuite) TestIsEnabledWhenUnset(c *C) {
 	c.Check(features.ClassicPreservesXdgRuntimeDir.IsEnabledWhenUnset(), Equals, false)
 	c.Check(features.RobustMountNamespaceUpdates.IsEnabledWhenUnset(), Equals, true)
 	c.Check(features.UserDaemons.IsEnabledWhenUnset(), Equals, false)
+	c.Check(features.DbusActivation.IsEnabledWhenUnset(), Equals, false)
 }
 
 func (*featureSuite) TestControlFile(c *C) {

interfaces/builtin/dbus.go

@@ -22,6 +22,7 @@ package builtin
 import (
 	"bytes"
 	"fmt"
+	"os"
 	"regexp"
 	"strings"
 
@@ -231,9 +232,8 @@ func (iface *dbusInterface) StaticInfo() interfaces.StaticInfo {
 var isInvalidSnappyBusName = regexp.MustCompile("-[0-9]+$").MatchString
 
 // Obtain yaml-specified bus well-known name
-func (iface *dbusInterface) getAttribs(attribs interfaces.Attrer) (string, string, error) {
+func (iface *dbusInterface) getAttribs(attribs interfaces.Attrer) (bus, name string, err error) {
 	// bus attribute
-	var bus string
 	if err := attribs.Attr("bus", &bus); err != nil {
 		return "", "", fmt.Errorf("cannot find attribute 'bus'")
 	}
@@ -243,13 +243,11 @@ func (iface *dbusInterface) getAttribs(attribs interfaces.Attrer) (string, strin
 	}
 
 	// name attribute
-	var name string
 	if err := attribs.Attr("name", &name); err != nil {
 		return "", "", fmt.Errorf("cannot find attribute 'name'")
 	}
 
-	err := interfaces.ValidateDBusBusName(name)
-	if err != nil {
+	if err = interfaces.ValidateDBusBusName(name); err != nil {
 		return "", "", err
 	}
 
@@ -350,13 +348,24 @@ func (iface *dbusInterface) DBusPermanentSlot(spec *dbus.Specification, slot *sn
 	}
 
 	// only system services need bus policy
-	if bus != "system" {
-		return nil
+	if bus == "system" {
+		old := "###DBUS_NAME###"
+		new := name
+		spec.AddSnippet(strings.Replace(dbusPermanentSlotDBus, old, new, -1))
 	}
 
-	old := "###DBUS_NAME###"
-	new := name
-	spec.AddSnippet(strings.Replace(dbusPermanentSlotDBus, old, new, -1))
+	// handle activatable services
+	for _, app := range slot.Apps {
+		for _, slotName := range app.ActivatesOn {
+			if slotName == slot.Name {
+				err = spec.AddService(bus, name, app)
+				if err != nil {
+					return err
+				}
+				break
+			}
+		}
+	}
 	return nil
 }
 
@@ -428,8 +437,49 @@ func (iface *dbusInterface) BeforePreparePlug(plug *snap.PlugInfo) error {
 }
 
 func (iface *dbusInterface) BeforePrepareSlot(slot *snap.SlotInfo) error {
-	_, _, err := iface.getAttribs(slot)
-	return err
+	bus, name, err := iface.getAttribs(slot)
+	if err != nil {
+		return err
+	}
+
+	var apps []*snap.AppInfo
+	for _, app := range slot.Apps {
+		for _, slotName := range app.ActivatesOn {
+			if slotName == slot.Name {
+				apps = append(apps, app)
+				break
+			}
+		}
+	}
+	if len(apps) > 1 {
+		return fmt.Errorf("cannot add activatable dbus service slot to multiple apps")
+	}
+	if len(apps) == 1 {
+		app := apps[0]
+		if !app.IsService() {
+			return fmt.Errorf("only daemons can be activatable D-Bus services")
+		}
+		switch app.DaemonScope {
+		case snap.SystemDaemon:
+			if bus != "system" {
+				return fmt.Errorf("system daemons can only activate from the D-Bus system bus")
+			}
+		case snap.UserDaemon:
+			if bus != "session" {
+				return fmt.Errorf("user daemons can only activate from the D-Bus session bus")
+			}
+		}
+		if owner, err := dbus.BusNameOwner(bus, name); err != nil {
+			if !os.IsNotExist(err) {
+				return err
+			}
+		} else if owner == "" {
+			return fmt.Errorf("bus name %q is owned by a non-snap application", name)
+		} else if owner != slot.Snap.InstanceName() {
+			return fmt.Errorf("bus name %q is already owned by snap %q", name, owner)
+		}
+	}
+	return nil
 }
 
 func (iface *dbusInterface) AutoConnect(*snap.PlugInfo, *snap.SlotInfo) bool {