forked from snapcore/snapd
/
gconf.go
74 lines (64 loc) · 2.35 KB
/
gconf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2020 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package builtin
const gconfSummary = `allows access to any item from the legacy gconf configuration system for the current user`
// Manually connected since gconf is a global database for GNOME desktop and
// application settings and offers no application isolation. Modern
// applications should use dconf/gsettings instead and this interface is
// provided for old codebases that cannot be migrated.
const gconfBaseDeclarationSlots = `
gconf:
allow-installation:
slot-snap-type:
- core
deny-auto-connection: true
`
const gconfConnectedPlugAppArmor = `
# Description: Can access gconf databases from the user's session.
#include <abstractions/dbus-session-strict>
# gconf_client_get_default() is used by all applications and will autostart
# gconfd-2, but don't require label=unconfined since AssumedAppArmorLabel may
# not be set. Once started, gconfd-2 remains running so the other APIs can use
# label=unconfined. See gconf/gconf-dbus-utils.h
dbus (send)
bus=session
path=/org/gnome/GConf/Server
member=Get{,Default}Database
peer=(name=org.gnome.GConf),
# receive notifications and server messages
dbus (receive)
bus=session
path=/org/gnome/GConf/{Client,Server}
interface=org.gnome.GConf.{Client,Server}
peer=(label=unconfined),
# allow all operations on the database
dbus (send)
bus=session
path=/org/gnome/GConf/Database/*
interface=org.gnome.GConf.Database
peer=(label=unconfined),
`
func init() {
registerIface(&commonInterface{
name: "gconf",
summary: gconfSummary,
implicitOnClassic: true,
connectedPlugAppArmor: gconfConnectedPlugAppArmor,
baseDeclarationSlots: gconfBaseDeclarationSlots,
})
}