Expose bluez interface on classic OS

interfaces/builtin/bluez.go

@@ -26,6 +26,7 @@ import (
 	"github.com/snapcore/snapd/interfaces/apparmor"
 	"github.com/snapcore/snapd/interfaces/dbus"
 	"github.com/snapcore/snapd/interfaces/seccomp"
+	"github.com/snapcore/snapd/release"
 )
 
 const bluezSummary = `allows operating as the bluez service`
@@ -35,8 +36,10 @@ const bluezBaseDeclarationSlots = `
     allow-installation:
       slot-snap-type:
         - app
-    deny-connection: true
+        - core
     deny-auto-connection: true
+    deny-connection:
+      on-classic: false
 `
 
 const bluezPermanentSlotAppArmor = `
@@ -201,38 +204,52 @@ func (iface *bluezInterface) Name() string {
 func (iface *bluezInterface) StaticInfo() interfaces.StaticInfo {
 	return interfaces.StaticInfo{
 		Summary:              bluezSummary,
+		ImplicitOnClassic:    true,
 		BaseDeclarationSlots: bluezBaseDeclarationSlots,
 	}
 }
 
 func (iface *bluezInterface) DBusPermanentSlot(spec *dbus.Specification, slot *interfaces.Slot) error {
-	spec.AddSnippet(bluezPermanentSlotDBus)
+	if !release.OnClassic {
+		spec.AddSnippet(bluezPermanentSlotDBus)
+	}
 	return nil
 }
 
 func (iface *bluezInterface) AppArmorConnectedPlug(spec *apparmor.Specification, plug *interfaces.Plug, plugAttrs map[string]interface{}, slot *interfaces.Slot, slotAttrs map[string]interface{}) error {
 	old := "###SLOT_SECURITY_TAGS###"
-	new := slotAppLabelExpr(slot)
+	var new string
+	if release.OnClassic {
+		new = "unconfined"
+	} else {
+		new = slotAppLabelExpr(slot)
+	}
 	snippet := strings.Replace(bluezConnectedPlugAppArmor, old, new, -1)
 	spec.AddSnippet(snippet)
 	return nil
 }
 
 func (iface *bluezInterface) AppArmorConnectedSlot(spec *apparmor.Specification, plug *interfaces.Plug, plugAttrs map[string]interface{}, slot *interfaces.Slot, slotAttrs map[string]interface{}) error {
-	old := "###PLUG_SECURITY_TAGS###"
-	new := plugAppLabelExpr(plug)
-	snippet := strings.Replace(bluezConnectedSlotAppArmor, old, new, -1)
-	spec.AddSnippet(snippet)
+	if !release.OnClassic {
+		old := "###PLUG_SECURITY_TAGS###"
+		new := plugAppLabelExpr(plug)
+		snippet := strings.Replace(bluezConnectedSlotAppArmor, old, new, -1)
+		spec.AddSnippet(snippet)
+	}
 	return nil
 }
 
 func (iface *bluezInterface) AppArmorPermanentSlot(spec *apparmor.Specification, slot *interfaces.Slot) error {
-	spec.AddSnippet(bluezPermanentSlotAppArmor)
+	if !release.OnClassic {
+		spec.AddSnippet(bluezPermanentSlotAppArmor)
+	}
 	return nil
 }
 
 func (iface *bluezInterface) SecCompPermanentSlot(spec *seccomp.Specification, slot *interfaces.Slot) error {
-	spec.AddSnippet(bluezPermanentSlotSecComp)
+	if !release.OnClassic {
+		spec.AddSnippet(bluezPermanentSlotSecComp)
+	}
 	return nil
 }
 

interfaces/builtin/bluez_test.go

@@ -28,6 +28,7 @@ import (
 	"github.com/snapcore/snapd/interfaces/dbus"
 	"github.com/snapcore/snapd/interfaces/seccomp"
 	"github.com/snapcore/snapd/testutil"
+	"github.com/snapcore/snapd/release"
 )
 
 type BluezInterfaceSuite struct {
@@ -96,6 +97,9 @@ func (s *BluezInterfaceSuite) TestName(c *C) {
 }
 
 func (s *BluezInterfaceSuite) TestAppArmorSpec(c *C) {
+	restore := release.MockOnClassic(false)
+	defer restore()
+
 	// The label uses short form when exactly one app is bound to the bluez slot
 	spec := &apparmor.Specification{}
 	c.Assert(spec.AddConnectedPlug(s.iface, s.plug, nil, s.slot, nil), IsNil)
@@ -146,6 +150,9 @@ func (s *BluezInterfaceSuite) TestAppArmorSpec(c *C) {
 }
 
 func (s *BluezInterfaceSuite) TestDBusSpec(c *C) {
+	restore := release.MockOnClassic(false)
+	defer restore()
+
 	spec := &dbus.Specification{}
 	c.Assert(spec.AddPermanentSlot(s.iface, s.slot), IsNil)
 	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.producer.app"})