gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/gconf.go

gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/gconf.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  const gconfSummary = `allows access to any item from the legacy gconf configuration system for the current user`
    23  
    24  // Manually connected since gconf is a global database for GNOME desktop and
    25  // application settings and offers no application isolation. Modern
    26  // applications should use dconf/gsettings instead and this interface is
    27  // provided for old codebases that cannot be migrated.
    28  const gconfBaseDeclarationSlots = `
    29    gconf:
    30      allow-installation:
    31        slot-snap-type:
    32          - core
    33      deny-auto-connection: true
    34  `
    35  
    36  const gconfConnectedPlugAppArmor = `
    37  # Description: Can access gconf databases from the user's session.
    38  
    39  #include <abstractions/dbus-session-strict>
    40  
    41  # gconf_client_get_default() is used by all applications and will autostart
    42  # gconfd-2, but don't require label=unconfined since AssumedAppArmorLabel may
    43  # not be set. Once started, gconfd-2 remains running so the other APIs can use
    44  # label=unconfined. See gconf/gconf-dbus-utils.h
    45  dbus (send)
    46      bus=session
    47      path=/org/gnome/GConf/Server
    48      member=Get{,Default}Database
    49      peer=(name=org.gnome.GConf),
    50  
    51  # receive notifications and server messages
    52  dbus (receive)
    53      bus=session
    54      path=/org/gnome/GConf/{Client,Server}
    55      interface=org.gnome.GConf.{Client,Server}
    56      peer=(label=unconfined),
    57  
    58  # allow all operations on the database
    59  dbus (send)
    60      bus=session
    61      path=/org/gnome/GConf/Database/*
    62      interface=org.gnome.GConf.Database
    63      peer=(label=unconfined),
    64  `
    65  
    66  func init() {
    67  	registerIface(&commonInterface{
    68  		name:                  "gconf",
    69  		summary:               gconfSummary,
    70  		implicitOnClassic:     true,
    71  		connectedPlugAppArmor: gconfConnectedPlugAppArmor,
    72  		baseDeclarationSlots:  gconfBaseDeclarationSlots,
    73  	})
    74  }