gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/network_manager_observe.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2019 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 import ( 23 "strings" 24 25 "gitee.com/mysnapcore/mysnapd/interfaces" 26 "gitee.com/mysnapcore/mysnapd/interfaces/apparmor" 27 "gitee.com/mysnapcore/mysnapd/release" 28 "gitee.com/mysnapcore/mysnapd/snap" 29 ) 30 31 const networkManagerObserveBaseDeclarationSlots = ` 32 network-manager-observe: 33 allow-installation: 34 slot-snap-type: 35 - app 36 - core 37 deny-auto-connection: true 38 deny-connection: 39 on-classic: false 40 ` 41 42 const networkManagerObserveSummary = `allows observing NetworkManager settings` 43 44 const networkManagerObserveConnectedSlotAppArmor = ` 45 dbus (receive) 46 bus=system 47 path="/org/freedesktop/NetworkManager{,/{ActiveConnection,Devices}/*}" 48 interface="org.freedesktop.DBus.Properties" 49 member="Get{,All}" 50 peer=(label=###PLUG_SECURITY_TAGS###), 51 dbus (receive) 52 bus=system 53 path="/org/freedesktop/NetworkManager" 54 interface="org.freedesktop.NetworkManager" 55 member="Get{,All}Devices" 56 peer=(label=###PLUG_SECURITY_TAGS###), 57 dbus (receive) 58 bus=system 59 path="/org/freedesktop/NetworkManager/Settings" 60 interface="org.freedesktop.NetworkManager.Settings" 61 member="ListConnections" 62 peer=(label=###PLUG_SECURITY_TAGS###), 63 dbus (receive) 64 bus=system 65 path="/org/freedesktop/NetworkManager/Settings/*" 66 interface="org.freedesktop.NetworkManager.Settings.Connection" 67 member="GetSettings" 68 peer=(label=###PLUG_SECURITY_TAGS###), 69 70 # send signals for updated settings and properties from above 71 dbus (send) 72 bus=system 73 path="/org/freedesktop/NetworkManager{,/{ActiveConnection,Devices}/*}" 74 interface=org.freedesktop.DBus.Properties 75 member=PropertiesChanged 76 peer=(name=org.freedesktop.NetworkManger,label=###PLUG_SECURITY_TAGS###), 77 dbus (send) 78 bus=system 79 path="/org/freedesktop/NetworkManager{,/{ActiveConnection,Devices}/*}" 80 interface="org.freedesktop.NetworkManger{,.*}" 81 member=StateChanged 82 peer=(name=org.freedesktop.NetworkManger,label=###PLUG_SECURITY_TAGS###), 83 dbus (send) 84 bus=system 85 path="/org/freedesktop/NetworkManager" 86 interface=org.freedesktop.NetworkManger 87 member="Device{Added,Removed}" 88 peer=(name=org.freedesktop.NetworkManger,label=###PLUG_SECURITY_TAGS###), 89 dbus (send) 90 bus=system 91 path="/org/freedesktop/NetworkManager/Settings" 92 interface=org.freedesktop.NetworkManger.Settings 93 member=PropertiesChanged 94 peer=(name=org.freedesktop.NetworkManger,label=###PLUG_SECURITY_TAGS###), 95 dbus (send) 96 bus=system 97 path="/org/freedesktop/NetworkManager/Settings/*" 98 interface="org.freedesktop.NetworkManager.Settings.Connection" 99 member=PropertiesChanged 100 peer=(name=org.freedesktop.NetworkManger,label=###PLUG_SECURITY_TAGS###), 101 ` 102 103 const networkManagerObserveConnectedPlugAppArmor = ` 104 # Description: allows observing NetworkManager settings. This grants access to 105 # listing MAC addresses, previous networks, etc but not secrets. 106 dbus (send) 107 bus=system 108 path="/org/freedesktop/NetworkManager{,/{ActiveConnection,Devices}/*}" 109 interface="org.freedesktop.DBus.Properties" 110 member="Get{,All}" 111 peer=(label=###SLOT_SECURITY_TAGS###), 112 dbus (send) 113 bus=system 114 path="/org/freedesktop/NetworkManager" 115 interface="org.freedesktop.NetworkManager" 116 member="GetDevices" 117 peer=(label=###SLOT_SECURITY_TAGS###), 118 dbus (send) 119 bus=system 120 path="/org/freedesktop/NetworkManager/Settings" 121 interface="org.freedesktop.NetworkManager.Settings" 122 member="ListConnections" 123 peer=(label=###SLOT_SECURITY_TAGS###), 124 dbus (send) 125 bus=system 126 path="/org/freedesktop/NetworkManager/Settings{,/*}" 127 interface="org.freedesktop.NetworkManager.Settings{,.Connection}" 128 member="GetSettings" 129 peer=(label=###SLOT_SECURITY_TAGS###), 130 dbus (send) 131 bus=system 132 path=/org/freedesktop 133 interface=org.freedesktop.DBus.ObjectManager 134 member="GetManagedObjects" 135 peer=(label=###SLOT_SECURITY_TAGS###), 136 137 # receive signals for updated settings and properties 138 dbus (receive) 139 bus=system 140 path="/org/freedesktop/NetworkManager{,/**}" 141 interface=org.freedesktop.DBus.Properties 142 member=PropertiesChanged 143 peer=(label=###SLOT_SECURITY_TAGS###), 144 dbus (receive) 145 bus=system 146 path=/org/freedesktop/NetworkManager 147 interface=org.freedesktop.NetworkManager 148 member=PropertiesChanged 149 peer=(label=###SLOT_SECURITY_TAGS###), 150 dbus (receive) 151 bus=system 152 path="/org/freedesktop/NetworkManager{,/{ActiveConnection,Devices}/*}" 153 interface="org.freedesktop.NetworkManger{,.*}" 154 member=StateChanged 155 peer=(label=###SLOT_SECURITY_TAGS###), 156 dbus (receive) 157 bus=system 158 path="/org/freedesktop/NetworkManager" 159 interface=org.freedesktop.NetworkManger 160 member="Device{Added,Removed}" 161 peer=(label=###SLOT_SECURITY_TAGS###), 162 dbus (receive) 163 bus=system 164 path="/org/freedesktop/NetworkManager/Settings" 165 interface=org.freedesktop.NetworkManger.Settings 166 member=PropertiesChanged 167 peer=(label=###SLOT_SECURITY_TAGS###), 168 dbus (receive) 169 bus=system 170 path="/org/freedesktop/NetworkManager/Settings/*" 171 interface="org.freedesktop.NetworkManager.Settings.Connection" 172 member=PropertiesChanged 173 peer=(label=###SLOT_SECURITY_TAGS###), 174 dbus (receive) 175 bus=system 176 path=/org/freedesktop 177 interface=org.freedesktop.DBus.ObjectManager 178 member="Interfaces{Added,Removed}" 179 peer=(label=###SLOT_SECURITY_TAGS###), 180 ` 181 182 type networkManagerObserveInterface struct{} 183 184 func (iface *networkManagerObserveInterface) Name() string { 185 return "network-manager-observe" 186 } 187 188 func (iface *networkManagerObserveInterface) StaticInfo() interfaces.StaticInfo { 189 return interfaces.StaticInfo{ 190 Summary: networkManagerObserveSummary, 191 ImplicitOnClassic: true, 192 BaseDeclarationSlots: networkManagerObserveBaseDeclarationSlots, 193 } 194 } 195 196 func (iface *networkManagerObserveInterface) AppArmorConnectedPlug(spec *apparmor.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 197 old := "###SLOT_SECURITY_TAGS###" 198 var new string 199 if release.OnClassic { 200 // If we're running on classic NetworkManager will be part 201 // of the OS and will run unconfined. 202 new = "unconfined" 203 } else { 204 new = slotAppLabelExpr(slot) 205 } 206 snippet := strings.Replace(networkManagerObserveConnectedPlugAppArmor, old, new, -1) 207 spec.AddSnippet(snippet) 208 return nil 209 } 210 211 func (iface *networkManagerObserveInterface) AppArmorConnectedSlot(spec *apparmor.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 212 if !release.OnClassic { 213 old := "###PLUG_SECURITY_TAGS###" 214 new := plugAppLabelExpr(plug) 215 snippet := strings.Replace(networkManagerObserveConnectedSlotAppArmor, old, new, -1) 216 spec.AddSnippet(snippet) 217 } 218 return nil 219 } 220 221 func (iface *networkManagerObserveInterface) AutoConnect(*snap.PlugInfo, *snap.SlotInfo) bool { 222 // allow what declarations allowed 223 return true 224 } 225 226 func init() { 227 registerIface(&networkManagerObserveInterface{}) 228 }