gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/udisks2.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016-2018 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 import ( 23 "strings" 24 25 "gitee.com/mysnapcore/mysnapd/interfaces" 26 "gitee.com/mysnapcore/mysnapd/interfaces/apparmor" 27 "gitee.com/mysnapcore/mysnapd/interfaces/dbus" 28 "gitee.com/mysnapcore/mysnapd/interfaces/seccomp" 29 "gitee.com/mysnapcore/mysnapd/interfaces/udev" 30 "gitee.com/mysnapcore/mysnapd/release" 31 "gitee.com/mysnapcore/mysnapd/snap" 32 ) 33 34 const udisks2Summary = `allows operating as or interacting with the UDisks2 service` 35 36 const udisks2BaseDeclarationSlots = ` 37 udisks2: 38 allow-installation: 39 slot-snap-type: 40 - app 41 - core 42 deny-connection: 43 on-classic: false 44 deny-auto-connection: true 45 ` 46 47 const udisks2PermanentSlotAppArmor = ` 48 # Description: Allow operating as the udisks2. This gives privileged access to 49 # the system. 50 51 # DBus accesses 52 #include <abstractions/dbus-strict> 53 dbus (send) 54 bus=system 55 path=/org/freedesktop/DBus 56 interface=org.freedesktop.DBus 57 member="{Request,Release}Name" 58 peer=(name=org.freedesktop.DBus, label=unconfined), 59 60 dbus (send) 61 bus=system 62 path=/org/freedesktop/DBus 63 interface=org.freedesktop.DBus 64 member="GetConnectionUnix{ProcessID,User}" 65 peer=(label=unconfined), 66 67 # Allow accessing logind services to reinitialise devices on resume 68 dbus (receive) 69 bus=system 70 path=/org/freedesktop/login1 71 interface=org.freedesktop.login1.Manager 72 member=PrepareForSleep 73 peer=(label=unconfined), 74 # do not use peer=(label=unconfined) here since this is DBus activated 75 dbus (send) 76 bus=system 77 path=/org/freedesktop/login1 78 interface=org.freedesktop.login1.Manager 79 member=Inhibit, 80 81 # Allow binding the service to the requested connection name 82 dbus (bind) 83 bus=system 84 name="org.freedesktop.UDisks2", 85 86 # Allow unconfined to talk to us. The API for unconfined will be limited 87 # with DBus policy, below. 88 dbus (receive, send) 89 bus=system 90 path=/org/freedesktop/UDisks2{,/**} 91 interface=org.freedesktop.DBus* 92 peer=(label=unconfined), 93 94 # Needed for mount/unmount operations 95 capability sys_admin, 96 97 # Allow scanning of devices 98 network netlink raw, 99 /run/udev/data/b[0-9]*:[0-9]* r, 100 /sys/devices/**/block/** r, 101 102 # Mount points could be in /run/media/<user>/* or /media/<user>/* 103 /run/systemd/seats/* r, 104 /{,run/}media/{,**} rw, 105 mount options=(ro,nosuid,nodev) /dev/{sd*,mmcblk*} -> /{,run/}media/**, 106 mount options=(rw,nosuid,nodev) /dev/{sd*,mmcblk*} -> /{,run/}media/**, 107 umount /{,run/}media/**, 108 109 # This should probably be patched to use $SNAP_DATA/run/... 110 /run/udisks2/{,**} rw, 111 112 # udisksd execs mount/umount to do the actual operations 113 /{,usr/}bin/mount ixr, 114 /{,usr/}bin/umount ixr, 115 116 # mount/umount (via libmount) track some mount info in these files 117 /run/mount/utab* wrlk, 118 119 # Udisks2 needs to read the raw device for partition information. These rules 120 # give raw read access to the system disks and therefore the entire system. 121 /dev/sd* r, 122 /dev/mmcblk* r, 123 /dev/vd* r, 124 125 # Needed for probing raw devices 126 capability sys_rawio, 127 ` 128 129 const udisks2ConnectedSlotAppArmor = ` 130 # Allow connected clients to interact with the service. This gives privileged 131 # access to the system. 132 133 dbus (receive, send) 134 bus=system 135 path=/org/freedesktop/UDisks2/** 136 interface=org.freedesktop.DBus.Properties 137 peer=(label=###PLUG_SECURITY_TAGS###), 138 139 dbus (receive, send) 140 bus=system 141 path=/org/freedesktop/UDisks2 142 interface=org.freedesktop.DBus.ObjectManager 143 peer=(label=###PLUG_SECURITY_TAGS###), 144 145 # Allow access to the Udisks2 API 146 dbus (receive, send) 147 bus=system 148 path=/org/freedesktop/UDisks2/** 149 interface=org.freedesktop.UDisks2.* 150 peer=(label=###PLUG_SECURITY_TAGS###), 151 152 # Allow clients to introspect the service 153 dbus (receive) 154 bus=system 155 path=/org/freedesktop/UDisks2 156 interface=org.freedesktop.DBus.Introspectable 157 member=Introspect 158 peer=(label=###PLUG_SECURITY_TAGS###), 159 ` 160 161 const udisks2ConnectedPlugAppArmor = ` 162 # Description: Allow using udisks service. This gives privileged access to the 163 # service. 164 165 #include <abstractions/dbus-strict> 166 167 dbus (receive, send) 168 bus=system 169 path=/org/freedesktop/UDisks2/** 170 interface=org.freedesktop.DBus.Properties 171 peer=(label=###SLOT_SECURITY_TAGS###), 172 # do not use peer=(label=unconfined) here since this is DBus activated 173 dbus (send) 174 bus=system 175 path=/org/freedesktop/UDisks2/** 176 interface=org.freedesktop.DBus.Properties 177 member="Get{,All}", 178 179 dbus (receive, send) 180 bus=system 181 path=/org/freedesktop/UDisks2 182 interface=org.freedesktop.DBus.ObjectManager 183 peer=(label=###SLOT_SECURITY_TAGS###), 184 185 # Allow access to the Udisks2 API 186 dbus (receive, send) 187 bus=system 188 path=/org/freedesktop/UDisks2/** 189 interface=org.freedesktop.UDisks2.* 190 peer=(label=###SLOT_SECURITY_TAGS###), 191 192 # Allow clients to introspect the service 193 # do not use peer=(label=unconfined) here since this is DBus activated 194 dbus (send) 195 bus=system 196 path=/org/freedesktop/UDisks2{,/**} 197 interface=org.freedesktop.DBus.Introspectable 198 member=Introspect, 199 ` 200 201 const udisks2PermanentSlotSecComp = ` 202 bind 203 chown32 204 fchown 205 fchown32 206 fchownat 207 lchown 208 lchown32 209 mount 210 shmctl 211 umount 212 umount2 213 # libudev 214 socket AF_NETLINK - NETLINK_KOBJECT_UEVENT 215 ` 216 217 const udisks2PermanentSlotDBus = ` 218 <policy user="root"> 219 <allow own="org.freedesktop.UDisks2"/> 220 <allow send_destination="org.freedesktop.UDisks2"/> 221 </policy> 222 223 <policy context="default"> 224 <allow send_destination="org.freedesktop.UDisks2" send_interface="org.freedesktop.DBus.Introspectable" /> 225 </policy> 226 ` 227 228 const udisks2ConnectedPlugDBus = ` 229 <policy context="default"> 230 <deny own="org.freedesktop.UDisks2"/> 231 <deny send_destination="org.freedesktop.UDisks2"/> 232 </policy> 233 ` 234 235 const udisks2PermanentSlotUDev = ` 236 # These udev rules come from the upstream udisks2 package 237 # 238 # This file contains udev rules for udisks 2.x 239 # 240 # Do not edit this file, it will be overwritten on updates 241 # 242 243 # ------------------------------------------------------------------------ 244 # Probing 245 # ------------------------------------------------------------------------ 246 247 # Skip probing if not a block device or if requested by other rules 248 # 249 SUBSYSTEM!="block", GOTO="udisks_probe_end" 250 ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="udisks_probe_end" 251 ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="?*", GOTO="udisks_probe_end" 252 253 # MD-RAID (aka Linux Software RAID) members 254 # 255 # TODO: file bug against mdadm(8) to have --export-prefix option that can be used with e.g. UDISKS_MD_MEMBER 256 # 257 SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="raid", ENV{ID_FS_TYPE}=="linux_raid_member", ENV{UDISKS_MD_MEMBER_LEVEL}=="", IMPORT{program}="/bin/sh -c '/sbin/mdadm --examine --export $tempnode | sed s/^MD_/UDISKS_MD_MEMBER_/g'" 258 259 SUBSYSTEM=="block", KERNEL=="md*", ENV{DEVTYPE}!="partition", IMPORT{program}="/bin/sh -c '/sbin/mdadm --detail --export $tempnode | sed s/^MD_/UDISKS_MD_/g'" 260 261 LABEL="udisks_probe_end" 262 263 # ------------------------------------------------------------------------ 264 # Tag floppy drives since they need special care 265 266 # PC floppy drives 267 # 268 KERNEL=="fd*", ENV{ID_DRIVE_FLOPPY}="1" 269 270 # USB floppy drives 271 # 272 SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="08", ATTRS{bInterfaceSubClass}=="04", ENV{ID_DRIVE_FLOPPY}="1" 273 274 # ATA Zip drives 275 # 276 ENV{ID_VENDOR}=="*IOMEGA*", ENV{ID_MODEL}=="*ZIP*", ENV{ID_DRIVE_FLOPPY_ZIP}="1" 277 278 # TODO: figure out if the drive supports SD and SDHC and what the current 279 # kind of media is - right now we just assume SD 280 KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_SD}="1", ENV{ID_DRIVE_MEDIA_FLASH_SD}="1" 281 # ditto for memstick 282 KERNEL=="mspblk[0-9]", SUBSYSTEMS=="memstick", ENV{DEVTYPE}=="disk", ENV{ID_DRIVE_FLASH_MS}="1", ENV{ID_DRIVE_MEDIA_FLASH_MS}="1" 283 284 # TODO: maybe automatically convert udisks1 properties to udisks2 ones? 285 # (e.g. UDISKS_PRESENTATION_HIDE -> UDISKS_IGNORE) 286 287 # ------------------------------------------------------------------------ 288 # ------------------------------------------------------------------------ 289 # ------------------------------------------------------------------------ 290 # Whitelist for tagging drives with the property media type. 291 # TODO: figure out where to store this database 292 293 SUBSYSTEMS=="usb", ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0248", ENV{ID_INSTANCE}=="0:0", ENV{ID_DRIVE_FLASH_CF}="1" 294 SUBSYSTEMS=="usb", ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0248", ENV{ID_INSTANCE}=="0:1", ENV{ID_DRIVE_FLASH_MS}="1" 295 SUBSYSTEMS=="usb", ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0248", ENV{ID_INSTANCE}=="0:2", ENV{ID_DRIVE_FLASH_SM}="1" 296 SUBSYSTEMS=="usb", ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0248", ENV{ID_INSTANCE}=="0:3", ENV{ID_DRIVE_FLASH_SD}="1" 297 298 SUBSYSTEMS=="usb", ATTRS{idVendor}=="05e3", ATTRS{idProduct}=="070e", ENV{ID_INSTANCE}=="0:0", ENV{ID_DRIVE_FLASH_CF}="1" 299 SUBSYSTEMS=="usb", ATTRS{idVendor}=="05e3", ATTRS{idProduct}=="070e", ENV{ID_INSTANCE}=="0:1", ENV{ID_DRIVE_FLASH_SM}="1" 300 SUBSYSTEMS=="usb", ATTRS{idVendor}=="05e3", ATTRS{idProduct}=="070e", ENV{ID_INSTANCE}=="0:2", ENV{ID_DRIVE_FLASH_SD}="1" 301 SUBSYSTEMS=="usb", ATTRS{idVendor}=="05e3", ATTRS{idProduct}=="070e", ENV{ID_INSTANCE}=="0:3", ENV{ID_DRIVE_FLASH_MS}="1" 302 303 # APPLE SD Card Reader (MacbookPro5,4) 304 # 305 SUBSYSTEMS=="usb", ATTRS{idVendor}=="05ac", ATTRS{idProduct}=="8403", ENV{ID_DRIVE_FLASH_SD}="1" 306 307 # Realtek card readers 308 DRIVERS=="rts_pstor", ENV{ID_DRIVE_FLASH_SD}="1" 309 DRIVERS=="rts5229", ENV{ID_DRIVE_FLASH_SD}="1" 310 311 # Lexar Dual Slot USB 3.0 Reader Professional 312 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="05dc",ENV{ID_MODEL_ID}=="b049", ENV{ID_INSTANCE}=="0:0", ENV{ID_DRIVE_FLASH_CF}="1" 313 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="05dc",ENV{ID_MODEL_ID}=="b049", ENV{ID_INSTANCE}=="0:1", ENV{ID_DRIVE_FLASH_SD}="1" 314 315 # Transcend USB 3.0 Multi-Card Reader (TS-RDF8K) 316 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="8564",ENV{ID_MODEL_ID}=="4000", ENV{ID_INSTANCE}=="0:0", ENV{ID_DRIVE_FLASH_CF}="1" 317 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="8564",ENV{ID_MODEL_ID}=="4000", ENV{ID_INSTANCE}=="0:1", ENV{ID_DRIVE_FLASH_SD}="1" 318 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="8564",ENV{ID_MODEL_ID}=="4000", ENV{ID_INSTANCE}=="0:2", ENV{ID_DRIVE_FLASH_MS}="1" 319 320 # Common theme 321 # 322 SUBSYSTEMS=="usb", ENV{ID_MODEL}=="*Reader*SD*", ENV{ID_DRIVE_FLASH_SD}="1" 323 SUBSYSTEMS=="usb", ENV{ID_MODEL}=="*CF_Reader*", ENV{ID_DRIVE_FLASH_CF}="1" 324 SUBSYSTEMS=="usb", ENV{ID_MODEL}=="*SM_Reader*", ENV{ID_DRIVE_FLASH_SM}="1" 325 SUBSYSTEMS=="usb", ENV{ID_MODEL}=="*MS_Reader*", ENV{ID_DRIVE_FLASH_MS}="1" 326 327 # USB stick / thumb drives 328 # 329 SUBSYSTEMS=="usb", ENV{ID_VENDOR}=="*Kingston*", ENV{ID_MODEL}=="*DataTraveler*", ENV{ID_DRIVE_THUMB}="1" 330 SUBSYSTEMS=="usb", ENV{ID_VENDOR}=="*SanDisk*", ENV{ID_MODEL}=="*Cruzer*", ENV{ID_CDROM}!="1", ENV{ID_DRIVE_THUMB}="1" 331 SUBSYSTEMS=="usb", ENV{ID_VENDOR}=="HP", ENV{ID_MODEL}=="*v125w*", ENV{ID_DRIVE_THUMB}="1" 332 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="13fe", ENV{ID_MODEL}=="*Patriot*", ENV{ID_DRIVE_THUMB}="1" 333 SUBSYSTEMS=="usb", ENV{ID_VENDOR}=="*JetFlash*", ENV{ID_MODEL}=="*Transcend*", ENV{ID_DRIVE_THUMB}="1" 334 335 # SD-Card reader in Chromebook Pixel 336 SUBSYSTEMS=="usb", ENV{ID_VENDOR_ID}=="05e3", ENV{ID_MODEL_ID}=="0727", ENV{ID_DRIVE_FLASH_SD}="1" 337 338 # ------------------------------------------------------------------------ 339 # ------------------------------------------------------------------------ 340 # ------------------------------------------------------------------------ 341 # Devices which should not be display in the user interface 342 # 343 # (note that RAID/LVM members are not normally shown in an user 344 # interface so setting UDISKS_IGNORE at first does not seem to achieve 345 # anything. However it helps for RAID/LVM members that are encrypted 346 # using LUKS. See bug #51439.) 347 348 # Apple Bootstrap partitions 349 ENV{ID_PART_ENTRY_SCHEME}=="mac", ENV{ID_PART_ENTRY_TYPE}=="Apple_Bootstrap", ENV{UDISKS_IGNORE}="1" 350 351 # Apple Boot partitions 352 ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_TYPE}=="426f6f74-0000-11aa-aa11-00306543ecac", ENV{UDISKS_IGNORE}="1" 353 354 # special DOS partition types (EFI, hidden, etc.) and RAID/LVM 355 # see http://www.win.tue.nl/~aeb/partitions/partition_types-1.html 356 ENV{ID_PART_ENTRY_SCHEME}=="dos", \ 357 ENV{ID_PART_ENTRY_TYPE}=="0x0|0x11|0x12|0x14|0x16|0x17|0x1b|0x1c|0x1e|0x27|0x3d|0x84|0x8d|0x8e|0x90|0x91|0x92|0x93|0x97|0x98|0x9a|0x9b|0xbb|0xc2|0xc3|0xdd|0xef|0xfd", \ 358 ENV{UDISKS_IGNORE}="1" 359 360 # special GUID-identified partition types (EFI System Partition, BIOS Boot partition, RAID/LVM) 361 # see http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs 362 ENV{ID_PART_ENTRY_SCHEME}=="gpt", \ 363 ENV{ID_PART_ENTRY_TYPE}=="c12a7328-f81f-11d2-ba4b-00a0c93ec93b|21686148-6449-6e6f-744e-656564454649|a19d880f-05fc-4d3b-a006-743f0f84911e|e6d6d379-f507-44c2-a23c-238f2a3df928|e3c9e316-0b5c-4db8-817d-f92df00215ae|de94bba4-06d1-4d40-a16a-bfd50179d6ac", \ 364 ENV{UDISKS_IGNORE}="1" 365 366 # MAC recovery/tool partitions which are useless on Linux 367 ENV{ID_PART_ENTRY_SCHEME}=="mac", \ 368 ENV{ID_CDROM}=="?*", ENV{ID_FS_TYPE}=="udf", ENV{ID_FS_LABEL}=="WD*SmartWare", \ 369 ENV{UDISKS_IGNORE}="1" 370 371 # recovery partitions 372 ENV{ID_FS_TYPE}=="ntfs|vfat", \ 373 ENV{ID_FS_LABEL}=="Recovery|RECOVERY|Lenovo_Recovery|HP_RECOVERY|Recovery_Partition|DellUtility|DellRestore|IBM_SERVICE|SERVICEV001|SERVICEV002|SYSTEM_RESERVED|System_Reserved|WINRE_DRV|DIAGS|IntelRST", \ 374 ENV{UDISKS_IGNORE}="1" 375 376 # read-only non-Linux software installer partitions 377 ENV{ID_VENDOR}=="Sony", ENV{ID_MODEL}=="PRS*Launcher", ENV{UDISKS_IGNORE}="1" 378 379 # non-Linux software 380 KERNEL=="sr*", ENV{ID_VENDOR}=="SanDisk", ENV{ID_MODEL}=="Cruzer", ENV{ID_FS_LABEL}=="U3_System", ENV{UDISKS_IGNORE}="1" 381 382 # Content created using isohybrid (typically used on CDs and USB 383 # sticks for bootable media) is a bit special insofar that the 384 # interesting content is on a DOS partition with type 0x00 ... which 385 # is hidden above. So undo this. 386 # 387 # See http://mjg59.dreamwidth.org/11285.html for more details 388 # 389 ENV{ID_PART_TABLE_TYPE}=="dos", ENV{ID_PART_ENTRY_TYPE}=="0x0", ENV{ID_PART_ENTRY_NUMBER}=="1", ENV{ID_FS_TYPE}=="iso9660|udf", ENV{UDISKS_IGNORE}="0" 390 ` 391 392 type udisks2Interface struct{} 393 394 func (iface *udisks2Interface) Name() string { 395 return "udisks2" 396 } 397 398 func (iface *udisks2Interface) StaticInfo() interfaces.StaticInfo { 399 return interfaces.StaticInfo{ 400 Summary: udisks2Summary, 401 ImplicitOnClassic: true, 402 BaseDeclarationSlots: udisks2BaseDeclarationSlots, 403 } 404 } 405 406 func (iface *udisks2Interface) DBusConnectedPlug(spec *dbus.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 407 if !release.OnClassic { 408 spec.AddSnippet(udisks2ConnectedPlugDBus) 409 } 410 return nil 411 } 412 413 func (iface *udisks2Interface) DBusPermanentSlot(spec *dbus.Specification, slot *snap.SlotInfo) error { 414 if !release.OnClassic { 415 spec.AddSnippet(udisks2PermanentSlotDBus) 416 } 417 return nil 418 } 419 420 func (iface *udisks2Interface) AppArmorConnectedPlug(spec *apparmor.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 421 old := "###SLOT_SECURITY_TAGS###" 422 var new string 423 if release.OnClassic { 424 new = "unconfined" 425 } else { 426 new = slotAppLabelExpr(slot) 427 } 428 snippet := strings.Replace(udisks2ConnectedPlugAppArmor, old, new, -1) 429 spec.AddSnippet(snippet) 430 return nil 431 } 432 433 func (iface *udisks2Interface) AppArmorPermanentSlot(spec *apparmor.Specification, slot *snap.SlotInfo) error { 434 if !release.OnClassic { 435 spec.AddSnippet(udisks2PermanentSlotAppArmor) 436 } 437 return nil 438 } 439 440 func (iface *udisks2Interface) UDevPermanentSlot(spec *udev.Specification, slot *snap.SlotInfo) error { 441 if !release.OnClassic { 442 spec.AddSnippet(udisks2PermanentSlotUDev) 443 spec.TagDevice(`SUBSYSTEM=="block"`) 444 // # This tags all USB devices, so we'll use AppArmor to mediate specific access (eg, /dev/sd* and /dev/mmcblk*) 445 spec.TagDevice(`SUBSYSTEM=="usb"`) 446 } 447 return nil 448 } 449 450 func (iface *udisks2Interface) AppArmorConnectedSlot(spec *apparmor.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 451 if !release.OnClassic { 452 old := "###PLUG_SECURITY_TAGS###" 453 new := plugAppLabelExpr(plug) 454 snippet := strings.Replace(udisks2ConnectedSlotAppArmor, old, new, -1) 455 spec.AddSnippet(snippet) 456 } 457 return nil 458 } 459 460 func (iface *udisks2Interface) SecCompPermanentSlot(spec *seccomp.Specification, slot *snap.SlotInfo) error { 461 if !release.OnClassic { 462 spec.AddSnippet(udisks2PermanentSlotSecComp) 463 } 464 return nil 465 } 466 467 func (iface *udisks2Interface) AutoConnect(*snap.PlugInfo, *snap.SlotInfo) bool { 468 // allow what declarations allowed 469 return true 470 } 471 472 func init() { 473 registerIface(&udisks2Interface{}) 474 }