github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/joystick.go

github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/joystick.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2017-2018 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  import (
    23  	"github.com/snapcore/snapd/interfaces"
    24  	"github.com/snapcore/snapd/interfaces/udev"
    25  )
    26  
    27  const joystickSummary = `allows access to joystick devices`
    28  
    29  const joystickBaseDeclarationSlots = `
    30    joystick:
    31      allow-installation:
    32        slot-snap-type:
    33          - core
    34      deny-auto-connection: true
    35  `
    36  
    37  const joystickConnectedPlugAppArmor = `
    38  # Description: Allow reading and writing to joystick devices
    39  
    40  #
    41  # Old joystick interface
    42  #
    43  
    44  # Per https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt
    45  # only js0-js31 is valid so limit the /dev and udev entries to those devices.
    46  /dev/input/js{[0-9],[12][0-9],3[01]} rw,
    47  /run/udev/data/c13:{[0-9],[12][0-9],3[01]} r,
    48  
    49  #
    50  # New evdev-joystick interface
    51  #
    52  
    53  # Per https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt
    54  # the minor is 65 and up so limit udev to that.
    55  /run/udev/data/c13:{6[5-9],[7-9][0-9],[1-9][0-9][0-9]*} r,
    56  
    57  # /dev/input/event* is unfortunately not namespaced and includes all input
    58  # devices, including keyboards and mice, which allows input sniffing and
    59  # injection. Until we have inode tagging of devices, we use a glob rule here
    60  # and rely on udev tagging to only add evdev devices to the snap's device
    61  # cgroup that are marked with ENV{ID_INPUT_JOYSTICK}=="1". As such, even though
    62  # AppArmor allows all evdev, the device cgroup does not.
    63  /dev/input/event[0-9]* rw,
    64  
    65  # Allow reading for supported event reports for all input devices. See
    66  # https://www.kernel.org/doc/Documentation/input/event-codes.txt
    67  # FIXME: this is a very minor information leak and snapd should instead query
    68  # udev for the specific accesses associated with the above devices.
    69  /sys/devices/**/input[0-9]*/capabilities/* r,
    70  `
    71  
    72  // Add the old joystick device (js*) and any evdev input interfaces which are
    73  // marked as joysticks. Note, some input devices are known to come up as
    74  // joysticks when they are not and while this rule would tag them, on systems
    75  // where this is happening the device is non-functional for its intended
    76  // purpose. In other words, in practice, users with such devices will have
    77  // updated their udev rules to set ENV{ID_INPUT_JOYSTICK}="" to make it work,
    78  // which means this rule will no longer match.
    79  //
    80  // Because of the unconditional /dev/input/event[0-9]* AppArmor rule, we need
    81  // to ensure that the device cgroup is in effect even when there are no
    82  // joysticks present so that we don't give away all input to the snap. Use
    83  // /dev/full for this purpose.
    84  var joystickConnectedPlugUDev = []string{
    85  	`KERNEL=="js[0-9]*"`,
    86  	`KERNEL=="event[0-9]*", SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="1"`,
    87  	`KERNEL=="full", SUBSYSTEM=="mem"`,
    88  }
    89  
    90  type joystickInterface struct {
    91  	commonInterface
    92  }
    93  
    94  func (iface *joystickInterface) UDevConnectedPlug(spec *udev.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error {
    95  	spec.TriggerSubsystem("input/joystick")
    96  	return iface.commonInterface.UDevConnectedPlug(spec, plug, slot)
    97  }
    98  
    99  func init() {
   100  	registerIface(&joystickInterface{commonInterface{
   101  		name:                  "joystick",
   102  		summary:               joystickSummary,
   103  		implicitOnCore:        true,
   104  		implicitOnClassic:     true,
   105  		baseDeclarationSlots:  joystickBaseDeclarationSlots,
   106  		connectedPlugAppArmor: joystickConnectedPlugAppArmor,
   107  		connectedPlugUDev:     joystickConnectedPlugUDev,
   108  	}})
   109  }