github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/password_manager_service.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 const passwordManagerServiceSummary = `allows access to common password manager services` 23 24 const passwordManagerBaseDeclarationSlots = ` 25 password-manager-service: 26 allow-installation: 27 slot-snap-type: 28 - core 29 deny-auto-connection: true 30 ` 31 32 const passwordManagerServiceConnectedPlugAppArmor = ` 33 # Description: Allow access to password manager services provided by popular 34 # Desktop Environments. This interface gives access to sensitive information 35 # available in the user's session. 36 37 #include <abstractions/dbus-session-strict> 38 39 # Provide full access to the secret-service API: 40 # - https://standards.freedesktop.org/secret-service/) 41 # 42 # The secret-service allows managing (add/delete/lock/etc) collections and 43 # (add/delete/etc) items within collections. The API also has the concept of 44 # aliases for collections which is typically used to access the default 45 # collection. While it would be possible for an application developer to use a 46 # snap-specific collection and mediate by object path, application developers 47 # are meant to instead to treat collections (typically the default collection) 48 # as a database of key/value attributes each with an associated secret that 49 # applications may query. Because AppArmor does not mediate member data, 50 # typical and recommended usage of the API does not allow for application 51 # isolation. For details, see: 52 # - https://standards.freedesktop.org/secret-service/ch03.html 53 # 54 dbus (receive, send) 55 bus=session 56 path=/org/freedesktop/secrets{,/**} 57 interface=org.freedesktop.DBus.* 58 peer=(label=unconfined), 59 60 dbus (receive, send) 61 bus=session 62 path=/org/freedesktop/secrets{,/**} 63 interface=org.freedesktop.Secret.{Collection,Item,Prompt,Service,Session} 64 peer=(label=unconfined), 65 66 # KWallet's client API is still in use in KDE/Plasma. It's DBus API relies upon 67 # member data for access to its 'folders' and 'entries' and it therefore does 68 # not allow for application isolation via AppArmor. For details, see: 69 # - https://cgit.kde.org/kdelibs.git/tree/kdeui/util/kwallet.h?h=v4.14.33 70 # 71 dbus (receive, send) 72 bus=session 73 path=/modules/kwalletd{,5} 74 interface=org.freedesktop.DBus.* 75 peer=(label=unconfined), 76 77 dbus (receive, send) 78 bus=session 79 path=/modules/kwalletd{,5} 80 interface=org.kde.KWallet 81 peer=(label=unconfined), 82 ` 83 84 func init() { 85 registerIface(&commonInterface{ 86 name: "password-manager-service", 87 summary: passwordManagerServiceSummary, 88 implicitOnClassic: true, 89 baseDeclarationSlots: passwordManagerBaseDeclarationSlots, 90 connectedPlugAppArmor: passwordManagerServiceConnectedPlugAppArmor, 91 }) 92 }