github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/personal_files.go

github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/personal_files.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2018 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  import (
    23  	"fmt"
    24  	"strings"
    25  )
    26  
    27  const personalFilesSummary = `allows access to personal files or directories`
    28  
    29  const personalFilesBaseDeclarationPlugs = `
    30    personal-files:
    31      allow-installation: false
    32      deny-auto-connection: true
    33  `
    34  
    35  const personalFilesBaseDeclarationSlots = `
    36    personal-files:
    37      allow-installation:
    38        slot-snap-type:
    39          - core
    40      deny-auto-connection: true
    41  `
    42  
    43  const personalFilesConnectedPlugAppArmor = `
    44  # Description: Can access specific personal files or directories in the 
    45  # users's home directory.
    46  # This is restricted because it gives file access to arbitrary locations.
    47  `
    48  
    49  type personalFilesInterface struct {
    50  	commonFilesInterface
    51  }
    52  
    53  func validateSinglePathHome(np string) error {
    54  	if !strings.HasPrefix(np, "$HOME/") {
    55  		return fmt.Errorf(`%q must start with "$HOME/"`, np)
    56  	}
    57  	if strings.Count(np, "$HOME") > 1 {
    58  		return fmt.Errorf(`$HOME must only be used at the start of the path of %q`, np)
    59  	}
    60  	return nil
    61  }
    62  
    63  func init() {
    64  	registerIface(&personalFilesInterface{
    65  		commonFilesInterface{
    66  			commonInterface: commonInterface{
    67  				name:                 "personal-files",
    68  				summary:              personalFilesSummary,
    69  				implicitOnCore:       true,
    70  				implicitOnClassic:    true,
    71  				baseDeclarationPlugs: personalFilesBaseDeclarationPlugs,
    72  				baseDeclarationSlots: personalFilesBaseDeclarationSlots,
    73  			},
    74  			apparmorHeader:    personalFilesConnectedPlugAppArmor,
    75  			extraPathValidate: validateSinglePathHome,
    76  		},
    77  	})
    78  }