github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/system_files.go

github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/system_files.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2018 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  import (
    23  	"fmt"
    24  	"strings"
    25  )
    26  
    27  const systemFilesSummary = `allows access to system files or directories`
    28  
    29  const systemFilesBaseDeclarationPlugs = `
    30    system-files:
    31      allow-installation: false
    32      deny-auto-connection: true
    33  `
    34  
    35  const systemFilesBaseDeclarationSlots = `
    36    system-files:
    37      allow-installation:
    38        slot-snap-type:
    39          - core
    40      deny-auto-connection: true
    41  `
    42  
    43  const systemFilesConnectedPlugAppArmor = `
    44  # Description: Can access specific system files or directories.
    45  # This is restricted because it gives file access to arbitrary locations.
    46  `
    47  
    48  type systemFilesInterface struct {
    49  	commonFilesInterface
    50  }
    51  
    52  func validateSinglePathSystem(np string) error {
    53  	if !strings.HasPrefix(np, "/") {
    54  		return fmt.Errorf(`%q must start with "/"`, np)
    55  	}
    56  	if strings.Contains(np, "$HOME") {
    57  		return fmt.Errorf(`$HOME cannot be used in %q`, np)
    58  	}
    59  
    60  	return nil
    61  }
    62  
    63  func init() {
    64  	registerIface(&systemFilesInterface{
    65  		commonFilesInterface{
    66  			commonInterface: commonInterface{
    67  				name:                 "system-files",
    68  				summary:              systemFilesSummary,
    69  				implicitOnCore:       true,
    70  				implicitOnClassic:    true,
    71  				baseDeclarationPlugs: systemFilesBaseDeclarationPlugs,
    72  				baseDeclarationSlots: systemFilesBaseDeclarationSlots,
    73  			},
    74  			apparmorHeader:    systemFilesConnectedPlugAppArmor,
    75  			extraPathValidate: validateSinglePathSystem,
    76  		},
    77  	})
    78  }