github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/contacts_service.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2018 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 import ( 23 "github.com/snapcore/snapd/release" 24 ) 25 26 const contactsServiceSummary = `allows communication with Evolution Data Service Address Book` 27 28 const contactsServiceBaseDeclarationSlots = ` 29 contacts-service: 30 allow-installation: 31 slot-snap-type: 32 - core 33 deny-auto-connection: true 34 ` 35 36 const contactsServiceConnectedPlugAppArmor = ` 37 # Description: Allow access to Evolution Data Service for contacts 38 39 #include <abstractions/dbus-session-strict> 40 41 # Allow use of ObjectManager APIs, used to enumerate sources 42 dbus (receive, send) 43 bus=session 44 interface=org.freedesktop.DBus.ObjectManager 45 path=/org/gnome/evolution/dataserver{,/**} 46 peer=(label=unconfined), 47 48 # Allow access to properties on sources 49 dbus (receive, send) 50 bus=session 51 interface=org.freedesktop.DBus.Properties 52 path=/org/gnome/evolution/dataserver/SourceManager{,/**} 53 peer=(label=unconfined), 54 dbus (receive, send) 55 bus=session 56 interface=org.freedesktop.DBus.Properties 57 path=/org/gnome/evolution/dataserver/AddressBook{,/**} 58 peer=(label=unconfined), 59 dbus (receive, send) 60 bus=session 61 interface=org.freedesktop.DBus.Properties 62 path=/org/gnome/evolution/dataserver/AddressBookFactory 63 peer=(label=unconfined), 64 dbus (receive, send) 65 bus=session 66 interface=org.freedesktop.DBus.Properties 67 path=/org/gnome/evolution/dataserver/AddressBookCursor{,/**} 68 peer=(label=unconfined), 69 dbus (receive, send) 70 bus=session 71 interface=org.freedesktop.DBus.Properties 72 path=/org/gnome/evolution/dataserver/AddressBookView{,/**} 73 peer=(label=unconfined), 74 dbus (receive, send) 75 bus=session 76 interface=org.freedesktop.DBus.Properties 77 path=/org/gnome/evolution/dataserver/Subprocess{,/**} 78 peer=(label=unconfined), 79 # Allow access to methods 80 dbus (receive, send) 81 bus=session 82 interface=org.gnome.evolution.dataserver.AddressBook 83 path=/org/gnome/evolution/dataserver/{Subprocess,AddressBook}{,/**} 84 peer=(label=unconfined), 85 dbus (receive, send) 86 bus=session 87 interface=org.gnome.evolution.dataserver.AddressBookFactory 88 path=/org/gnome/evolution/dataserver/AddressBookFactory 89 peer=(label=unconfined), 90 dbus (receive, send) 91 bus=session 92 interface=org.gnome.evolution.dataserver.AddressBookCursor 93 path=/org/gnome/evolution/dataserver/AddressBookCursor{,/**} 94 peer=(label=unconfined), 95 dbus (receive, send) 96 bus=session 97 interface=org.gnome.evolution.dataserver.AddressBookView 98 path=/org/gnome/evolution/dataserver/AddressBookView{,/**} 99 peer=(label=unconfined), 100 dbus (receive, send) 101 bus=session 102 interface=org.gnome.evolution.dataserver.Source 103 path=/org/gnome/evolution/dataserver/SourceManager{,/**} 104 peer=(label=unconfined), 105 dbus (receive, send) 106 bus=session 107 interface=org.gnome.evolution.dataserver.Source.Removable 108 path=/org/gnome/evolution/dataserver/SourceManager{,/**} 109 peer=(label=unconfined), 110 dbus (receive, send) 111 bus=session 112 interface=org.gnome.evolution.dataserver.SourceManager 113 path=/org/gnome/evolution/dataserver/SourceManager 114 peer=(label=unconfined), 115 116 # Allow clients to introspect the service 117 dbus (send) 118 bus=session 119 interface=org.freedesktop.DBus.Introspectable 120 path=/org/gnome/evolution/dataserver/AddressBook{,/**} 121 member=Introspect 122 peer=(label=unconfined), 123 dbus (send) 124 bus=session 125 interface=org.freedesktop.DBus.Introspectable 126 path=/org/gnome/evolution/dataserver/AddressBookFactory 127 member=Introspect 128 peer=(label=unconfined), 129 dbus (send) 130 bus=session 131 interface=org.freedesktop.DBus.Introspectable 132 path=/org/gnome/evolution/dataserver/AddressBookCursor{,/**} 133 member=Introspect 134 peer=(label=unconfined), 135 dbus (send) 136 bus=session 137 interface=org.freedesktop.DBus.Introspectable 138 path=/org/gnome/evolution/dataserver/AddressBookView{,/**} 139 member=Introspect 140 peer=(label=unconfined), 141 dbus (send) 142 bus=session 143 interface=org.freedesktop.DBus.Introspectable 144 path=/org/gnome/evolution/dataserver/SourceManager{,/**} 145 member=Introspect 146 peer=(label=unconfined), 147 148 # Allow access to cached avatars 149 owner @{HOME}/.cache/evolution/addressbook/[0-9a-f]*/*.jpeg r, 150 ` 151 152 func init() { 153 registerIface(&commonInterface{ 154 name: "contacts-service", 155 summary: contactsServiceSummary, 156 implicitOnClassic: !(release.ReleaseInfo.ID == "ubuntu" && release.ReleaseInfo.VersionID == "14.04"), 157 baseDeclarationSlots: contactsServiceBaseDeclarationSlots, 158 connectedPlugAppArmor: contactsServiceConnectedPlugAppArmor, 159 }) 160 }