github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/hardware_random_control.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/hardware_random_control.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2017 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  const hardwareRandomControlSummary = `allows control over the hardware random number generator`
    23  
    24  const hardwareRandomControlBaseDeclarationSlots = `
    25    hardware-random-control:
    26      allow-installation:
    27        slot-snap-type:
    28          - core
    29      deny-auto-connection: true
    30  `
    31  
    32  const hardwareRandomControlConnectedPlugAppArmor = `
    33  # Description: allow direct access to the hardware random number generator
    34  # device. Usually, the default access to /dev/random is sufficient, but this
    35  # allows applications such as rng-tools to use /dev/hwrng directly or change
    36  # the hwrng via sysfs. For details, see
    37  # https://www.kernel.org/doc/Documentation/hw_random.txt
    38  
    39  /dev/hwrng rw,
    40  /run/udev/data/c10:183 r,
    41  /sys/devices/virtual/misc/ r,
    42  /sys/devices/virtual/misc/hw_random/rng_{available,current} r,
    43  
    44  # Allow changing the hwrng
    45  /sys/devices/virtual/misc/hw_random/rng_current w,
    46  `
    47  
    48  var hardwareRandomControlConnectedPlugUDev = []string{`KERNEL=="hwrng"`}
    49  
    50  func init() {
    51  	registerIface(&commonInterface{
    52  		name:                  "hardware-random-control",
    53  		summary:               hardwareRandomControlSummary,
    54  		implicitOnCore:        true,
    55  		implicitOnClassic:     true,
    56  		baseDeclarationSlots:  hardwareRandomControlBaseDeclarationSlots,
    57  		connectedPlugAppArmor: hardwareRandomControlConnectedPlugAppArmor,
    58  		connectedPlugUDev:     hardwareRandomControlConnectedPlugUDev,
    59  	})
    60  }