github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/uinput.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/uinput.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  // https://www.kernel.org/doc/html/latest/input/uinput.html. Manually connect
    23  // because this interface allows for arbitrary input injection.
    24  const uinputSummary = `allows access to the uinput device`
    25  
    26  // While this interface grants precisely what it says it does, there is known
    27  // popular software that uses the uinput device and recommends modifying the
    28  // permissions to be 0666 (see below). Require an installation constraint to
    29  // require vetting of snap publishers in an effort to protect existing systems
    30  // with lax permissions and to protect users from arbitrary publishers who
    31  // document to both manually connect and to change the permissions on the
    32  // device.
    33  const uinputBaseDeclarationPlugs = `
    34    uinput:
    35      allow-installation: false
    36      deny-auto-connection: true
    37  `
    38  
    39  const uinputBaseDeclarationSlots = `
    40    uinput:
    41      allow-installation:
    42        slot-snap-type:
    43          - core
    44      deny-auto-connection: true
    45  `
    46  
    47  const uinputConnectedPlugAppArmor = `
    48  # Description: Allow write access to the uinput device for emulating
    49  # input devices from userspace for sending input events.
    50  
    51  /dev/uinput rw,
    52  /dev/input/uinput rw,
    53  `
    54  
    55  // The uinput device allows for injecting arbitrary input, so its default
    56  // permissions are correctly root:root 0660. Some 3rd party software (eg,
    57  // the steam controller installer) installs udev rules that change the
    58  // device to world-writable permissions (0666) as a shortcut, but this is
    59  // unsafe since it would allow any unconfined user (or any snap with this
    60  // interface connected) to inject input events into the kernel. In general
    61  // snapd should not be adjusting the permissions on the device, at least not
    62  // until snapd implements 'device access' for fine-grained control. See:
    63  // https://forum.snapcraft.io/t/multiple-users-and-groups-in-snaps/1461.
    64  var uinputConnectedPlugUDev = []string{`KERNEL=="uinput"`}
    65  
    66  type uinputInterface struct {
    67  	commonInterface
    68  }
    69  
    70  func init() {
    71  	registerIface(&uinputInterface{commonInterface{
    72  		name:                  "uinput",
    73  		summary:               uinputSummary,
    74  		implicitOnCore:        true,
    75  		implicitOnClassic:     true,
    76  		baseDeclarationPlugs:  uinputBaseDeclarationPlugs,
    77  		baseDeclarationSlots:  uinputBaseDeclarationSlots,
    78  		connectedPlugAppArmor: uinputConnectedPlugAppArmor,
    79  		connectedPlugUDev:     uinputConnectedPlugUDev,
    80  	}})
    81  }