github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity8_contacts.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity8_contacts.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin
    21  
    22  const unity8ContactsSummary = `allows operating as or interacting with the Unity 8 Contacts Service`
    23  
    24  const unity8ContactsBaseDeclarationSlots = `
    25    unity8-contacts:
    26      allow-installation:
    27        slot-snap-type:
    28          - app
    29      deny-auto-connection: true
    30      deny-connection: true
    31  `
    32  
    33  const unity8ContactsPermanentSlotAppArmor = `
    34  # Description: Allow operating as the EDS service. This gives privileged access
    35  # to the system.
    36  
    37  # Allow binding the service to the requested connection name
    38  dbus (bind)
    39  	bus=session
    40  	name=org.gnome.evolution.dataserver.AddressBook9,
    41  dbus (bind)
    42  	bus=session
    43  	name=org.gnome.evolution.dataserver.Subprocess.Backend.AddressBook*,
    44  dbus (bind)
    45  	bus=session
    46  	name=com.canonical.pim,
    47  
    48  # LP: #1319546. Apps shouldn't talk directly to bute, but allow it for
    49  # now for trusted apps until buteo is integrated with push
    50  # notifications.
    51  dbus (bind)
    52  	bus=session
    53  	name=com.meego.msyncd,
    54  
    55  # Allow traffic to/from our path and interface with any method for unconfined
    56  # clients to talk to our address-book services.
    57  
    58  ########################
    59  # EDS - AddressBook
    60  ########################
    61  dbus (receive)
    62  	bus=session
    63  	path=/org/gnome/evolution/dataserver/AddressBookFactory
    64  	peer=(label=unconfined),
    65  dbus (receive)
    66  	bus=session
    67  	path=/org/gnome/evolution/dataserver/AddressBookView/**
    68  	peer=(label=unconfined),
    69  dbus (receive)
    70  	bus=session
    71  	path=/org/gnome/evolution/dataserver/Subprocess/**
    72  	interface=org.gnome.evolution.dataserver.AddressBook
    73  	peer=(label=unconfined),
    74  dbus (receive)
    75  	bus=session
    76  	path=/org/gnome/evolution/dataserver/Subprocess/Backend/AddressBookView/**
    77  	peer=(label=unconfined),
    78  
    79  ##########################
    80  # Canonical - AddressBook
    81  ##########################
    82  dbus (receive)
    83  	bus=session
    84  	path=/com/canonical/pim/AddressBook
    85  	peer=(label=unconfined),
    86  dbus (receive)
    87  	bus=session
    88  	path=/com/canonical/pim/AddressBookView
    89  	peer=(label=unconfined),
    90  dbus (receive)
    91  	bus=session
    92  	peer=(label=unconfined),
    93  `
    94  
    95  const unity8ContactsConnectedSlotAppArmor = `
    96  # Allow service to interact with connected clients DBus accesses
    97  
    98  ########################
    99  # EDS - AddressBook
   100  ########################
   101  dbus (receive, send)
   102  	bus=session
   103  	path=/org/gnome/evolution/dataserver/AddressBookFactory
   104  	peer=(label=###PLUG_SECURITY_TAGS###),
   105  dbus (receive, send)
   106  	bus=session
   107  	path=/org/gnome/evolution/dataserver/AddressBookView/**
   108  	peer=(label=###PLUG_SECURITY_TAGS###),
   109  dbus (receive, send)
   110  	bus=session
   111  	path=/org/gnome/evolution/dataserver/Subprocess/**
   112  	interface=org.gnome.evolution.dataserver.AddressBook
   113  	peer=(label=###PLUG_SECURITY_TAGS###),
   114  dbus (receive, send)
   115  	bus=session
   116  	path=/org/gnome/evolution/dataserver/Subprocess/Backend/AddressBookView/**
   117  	peer=(label=###PLUG_SECURITY_TAGS###),
   118  
   119  ##########################
   120  # Canonical - AddressBook
   121  ##########################
   122  dbus (receive, send)
   123  	bus=session
   124  	path=/com/canonical/pim/AddressBook
   125  	peer=(label=###PLUG_SECURITY_TAGS###),
   126  dbus (receive, send)
   127  	bus=session
   128  	path=/com/canonical/pim/AddressBookView
   129  	peer=(label=###PLUG_SECURITY_TAGS###),
   130  
   131  # LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for
   132  # now for trusted apps until buteo is integrated with push
   133  # notifications.
   134  dbus (receive, send)
   135  	bus=session
   136  	path=/synchronizer{,/**}
   137  	peer=(label=###PLUG_SECURITY_TAGS###),
   138  `
   139  
   140  const unity8ContactsConnectedPlugAppArmor = `
   141  # Allow connected clients to communicate with contacts service via DBus
   142  
   143  ########################
   144  # EDS - AddressBook
   145  ########################
   146  dbus (receive, send)
   147  	bus=session
   148  	path=/org/gnome/evolution/dataserver/AddressBookFactory
   149  	peer=(label=###SLOT_SECURITY_TAGS###),
   150  dbus (receive, send)
   151  	bus=session
   152  	path=/org/gnome/evolution/dataserver/AddressBookView/**
   153  	peer=(label=###SLOT_SECURITY_TAGS###),
   154  dbus (receive, send)
   155  	bus=session
   156  	path=/org/gnome/evolution/dataserver/Subprocess/**
   157  	interface=org.gnome.evolution.dataserver.AddressBook
   158  	peer=(label=###SLOT_SECURITY_TAGS###),
   159  dbus (receive, send)
   160  	bus=session
   161  	path=/org/gnome/evolution/dataserver/Subprocess/Backend/AddressBookView/**
   162  	peer=(label=###SLOT_SECURITY_TAGS###),
   163  
   164  ##########################
   165  # Canonical - AddressBook
   166  ##########################
   167  dbus (receive, send)
   168  	bus=session
   169  	path=/com/canonical/pim/AddressBook
   170  	peer=(label=###SLOT_SECURITY_TAGS###),
   171  dbus (receive, send)
   172  	bus=session
   173  	path=/com/canonical/pim/AddressBookView
   174  	peer=(label=###SLOT_SECURITY_TAGS###),
   175  
   176  # LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for
   177  # now for trusted apps until buteo is integrated with push
   178  # notifications.
   179  dbus (receive, send)
   180  	bus=session
   181  	path=/synchronizer{,/**}
   182  	peer=(label=###SLOT_SECURITY_TAGS###),
   183  `
   184  
   185  func init() {
   186  	registerIface(&unity8PimCommonInterface{
   187  		name:                  "unity8-contacts",
   188  		summary:               unity8ContactsSummary,
   189  		baseDeclarationSlots:  unity8ContactsBaseDeclarationSlots,
   190  		permanentSlotAppArmor: unity8ContactsPermanentSlotAppArmor,
   191  		connectedSlotAppArmor: unity8ContactsConnectedSlotAppArmor,
   192  		connectedPlugAppArmor: unity8ContactsConnectedPlugAppArmor,
   193  	})
   194  }