github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/utils.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 import ( 23 "bytes" 24 "fmt" 25 "path/filepath" 26 "regexp" 27 "sort" 28 29 "github.com/snapcore/snapd/dirs" 30 "github.com/snapcore/snapd/interfaces" 31 "github.com/snapcore/snapd/release" 32 "github.com/snapcore/snapd/snap" 33 ) 34 35 // The maximum number of Usb bInterfaceNumber. 36 const UsbMaxInterfaces = 32 37 38 // labelExpr returns the specification of the apparmor label describing 39 // given apps and hooks. The result has one of three forms, 40 // depending on how apps are bound to the slot: 41 // 42 // - "snap.$snap_instance.$app" if there is exactly one app bound 43 // - "snap.$snap_instance.{$app1,...$appN, $hook1...$hookN}" if there are some, but not all, apps/hooks bound 44 // - "snap.$snap_instance.*" if all apps/hook are bound to the plug or slot 45 func labelExpr(apps map[string]*snap.AppInfo, hooks map[string]*snap.HookInfo, snap *snap.Info) string { 46 var buf bytes.Buffer 47 48 names := make([]string, 0, len(apps)+len(hooks)) 49 for appName := range apps { 50 names = append(names, appName) 51 } 52 for hookName := range hooks { 53 names = append(names, fmt.Sprintf("hook.%s", hookName)) 54 } 55 sort.Strings(names) 56 57 fmt.Fprintf(&buf, `"snap.%s.`, snap.InstanceName()) 58 if len(names) == 1 { 59 buf.WriteString(names[0]) 60 } else if len(apps) == len(snap.Apps) && len(hooks) == len(snap.Hooks) { 61 buf.WriteByte('*') 62 } else if len(names) > 0 { 63 buf.WriteByte('{') 64 for _, name := range names { 65 buf.WriteString(name) 66 buf.WriteByte(',') 67 } 68 // remove trailing comma 69 buf.Truncate(buf.Len() - 1) 70 buf.WriteByte('}') 71 } // else: len(names)==0, gives "snap.<name>." that doesn't match anything 72 buf.WriteByte('"') 73 return buf.String() 74 } 75 76 // XXX: rename as it includes hooks too 77 func slotAppLabelExpr(slot *interfaces.ConnectedSlot) string { 78 return labelExpr(slot.Apps(), slot.Hooks(), slot.Snap()) 79 } 80 81 // XXX: rename as it includes hooks too 82 func plugAppLabelExpr(plug *interfaces.ConnectedPlug) string { 83 return labelExpr(plug.Apps(), plug.Hooks(), plug.Snap()) 84 } 85 86 // Determine if the permanent slot side is provided by the system. On classic 87 // systems some implicit slots can be provided by the system or by an 88 // application snap (eg avahi can be installed as deb or snap). 89 // - slot owned by the system (core/snapd snap) usually requires no action 90 // - slot owned by an application snap typically requires rules updates 91 func implicitSystemPermanentSlot(slot *snap.SlotInfo) bool { 92 if release.OnClassic && 93 (slot.Snap.Type() == snap.TypeOS || slot.Snap.Type() == snap.TypeSnapd) { 94 return true 95 } 96 return false 97 } 98 99 // Determine if the connected slot side is provided by the system. As for 100 // isPermanentSlotSystemSlot(), the slot can be owned by the system or an 101 // application. 102 func implicitSystemConnectedSlot(slot *interfaces.ConnectedSlot) bool { 103 if release.OnClassic && 104 (slot.Snap().Type() == snap.TypeOS || slot.Snap().Type() == snap.TypeSnapd) { 105 return true 106 } 107 return false 108 } 109 110 // determine if the given slot attribute path matches the regex. 111 // invalidErrFmt provides a fmt.Errorf format to create an error in 112 // the case the path does not matches, it should allow to include 113 // slotRef and be something like: "slot %q path attribute must be a 114 // valid <path kind>". 115 func verifySlotPathAttribute(slotRef *interfaces.SlotRef, attrs interfaces.Attrer, reg *regexp.Regexp, invalidErrFmt string) (string, error) { 116 var path string 117 if err := attrs.Attr("path", &path); err != nil || path == "" { 118 return "", fmt.Errorf("slot %q must have a path attribute", slotRef) 119 } 120 cleanPath := filepath.Clean(path) 121 if cleanPath != path { 122 return "", fmt.Errorf(`cannot use slot %q path %q: try %q"`, slotRef, path, cleanPath) 123 } 124 if !reg.MatchString(cleanPath) { 125 return "", fmt.Errorf(invalidErrFmt, slotRef) 126 } 127 return cleanPath, nil 128 } 129 130 // aareExclusivePatterns takes a string and generates deny alternations. Eg, 131 // aareExclusivePatterns("foo") returns: 132 // []string{ 133 // "[^f]*", 134 // "f[^o]*", 135 // "fo[^o]*", 136 // } 137 func aareExclusivePatterns(orig string) []string { 138 // This function currently is only intended to be used with desktop 139 // prefixes as calculated by info.DesktopPrefix (the snap name and 140 // instance name, if present). To avoid having to worry about aare 141 // special characters, etc, perform ValidateDesktopPrefix() and return 142 // an empty list if invalid. If this function is modified for other 143 // input, aare/quoting/etc will have to be considered. 144 if !snap.ValidateDesktopPrefix(orig) { 145 return nil 146 } 147 148 s := make([]string, len(orig)) 149 150 prefix := "" 151 for i, letter := range orig { 152 prefix = orig[:i] 153 s[i] = fmt.Sprintf("%s[^%c]*", prefix, letter) 154 } 155 return s 156 } 157 158 // getDesktopFileRules(<snap instance name>) generates snippet rules for 159 // allowing access to the specified snap's desktop files in 160 // dirs.SnapDesktopFilesDir, but explicitly denies access to all other snaps' 161 // desktop files since xdg libraries may try to read all the desktop files 162 // in the dir, causing excessive noise. (LP: #1868051) 163 func getDesktopFileRules(snapInstanceName string) []string { 164 baseDir := dirs.SnapDesktopFilesDir 165 166 rules := []string{ 167 "# Support applications which use the unity messaging menu, xdg-mime, etc", 168 "# This leaks the names of snaps with desktop files", 169 fmt.Sprintf("%s/ r,", baseDir), 170 "# Allowing reading only our desktop files (required by (at least) the unity", 171 "# messaging menu).", 172 "# parallel-installs: this leaks read access to desktop files owned by keyed", 173 "# instances of @{SNAP_NAME} to @{SNAP_NAME} snap", 174 fmt.Sprintf("%s/@{SNAP_INSTANCE_DESKTOP}_*.desktop r,", baseDir), 175 "# Explicitly deny access to other snap's desktop files", 176 fmt.Sprintf("deny %s/@{SNAP_INSTANCE_DESKTOP}[^_.]*.desktop r,", baseDir), 177 } 178 for _, t := range aareExclusivePatterns(snapInstanceName) { 179 rules = append(rules, fmt.Sprintf("deny %s/%s r,", baseDir, t)) 180 } 181 182 return rules 183 }