github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/time_control.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016-2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 const timeControlSummary = `allows setting system date and time` 23 24 const timeControlBaseDeclarationSlots = ` 25 time-control: 26 allow-installation: 27 slot-snap-type: 28 - core 29 deny-auto-connection: true 30 ` 31 32 const timeControlConnectedPlugAppArmor = ` 33 # Description: Can set time and date via systemd' timedated D-Bus interface. 34 # Can read all properties of /org/freedesktop/timedate1 D-Bus object; see 35 # https://www.freedesktop.org/wiki/Software/systemd/timedated/; This also 36 # gives full access to the RTC device nodes and relevant parts of sysfs. 37 38 #include <abstractions/dbus-strict> 39 40 # Introspection of org.freedesktop.timedate1 41 # do not use peer=(label=unconfined) here since this is DBus activated 42 dbus (send) 43 bus=system 44 path=/org/freedesktop/timedate1 45 interface=org.freedesktop.DBus.Introspectable 46 member=Introspect, 47 48 dbus (send) 49 bus=system 50 path=/org/freedesktop/timedate1 51 interface=org.freedesktop.timedate1 52 member="Set{Time,LocalRTC}" 53 peer=(label=unconfined), 54 55 # Read all properties from timedate1 56 # do not use peer=(label=unconfined) here since this is DBus activated 57 dbus (send) 58 bus=system 59 path=/org/freedesktop/timedate1 60 interface=org.freedesktop.DBus.Properties 61 member=Get{,All}, 62 63 # Receive timedate1 property changed events 64 dbus (receive) 65 bus=system 66 path=/org/freedesktop/timedate1 67 interface=org.freedesktop.DBus.Properties 68 member=PropertiesChanged 69 peer=(label=unconfined), 70 71 # As the core snap ships the timedatectl utility we can also allow 72 # clients to use it now that they have access to the relevant 73 # D-Bus methods for setting the time via timedatectl's set-time and 74 # set-local-rtc commands. 75 /usr/bin/timedatectl{,.real} ixr, 76 77 # Silence this noisy denial. systemd utilities look at /proc/1/environ to see 78 # if running in a container, but they will fallback gracefully. No other 79 # interfaces allow this denial, so no problems with silencing it for now. Note 80 # that allowing this triggers a 'ptrace trace peer=unconfined' denial, which we 81 # want to avoid. 82 deny @{PROC}/1/environ r, 83 84 # Allow write access to system real-time clock 85 # See 'man 4 rtc' for details. 86 87 capability sys_time, 88 89 /dev/rtc[0-9]* rw, 90 91 # Access to the sysfs nodes are needed by rtcwake for example 92 # to program scheduled wakeups in the future. 93 /sys/class/rtc/*/ rw, 94 /sys/class/rtc/*/** rw, 95 96 # As the core snap ships the hwclock utility we can also allow 97 # clients to use it now that they have access to the relevant 98 # device nodes. Note: some invocations of hwclock will try to 99 # write to the audit subsystem. We omit 'capability audit_write' 100 # and 'capability net_admin' here. Applications requiring audit 101 # logging should plug 'netlink-audit'. 102 /sbin/hwclock ixr, 103 ` 104 105 const timeControlConnectedPlugSecComp = ` 106 # Description: Can set time and date via systemd' timedated D-Bus interface. 107 # Can read all properties of /org/freedesktop/timedate1 D-Bus object; see 108 # https://www.freedesktop.org/wiki/Software/systemd/timedated/; This also 109 # gives full access to the RTC device nodes and relevant parts of sysfs. 110 111 settimeofday 112 adjtimex 113 114 # util-linux built with libaudit tries to write to the audit subsystem. We 115 # allow the socket call here to avoid seccomp kill, but omit the AppArmor 116 # capability rules. 117 bind 118 socket AF_NETLINK - NETLINK_AUDIT 119 ` 120 121 var timeControlConnectedPlugUDev = []string{`SUBSYSTEM=="rtc"`} 122 123 func init() { 124 registerIface(&commonInterface{ 125 name: "time-control", 126 summary: timeControlSummary, 127 implicitOnCore: true, 128 implicitOnClassic: true, 129 baseDeclarationSlots: timeControlBaseDeclarationSlots, 130 connectedPlugAppArmor: timeControlConnectedPlugAppArmor, 131 connectedPlugSecComp: timeControlConnectedPlugSecComp, 132 connectedPlugUDev: timeControlConnectedPlugUDev, 133 reservedForOS: true, 134 }) 135 }