github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/unity8_calendar.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 const unity8CalendarSummary = `allows operating as or interacting with the Unity 8 Calendar Service` 23 24 const unity8CalendarBaseDeclarationSlots = ` 25 unity8-calendar: 26 allow-installation: 27 slot-snap-type: 28 - app 29 deny-auto-connection: true 30 deny-connection: true 31 ` 32 33 const unity8CalendarPermanentSlotAppArmor = ` 34 # Description: Allow operating as the EDS service. This gives privileged access 35 # to the system. 36 37 # DBus accesses 38 dbus (bind) 39 bus=session 40 name="org.gnome.evolution.dataserver.Calendar7", 41 dbus (bind) 42 bus=session 43 name="org.gnome.evolution.dataserver.Subprocess.Backend.Calendar*", 44 dbus (bind) 45 bus=session 46 name="com.canonical.SyncMonitor", 47 48 # Allow traffic to/from our path and interface with any method for unconfined 49 # clients to talk to our calendar services. 50 dbus (receive) 51 bus=session 52 path=/org/gnome/evolution/dataserver/CalendarFactory 53 peer=(label=unconfined), 54 dbus (receive) 55 bus=session 56 path=/org/gnome/evolution/dataserver/CalendarView/** 57 peer=(label=unconfined), 58 dbus (receive) 59 bus=session 60 path=/org/gnome/evolution/dataserver/Subprocess/** 61 interface=org.gnome.evolution.dataserver.Calendar 62 peer=(label=unconfined), 63 dbus (receive) 64 bus=session 65 path=/org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/** 66 peer=(label=unconfined), 67 68 # LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for 69 # now for trusted apps until sync-monitor is integrated with push 70 # notifications. 71 dbus (receive) 72 bus=session 73 path=/com/canonical/SyncMonitor 74 peer=(label=unconfined), 75 ` 76 77 const unity8CalendarConnectedSlotAppArmor = ` 78 # Allow service to interact with connected clients 79 # DBus accesses 80 81 ######################## 82 # Calendar 83 ######################## 84 dbus (receive, send) 85 bus=session 86 path=/org/gnome/evolution/dataserver/CalendarFactory 87 peer=(label=###PLUG_SECURITY_TAGS###), 88 dbus (receive, send) 89 bus=session 90 path=/org/gnome/evolution/dataserver/CalendarView/** 91 peer=(label=###PLUG_SECURITY_TAGS###), 92 dbus (receive, send) 93 bus=session 94 path=/org/gnome/evolution/dataserver/Subprocess/** 95 interface=org.gnome.evolution.dataserver.Calendar 96 peer=(label=###PLUG_SECURITY_TAGS###), 97 dbus (receive, send) 98 bus=session 99 path=/org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/** 100 peer=(label=###PLUG_SECURITY_TAGS###), 101 102 # LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for 103 # now for trusted apps until sync-monitor is integrated with push 104 # notifications. 105 dbus (receive, send) 106 bus=session 107 path=/com/canonical/SyncMonitor 108 peer=(label=###PLUG_SECURITY_TAGS###), 109 ` 110 111 const unity8CalendarConnectedPlugAppArmor = ` 112 # Allow connected clients to communicate with calendar service via DBus 113 114 ######################## 115 # Calendar 116 ######################## 117 dbus (receive, send) 118 bus=session 119 path=/org/gnome/evolution/dataserver/CalendarFactory 120 peer=(label=###SLOT_SECURITY_TAGS###), 121 dbus (receive, send) 122 bus=session 123 path=/org/gnome/evolution/dataserver/CalendarView/** 124 peer=(label=###SLOT_SECURITY_TAGS###), 125 dbus (receive, send) 126 bus=session 127 path=/org/gnome/evolution/dataserver/Subprocess/** 128 interface=org.gnome.evolution.dataserver.Calendar 129 peer=(label=###SLOT_SECURITY_TAGS###), 130 dbus (receive, send) 131 bus=session 132 path=/org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/** 133 peer=(label=###SLOT_SECURITY_TAGS###), 134 dbus (receive, send) 135 bus=session 136 path=/com/canonical/SyncMonitor 137 peer=(label=###SLOT_SECURITY_TAGS###), 138 139 # LP: #1319546. Apps shouldn't talk directly to sync-monitor, but allow it for 140 # now for trusted apps until sync-monitor is integrated with push 141 # notifications. 142 dbus (receive, send) 143 bus=session 144 path=/com/canonical/SyncMonitor 145 peer=(label=###SLOT_SECURITY_TAGS###), 146 ` 147 148 func init() { 149 registerIface(&unity8PimCommonInterface{ 150 name: "unity8-calendar", 151 summary: unity8CalendarSummary, 152 baseDeclarationSlots: unity8CalendarBaseDeclarationSlots, 153 permanentSlotAppArmor: unity8CalendarPermanentSlotAppArmor, 154 connectedSlotAppArmor: unity8CalendarConnectedSlotAppArmor, 155 connectedPlugAppArmor: unity8CalendarConnectedPlugAppArmor, 156 }) 157 }