github.com/stulluk/snapd@v0.0.0-20210611110309-f6d5d5bd24b0/interfaces/builtin/login_session_observe.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2019 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 const loginSessionObserveSummary = `allows reading login and session information` 23 24 const loginSessionObserveBaseDeclarationSlots = ` 25 login-session-observe: 26 allow-installation: 27 slot-snap-type: 28 - core 29 deny-auto-connection: true 30 ` 31 32 const loginSessionObserveConnectedPlugAppArmor = ` 33 # Allow reading login and session information 34 /{,usr/}bin/who ixr, 35 /var/log/wtmp rk, 36 /{,var/}run/utmp rk, 37 38 /{,usr/}bin/lastlog ixr, 39 /var/log/lastlog rk, 40 41 /{,usr/}bin/faillog ixr, 42 /var/log/faillog rk, 43 44 # systemd session information (session files, but not .ref files) 45 /run/systemd/sessions/ r, 46 /run/systemd/sessions/*[0-9] rk, 47 48 # Supported loginctl commands: 49 # - list-sessions 50 # - show-session N 51 # - list-users 52 # - show-user N 53 # - list-seats 54 # - show-seat N 55 56 /{,usr/}bin/loginctl ixr, 57 #include <abstractions/dbus-strict> 58 59 # Introspection of org.freedesktop.login1 60 # do not use peer=(label=unconfined) here since this is DBus activated 61 dbus (send) 62 bus=system 63 path=/org/freedesktop/login1 64 interface=org.freedesktop.DBus.Introspectable 65 member=Introspect, 66 67 dbus (send) 68 bus=system 69 path=/org/freedesktop/login1{,/seat/*,/session/*,/user/*} 70 interface=org.freedesktop.DBus.Properties 71 member=Get{,All}, 72 73 dbus (receive) 74 bus=system 75 path=/org/freedesktop/login1 76 interface=org.freedesktop.DBus.Properties 77 member=PropertiesChanged 78 peer=(label=unconfined), 79 80 dbus (receive) 81 bus=system 82 path=/org/freedesktop/login1 83 interface=org.freedesktop.login1.Manager 84 member={Session,User,Seat}New 85 peer=(label=unconfined), 86 87 dbus (receive) 88 bus=system 89 path=/org/freedesktop/login1 90 interface=org.freedesktop.login1.Manager 91 member={Session,User,Seat}Removed 92 peer=(label=unconfined), 93 94 dbus (receive) 95 bus=system 96 path=/org/freedesktop/login1 97 interface=org.freedesktop.login1.Manager 98 member=PrepareFor{Shutdow,Sleep} 99 peer=(label=unconfined), 100 101 dbus (send) 102 bus=system 103 path=/org/freedesktop/login1 104 interface=org.freedesktop.login1.Manager 105 member=List{Seats,Sessions,Users}, 106 107 dbus (send) 108 bus=system 109 path=/org/freedesktop/login1 110 interface=org.freedesktop.login1.Manager 111 member=Get{Seat,Session,User}, 112 ` 113 114 type loginSessionObserveInterface struct { 115 commonInterface 116 } 117 118 func init() { 119 registerIface(&loginSessionObserveInterface{commonInterface: commonInterface{ 120 name: "login-session-observe", 121 summary: loginSessionObserveSummary, 122 implicitOnCore: true, 123 implicitOnClassic: true, 124 baseDeclarationSlots: loginSessionObserveBaseDeclarationSlots, 125 connectedPlugAppArmor: loginSessionObserveConnectedPlugAppArmor, 126 }}) 127 }