Merge lp:~ssweeny/bluez/snappy-interface into lp:~bluetooth/bluez/snap-core-rolling

Proposed by Scott Sweeny on 2016-04-19
Status: Merged
Approved by: Simon Fels on 2016-04-28
Approved revision: 48
Merged at revision: 41
Proposed branch: lp:~ssweeny/bluez/snappy-interface
Merge into: lp:~bluetooth/bluez/snap-core-rolling
Prerequisite: lp:~morphis/bluez/fix-snapcraft-source
Diff against target: 1457 lines (+13/-1384)
6 files modified
bluez.apparmor (+0/-222)
bluez.seccomp (+0/-457)
obex.apparmor (+0/-225)
obex.seccomp (+0/-457)
parts/plugins/x-autotools.py (+3/-3)
snapcraft.yaml (+10/-20)
To merge this branch: bzr merge lp:~ssweeny/bluez/snappy-interface
Reviewer Review Type Date Requested Status
Simon Fels 2016-04-20 Approve on 2016-04-28
Tony Espy 2016-04-20 Pending
Bluetooth 2016-04-19 Pending
Review via email: mp+292304@code.launchpad.net

Commit message

Use the new bluez interface in ubuntu-core

Description of the change

This branch contains the updated snapcraft config to use the new bluez interface in ubuntu-core.

Tested against a fixes branch[1] that will hopefully soon be merged into ubuntu-core.

[1] https://github.com/ubuntu-core/snappy/pull/1037

To post a comment you must log in.
lp:~ssweeny/bluez/snappy-interface updated on 2016-04-19
47. By Scott Sweeny on 2016-04-19

Actually remove unused policy files

Simon Fels (morphis) wrote :

Left one naming related comment inline but otherwise LGTM

review: Needs Fixing
lp:~ssweeny/bluez/snappy-interface updated on 2016-04-20
48. By Scott Sweeny on 2016-04-20

Rename slot/plug to service/client respectively

Scott Sweeny (ssweeny) wrote :

> Left one naming related comment inline but otherwise LGTM

Well-spotted. Done.

Should this naming scheme be part of our guidelines doc?

Simon Fels (morphis) wrote :

@Scott: That would be awesome if you can add a chapter for a interface naming convention.

Simon Fels (morphis) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== removed file 'bluez.apparmor'
2--- bluez.apparmor 2016-02-01 18:56:49 +0000
3+++ bluez.apparmor 1970-01-01 00:00:00 +0000
4@@ -1,222 +0,0 @@
5-#
6-# AppArmor confinement for bluez's bluetoothd
7-#
8-
9-#include <tunables/global>
10-
11-# Specified profile variables
12-###VAR###
13-
14-###PROFILEATTACH### (attach_disconnected) {
15- #include <abstractions/base>
16- #include <abstractions/openssl>
17-
18- # Explicitly deny ptrace for now since it can be abused to break out of the
19- # seccomp sandbox. https://lkml.org/lkml/2015/3/18/823
20- audit deny ptrace (trace),
21-
22- # Explicitly deny mount, remount and umount
23- audit deny mount,
24- audit deny remount,
25- audit deny umount,
26-
27- # Read-only for the install directory
28- @{CLICK_DIR}/@{APP_PKGNAME}/ r,
29- @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/ r,
30- @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/** mrklix,
31-
32- # Read-only home area for other versions
33- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/ r,
34- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ r,
35- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix,
36-
37- # Writable home area for this version.
38- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ w,
39- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
40-
41- # Read-only system area for other versions
42- /var/lib/snaps/@{APP_PKGNAME}/ r,
43- /var/lib/snaps/@{APP_PKGNAME}/** mrkix,
44-
45- # Writable system area only for this version
46- /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ w,
47- /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
48-
49- # The ubuntu-core-launcher creates an app-specific private restricted /tmp
50- # and will fail to launch the app if something goes wrong. As such, we can
51- # simply allow full access to /tmp.
52- /tmp/ r,
53- /tmp/** mrwlkix,
54-
55- # Miscellaneous accesses
56- /etc/mime.types r,
57- @{PROC}/ r,
58- /etc/{,writable/}hostname r,
59- /etc/{,writable/}localtime r,
60- /etc/{,writable/}timezone r,
61- @{PROC}/sys/kernel/hostname r,
62- @{PROC}/sys/kernel/osrelease r,
63- @{PROC}/sys/fs/file-max r,
64- @{PROC}/sys/kernel/pid_max r,
65- # this leaks interface names and stats, but not in a way that is traceable
66- # to the user/device
67- @{PROC}/net/dev r,
68-
69- #
70- # Various accesses that may or may not be required for your framework.
71- # Adjust as necessary for your services.
72- #
73-
74- # Shell (do not usually need abstractions/bash)
75- #include <abstractions/consoles>
76- /bin/bash ixr,
77- /bin/dash ixr,
78- /etc/bash.bashrc r,
79- /usr/share/terminfo/** r,
80- /etc/inputrc r,
81- deny @{HOME}/.inputrc r,
82- # Common utilities for shell scripts
83- /{,usr/}bin/{,g,m}awk ixr,
84- /{,usr/}bin/basename ixr,
85- /{,usr/}bin/bunzip2 ixr,
86- /{,usr/}bin/bzcat ixr,
87- /{,usr/}bin/bzdiff ixr,
88- /{,usr/}bin/bzgrep ixr,
89- /{,usr/}bin/bzip2 ixr,
90- /{,usr/}bin/cat ixr,
91- /{,usr/}bin/chmod ixr,
92- /{,usr/}bin/cmp ixr,
93- /{,usr/}bin/cp ixr,
94- /{,usr/}bin/cpio ixr,
95- /{,usr/}bin/cut ixr,
96- /{,usr/}bin/date ixr,
97- /{,usr/}bin/dd ixr,
98- /{,usr/}bin/diff{,3} ixr,
99- /{,usr/}bin/dir ixr,
100- /{,usr/}bin/dirname ixr,
101- /{,usr/}bin/echo ixr,
102- /{,usr/}bin/{,e,f,r}grep ixr,
103- /{,usr/}bin/env ixr,
104- /{,usr/}bin/expr ixr,
105- /{,usr/}bin/false ixr,
106- /{,usr/}bin/find ixr,
107- /{,usr/}bin/fmt ixr,
108- /{,usr/}bin/getopt ixr,
109- /{,usr/}bin/head ixr,
110- /{,usr/}bin/hostname ixr,
111- /{,usr/}bin/id ixr,
112- /{,usr/}bin/igawk ixr,
113- /{,usr/}bin/kill ixr,
114- /{,usr/}bin/ldd ixr,
115- /{,usr/}bin/ln ixr,
116- /{,usr/}bin/line ixr,
117- /{,usr/}bin/link ixr,
118- /{,usr/}bin/logger ixr,
119- /{,usr/}bin/ls ixr,
120- /{,usr/}bin/md5sum ixr,
121- /{,usr/}bin/mkdir ixr,
122- /{,usr/}bin/mktemp ixr,
123- /{,usr/}bin/mv ixr,
124- /{,usr/}bin/openssl ixr, # may cause harmless capability block_suspend denial
125- /{,usr/}bin/pgrep ixr,
126- /{,usr/}bin/printenv ixr,
127- /{,usr/}bin/printf ixr,
128- /{,usr/}bin/ps ixr,
129- /{,usr/}bin/pwd ixr,
130- /{,usr/}bin/readlink ixr,
131- /{,usr/}bin/realpath ixr,
132- /{,usr/}bin/rev ixr,
133- /{,usr/}bin/rm ixr,
134- /{,usr/}bin/rmdir ixr,
135- /{,usr/}bin/sed ixr,
136- /{,usr/}bin/seq ixr,
137- /{,usr/}bin/sleep ixr,
138- /{,usr/}bin/sort ixr,
139- /{,usr/}bin/stat ixr,
140- /{,usr/}bin/tac ixr,
141- /{,usr/}bin/tail ixr,
142- /{,usr/}bin/tar ixr,
143- /{,usr/}bin/tee ixr,
144- /{,usr/}bin/test ixr,
145- /{,usr/}bin/tempfile ixr,
146- /{,usr/}bin/touch ixr,
147- /{,usr/}bin/tr ixr,
148- /{,usr/}bin/true ixr,
149- /{,usr/}bin/uname ixr,
150- /{,usr/}bin/uniq ixr,
151- /{,usr/}bin/unlink ixr,
152- /{,usr/}bin/unxz ixr,
153- /{,usr/}bin/unzip ixr,
154- /{,usr/}bin/vdir ixr,
155- /{,usr/}bin/wc ixr,
156- /{,usr/}bin/which ixr,
157- /{,usr/}bin/xargs ixr,
158- /{,usr/}bin/xz ixr,
159- /{,usr/}bin/yes ixr,
160- /{,usr/}bin/zcat ixr,
161- /{,usr/}bin/z{,e,f}grep ixr,
162- /{,usr/}bin/zip ixr,
163- /{,usr/}bin/zipgrep ixr,
164- /{,usr/}bin/uptime ixr,
165- @{PROC}/uptime r,
166- @{PROC}/loadavg r,
167-
168- #
169- # Framework service/binary specific rules below here
170- #
171- network bluetooth,
172-
173- capability net_admin,
174- capability net_bind_service,
175-
176- # File accesses
177- /sys/bus/usb/drivers/btusb/ r,
178- /sys/bus/usb/drivers/btusb/** r,
179- /sys/class/bluetooth/ r,
180- /sys/devices/**/bluetooth/ rw,
181- /sys/devices/**/bluetooth/** rw,
182- /sys/devices/**/id/chassis_type r,
183-
184- # TODO: use snappy hardware assignment for this once LP: #1498917 is fixed
185- /dev/rfkill rw,
186-
187- # DBus accesses
188- #include <abstractions/dbus-strict>
189- dbus (send)
190- bus=system
191- path=/org/freedesktop/DBus
192- interface=org.freedesktop.DBus
193- member={Request,Release}Name
194- peer=(name=org.freedesktop.DBus),
195-
196- dbus (send)
197- bus=system
198- path=/org/freedesktop/*
199- interface=org.freedesktop.DBus.Properties
200- peer=(label=unconfined),
201-
202- # Allow binding the service to the requested connection name
203- dbus (bind)
204- bus=system
205- name="org.bluez",
206-
207- # Allow traffic to/from our path and interface with any method
208- dbus (receive, send)
209- bus=system
210- path=/org/bluez{,/**}
211- interface=org.bluez.*,
212-
213- # Allow traffic to/from org.freedesktop.DBus for bluez service
214- dbus (receive, send)
215- bus=system
216- path=/
217- interface=org.freedesktop.DBus.**,
218- dbus (receive, send)
219- bus=system
220- path=/org/bluez{,/**}
221- interface=org.freedesktop.DBus.**,
222-
223- # Allow replacing our dbus policy configuration file until
224- # snappy has a better way to do this.
225- /etc/dbus-1/system.d/bluez_* rw,
226-}
227
228=== removed file 'bluez.seccomp'
229--- bluez.seccomp 2016-01-26 00:25:18 +0000
230+++ bluez.seccomp 1970-01-01 00:00:00 +0000
231@@ -1,457 +0,0 @@
232-#
233-# Seccomp policy for bluez
234-#
235-
236-# Dangerous syscalls that we don't ever want to allow
237-
238-# kexec
239-# EXPLICITLY DENY kexec_load
240-
241-# kernel modules
242-# EXPLICITLY DENY create_module
243-# EXPLICITLY DENY init_module
244-# EXPLICITLY DENY finit_module
245-# EXPLICITLY DENY delete_module
246-
247-# these have a history of vulnerabilities, are not widely used, and
248-# open_by_handle_at has been used to break out of docker containers by brute
249-# forcing the handle value: http://stealth.openwall.net/xSports/shocker.c
250-# EXPLICITLY DENY name_to_handle_at
251-# EXPLICITLY DENY open_by_handle_at
252-
253-# Explicitly deny ptrace since it can be abused to break out of the seccomp
254-# sandbox
255-# EXPLICITLY DENY ptrace
256-
257-# Explicitly deny capability mknod so apps can't create devices
258-# EXPLICITLY DENY mknod
259-# EXPLICITLY DENY mknodat
260-
261-# Explicitly deny (u)mount so apps can't change mounts in their namespace
262-# EXPLICITLY DENY mount
263-# EXPLICITLY DENY umount
264-# EXPLICITLY DENY umount2
265-
266-# Explicitly deny kernel keyring access
267-# EXPLICITLY DENY add_key
268-# EXPLICITLY DENY keyctl
269-# EXPLICITLY DENY request_key
270-
271-# end dangerous syscalls
272-
273-access
274-faccessat
275-
276-alarm
277-brk
278-
279-# ARM private syscalls
280-breakpoint
281-cacheflush
282-set_tls
283-usr26
284-usr32
285-
286-capget
287-
288-chdir
289-fchdir
290-
291-# We can't effectively block file perms due to open() with O_CREAT, so allow
292-# chmod until we have syscall arg filtering (LP: #1446748)
293-chmod
294-fchmod
295-fchmodat
296-
297-# snappy doesn't currently support per-app UID/GIDs so don't allow chown. To
298-# properly support chown, we need to have syscall arg filtering (LP: #1446748)
299-# and per-app UID/GIDs.
300-#chown
301-#chown32
302-#fchown
303-#fchown32
304-#fchownat
305-#lchown
306-#lchown32
307-
308-clock_getres
309-clock_gettime
310-clock_nanosleep
311-clone
312-close
313-creat
314-dup
315-dup2
316-dup3
317-epoll_create
318-epoll_create1
319-epoll_ctl
320-epoll_ctl_old
321-epoll_pwait
322-epoll_wait
323-epoll_wait_old
324-eventfd
325-eventfd2
326-execve
327-execveat
328-_exit
329-exit
330-exit_group
331-fallocate
332-
333-# requires CAP_SYS_ADMIN
334-#fanotify_init
335-#fanotify_mark
336-
337-fcntl
338-fcntl64
339-flock
340-fork
341-ftime
342-futex
343-get_mempolicy
344-get_robust_list
345-get_thread_area
346-getcpu
347-getcwd
348-getdents
349-getdents64
350-getegid
351-getegid32
352-geteuid
353-geteuid32
354-getgid
355-getgid32
356-getgroups
357-getgroups32
358-getitimer
359-getpgid
360-getpgrp
361-getpid
362-getppid
363-getpriority
364-getrandom
365-getresgid
366-getresgid32
367-getresuid
368-getresuid32
369-
370-getrlimit
371-ugetrlimit
372-
373-getrusage
374-getsid
375-gettid
376-gettimeofday
377-getuid
378-getuid32
379-
380-getxattr
381-fgetxattr
382-lgetxattr
383-
384-inotify_add_watch
385-inotify_init
386-inotify_init1
387-inotify_rm_watch
388-
389-# Needed by shell
390-ioctl
391-
392-io_cancel
393-io_destroy
394-io_getevents
395-io_setup
396-io_submit
397-ioprio_get
398-# affects other processes, requires CAP_SYS_ADMIN. Potentially allow with
399-# syscall filtering of (at least) IOPRIO_WHO_USER (LP: #1446748)
400-#ioprio_set
401-
402-ipc
403-kill
404-link
405-linkat
406-
407-listxattr
408-llistxattr
409-flistxattr
410-
411-lseek
412-llseek
413-_llseek
414-lstat
415-lstat64
416-
417-madvise
418-fadvise64
419-fadvise64_64
420-arm_fadvise64_64
421-
422-mbind
423-mincore
424-mkdir
425-mkdirat
426-mlock
427-mlockall
428-mmap
429-mmap2
430-mprotect
431-
432-# LP: #1448184 - these aren't currently mediated by AppArmor. Deny for now
433-#mq_getsetattr
434-#mq_notify
435-#mq_open
436-#mq_timedreceive
437-#mq_timedsend
438-#mq_unlink
439-
440-mremap
441-msgctl
442-msgget
443-msgrcv
444-msgsnd
445-msync
446-munlock
447-munlockall
448-munmap
449-
450-nanosleep
451-
452-# LP: #1446748 - deny until we have syscall arg filtering. Alternatively, set
453-# RLIMIT_NICE hard limit for apps, launch them under an appropriate nice value
454-# and allow this call
455-#nice
456-
457-# LP: #1446748 - support syscall arg filtering for mode_t with O_CREAT
458-open
459-
460-openat
461-pause
462-pipe
463-pipe2
464-poll
465-ppoll
466-
467-# LP: #1446748 - support syscall arg filtering
468-prctl
469-arch_prctl
470-
471-read
472-pread
473-pread64
474-preadv
475-readv
476-
477-readahead
478-readdir
479-readlink
480-readlinkat
481-remap_file_pages
482-
483-removexattr
484-fremovexattr
485-lremovexattr
486-
487-rename
488-renameat
489-renameat2
490-
491-# The man page says this shouldn't be needed, but we've seen denials for it
492-# in the wild
493-restart_syscall
494-
495-rmdir
496-rt_sigaction
497-rt_sigpending
498-rt_sigprocmask
499-rt_sigqueueinfo
500-rt_sigreturn
501-rt_sigsuspend
502-rt_sigtimedwait
503-rt_tgsigqueueinfo
504-sched_getaffinity
505-sched_getattr
506-sched_getparam
507-sched_get_priority_max
508-sched_get_priority_min
509-sched_getscheduler
510-sched_rr_get_interval
511-# LP: #1446748 - when support syscall arg filtering, enforce pid_t is 0 so the
512-# app may only change its own scheduler
513-sched_setscheduler
514-
515-sched_yield
516-
517-select
518-_newselect
519-pselect
520-pselect6
521-
522-semctl
523-semget
524-semop
525-semtimedop
526-sendfile
527-sendfile64
528-
529-# snappy doesn't currently support per-app UID/GIDs so don't allow this family
530-# of syscalls. To properly support these, we need to have syscall arg filtering
531-# (LP: #1446748) and per-app UID/GIDs.
532-#setgid
533-#setgid32
534-#setgroups
535-#setgroups32
536-#setregid
537-#setregid32
538-#setresgid
539-#setresgid32
540-#setresuid
541-#setresuid32
542-#setreuid
543-#setreuid32
544-#setuid
545-#setuid32
546-
547-# These break isolation but are common and can't be mediated at the seccomp
548-# level with arg filtering
549-setpgid
550-setpgrp
551-
552-set_thread_area
553-setitimer
554-
555-# apps don't have CAP_SYS_RESOURCE so these can't be abused to raise the hard
556-# limits
557-setrlimit
558-prlimit64
559-
560-set_mempolicy
561-set_robust_list
562-setsid
563-set_tid_address
564-
565-setxattr
566-fsetxattr
567-lsetxattr
568-
569-shmat
570-shmctl
571-shmdt
572-shmget
573-signal
574-sigaction
575-signalfd
576-signalfd4
577-sigaltstack
578-sigpending
579-sigprocmask
580-sigreturn
581-sigsuspend
582-sigtimedwait
583-sigwaitinfo
584-
585-# Per man page, on Linux this is limited to only AF_UNIX so it is ok to have
586-# in the default template
587-socketpair
588-
589-splice
590-
591-stat
592-stat64
593-fstat
594-fstat64
595-fstatat64
596-lstat
597-newfstatat
598-oldfstat
599-oldlstat
600-oldstat
601-
602-statfs
603-statfs64
604-fstatfs
605-fstatfs64
606-statvfs
607-fstatvfs
608-ustat
609-
610-symlink
611-symlinkat
612-
613-sync
614-sync_file_range
615-sync_file_range2
616-arm_sync_file_range
617-fdatasync
618-fsync
619-syncfs
620-sysinfo
621-syslog
622-tee
623-tgkill
624-time
625-timer_create
626-timer_delete
627-timer_getoverrun
628-timer_gettime
629-timer_settime
630-timerfd_create
631-timerfd_gettime
632-timerfd_settime
633-times
634-tkill
635-
636-truncate
637-truncate64
638-ftruncate
639-ftruncate64
640-
641-umask
642-
643-uname
644-olduname
645-oldolduname
646-
647-unlink
648-unlinkat
649-
650-utime
651-utimensat
652-utimes
653-futimesat
654-
655-vfork
656-vmsplice
657-wait4
658-oldwait4
659-waitpid
660-waitid
661-
662-write
663-writev
664-pwrite
665-pwrite64
666-pwritev
667-
668-# Can communicate with DBus system service
669-accept
670-accept4
671-bind
672-connect
673-getpeername
674-getsockname
675-getsockopt
676-listen
677-recv
678-recvfrom
679-recvmmsg
680-recvmsg
681-send
682-sendmmsg
683-sendmsg
684-sendto
685-setsockopt
686-shutdown
687-socketpair
688-socket
689
690=== removed file 'obex.apparmor'
691--- obex.apparmor 2016-02-01 18:56:32 +0000
692+++ obex.apparmor 1970-01-01 00:00:00 +0000
693@@ -1,225 +0,0 @@
694-#
695-# AppArmor confinement for bluez obexd
696-#
697-
698-#include <tunables/global>
699-
700-# Specified profile variables
701-###VAR###
702-
703-###PROFILEATTACH### (attach_disconnected) {
704- #include <abstractions/base>
705- #include <abstractions/nameservice>
706- #include <abstractions/openssl>
707-
708- # Explicitly deny ptrace for now since it can be abused to break out of the
709- # seccomp sandbox. https://lkml.org/lkml/2015/3/18/823
710- audit deny ptrace (trace),
711-
712- # Explicitly deny mount, remount and umount
713- audit deny mount,
714- audit deny remount,
715- audit deny umount,
716-
717- # Read-only for the install directory
718- @{CLICK_DIR}/@{APP_PKGNAME}/ r,
719- @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/ r,
720- @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/** mrklix,
721-
722- # Read-only home area for other versions
723- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/ r,
724- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ r,
725- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix,
726-
727- # Writable home area for this version.
728- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ w,
729- owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
730-
731- # Read-only system area for other versions
732- /var/lib/snaps/@{APP_PKGNAME}/ r,
733- /var/lib/snaps/@{APP_PKGNAME}/** mrkix,
734-
735- # Writable system area only for this version
736- /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ w,
737- /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
738-
739- # The ubuntu-core-launcher creates an app-specific private restricted /tmp
740- # and will fail to launch the app if something goes wrong. As such, we can
741- # simply allow full access to /tmp.
742- /tmp/ r,
743- /tmp/** mrwlkix,
744-
745- # Miscellaneous accesses
746- /etc/mime.types r,
747- @{PROC}/ r,
748- /etc/{,writable/}hostname r,
749- /etc/{,writable/}localtime r,
750- /etc/{,writable/}timezone r,
751- @{PROC}/sys/kernel/hostname r,
752- @{PROC}/sys/kernel/osrelease r,
753- @{PROC}/sys/fs/file-max r,
754- @{PROC}/sys/kernel/pid_max r,
755- # this leaks interface names and stats, but not in a way that is traceable
756- # to the user/device
757- @{PROC}/net/dev r,
758-
759- #
760- # Various accesses that may or may not be required for your framework.
761- # Adjust as necessary for your services.
762- #
763-
764- # Shell (do not usually need abstractions/bash)
765- #include <abstractions/consoles>
766- /bin/bash ixr,
767- /bin/dash ixr,
768- /etc/bash.bashrc r,
769- /usr/share/terminfo/** r,
770- /etc/inputrc r,
771- deny @{HOME}/.inputrc r,
772- # Common utilities for shell scripts
773- /{,usr/}bin/{,g,m}awk ixr,
774- /{,usr/}bin/basename ixr,
775- /{,usr/}bin/bunzip2 ixr,
776- /{,usr/}bin/bzcat ixr,
777- /{,usr/}bin/bzdiff ixr,
778- /{,usr/}bin/bzgrep ixr,
779- /{,usr/}bin/bzip2 ixr,
780- /{,usr/}bin/cat ixr,
781- /{,usr/}bin/chmod ixr,
782- /{,usr/}bin/cmp ixr,
783- /{,usr/}bin/cp ixr,
784- /{,usr/}bin/cpio ixr,
785- /{,usr/}bin/cut ixr,
786- /{,usr/}bin/date ixr,
787- /{,usr/}bin/dd ixr,
788- /{,usr/}bin/diff{,3} ixr,
789- /{,usr/}bin/dir ixr,
790- /{,usr/}bin/dirname ixr,
791- /{,usr/}bin/echo ixr,
792- /{,usr/}bin/{,e,f,r}grep ixr,
793- /{,usr/}bin/env ixr,
794- /{,usr/}bin/expr ixr,
795- /{,usr/}bin/false ixr,
796- /{,usr/}bin/find ixr,
797- /{,usr/}bin/fmt ixr,
798- /{,usr/}bin/getopt ixr,
799- /{,usr/}bin/head ixr,
800- /{,usr/}bin/hostname ixr,
801- /{,usr/}bin/id ixr,
802- /{,usr/}bin/igawk ixr,
803- /{,usr/}bin/kill ixr,
804- /{,usr/}bin/ldd ixr,
805- /{,usr/}bin/ln ixr,
806- /{,usr/}bin/line ixr,
807- /{,usr/}bin/link ixr,
808- /{,usr/}bin/logger ixr,
809- /{,usr/}bin/ls ixr,
810- /{,usr/}bin/md5sum ixr,
811- /{,usr/}bin/mkdir ixr,
812- /{,usr/}bin/mktemp ixr,
813- /{,usr/}bin/mv ixr,
814- /{,usr/}bin/openssl ixr, # may cause harmless capability block_suspend denial
815- /{,usr/}bin/pgrep ixr,
816- /{,usr/}bin/printenv ixr,
817- /{,usr/}bin/printf ixr,
818- /{,usr/}bin/ps ixr,
819- /{,usr/}bin/pwd ixr,
820- /{,usr/}bin/readlink ixr,
821- /{,usr/}bin/realpath ixr,
822- /{,usr/}bin/rev ixr,
823- /{,usr/}bin/rm ixr,
824- /{,usr/}bin/rmdir ixr,
825- /{,usr/}bin/sed ixr,
826- /{,usr/}bin/seq ixr,
827- /{,usr/}bin/sleep ixr,
828- /{,usr/}bin/sort ixr,
829- /{,usr/}bin/stat ixr,
830- /{,usr/}bin/tac ixr,
831- /{,usr/}bin/tail ixr,
832- /{,usr/}bin/tar ixr,
833- /{,usr/}bin/tee ixr,
834- /{,usr/}bin/test ixr,
835- /{,usr/}bin/tempfile ixr,
836- /{,usr/}bin/touch ixr,
837- /{,usr/}bin/tr ixr,
838- /{,usr/}bin/true ixr,
839- /{,usr/}bin/uname ixr,
840- /{,usr/}bin/uniq ixr,
841- /{,usr/}bin/unlink ixr,
842- /{,usr/}bin/unxz ixr,
843- /{,usr/}bin/unzip ixr,
844- /{,usr/}bin/vdir ixr,
845- /{,usr/}bin/wc ixr,
846- /{,usr/}bin/which ixr,
847- /{,usr/}bin/xargs ixr,
848- /{,usr/}bin/xz ixr,
849- /{,usr/}bin/yes ixr,
850- /{,usr/}bin/zcat ixr,
851- /{,usr/}bin/z{,e,f}grep ixr,
852- /{,usr/}bin/zip ixr,
853- /{,usr/}bin/zipgrep ixr,
854- /{,usr/}bin/uptime ixr,
855- @{PROC}/uptime r,
856- @{PROC}/loadavg r,
857-
858- #
859- # Framework service/binary specific rules below here
860- #
861- network bluetooth,
862-
863- capability net_admin,
864- capability net_bind_service,
865-
866- # File accesses
867- /sys/bus/usb/drivers/btusb/ r,
868- /sys/bus/usb/drivers/btusb/** r,
869- /sys/class/bluetooth/ r,
870- /sys/devices/**/bluetooth/ rw,
871- /sys/devices/**/bluetooth/** rw,
872- /sys/devices/**/id/chassis_type r,
873-
874- # TODO: use snappy hardware assignment for this once LP: #1498917 is fixed
875- /dev/rfkill rw,
876-
877- # DBus accesses
878- #include <abstractions/dbus-strict>
879- dbus (send)
880- bus=system
881- path=/org/freedesktop/DBus
882- interface=org.freedesktop.DBus
883- member={Request,Release}Name
884- peer=(name=org.freedesktop.DBus),
885-
886- dbus (send)
887- bus=system
888- path=/org/freedesktop/*
889- interface=org.freedesktop.DBus.Properties
890- peer=(label=unconfined),
891-
892- dbus (send)
893- bus=system
894- path=/org/freedesktop/*
895- interface=org.freedesktop.DBus.ObjectManager
896- peer=(label=unconfined),
897-
898- # Allow binding the service to the requested connection name
899- dbus (bind)
900- bus=system
901- name="org.bluez.obex",
902-
903- # Allow traffic to/from our path and interface with any method
904- dbus (receive, send)
905- bus=system
906- path=/org/bluez{,/**}
907- interface=org.bluez.*,
908-
909- # Allow traffic to/from org.freedesktop.DBus for bluez service
910- dbus (receive, send)
911- bus=system
912- path=/
913- interface=org.freedesktop.DBus.**,
914- dbus (receive, send)
915- bus=system
916- path=/org/bluez{,/**}
917- interface=org.freedesktop.DBus.**,
918-}
919
920=== removed file 'obex.seccomp'
921--- obex.seccomp 2016-01-28 01:28:49 +0000
922+++ obex.seccomp 1970-01-01 00:00:00 +0000
923@@ -1,457 +0,0 @@
924-#
925-# Seccomp policy for bluez
926-#
927-
928-# Dangerous syscalls that we don't ever want to allow
929-
930-# kexec
931-# EXPLICITLY DENY kexec_load
932-
933-# kernel modules
934-# EXPLICITLY DENY create_module
935-# EXPLICITLY DENY init_module
936-# EXPLICITLY DENY finit_module
937-# EXPLICITLY DENY delete_module
938-
939-# these have a history of vulnerabilities, are not widely used, and
940-# open_by_handle_at has been used to break out of docker containers by brute
941-# forcing the handle value: http://stealth.openwall.net/xSports/shocker.c
942-# EXPLICITLY DENY name_to_handle_at
943-# EXPLICITLY DENY open_by_handle_at
944-
945-# Explicitly deny ptrace since it can be abused to break out of the seccomp
946-# sandbox
947-# EXPLICITLY DENY ptrace
948-
949-# Explicitly deny capability mknod so apps can't create devices
950-# EXPLICITLY DENY mknod
951-# EXPLICITLY DENY mknodat
952-
953-# Explicitly deny (u)mount so apps can't change mounts in their namespace
954-# EXPLICITLY DENY mount
955-# EXPLICITLY DENY umount
956-# EXPLICITLY DENY umount2
957-
958-# Explicitly deny kernel keyring access
959-# EXPLICITLY DENY add_key
960-# EXPLICITLY DENY keyctl
961-# EXPLICITLY DENY request_key
962-
963-# end dangerous syscalls
964-
965-access
966-faccessat
967-
968-alarm
969-brk
970-
971-# ARM private syscalls
972-breakpoint
973-cacheflush
974-set_tls
975-usr26
976-usr32
977-
978-capget
979-
980-chdir
981-fchdir
982-
983-# We can't effectively block file perms due to open() with O_CREAT, so allow
984-# chmod until we have syscall arg filtering (LP: #1446748)
985-chmod
986-fchmod
987-fchmodat
988-
989-# snappy doesn't currently support per-app UID/GIDs so don't allow chown. To
990-# properly support chown, we need to have syscall arg filtering (LP: #1446748)
991-# and per-app UID/GIDs.
992-#chown
993-#chown32
994-#fchown
995-#fchown32
996-#fchownat
997-#lchown
998-#lchown32
999-
1000-clock_getres
1001-clock_gettime
1002-clock_nanosleep
1003-clone
1004-close
1005-creat
1006-dup
1007-dup2
1008-dup3
1009-epoll_create
1010-epoll_create1
1011-epoll_ctl
1012-epoll_ctl_old
1013-epoll_pwait
1014-epoll_wait
1015-epoll_wait_old
1016-eventfd
1017-eventfd2
1018-execve
1019-execveat
1020-_exit
1021-exit
1022-exit_group
1023-fallocate
1024-
1025-# requires CAP_SYS_ADMIN
1026-#fanotify_init
1027-#fanotify_mark
1028-
1029-fcntl
1030-fcntl64
1031-flock
1032-fork
1033-ftime
1034-futex
1035-get_mempolicy
1036-get_robust_list
1037-get_thread_area
1038-getcpu
1039-getcwd
1040-getdents
1041-getdents64
1042-getegid
1043-getegid32
1044-geteuid
1045-geteuid32
1046-getgid
1047-getgid32
1048-getgroups
1049-getgroups32
1050-getitimer
1051-getpgid
1052-getpgrp
1053-getpid
1054-getppid
1055-getpriority
1056-getrandom
1057-getresgid
1058-getresgid32
1059-getresuid
1060-getresuid32
1061-
1062-getrlimit
1063-ugetrlimit
1064-
1065-getrusage
1066-getsid
1067-gettid
1068-gettimeofday
1069-getuid
1070-getuid32
1071-
1072-getxattr
1073-fgetxattr
1074-lgetxattr
1075-
1076-inotify_add_watch
1077-inotify_init
1078-inotify_init1
1079-inotify_rm_watch
1080-
1081-# Needed by shell
1082-ioctl
1083-
1084-io_cancel
1085-io_destroy
1086-io_getevents
1087-io_setup
1088-io_submit
1089-ioprio_get
1090-# affects other processes, requires CAP_SYS_ADMIN. Potentially allow with
1091-# syscall filtering of (at least) IOPRIO_WHO_USER (LP: #1446748)
1092-#ioprio_set
1093-
1094-ipc
1095-kill
1096-link
1097-linkat
1098-
1099-listxattr
1100-llistxattr
1101-flistxattr
1102-
1103-lseek
1104-llseek
1105-_llseek
1106-lstat
1107-lstat64
1108-
1109-madvise
1110-fadvise64
1111-fadvise64_64
1112-arm_fadvise64_64
1113-
1114-mbind
1115-mincore
1116-mkdir
1117-mkdirat
1118-mlock
1119-mlockall
1120-mmap
1121-mmap2
1122-mprotect
1123-
1124-# LP: #1448184 - these aren't currently mediated by AppArmor. Deny for now
1125-#mq_getsetattr
1126-#mq_notify
1127-#mq_open
1128-#mq_timedreceive
1129-#mq_timedsend
1130-#mq_unlink
1131-
1132-mremap
1133-msgctl
1134-msgget
1135-msgrcv
1136-msgsnd
1137-msync
1138-munlock
1139-munlockall
1140-munmap
1141-
1142-nanosleep
1143-
1144-# LP: #1446748 - deny until we have syscall arg filtering. Alternatively, set
1145-# RLIMIT_NICE hard limit for apps, launch them under an appropriate nice value
1146-# and allow this call
1147-#nice
1148-
1149-# LP: #1446748 - support syscall arg filtering for mode_t with O_CREAT
1150-open
1151-
1152-openat
1153-pause
1154-pipe
1155-pipe2
1156-poll
1157-ppoll
1158-
1159-# LP: #1446748 - support syscall arg filtering
1160-prctl
1161-arch_prctl
1162-
1163-read
1164-pread
1165-pread64
1166-preadv
1167-readv
1168-
1169-readahead
1170-readdir
1171-readlink
1172-readlinkat
1173-remap_file_pages
1174-
1175-removexattr
1176-fremovexattr
1177-lremovexattr
1178-
1179-rename
1180-renameat
1181-renameat2
1182-
1183-# The man page says this shouldn't be needed, but we've seen denials for it
1184-# in the wild
1185-restart_syscall
1186-
1187-rmdir
1188-rt_sigaction
1189-rt_sigpending
1190-rt_sigprocmask
1191-rt_sigqueueinfo
1192-rt_sigreturn
1193-rt_sigsuspend
1194-rt_sigtimedwait
1195-rt_tgsigqueueinfo
1196-sched_getaffinity
1197-sched_getattr
1198-sched_getparam
1199-sched_get_priority_max
1200-sched_get_priority_min
1201-sched_getscheduler
1202-sched_rr_get_interval
1203-# LP: #1446748 - when support syscall arg filtering, enforce pid_t is 0 so the
1204-# app may only change its own scheduler
1205-sched_setscheduler
1206-
1207-sched_yield
1208-
1209-select
1210-_newselect
1211-pselect
1212-pselect6
1213-
1214-semctl
1215-semget
1216-semop
1217-semtimedop
1218-sendfile
1219-sendfile64
1220-
1221-# snappy doesn't currently support per-app UID/GIDs so don't allow this family
1222-# of syscalls. To properly support these, we need to have syscall arg filtering
1223-# (LP: #1446748) and per-app UID/GIDs.
1224-#setgid
1225-#setgid32
1226-#setgroups
1227-#setgroups32
1228-#setregid
1229-#setregid32
1230-#setresgid
1231-#setresgid32
1232-#setresuid
1233-#setresuid32
1234-#setreuid
1235-#setreuid32
1236-#setuid
1237-#setuid32
1238-
1239-# These break isolation but are common and can't be mediated at the seccomp
1240-# level with arg filtering
1241-setpgid
1242-setpgrp
1243-
1244-set_thread_area
1245-setitimer
1246-
1247-# apps don't have CAP_SYS_RESOURCE so these can't be abused to raise the hard
1248-# limits
1249-setrlimit
1250-prlimit64
1251-
1252-set_mempolicy
1253-set_robust_list
1254-setsid
1255-set_tid_address
1256-
1257-setxattr
1258-fsetxattr
1259-lsetxattr
1260-
1261-shmat
1262-shmctl
1263-shmdt
1264-shmget
1265-signal
1266-sigaction
1267-signalfd
1268-signalfd4
1269-sigaltstack
1270-sigpending
1271-sigprocmask
1272-sigreturn
1273-sigsuspend
1274-sigtimedwait
1275-sigwaitinfo
1276-
1277-# Per man page, on Linux this is limited to only AF_UNIX so it is ok to have
1278-# in the default template
1279-socketpair
1280-
1281-splice
1282-
1283-stat
1284-stat64
1285-fstat
1286-fstat64
1287-fstatat64
1288-lstat
1289-newfstatat
1290-oldfstat
1291-oldlstat
1292-oldstat
1293-
1294-statfs
1295-statfs64
1296-fstatfs
1297-fstatfs64
1298-statvfs
1299-fstatvfs
1300-ustat
1301-
1302-symlink
1303-symlinkat
1304-
1305-sync
1306-sync_file_range
1307-sync_file_range2
1308-arm_sync_file_range
1309-fdatasync
1310-fsync
1311-syncfs
1312-sysinfo
1313-syslog
1314-tee
1315-tgkill
1316-time
1317-timer_create
1318-timer_delete
1319-timer_getoverrun
1320-timer_gettime
1321-timer_settime
1322-timerfd_create
1323-timerfd_gettime
1324-timerfd_settime
1325-times
1326-tkill
1327-
1328-truncate
1329-truncate64
1330-ftruncate
1331-ftruncate64
1332-
1333-umask
1334-
1335-uname
1336-olduname
1337-oldolduname
1338-
1339-unlink
1340-unlinkat
1341-
1342-utime
1343-utimensat
1344-utimes
1345-futimesat
1346-
1347-vfork
1348-vmsplice
1349-wait4
1350-oldwait4
1351-waitpid
1352-waitid
1353-
1354-write
1355-writev
1356-pwrite
1357-pwrite64
1358-pwritev
1359-
1360-# Can communicate with DBus system service
1361-accept
1362-accept4
1363-bind
1364-connect
1365-getpeername
1366-getsockname
1367-getsockopt
1368-listen
1369-recv
1370-recvfrom
1371-recvmmsg
1372-recvmsg
1373-send
1374-sendmmsg
1375-sendmsg
1376-sendto
1377-setsockopt
1378-shutdown
1379-socketpair
1380-socket
1381
1382=== modified file 'parts/plugins/x-autotools.py'
1383--- parts/plugins/x-autotools.py 2016-04-20 17:42:41 +0000
1384+++ parts/plugins/x-autotools.py 2016-04-20 17:42:41 +0000
1385@@ -72,8 +72,8 @@
1386
1387 return schema
1388
1389- def __init__(self, name, options):
1390- super().__init__(name, options)
1391+ def __init__(self, name, options, project):
1392+ super().__init__(name, options, project)
1393 self.build_packages.extend([
1394 'autoconf',
1395 'automake',
1396@@ -126,5 +126,5 @@
1397
1398 self.run(configure_command + self.options.configflags)
1399 self.run(['make', '-j{}'.format(
1400- snapcraft.common.get_parallel_build_count())])
1401+ self.project.parallel_build_count)])
1402 self.run(make_install_command)
1403
1404=== modified file 'snapcraft.yaml'
1405--- snapcraft.yaml 2016-04-20 17:42:41 +0000
1406+++ snapcraft.yaml 2016-04-20 17:42:41 +0000
1407@@ -9,32 +9,24 @@
1408 apps:
1409 bluetoothctl:
1410 command: usr/bin/bluetoothctl
1411- uses: [bluez-client]
1412+ plugs: [client]
1413 obexctl:
1414 command: usr/bin/obexctl
1415- uses: [bluez-client]
1416+ plugs: [client]
1417 bluez:
1418 command: "usr/lib/bluetooth/bluetoothd -E"
1419 daemon: simple
1420- uses: [bluez-service]
1421+ slots: [service]
1422 obex:
1423 command: "usr/lib/bluetooth/obexd"
1424 daemon: simple
1425- uses: [obex-service]
1426-uses:
1427- bluez-client:
1428- type: migration-skill
1429- caps: [bluez_client]
1430- bluez-service:
1431- type: migration-skill
1432- security-policy:
1433- apparmor: bluez.apparmor
1434- seccomp: bluez.seccomp
1435- obex-service:
1436- type: migration-skill
1437- security-policy:
1438- apparmor: obex.apparmor
1439- seccomp: obex.seccomp
1440+ slots: [service]
1441+plugs:
1442+ client:
1443+ interface: bluez
1444+slots:
1445+ service:
1446+ interface: bluez
1447
1448 parts:
1449 bluez:
1450@@ -74,7 +66,5 @@
1451 dbus-configuration:
1452 plugin: copy
1453 files:
1454- conf/bluez-dbus.conf: conf/bluez-dbus.conf
1455- meta/framework-policy: meta/framework-policy
1456 copyright: usr/share/doc/bluez/copyright
1457 doc/overview.md: usr/share/doc/bluez/overview.md

Subscribers

People subscribed via source and target branches

to all changes: