* asserts,i/policy: add on-core-desktop constraint
This is required for interface behaviours that are different on Core Desktop.
* interfaces/builtin/home: autoconnect home on core desktop
Core desktop is much like a classic system in that the user would reasonably
expect to be able to access this home directory.
* build-aux: update vendored apparmor to 4.0.1 release
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* build-aux: add autoconf-archive to apparmor/build-packages
Unlike the Launchpad tarball, the one from apparmor gitlab tarball
requires this to be present as it is just a snapshot of the git tree,
not a release tarball like those provided by Launchpad.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* build-aux: remove apparmor parser performance patch
This was already included upstream as part of the 3.1.0 release and
hence is included in the 4.0.1 release which we are now vendoring.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* build-aux: remove remote patch application logic
They are already included in apparmor 4.x release.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* build-aux: remove local patch application logic
All local patches are now merged in the 4.x release.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* cmd/configure.ac: expect apparmor 4.0.1 when building as a snap
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* sandbox/apparmor: use apparmor 4.0 abi with vendored parser
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* sandbox/apparmor: add debug logging when probing parser features
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* sandbox/apparmor: log apparmor_parser version when probing features
This is helpful when trying to debug why certain features may not be supported.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* tests/main: update for new vendored apparmor 4.0
Signed-off-by: Alex Murray <alex.murray@canonical.com>
* Reapply "i/builtin: allow docker-support to use mqueue (#13738)" (#13765)
This reverts commit ce298864e3.
* interfaces: adjust docker-support test to handle mqueue
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* sandbox/apparmor: mask mqueue feature until apparmor 4.0.1
It seems that mediation of mqueue is miscompiled by apparmor_parser
4.0.0~beta3 that was present in Ubuntu 24.04 until the 10th of July
2024. Detect this and mask the presence of mqueue unless apparmor parser
4.0.1, or newer, is used.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* sandbox/apparmor: support bundled 3.0 or 4.0 (preferred) abi
Mirror the logic used in apparmor-from-the-host to apparmor-from-snapd-snap.
This mainly fixes tests that repackage old snapd snap without touching
apparmor, but in general seems like the right thing to do.
The logic is such, that abi 4 is preferred.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* sandbox/apparmor: unify test mocking logic
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* sandbox/apparmor: refactor appArmorParserVersion not to clobber cmd
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* sandbox/apparmor: fix pair of typos
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
---------
Signed-off-by: Alex Murray <alex.murray@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Co-authored-by: Alex Murray <alex.murray@canonical.com>
* Add snippets with priorities
AppArmor rules that forbid access to a resource have more
priority than rules that allow access to those same resources.
This means that if an interface restricts access to an specific
resource, it won't be possible to enable access to that same
resource from another, more privileged, interface.
An example of this is reading the .desktop files of all the
installed snaps in the system: the superprivileged interface
'desktop-launch' enables access to these files, so any snap
that has a connected plug for this interface should be able
to read them. Unfortunately, the 'desktop-legacy' interface
explicitly denies access to these files, and since it is
connected automatically if a snap uses the 'desktop' or the
'unity7' interfaces, this mean that no graphical application
will be able to read the .desktop files, even if the super-
privileged interface 'desktop-launch' interface is connected.
To allow this specific case, a temporary patch (
https://github.com/snapcore/snapd/pull/13933) was created and
merged, but it is clearly an ugly and not-generic solution.
For this reason, this new patch was created, following the
specification https://docs.google.com/document/d/1K-1MYhp1RKSW_jzuuyX7TSVCg2rYplKZFdJbZAupP4Y/edit
This patch allows to add "prioritized snippets". Each one has
an UID and a priority. If no prioritized snippet with the same
UID has been previously added, the new prioritized snippet will
be added like any other normal snippet. But if there is already
an added snippet with the same UID, then the priority of both
the old and the new snippets are compared. If the new priority
is lower than the old one, the new snippet is ignored; if the
new priority is bigger than the old one, the new snippet fully
replaces the old one. Finally, if both priorities are the same,
the new snippet will be appended to the old snippet.
This generic mechanism allows to give an interface priority
over others if needed, like in the previous case.
* Remove slices.Contains, since seems to be not supported
* Update interfaces/apparmor/spec.go
Co-authored-by: Zygmunt Bazyli Krynicki <me@zygoon.pl>
* Use testutils.Contains
* Replace "uid" with "key" for clarity and sanity
* Add specific type for priority keys and force registering them
* Remove unneeded return
* Use SnippetKey as type
* Don't use "slice" since MacOS seems to not support it
* Update interfaces/apparmor/spec.go
Co-authored-by: Zygmunt Bazyli Krynicki <me@zygoon.pl>
* Update interfaces/apparmor/spec.go
Co-authored-by: Zygmunt Bazyli Krynicki <me@zygoon.pl>
* Use String instead of GetValue
* Use SnippetKey as key instead of the inner string
* Update interfaces/connection.go
Co-authored-by: Zygmunt Bazyli Krynicki <me@zygoon.pl>
* Several changes requested
* Create the SnippetKeys inside Spec
* Move key registration outside Spec
This creates a centralized key registry inside apparmor module,
so keys can be registered using top variables, and any
duplicated key will produce a panic when snapd is launched,
thus just panicking in any test too.
* Added extra ways of working with SnippetKeys
* Add extra check
* Replace GetSnippetKey with GetSnippetKeys
* Update the priority code use case
A previous PR was merged with a Quick&Dirty(tm) solution to the
priority problem between unity7 and desktop-legacy interfaces
against desktop-launch interface.
Now that it has been merged, that code must be updated to the
new mechanism implemented in this PR. This is exactly what this
commit does.
* Add explanation and constants for prioritized snippets
* Fix prioritized snippet key and add test in all_test
* Several changes requested by Zygmunt Vazyli
---------
Co-authored-by: Zygmunt Bazyli Krynicki <me@zygoon.pl>
Some applications like real-time ones often need to control the CPU C-state.
Which is a capability that makes sense to be added in cpu-control interface.
- add: AppArmor rule to access cpu_dma_latency device node.
- add: udev rule to allow access of cpu_dma_latency device node.
- add: unit test for udev rule
see: https://docs.kernel.org/power/pm_qos_interface.html#pm-qos-framework
Signed-off-by: Lincoln Wallace <lincoln.wallace@canonical.com>
* sandbox/apparmor: add GenerateAAREExclusionPatterns
This function is generic (and complex) enough to be able to handle all of the
overlapping and wildcard behavior we need in docker-support, and it could also
serve to replace numerous other places in the codebase where we need this sort
of complex behavior. It is a generalization of the existing
aareExclusionPatterns helper, though it's actually unclear if this exact
implementation will currently be able to serve the use case from that helper
directly or if more options/adjustments are needed to enable that use case as
well.
To keep the diff smaller, this patch does not actually change any of the
profiles/interfaces, just TODO's are left for where to use it.
Note that the generated rules are slightly more condensed in terms of number of
rules but significantly more verbose in terms of alternations, not sharing more
of repeated substrings between alternations inside the patterns. This was done
explicitly to keep the generating code simpler and easier to understand, but it
may prove to have performance effects, either detrimental or benevolent but
that should be measured before deciding to make the generation code even more
complex than it already is.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/docker-support: generate AARE exclusion patterns with helper func
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* sandbox/apparmor: unexport helper functions
These were not meant to be exported, only the fully generic one is meant to be
exported.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* sandbox/apparmor: fix bug mis-sorting capitalized letters in AARE exclude patt
Thanks to Alberto for spotting this :-)
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* sandbox/apparmor: fix format issues introduced during rebase
* sandbox/apparmor: simplify generateAAREExclusionPatternsGenericImpl
* sandbox/apparmor: add checks for unsupported cases and improve documentation
* sandbox/apparmor: update tests to compare the apparmor binary instead of source
* interfaces/builtin/docker_support: check if userns is supported before adding it to the profile
* interfaces/builtin/docker_support: fix dependencies
* sandbox/apparmor: use placeholders
* i/b/docker_support_test: update TestGenerateAAREExclusionPatterns to use SnapAppSet
* testutil/apparmor: use go crypto/sha1 module instead of system sha1sum command
* {sandbox,testutil}/apparmor: minor format fixes
* move helper to find common prefix to strutil
* add copyright info
* use string builder
* i/b/docker_support_test.go: update accordingly to 277fbc266e (many: add components to interfaces.SnapAppSet (#13837))
* strutil/commonprefix.go: remove extra empty line
* sandbox/apparmor/apparmor.go: sort prefixes to ensure profile is always the same
* sandbox/apparmor/apparmor.go: remove extra empty line
* i/b/docker_support_test: skip TestGenerateAAREExclusionPatterns is apparmor_parser is not usable
---------
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces: give priority to desktop-launch over desktop-legacy
The interface 'desktop-legacy' (and 'unity7') specifically
denies read access to the .desktop files, which means that any
extension that requires it (like gnome or kde) won't be able
to read them.
Unfortunately, there are some specific cases where reading the
.desktop files is mandatory, like when implementing the new
Refresh Awareness specification. This specification requires
to show the "visible name" of a snap, and its icon, and in
order to have access to that, it is mandatory to be able to
read the .desktop files.
The 'desktop-launch' interface does include read access to the
.desktop files. Although it is a very privileged interface, it
is not a problem because the snaps that implement the Refresh
Awareness specification are too, so using it to gain access to
the .desktop files should be enough. Unfortunately, mixing it
with 'desktop-legacy' interface (which happens when the snap
implementing the Refresh Awareness specification also uses the
gnome or the kde extension) results in not having access to
the files, because the 'deny' rules set by the later have
priority over any 'allow' rule set by the former.
This PR adds a check when adding the specific .desktop rules
in the 'desktop-legacy' interface: if the snap has a plug for
the 'desktop-launch' interface, it won't apply the .desktop
rules. This is not a problem, because without them, no access
is granted by default (the rules added by 'desktop-legacy'
allow to list the .desktop files, but not read them).
* Use the interface name instead of the plug name
* Fix tests
* Add extra check with both plugs connected
* Change comparison in test
* Changes requested
* Add FIXME comment for the new code
Set controls-device-cgroup flag for lxd-support interface, thus allowing LXD to
self manage the device cgroup and also be exempt from the mandatory device
cgroup set up with core24 base.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* i/prompting: implement path pattern expansion
Path patterns may include arbitrary nested groups, delimited by '{' and
'}', up to a limit on the total number of groups. In order to compare
the precedence of path patterns which match a given path, these path
patterns must be expanded until no groups remain, and thus the
particular group-free patterns which was resolved from the original
patterns when matching the path can be compared.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: add PathPattern type for pattern validation and expansion
Rather than separately validate and expand path patterns, storing the
result as a list of expanded patterns, parse a pattern into a
PathPattern type, which can dynamically render expanded path patterns as
needed with minimal overhead.
When path patterns are received from prompting clients, path patterns
can be unmarshalled and automatically validated, and any future use of
the pattern in-memory can use the pre-parsed PathPattern to iterate
through expanded path patterns without needing to explicitly expand and
store all path patterns.
Additionally, the new PathPattern type should be used in Constraints in
place of the old path pattern string.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: refactor path pattern parsing
Rather than keep separate stacks for the sequences and paths which the
parser is currently inside, instead keep a single stack, to which the
existing sequence and a new group is added whenever a '{' rune is
encountered.
Then there is no need to no need for a variable to hold the current
group, peeking the stack yields the most recent group, to which the
current sequence can be added whenever a ',' or '}' is encountered.
When a '}' is encountered, the most recent group is popped off the
stack, the current sequence is added to it (completing the group), and
then the previous sequence is popped off the stack and the completed
group is added to it. From there, that previous sequence is now
considered the current sequence until another '{' is encountered.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: use stack instead of non-temp current sequence variable
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: improve error message prefixes
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: moved patterns to dedicated subpackage of prompting
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: add scanner, parser, and renderer for path patterns
Co-authored-by: Oliver Calder <oliver.calder@canonical.com>
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: add minimal tests for scan and render
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: replace parser in path pattern struct
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: add recursion depth check for nested groups
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: adjusted error messages
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: preserve escape characters in expanded patterns
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: scanner detects invalid chars and returns error
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: fix formatting
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: add helper for converting read runes into text token
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: consolidate render node types into render.go
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: only re-render differences from previous configuration
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: remove GoString functions from render config types
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting{,/patterns}: added dedicated Match method to PathPattern
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: unexport all internal types and interfaces
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: rename renderConfig to variantState
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: unexported internal renderAllVariants
Also improved naming and documentation.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: renamed local variables to match new variantState naming
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: variantState has Render method and renderNode
Add a reference to the `renderNode` used to generate a given
`variantState` to that state itself. This allows methods on
`variantState` to be called without needing to pass as a parameter the
same `renderNode` which was used to generate the `variantState`.
Also, move the `Render` function to be a method on `variantState`
instead of `renderNode`. This makes sense semantically, since we render
particular variants, rather than nodes themselves, and makes sense
ergonomically since we now have a reference to the `renderNode` within
each `variantState`, so there is no need to pass parameters around for
nodes and variants which are required to be associated anyway.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: consolidate optimize and fix nodeEqual
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: add tests for tokenType.String
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: use dedicated flag to tell when all seq variants are exhausted
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: use ..._internal_test.go for non-exported test files
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: fix growing of render buffer, unexport peek
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: merge literalVariant into literal
Add comment as such to the `literal` type definition, and have
`literal.NextVariant` return length 0 to make it consistent with other
`variantState` types.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: preallocate render buffer for initial variant
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: improve error handling
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: moved simple bad pattern checks to scanner
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: return length along with initial variant
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting/patterns: simplify check if more variants remain when rendering
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
---------
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Co-authored-by: Zygmunt Krynicki <me@zygoon.pl>
* o/snapstate: make a managed refresh schedule not require any additional checks
Drop the additional check to CanManageRefreshes() when the refresh schedule is
already set to 'managed'. This was originally a way to ensure that there is at
least one snap entitled to directly manage the refreshes or fall back to the
default auto-refresh schedule. However, the conditions in which the fallback
would be applied are incorrect and could lead to a situation when snapd would
trigger an auto-refresh even while a snap which is entitled to using a managed
refresh schedule is being refreshed (due to the snapd-control being temporarily
disconnected). On top of this, since the device was once switched to managed, it
clearly means that it was entitled to do so and it was intentional, hence we
should not accidentally break the expectations.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* o/devicestate: tweak comment around CanManageRefreshes()
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* o/configstate/configcore: tweak comments around managed refresh schedule
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* o/snapstate: refresh hints report managed refresh when schedule is set to managed
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* o/snapstate, o/devicestate: drop snapstate.CanManageRefreshes
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* overlord: add a durability test of connections during a refresh
* overlord: improve test for both old and fixed scenarios
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* overlord: tweak test comments
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* overlord: fix data race in unit tests
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
---------
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
Co-authored-by: Philip Meulengracht <the_meulengracht@hotmail.com>
* i/builtin: add registry interface
Add a registry interface that snaps can use to access a particular
registry view.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* registry: constrain registry name
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
---------
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* i/b/network_manager: allow access to netplan dbus and gnutls config
* i/b/network_manager: additionally add dbus socket
* i/b/network_manager: move some permissions to the connected plug
* i/b/network_manager.go: remove redundant dbus method
* i/b/network_manager: dbus was not strictly needed for now
Allow plugs to specify the $PLUG_PUBLISHER_ID in attribute constraints
such that interfaces can restrict auto-connection to when certain
attributes match their publisher IDs.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
The global.bin seccomp filter was written before we had support for
explicit deny rules in snap-seccomp. With these rules we can replace
the hard to followup logic of the global filter and just make the
rules part of the standard seccomp template.
The global rules are best summarized in this comment:
```
struct scmp_arg_cmp no_tty_inject = {
/* We learned that existing programs make legitimate requests with all
* bits set in the more significant 32bit word of the 64 bit double
* word. While this kernel behavior remains suspect and presumably
* undesired it is unlikely to change for backwards compatibility
* reasons. As such we cannot block all requests with high-bits set.
*
* When faced with ioctl(fd, request); refuse to proceed when
* request&0xffffffff == TIOCSTI. This specific way to encode the
* filter has the following important properties:
*
* - it blocks ioctl(fd, TIOCSTI, ptr).
* - it also blocks ioctl(fd, (1UL<<32) | TIOCSTI, ptr).
* - it doesn't block ioctl(fd, (1UL<<32) | (request not equal to TIOCSTI), ptr); */
.arg = 1,
.op = SCMP_CMP_MASKED_EQ,
.datum_a = 0xffffffffUL,
.datum_b = TIOCSTI,
};
sc_err = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), sys_ioctl_nr, 1, no_tty_inject);
```
and the same for `TIOCLINUX`.
The Thinkpad x13s exposes USB device busnum files at a slightly different path:
apparmor="DENIED" operation="open" class="file" profile="snap.android-platform-tools.adb"
name="/sys/devices/platform/soc@0/a6f8800.usb/a600000.usb/xhci-hcd.1.auto/usb1/1-1/busnum"
pid=78132 comm="libusb_event" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Accommodate for that by adjusting the path in the generated AppArmor profile.
Path pattern matching is implemented via the doublestar package, which
emulates bash's globstar matching. Patterns may include '*' wildcard
characters (which match any number of non-separator characters), '**'
doublestars (which match zero or more subdirectories), '?' wildcard
characters (which match exactly one non-separator character), and nested
groups delimited by '{' and '}'. Notably, path patterns are *not* allowed
to have character classes delimited by '[' and ']', nor inverted
classes of the form "[^abc]".
There is a limit on the number of groups allowed in path patterns, but
up to that limit, groups may be arbitrarily nested or sequential.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
i/prompting: fix typo and add notes to remove test boilerplate
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
i/prompting: use separate test suite for patterns
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
i/prompting: improve unit test coverage
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: count and validate true number of expanded patterns
Rather than counting the number of groups and using it as a heuristic
for the number of patterns into which a given path pattern will expand,
instead compute the true number of expanded patterns and compare it
against a set limit.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: implement path pattern checks in constraints
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: throw error if group depth exceeds maximum expanded patterns
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* packaging: add doublestar dependency for prompting pattern matching
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* i/prompting: remove standalone path pattern validation
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
---------
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Now that we have app sets in the interfaces repo, keep a pointer to them in ConnectedPlug/Slot types. Use this to build label expressions in the interfaces.
* many: add a pointer to a SnapAppSet into Connected(Plug|Slot) to that interfaces can build a complete label expression, including component hooks
* interfaces: update doc comments on ConnectedPlug/Slot.AppSet
* interfaces: remove TODO that has been addressed
* interfaces: use app set pointer for instance name check
* snap: add Runnable type that represents the runnable parts of a snap
* interfaces, o/ifacestate: use snap.Runnable rather than interfaces.Runnable
* interfaces, i/builtin, o/ifacestate: panic on failed invariant check in NewConnectedPlug/Slot
* interfaces: add methods to app set for getting runnables that can connect to plug/slot
* interfaces: build label expressions using runnables
* interfaces: doc comment for SlotRunnables
* interfaces: implement Slot/PlugRunnables with shared helper
* interfaces: log and skip security tags that do not match expected pattern
* snap, interfaces: move runnable constructors to methods on AppInfo and HookInfo
* interfaces: refactor to allow labelExpr to operate directly on a ConnectedPlug/Slot
* snap: move around Runnable methods
Add a Provenance to snap.ComponentInfo. This allows snap pack to work with components that define a provenance in their component.yaml file.
* snap, interfaces, daemon: add Provenance field to ComponentInfo
* s/pack: test packing component with provenance
* snap: validate provenance when parsing component.yaml
* many: replace interfaces.Repo.AddSnap with AddAppSet
* interfaces: remove repo.RemovePlug since it is unused
* interfaces: simplify check for a snap's presence in interfaces repo
* interfaces: update doc comment on Repository.AddAppSet
* o/ifacestate: fix duplicate init of app set following refactor in master
* o/snapstate: fix bug that caused implicit slots to be added to core and snapd snaps
