* interface/seccomp: add socket AF_QIPCRTR
AF_QIPCRTR (Qualcomm IPC router protocol) is used to communicate
with services provided by other hardware blocks in the system.
Snaps to access some Qualcomm hardware components need this protocol.
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* snap-seccomp: add AF_QIPCRTR and PF_QIPCRTR
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* interfaces/builtin: add qrtr
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* interfaces/builtin/qrtr: limit type to sock_dgram only
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* interfaces/builtin/qualcomm-ipc-router: rename from qrtr and add more details
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* interfaces/builtin/qualcomm-ipc-router: update tests
Signed-off-by: Robert Liu <robert.liu@canonical.com>
* sandbox/apparmor: support checking for network qipcrtr dgram parser feature
This is not a required or even preferred feature at this time, it will just be
used by one specific interface for checking. Eventually it should become a
proper feature that is queried / included in the system-key perhaps, etc. but
the rest of the machinery for this is not available yet.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/qualcomm-ipc-router: only perform the conn if the parser supports it
If the apparmor_parser on the system doesn't support the qipcrtr-socket
feature, then we shouldn't proceed with the connection of the apparmor plug.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/apparmor: expose the apparmor sandbox features through Specification
This allows interfaces to specialize their policy or behavior based on what
features are available in both the parser and the kernel.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/qualcomm-ipc-router: adjust implementation to use spec.Features()
This is the better way where the individual interface doesn't need to import
the sandbox directly and can instead get the features from the specification.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-seccomp: address gofmt for 1.13
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/interfaces-many-core-provided: check on xenial, qualcomm-ipc-router fails
This interface does not work on xenial, so we should get an error message
trying to connect it.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces: rename MockSetFeatures -> MockFeatures
Thanks to Samuele for the suggestion.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/qualcomm-ipc-router: drop redundant dgram from rule
Thanks to Alex for pointing this out.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* snap-seccomp: import "github.com/mvo5/libseccomp-golang" without the "seccomp" prefix to avoid breaking the debian-sid patch
* tests: fix skip on 16.04 for qualcomm-ipc-router
* interfaces/repo: add comment about issue with AppArmorConnectedPlug failures
Explain a potential issue we are running into with the current state of the
qualcomm-ipc-router interface.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/qualcomm-ipc-router: switch to BeforePreparePlug based impl
Use BeforePreparePlug instead of AppArmorConnectedPlug since
AppArmorConnectedPlug returning non-nil error leads to an inability to process
other connection changes for that snap until snapd is restarted.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* Revert "interfaces/apparmor: expose the apparmor sandbox features through Specification"
This reverts commit bff6b6b2b5c62349e2605c199241c97a61ba6cb3.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/qualcomm-ipc-router: switch to using BeforeConnectPlug
BeforePreparePlug is actually run just when a plug is declared, not necessarily
when the plug is going to be connected. For qualcomm-ipc-router, we want to
reject the connection, not necessarily the plug by itself.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/builtin/qualcomm-ipc-router: fix method args to match interface
Also need to adjust the new interfaces.BeforeConnectPlug helper which tests
this as it was using the wrong type as well.
Thanks to Samuele for finding this.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/interfaces-many-core-provided: fix if check for xenial to add UC16
Xenial and Ubuntu Core 16 suffer from the same problem so they both need to be
considered in this check.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
Co-authored-by: Tsunghan Liu (Robert Liu) <robert.liu@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
* Special-case system-files and force refreshing its static attributes on
reloadConnections. Fixes LP: #1942266
* tests/regression: add regression test for LP #1942266
This test currently fails.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* Incorporate spread test from Ian.
* Rename snap files to be consistent with snap name.
* Add extra test check
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
* tests/regression/lp-1942266: don't run on systems w/o apparmor
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Ian Johnson <person.uwsome@gmail.com>
This should allow an access of the form:
AVC apparmor="DENIED" operation="open" profile="snap.name.app" name=/sys/devices/platform/soc@0/30800000.bus/30be0000.ethernet/net/eth0/address pid=18219 comm="vgc-bc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Shellcheck complains:
```
ERROR:root:tests/main/services-install-hook-can-run-svcs/task.yaml: section 'execute':
In - line 5:
sed ./test-snapd-install-hook-runs-svc/meta/hooks/install.in -e s/%%FLAGS%%/$FLAGS/ > ./test-snapd-install-hook-runs-svc/meta/hooks/install
^----^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
sed ./test-snapd-install-hook-runs-svc/meta/hooks/install.in -e s/%%FLAGS%%/"$FLAGS"/ > ./test-snapd-install-hook-runs-svc/meta/hooks/install
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
ERROR:root:validation failed for the following files:
- tests/main/services-install-hook-can-run-svcs/task.yaml
```
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
The latest libseccomp updated the syscalls list to match what is available in
Linux v5.14-rc7 [1].
1. 5c22d4b682
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* interfaces/interfaces/ion-memory-control: add: add interface for Android ION memory allocator
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* tests: add ion-memory-control to snap.yaml and base decl tests
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* interfaces/interfaces/ion-memory-control: adding reference url about ion to the apparmot snippet
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
Additional ambarella kernel driver is required to access the CV2X
processor registers so this enabled the capability to set the internal
value at run time.
Signed-off-by: Hsieh-Tseng Shen <woodrow.shen@canonical.com>
The new and the older shellcheck versions disagree about the
nature of the echo -e warning. New shellcheck warns with SC3037
and old with SC2039. The old shellcheck runs when in the
tests/unit/go spread test and the new in GH actions. Given that
this is the only instance where this is a problem this commit just
makes shellcheck ignore both the old and the new code for the issue.
This was merged as part of #10443 [1] but because it got squashed
we need the isolated fix for 2.51.
[1] bd730fd49c
* snapstate: abort kernel refresh if no gadget update can be found
This commit detects if a kernel refresh is in progress that does
not contain a "update-gadget-assets" task and aborts this part
of the change if that happens. This works around the issue that
is triggered in https://bugs.launchpad.net/snapd/+bug/1940553
A manager test for this is also added.
* handler: explicitly error on missing update-gadget-assets task (thanks to Ian,Samuele)
* snapstate: add/use new TestingOnlyLeaveOutKernetUpdateGadgetAssets
To test an upgrade from an old snapd that does not create the
"update-gadget-assets" tasks a new flag
"TestingOnlyLeaveOutKernetUpdateGadgetAssets" is added that can
be used in tests to test that snapd DTRT when upgrading from
a broken version of snapd.
* snapstate,overlord: simplify TestingLeaveOutKernetUpdateGadgetAssets usage
* overlord: fix typo
* snapstate: only skip adding the kernel "update-gadget-assets" for type kernel
* overlord: improve error message
* overlord: add SetTestingLeaveOutKernelUpdateGadgetAssets() that checks for osutil.IsTestBinary()
* overlord: improve error message (thanks to Ian)
* Revert "overlord: add SetTestingLeaveOutKernelUpdateGadgetAssets() that checks for osutil.IsTestBinary()"
This reverts commit 3f55cf4b89c34fd286d30e26dd38d489f897c20c.
* many: shellcheck fixes
We got a new shellcheck in "edge" and it seems this broke master.
This commit adds the required fixes.
* tests: update `shellcheck disable=SC3037` for echo -e
We want to keep the `echo -e` - using printf is not cleaner and
also results in a shellcheck warning. We already had a shellcheck
disable that seems to have been changed with the new version of
shellcheck. So this commit updates it to the new SC3037 value.
We want to check that `assumes` are handled correctly early. This
commit adds manager tests for `Install`, `Update` and `UpdateMany`
to ensure that snaps with the wrong `assumes` are rejected before
the taskset is generated.
This also required adding "snap-yaml" to the mockServer in
the manager tests.
Our code did not deal with the `assumes:` field in the raw yaml
that we get from the store. This lead to the really nasty bug
that on a refresh the assumes is not checked correctly, see
https://bugs.launchpad.net/snapd/+bug/1940553
* osutil: rework TotalSystemMemory to TotalUsableMemory
This commit renames total TotalSystemMemory to TotalUsableMemory
and also changes the code to take the CmaTotal into account. This
is the memory reserved by the "Contiguous Memory Allocator" and
it is not usable for normal processes. This kind of memory is
used e.g. by the framebuffer of the Raspberry Pi or by DSPs on
certain boards.
* secboot: use half the mem for KDF in AddRecoveryKey
Instead of benchmarking the KDF parameters for the recovery key
(which takes some time to run) we can also use defaults for the
KDF parameters. The defaults suggested by Chris are "4 iterations"
and half the usable memory. This commit implements the suggestions.
* secboot: update KDF memory heuristic
After discussing with Chris and Samuele we updated the KDF memory
heuristic so that it takes more parameters in mind. It now
considers the usable memory and substracts a hardcoded 384MB
that is required to have a working system (a bit of a conservative
estiamte) and then takes half of this for the KDF memory.
* osutil,secboot: fix typos
* secboot: add comment about minimum mem
* osutil: rework TotalSystemMemory to TotalUsableMemory
This commit renames total TotalSystemMemory to TotalUsableMemory
and also changes the code to take the CmaTotal into account. This
is the memory reserved by the "Contiguous Memory Allocator" and
it is not usable for normal processes. This kind of memory is
used e.g. by the framebuffer of the Raspberry Pi or by DSPs on
certain boards.
* secboot: use half the mem for KDF in AddRecoveryKey
Instead of benchmarking the KDF parameters for the recovery key
(which takes some time to run) we can also use defaults for the
KDF parameters. The defaults suggested by Chris are "4 iterations"
and half the usable memory. This commit implements the suggestions.
* secboot: update KDF memory heuristic
After discussing with Chris and Samuele we updated the KDF memory
heuristic so that it takes more parameters in mind. It now
considers the usable memory and substracts a hardcoded 384MB
that is required to have a working system (a bit of a conservative
estiamte) and then takes half of this for the KDF memory.
* osutil,secboot: fix typos
* secboot: add comment about minimum mem
The main encryption key is high entropy 256bit already so there is
no need to use a strong KDF on top of this. There was a PR already
that switched this to 32MB but it turns out that 32KB is enough.
