snapd

mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00

Files

Michael Vogt 85bc5c7221 interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol

* interface/seccomp: add socket AF_QIPCRTR

AF_QIPCRTR (Qualcomm IPC router protocol) is used to communicate
with services provided by other hardware blocks in the system.

Snaps to access some Qualcomm hardware components need this protocol.

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* snap-seccomp: add AF_QIPCRTR and PF_QIPCRTR

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* interfaces/builtin: add qrtr

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* interfaces/builtin/qrtr: limit type to sock_dgram only

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* interfaces/builtin/qualcomm-ipc-router: rename from qrtr and add more details

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* interfaces/builtin/qualcomm-ipc-router: update tests

Signed-off-by: Robert Liu <robert.liu@canonical.com>

* sandbox/apparmor: support checking for network qipcrtr dgram parser feature

This is not a required or even preferred feature at this time, it will just be
used by one specific interface for checking. Eventually it should become a
proper feature that is queried / included in the system-key perhaps, etc. but
the rest of the machinery for this is not available yet.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/qualcomm-ipc-router: only perform the conn if the parser supports it

If the apparmor_parser on the system doesn't support the qipcrtr-socket
feature, then we shouldn't proceed with the connection of the apparmor plug.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/apparmor: expose the apparmor sandbox features through Specification

This allows interfaces to specialize their policy or behavior based on what
features are available in both the parser and the kernel.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/qualcomm-ipc-router: adjust implementation to use spec.Features()

This is the better way where the individual interface doesn't need to import
the sandbox directly and can instead get the features from the specification.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* cmd/snap-seccomp: address gofmt for 1.13

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* tests/interfaces-many-core-provided: check on xenial, qualcomm-ipc-router fails

This interface does not work on xenial, so we should get an error message
trying to connect it.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces: rename MockSetFeatures -> MockFeatures

Thanks to Samuele for the suggestion.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/qualcomm-ipc-router: drop redundant dgram from rule

Thanks to Alex for pointing this out.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* snap-seccomp: import "github.com/mvo5/libseccomp-golang" without the "seccomp" prefix to avoid breaking the debian-sid patch

* tests: fix skip on 16.04 for qualcomm-ipc-router

* interfaces/repo: add comment about issue with AppArmorConnectedPlug failures

Explain a potential issue we are running into with the current state of the
qualcomm-ipc-router interface.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/qualcomm-ipc-router: switch to BeforePreparePlug based impl

Use BeforePreparePlug instead of AppArmorConnectedPlug since
AppArmorConnectedPlug returning non-nil error leads to an inability to process
other connection changes for that snap until snapd is restarted.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* Revert "interfaces/apparmor: expose the apparmor sandbox features through Specification"

This reverts commit bff6b6b2b5c62349e2605c199241c97a61ba6cb3.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/qualcomm-ipc-router: switch to using BeforeConnectPlug

BeforePreparePlug is actually run just when a plug is declared, not necessarily
when the plug is going to be connected. For qualcomm-ipc-router, we want to
reject the connection, not necessarily the plug by itself.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* interfaces/builtin/qualcomm-ipc-router: fix method args to match interface

Also need to adjust the new interfaces.BeforeConnectPlug helper which tests
this as it was using the wrong type as well.

Thanks to Samuele for finding this.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

* tests/main/interfaces-many-core-provided: fix if check for xenial to add UC16

Xenial and Ubuntu Core 16 suffer from the same problem so they both need to be
considered in this check.

Signed-off-by: Ian Johnson <ian.johnson@canonical.com>

Co-authored-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>

Co-authored-by: Tsunghan Liu (Robert Liu) <robert.liu@canonical.com>
Co-authored-by: Ian Johnson <ian.johnson@canonical.com>