Ubuntu Pastebin

Paste from jdstrand at Thu, 14 Apr 2016 19:42:15 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
$ git diff
diff --git a/interfaces/builtin/bluez.go b/interfaces/builtin/bluez.go
index 11ace98..8c6cf7f 100644
--- a/interfaces/builtin/bluez.go
+++ b/interfaces/builtin/bluez.go
@@ -21,6 +21,7 @@ package builtin
 
 import (
        "github.com/ubuntu-core/snappy/interfaces"
+       "regexp"
 )
 
 var bluezPermanentSlotAppArmor = []byte(`
@@ -81,6 +82,8 @@ var bluezPermanentSlotAppArmor = []byte(`
       interface=org.freedesktop.DBus.**,
 `)
 
+var repre = regexp.MustCompile("###[A-Z]+###")
+
 var bluezConnectedPlugAppArmor = []byte(`
 # Description: Allow using bluez service. Reserved because this gives
 #  privileged access to the bluez service.
@@ -91,7 +94,7 @@ var bluezConnectedPlugAppArmor = []byte(`
 # Allow all access to bluez service
 dbus (receive, send)
     bus=system
-    peer=(label=bluez5_bluez_*),
+    peer=(label=snap.###SLOTLABEL###.*),
 
 dbus (send)
     bus=system
@@ -199,7 +202,15 @@ func (iface *BluezInterface) ConnectedPlugSnippet(plug *interfaces.Plug, slot *i
        case interfaces.SecurityDBus:
                return bluezConnectedPlugDBus, nil
        case interfaces.SecurityAppArmor:
-               return bluezConnectedPlugAppArmor, nil
+               policy := repre.ReplaceAllFunc(bluezConnectedPlugAppArmor, func(v []byte) []byte {
+                       switch string(v) {
+                       case "###SLOTNAME###":
+                               // FIXME: this needs to be <snapname>.<app>
+                               return []byte(slot.Snap.Name())
+                       }
+                       return v
+               })
+               return policy, nil
        case interfaces.SecuritySecComp:
                return bluezConnectedPlugSecComp, nil
        case interfaces.SecurityUDev:
Download as text