skills

package
v0.0.0-...-921daf7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2016 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrUnknownSecurity is reported when a skill type is unable to deal with a given security system.
	ErrUnknownSecurity = errors.New("unknown security system")
)

Functions

func LoadBuiltInTypes 

func LoadBuiltInTypes(repo *Repository) error

LoadBuiltInTypes loads built-in skill types into the provided repository.

func ValidateName 

func ValidateName(name string) error

ValidateName checks if a string can be used as a skill or slot name.

Types

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

Repository stores all known snappy skills and slots and types.

func NewRepository 

func NewRepository() *Repository

NewRepository creates an empty skill repository.

func (*Repository) AddSkill 

func (r *Repository) AddSkill(skill *Skill) error

AddSkill adds a skill to the repository. Skill names must be valid snap names, as defined by ValidateName. Skill name must be unique within a particular snap.

func (*Repository) AddSlot 

func (r *Repository) AddSlot(slot *Slot) error

AddSlot adds a new slot to the repository. Adding a slot with invalid name returns an error. Adding a slot that has the same name and snap name as another slot returns an error.

func (*Repository) AddType 

func (r *Repository) AddType(t Type) error

AddType adds the provided skill type to the repository.

func (*Repository) AllSkills 

func (r *Repository) AllSkills(skillType string) []*Skill

AllSkills returns all skills of the given type. If skillType is the empty string, all skills are returned.

func (*Repository) AllSlots 

func (r *Repository) AllSlots(skillType string) []*Slot

AllSlots returns all skill slots of the given type. If skillType is the empty string, all skill slots are returned.

func (*Repository) Grant 

func (r *Repository) Grant(skillSnapName, skillName, slotSnapName, slotName string) error

Grant grants the named skill to the named slot of the given snap. The skill and the slot must have the same type.

func (*Repository) GrantedBy 

func (r *Repository) GrantedBy(snapName string) map[*Skill][]*Slot

GrantedBy returns all of the skills granted by a given snap.

func (*Repository) GrantedTo 

func (r *Repository) GrantedTo(snapName string) map[*Slot][]*Skill

GrantedTo returns all the skills granted to a given snap.

func (*Repository) GrantsOf 

func (r *Repository) GrantsOf(snapName, skillName string) []*Slot

GrantsOf returns all of the slots that were granted the provided skill.

func (*Repository) RemoveSkill 

func (r *Repository) RemoveSkill(snapName, skillName string) error

RemoveSkill removes the named skill provided by a given snap. The removed skill must exist and must not be used anywhere.

func (*Repository) RemoveSlot 

func (r *Repository) RemoveSlot(snapName, slotName string) error

RemoveSlot removes a named slot from the given snap. Removing a slot that doesn't exist returns an error. Removing a slot that uses a skill returns an error.

func (*Repository) Revoke 

func (r *Repository) Revoke(skillSnapName, skillName, slotSnapName, slotName string) error

Revoke revokes the named skill from the slot of the given snap.

Revoke has three modes of operation that depend on the passed arguments:

  • If all the arguments are specified then Revoke() finds a specific skill slot and a specific skill and revokes that skill from that skill slot. It is an error if skill or skill slot cannot be found or if the grant does not exist.
  • If skillSnapName and skillName are empty then Revoke() finds the specified skill slot and revokes all the skills granted there. It is not an error if there are no such skills but it is still an error if the skill slot does not exist.
  • If skillSnapName, skillName and slotName are all empty then Revoke finds the specified snap (designated by slotSnapName) and revokes all the skills from all the skill slots found therein. It is not an error if there are no such skills but it is still an error if the snap does not exist or has no slots at all.

func (*Repository) SecurityFilesForSnap 

func (r *Repository) SecurityFilesForSnap(snapName string) (map[string][]byte, error)

SecurityFilesForSnap returns the paths and contents of security files for a given snap.

func (*Repository) SecuritySnippetsForSnap 

func (r *Repository) SecuritySnippetsForSnap(snapName string, securitySystem SecuritySystem) (map[string][][]byte, error)

SecuritySnippetsForSnap collects all of the snippets of a given security system that affect a given snap. The return value is indexed by app name within that snap.

func (*Repository) Skill 

func (r *Repository) Skill(snapName, skillName string) *Skill

Skill returns the specified skill from the named snap.

func (*Repository) Skills 

func (r *Repository) Skills(snapName string) []*Skill

Skills returns the skills offered by the named snap.

func (*Repository) Slot 

func (r *Repository) Slot(snapName, slotName string) *Slot

Slot returns the specified skill slot from the named snap.

func (*Repository) Slots 

func (r *Repository) Slots(snapName string) []*Slot

Slots returns the skill slots offered by the named snap.

func (*Repository) Type 

func (r *Repository) Type(typeName string) Type

Type returns a type with a given name.

type SecuritySystem 

type SecuritySystem string

SecuritySystem is a name of a security system. 

const (
	// SecurityAppArmor identifies the apparmor security system.
	SecurityAppArmor SecuritySystem = "apparmor"
	// SecuritySecComp identifies the seccomp security system.
	SecuritySecComp SecuritySystem = "seccomp"
	// SecurityDBus identifies the DBus security system.
	SecurityDBus SecuritySystem = "dbus"
	// SecurityUDev identifies the UDev security system.
	SecurityUDev SecuritySystem = "udev"
)

type Skill 

type Skill struct {
	Name  string
	Snap  string
	Type  string
	Attrs map[string]interface{}
	Apps  []string
	Label string
}

Skill represents a capacity offered by a snap.

type Slot 

type Slot struct {
	Name  string
	Snap  string
	Type  string
	Attrs map[string]interface{}
	Apps  []string
	Label string
}

Slot represents the potential of a given snap to use a skill.

type TestType 

type TestType struct {
	// TypeName is the name of this type
	TypeName string
	// SanitizeSkillCallback is the callback invoked inside SanitizeSkill()
	SanitizeSkillCallback func(skill *Skill) error
	// SanitizeSlotCallback is the callback invoked inside SanitizeSlot()
	SanitizeSlotCallback func(slot *Slot) error
	// SlotSecuritySnippetCallback is the callback invoked inside SlotSecuritySnippet()
	SlotSecuritySnippetCallback func(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
	// SkillSecuritySnippetCallback is the callback invoked inside SkillSecuritySnippet()
	SkillSecuritySnippetCallback func(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
}

TestType is a skill type for various kind of tests. It is public so that it can be consumed from other packages.

func (*TestType) Name 

func (t *TestType) Name() string

Name returns the name of the test type.

func (*TestType) SanitizeSkill 

func (t *TestType) SanitizeSkill(skill *Skill) error

SanitizeSkill checks and possibly modifies a skill.

func (*TestType) SanitizeSlot 

func (t *TestType) SanitizeSlot(slot *Slot) error

SanitizeSlot checks and possibly modifies a slot.

func (*TestType) SkillSecuritySnippet 

func (t *TestType) SkillSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)

SkillSecuritySnippet returns the configuration snippet "required" to offer a test skill. Providers don't gain any extra permissions.

func (*TestType) SlotSecuritySnippet 

func (t *TestType) SlotSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)

SlotSecuritySnippet returns the configuration snippet "required" to use a test skill. Consumers don't gain any extra permissions.

func (*TestType) String 

func (t *TestType) String() string

String() returns the same value as Name().

type Type 

type Type interface {
	// Unique and public name of this type.
	Name() string

	// SanitizeSkill checks if a skill is correct, altering if necessary.
	SanitizeSkill(skill *Skill) error

	// SanitizeSlot checks if a slot is correct, altering if necessary.
	SanitizeSlot(slot *Slot) error

	// SkillSecuritySnippet returns the configuration snippet needed by the
	// given security system to allow a snap to offer a skill of this type.
	//
	// An empty snippet is returned when the skill doesn't require anything
	// from the security system to work, in addition to the default
	// configuration.  ErrUnknownSecurity is returned when the skill cannot
	// deal with the requested security system.
	SkillSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)

	// SlotSecuritySnippet returns the configuration snippet needed by the
	// given security system to allow a snap to use a skill of this type.
	//
	// An empty snippet is returned when the skill doesn't require anything
	// from the security system to work, in addition to the default
	// configuration.  ErrUnknownSecurity is returned when the skill cannot
	// deal with the requested security system.
	SlotSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
}

Type describes a group of interchangeable capabilities with common features. Types are managed centrally and act as a contract between system builders, application developers and end users.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.