Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

c/snap-confine, i/udev, i/ifacetest: update snap-confine and snap-device-helper to understand component hook security tags #13775

Merged
merged 18 commits into from
Jul 22, 2024
Merged

c/snap-confine, i/udev, i/ifacetest: update snap-confine and snap-device-helper to understand component hook security tags #13775

merged 18 commits into from
Jul 22, 2024

Commits on Jul 8, 2024

  1. i/udev, c/snap-confine, c/libsnap-confine-private, c/snap-device-help… 

    …er: update snap-confine to be able to handle security tags that come from component hooks

An example of a security tag from a component hook would be:
"snap.name+comp.hook.install"

And one with an instance key:
"snap.name_instance+comp.hook.install"

Something important to note is how these are encoded as udev tags.
Currently, when converting a security tag to a udev tag, we replace all
'.' characters in the tag with '_' characters because systemd limits
udev tags to having only alphanumeric characters, with the addition of
the characters '-' and '_'. Since security tags can now contain '+'
characters, those will be encoded as two consecutive '_' characters.

For example:
"snap.name+comp.hook.install" -> "snap_name__comp_hook_install"
"snap.name_instance+comp.hook.install" -> "snap_name_instance__comp_hook_install"

This allows the conversion to maintain its reversibility.
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    c4fc2d4 View commit details
    Browse the repository at this point in the history

  2. i/udev, i/ifacetest: create udev tags for component hooks that encode… 

    … + as __
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    9048d15 View commit details
    Browse the repository at this point in the history

  3. c/libsnap-confine-private: update regmatch_t array to have space for … 

    …all matches
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    b0c8a3e View commit details
    Browse the repository at this point in the history

  4. c/libsnap-confine-private: rename sc_snap_or_component_name_validate … 

    …to validate_as_snap_or_component_name
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    7643859 View commit details
    Browse the repository at this point in the history

  5. c/libsnap-confine-private: rework validate_as_snap_or_component_name … 

    …to take in error details
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    2f7eab6 View commit details
    Browse the repository at this point in the history

  6. c/libsnap-confine-private: fix incorrectly named variable

    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    3f21dac View commit details
    Browse the repository at this point in the history

  7. c/libsnap-confine-private: assert size of regex match array

    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    b7ad65e View commit details
    Browse the repository at this point in the history

  8. c/libsnap-confine-private: test a few more cases in sc_snap_component… 

    …_validate

Make sure it fails to validate component names with instance keys, test
that we fail to validate a component name that matches against a wrong
instance key.
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    5415317 View commit details
    Browse the repository at this point in the history

  9. c/snap-device-helper: fix variable naming inconsistency

    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    6cabf43 View commit details
    Browse the repository at this point in the history

  10. c/libsnap-confine-private: add missing sc_error_free calls to new uni… 

    …t tests
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    5a00500 View commit details
    Browse the repository at this point in the history

  11. c/snap-confine: add missing free in sc_cleanup_invocation for new str… 

    …uct field
    @andrewphelpsj
    andrewphelpsj committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    0bb442b View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2024

  1. c/libsnap-confine-private: update comment on SC_SNAP_INVALID_COMPONENT

    @andrewphelpsj
    andrewphelpsj committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    ab7d138 View commit details
    Browse the repository at this point in the history

  2. c/libsnap-confine-private: replace sizeof math with anonymous enum as… 

    … array size
    @andrewphelpsj
    andrewphelpsj committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    76555de View commit details
    Browse the repository at this point in the history

  3. c/libsnap-confine-private: only call strlen on component_name once

    @andrewphelpsj
    andrewphelpsj committed Jul 9, 2024
    Configuration menu
    Copy the full SHA
    ebff4c1 View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2024

  1. c/libsnap-confine-private: add tests for NULL checks in sc_string_split

    @andrewphelpsj
    andrewphelpsj committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    fc05b1b View commit details
    Browse the repository at this point in the history

Commits on Jul 19, 2024

  1. c/libsnap-confine-private: replace for with while

    @andrewphelpsj
    andrewphelpsj committed Jul 19, 2024
    Configuration menu
    Copy the full SHA
    c9a216b View commit details
    Browse the repository at this point in the history

  2. c/libsnap-confine-private: rename sc_string_split function params for… 

    … clarity
    @andrewphelpsj
    andrewphelpsj committed Jul 19, 2024
    Configuration menu
    Copy the full SHA
    b1dc0d6 View commit details
    Browse the repository at this point in the history

  3. .woke.yaml: add exclusions for files that contain pre-existing issues

    @andrewphelpsj
    andrewphelpsj committed Jul 19, 2024
    Configuration menu
    Copy the full SHA
    98e8fa9 View commit details
    Browse the repository at this point in the history