Auto connections for pcsc-daemon

ogra · July 30, 2020, 3:15pm

pcsc-daemon is a snap that bundles the pcscd smartcard/NFC daemon from the pcsc-lite package, the matching library and the acsccid and ccid USB drvers into one snap.

To detect smartcard/NFC readers on USB the snap needs to be connected to the raw-usb and hardware-observe interfaces.

I’d like to request auto.connection for both of these interfaces.

Additionally pcsc-daemon also provides a content interface that gives connected snaps r/w access to the pcscd socket.
I’d like to request a store declaration for auto-connection of this interface for all possible consumers here as well (so snaps from other maintainers can use pcsc-daemon as default-provider and get the snap auto-installed)…

An example consumer snap can be found here:

with a snapcraft.yaml here:

github.com

ogra1/gscriptor-snap/blob/master/snap/snapcraft.yaml

name: pcsc-gscriptor
base: core18
adopt-info: pcsc-tools
summary: a GUI to send commands to a smart card using a batch file or stdin.
description: |
  gscriptor is a program that sends commands to a smart card using a batch file.

  The snap will auto-install the pcsc-daemon snap and automatically connect to
  the socket interface of the daemon

  You should manually connect the mount-observe interface (to quieten log spam,
  it will not limit any functionality if you do not connect it)

      snap connect pcsc-gscriptor:mount-observe

  To load batch files from external drives you also need to connect the removable-media
  interface

      snap connect pcsc-gscriptor:removable-media

This file has been truncated. show original

alexmurray · August 7, 2020, 5:08am

The use-cases for hardware-observe and raw-usb are expected for this snap, so +1 from me.

For the request for the auto-connect declaration for the content interface seems potentially problematic since this opens up this interface for potential attack from other untrusted snaps - so if pcsc-daemon were compromised by another snap, the other snap would then potentially have access to raw-usb by proxy - this seems a little worrying to me. Is the pcsc socket API robust against potential attack?

So whilst I think it makes sense for the pcsc-daemon snap to be the default provider of this slot, I feel this would be better to be granted as an auto-connect on the plug side (ie the snap that wishes to use this slot) rather than a blanket grant for any possible consumer snap. So -1 from me for an auto-connect declaration for the content interface providing the pcsc-daemon socket.

alexmurray · September 3, 2020, 4:08am

Can other @reviewers please vote and comment on this request?

popey · September 3, 2020, 8:59am

+1 from me on auto connecting hardware-observe and raw-usb. Alex’s suggestion for plug-side connection of pcsc-daemon makes sense also.

Lin-Buo-Ren · September 3, 2020, 11:16am

A community LGTM for me, pcscd is already available in the classic Linux distributions and it definitely helps Ubuntu Core devices for the functionalities it provides.

The socket usage seems sane to me as well as there are alot of applications that require access to pcscd for smart card authentication, etc.

emitorino · September 23, 2020, 6:01pm

+1 from me on auto connecting hardware-observe and raw-usb. +3 votes for, 0 votes against. Granting auto-connect of hardware-observe and raw-usb to pcsc-daemon snap. This is now live.

@ogra, what do you think about @alexmurray suggestion about managing the auto-connection of the content interface on the plug-side instead?

ogra · September 24, 2020, 10:02am

this is a fine fallback i can live with, thanks !