Bug #1809708 “Allow snaps to query interface connection status directly from snapd”


#1

https://bugs.launchpad.net/snapd/+bug/1809708

Detecting whether certain security confinement interface is connected to the snap is not a trivial task:

  • Sometimes certain access is granted by multiple interfaces, whether it’s available or not didn’t indicate whether a certain interface is connected
  • One must have a certain level of Apparmor profile knowledge and check out the source code at https://github.com/snapcore/snapd/blob/master/interfaces/builtin to determine the test criterion, not all potential packagers has this kind of experience
  • The testing of the connection will trigger security denials in the system log, which may be considered “abnormal” or even “malicious” by the users

As the connection info is already in snapd I would suggest exposing them directly via the snapctl command so one can simply write:

if ! snapctl is-connected _interface_name_; then
    echo "_interface_name_ is not connected!" >&2
fi

without caring much the implementation details.