Dear All,
I am having a hard time understanding how to correctly give permissions to a snap application to inter-operate over dbus.
Considering a simple example, that I want to query current brightness settings in a system with gnome desktop environment. To do that, I need to query the property “Brightness” from an “org.gnome.SettingsDaemon.Power” object that has “org.gnome.SettingsDaemon.Power.Screen” interface with that property.
To do that, I use Qt DBus module, and for the sake of completeness here is how I call methods over dbus with it:
QDBusInterface screen{"org.gnome.SettingsDaemon.Power", "/org/gnome/SettingsDaemon/Power", "org.freedesktop.DBus.Properties", QDBusConnection::sessionBus()};
const auto message = screen.callWithArgumentList(QDBus::Block, "Get", {"org.gnome.SettingsDaemon.Power.Screen", "Brightness"});
QDBusPendingReply<QVariant> reply = message;
// Check for errors and process the result ...
Nevertheless, I can’t figure right setup for the slots & plugs in snapcraft.yaml, and I constantly get the following error:
Get asynchronous call finished with error: org.freedesktop.DBus.Error.AccessDenied (An AppArmor policy prevents this sender from sending this message to this recipient; type=\"method_call\", sender=\":1.2264\" (uid=1000 pid=484631 comm=\"/snap/snap-name/x2/usr/local/exe-name/exe-name --log_path\" label=\"snap.snap-name.snap-name (enforce)\") interface=\"org.freedesktop.DBus.Properties\" member=\"Get\" error name=\"(unset)\" requested_reply=\"0\" destination=\"org.gnome.SettingsDaemon.Power\" (uid=1000 pid=74054 comm=\"/usr/libexec/gsd-power \" label=\"unconfined\"))"
Relevant parts of my current snapcraft.yaml look something like this:
---
base: core20
confinement: strict
grade: devel
environment:
LD_LIBRARY_PATH: $SNAP/usr/lib/:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/pulseaudio
PATH: $SNAP/bin/:$SNAP/usr/bin/:$PATH
# Prep EGL
__EGL_VENDOR_LIBRARY_DIRS: $SNAP/etc/glvnd/egl_vendor.d:$SNAP/usr/share/glvnd/egl_vendor.d
LIBGL_DRIVERS_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/dri
LIBVA_DRIVERS_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/dri
# QT
QT_QPA_PLATFORM_PLUGIN_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/qt5/plugins
QML_IMPORT_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/qt5/qml
QML2_IMPORT_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/qt5/qml
plugs:
dbus-d:
interface: dbus
bus: system
name: org.freedesktop.DBus
dbus-network-manager:
interface: dbus
bus: system
name: org.freedesktop.NetworkManager
dbus-gnome:
interface: dbus
bus: session
name: org.gnome
dbus-gnome-settingsdaemon-power:
interface: dbus
bus: session
name: org.gnome.SettingsDaemon.Power
slots:
s-dbus-1:
interface: dbus
bus: session
name: ru.orgname.appname
apps:
exe-name:
command: usr/local/exe-name/exe-name ...
plugs:
- opengl
- x11
- audio-playback
- network
- network-bind
- camera
- display-control
- dbus-d
- dbus-network-manager
- dbus-gnome
- dbus-gnome-settingsdaemon-power
- desktop
slots:
- s-dbus-1
environment:
# PulseAudio
PULSE_SERVER: "unix:$XDG_RUNTIME_DIR/../pulse/native"
Note that without “s-dbus-1” slot from above I couldn’t even connect to the bus, the error from the above code was
org.freedesktop.DBus.Error.Disconnected (Not connected to D-Bus server)
Moreover, everything works fine if I install the app with --devmode option.
It looks like I am doing something wrong, but I can’t grasp what so far. So the question is, what slots & plugs specifically I need to be able to call some methods on a remote object with name “org.foo.bar”?