<div dir="ltr"><div><div><div>Yes, you are right Simon. I am clear now.<br></div>Thanks a lot.<br><br></div>Br<br></div>Enwei<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 14, 2016 at 9:29 PM, Simon Fels <span dir="ltr"><<a href="mailto:simon.fels@canonical.com" target="_blank">simon.fels@canonical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 14.11.2016 11:56, Enwei Zhang wrote:<br>
> Thanks David. Did you forget to add Morphis and Zyga? :)<br>
> Loop Simon.<br>
> Simon told me here is the latest bluez snap,<br>
> <a href="https://code.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/bluez" rel="noreferrer" target="_blank">https://code.launchpad.net/~<wbr>snappy-hwe-team/snappy-hwe-<wbr>snaps/+git/bluez</a><br>
</span>> <<a href="https://code.launchpad.net/%7Esnappy-hwe-team/snappy-hwe-snaps/+git/bluez" rel="noreferrer" target="_blank">https://code.launchpad.net/%<wbr>7Esnappy-hwe-team/snappy-hwe-<wbr>snaps/+git/bluez</a>><br>
<span class="">> Simon told me that bluez snap only declares bluez slot in its<br>
> snapcraft.yaml.<br>
><br>
> IMHO, after the bluez snap declares "bluez" slot in snapcraft.yaml, it<br>
</span>> will have *bluezPermanentSlotAppArmor* capability defined in<br>
<span class="">> <a href="https://github.com/snapcore/snapd/blob/master/interfaces/builtin/bluez.go#L28" rel="noreferrer" target="_blank">https://github.com/snapcore/<wbr>snapd/blob/master/interfaces/<wbr>builtin/bluez.go#L28</a><br>
> <<a href="https://github.com/snapcore/snapd/blob/master/interfaces/builtin/bluez.go#L28" rel="noreferrer" target="_blank">https://github.com/snapcore/<wbr>snapd/blob/master/interfaces/<wbr>builtin/bluez.go#L28</a>><br>
> So it seems to me by defining "bluez" slot, the bluez snap have more<br>
> power/permissions to do some privileged work,<br>
</span>> *but* it doesn't *provide* anything to other snaps. From my experiment,<br>
<span class="">> if a new snap connects to the bluez slot in bluez snap, the new snap<br>
> will not get the extra permissions.<br>
<br>
</span>The connecting snap (the plug side) will get the bluezConnectedPlug<br>
snippets from the interface definitions which actually allow the<br>
application to talk to bluez over dbus. So the bluez snap provides<br>
something to other services, a dbus service.<br>
<br>
If you want to know more in deep things about interfaces and how they<br>
work have a look at Zygmunds great post about how to write an interface<br>
at<br>
<a href="http://www.zygoon.pl/2016/08/creating-your-first-snappy-interface.html" rel="noreferrer" target="_blank">http://www.zygoon.pl/2016/08/<wbr>creating-your-first-snappy-<wbr>interface.html</a><br>
It will tell about all the details and the different snippets you can use.<br>
<br>
regards,<br>
Simon<br>
<br>
</blockquote></div><br></div>