gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/account_control_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 "fmt" 24 25 . "gopkg.in/check.v1" 26 27 "gitee.com/mysnapcore/mysnapd/interfaces" 28 "gitee.com/mysnapcore/mysnapd/interfaces/apparmor" 29 "gitee.com/mysnapcore/mysnapd/interfaces/builtin" 30 "gitee.com/mysnapcore/mysnapd/interfaces/seccomp" 31 "gitee.com/mysnapcore/mysnapd/osutil" 32 "gitee.com/mysnapcore/mysnapd/snap" 33 "gitee.com/mysnapcore/mysnapd/snap/snaptest" 34 "gitee.com/mysnapcore/mysnapd/testutil" 35 ) 36 37 type AccountControlSuite struct { 38 iface interfaces.Interface 39 slotInfo *snap.SlotInfo 40 slot *interfaces.ConnectedSlot 41 plugInfo *snap.PlugInfo 42 plug *interfaces.ConnectedPlug 43 } 44 45 var _ = Suite(&AccountControlSuite{ 46 iface: builtin.MustInterface("account-control"), 47 }) 48 49 const accountCtlMockPlugSnapInfo = `name: other 50 version: 1.0 51 apps: 52 app2: 53 command: foo 54 plugs: [account-control] 55 ` 56 57 func (s *AccountControlSuite) SetUpTest(c *C) { 58 s.slotInfo = &snap.SlotInfo{ 59 Snap: &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS}, 60 Name: "account-control", 61 Interface: "account-control", 62 Apps: map[string]*snap.AppInfo{ 63 "app1": { 64 Snap: &snap.Info{ 65 SuggestedName: "core", 66 }, 67 Name: "app1"}}, 68 } 69 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 70 71 plugSnap := snaptest.MockInfo(c, accountCtlMockPlugSnapInfo, nil) 72 s.plugInfo = plugSnap.Plugs["account-control"] 73 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 74 } 75 76 func (s *AccountControlSuite) TestName(c *C) { 77 c.Assert(s.iface.Name(), Equals, "account-control") 78 } 79 80 func (s *AccountControlSuite) TestSanitizeSlot(c *C) { 81 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 82 } 83 84 func (s *AccountControlSuite) TestSanitizePlug(c *C) { 85 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 86 } 87 88 func (s *AccountControlSuite) TestUsedSecuritySystems(c *C) { 89 // connected plugs have a non-nil security snippet for apparmor 90 apparmorSpec := &apparmor.Specification{} 91 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 92 c.Assert(err, IsNil) 93 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) 94 c.Assert(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "/{,usr/}sbin/chpasswd") 95 96 seccompSpec := &seccomp.Specification{} 97 err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 98 c.Assert(err, IsNil) 99 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) 100 group, err := osutil.FindGidOwning("/etc/shadow") 101 c.Assert(err, IsNil) 102 c.Check(seccompSpec.SnippetForTag("snap.other.app2"), testutil.Contains, 103 fmt.Sprintf("\nfchown - u:root %v\n", group)) 104 } 105 106 func (s *AccountControlSuite) TestInterfaces(c *C) { 107 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 108 }