gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/dm_crypt_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2021 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 "fmt" 24 25 . "gopkg.in/check.v1" 26 27 "gitee.com/mysnapcore/mysnapd/dirs" 28 "gitee.com/mysnapcore/mysnapd/interfaces" 29 "gitee.com/mysnapcore/mysnapd/interfaces/apparmor" 30 "gitee.com/mysnapcore/mysnapd/interfaces/builtin" 31 "gitee.com/mysnapcore/mysnapd/interfaces/kmod" 32 "gitee.com/mysnapcore/mysnapd/interfaces/seccomp" 33 "gitee.com/mysnapcore/mysnapd/interfaces/udev" 34 "gitee.com/mysnapcore/mysnapd/snap" 35 "gitee.com/mysnapcore/mysnapd/testutil" 36 ) 37 38 type DmCryptInterfaceSuite struct { 39 iface interfaces.Interface 40 slotInfo *snap.SlotInfo 41 slot *interfaces.ConnectedSlot 42 plugInfo *snap.PlugInfo 43 plug *interfaces.ConnectedPlug 44 } 45 46 var _ = Suite(&DmCryptInterfaceSuite{ 47 iface: builtin.MustInterface("dm-crypt"), 48 }) 49 50 const dmCryptConsumerYaml = `name: consumer 51 version: 0 52 apps: 53 app: 54 plugs: [dm-crypt] 55 ` 56 57 const dmCryptCoreYaml = `name: core 58 version: 0 59 type: os 60 slots: 61 dm-crypt: 62 ` 63 64 func (s *DmCryptInterfaceSuite) SetUpTest(c *C) { 65 s.plug, s.plugInfo = MockConnectedPlug(c, dmCryptConsumerYaml, nil, "dm-crypt") 66 s.slot, s.slotInfo = MockConnectedSlot(c, dmCryptCoreYaml, nil, "dm-crypt") 67 } 68 69 func (s *DmCryptInterfaceSuite) TestName(c *C) { 70 c.Assert(s.iface.Name(), Equals, "dm-crypt") 71 } 72 73 func (s *DmCryptInterfaceSuite) TestSanitizeSlot(c *C) { 74 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 75 } 76 77 func (s *DmCryptInterfaceSuite) TestSanitizePlug(c *C) { 78 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 79 } 80 81 func (s *DmCryptInterfaceSuite) TestAppArmorSpec(c *C) { 82 spec := &apparmor.Specification{} 83 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 84 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 85 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/dev/mapper/control") 86 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/dev/dm-[0-9]*") 87 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/run/systemd/seats/*") 88 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,var/}run/cryptsetup/ r,") 89 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,var/}run/cryptsetup/* rwk,") 90 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,run/}media/{,**}") 91 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "mount options=(ro,nosuid,nodev) /dev/dm-[0-9]*") 92 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "mount options=(rw,nosuid,nodev) /dev/dm-[0-9]*") 93 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,usr/}sbin/cryptsetup ixr,") 94 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,usr/}bin/mount ixr,") 95 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,usr/}bin/umount ixr,") 96 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/{,var/}run/mount/utab* wrlk,") 97 } 98 99 func (s *DmCryptInterfaceSuite) TestUDevSpec(c *C) { 100 spec := &udev.Specification{} 101 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 102 c.Assert(spec.Snippets(), HasLen, 4) 103 c.Assert(spec.Snippets(), testutil.Contains, `# dm-crypt 104 KERNEL=="device-mapper", TAG+="snap_consumer_app"`) 105 c.Assert(spec.Snippets(), testutil.Contains, `# dm-crypt 106 KERNEL=="dm-[0-9]", TAG+="snap_consumer_app"`) 107 c.Assert(spec.Snippets(), testutil.Contains, `# dm-crypt 108 SUBSYSTEM=="block", TAG+="snap_consumer_app"`) 109 c.Assert(spec.Snippets(), testutil.Contains, 110 fmt.Sprintf(`TAG=="snap_consumer_app", RUN+="%v/snap-device-helper $env{ACTION} snap_consumer_app $devpath $major:$minor"`, dirs.DistroLibExecDir)) 111 } 112 113 func (s *DmCryptInterfaceSuite) TestSeccompSpec(c *C) { 114 spec := &seccomp.Specification{} 115 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 116 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 117 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "add_key\n") 118 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "keyctl\n") 119 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "request_key\n") 120 } 121 122 func (s *DmCryptInterfaceSuite) TestKModSpec(c *C) { 123 spec := &kmod.Specification{} 124 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 125 c.Assert(spec.Modules(), DeepEquals, map[string]bool{ 126 "dm_crypt": true, 127 }) 128 } 129 130 func (s *DmCryptInterfaceSuite) TestStaticInfo(c *C) { 131 si := interfaces.StaticInfoOf(s.iface) 132 c.Assert(si.ImplicitOnCore, Equals, true) 133 c.Assert(si.ImplicitOnClassic, Equals, true) 134 c.Assert(si.Summary, Equals, `allows encryption and decryption of block storage devices`) 135 c.Assert(si.BaseDeclarationSlots, testutil.Contains, "dm-crypt") 136 c.Assert(si.BaseDeclarationPlugs, testutil.Contains, "allow-installation: false") 137 } 138 139 func (s *DmCryptInterfaceSuite) TestAutoConnect(c *C) { 140 c.Assert(s.iface.AutoConnect(s.plugInfo, s.slotInfo), Equals, true) 141 } 142 143 func (s *DmCryptInterfaceSuite) TestInterfaces(c *C) { 144 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 145 }