github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/home_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016-2018 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/snap" 29 "github.com/snapcore/snapd/snap/snaptest" 30 "github.com/snapcore/snapd/testutil" 31 ) 32 33 type HomeInterfaceSuite struct { 34 iface interfaces.Interface 35 slot *interfaces.ConnectedSlot 36 slotInfo *snap.SlotInfo 37 plug *interfaces.ConnectedPlug 38 plugInfo *snap.PlugInfo 39 } 40 41 var _ = Suite(&HomeInterfaceSuite{ 42 iface: builtin.MustInterface("home"), 43 }) 44 45 func (s *HomeInterfaceSuite) SetUpTest(c *C) { 46 const mockPlugSnapInfo = `name: other 47 version: 1.0 48 apps: 49 app: 50 command: foo 51 plugs: [home] 52 ` 53 s.slotInfo = &snap.SlotInfo{ 54 Snap: &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS}, 55 Name: "home", 56 Interface: "home", 57 } 58 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 59 plugSnap := snaptest.MockInfo(c, mockPlugSnapInfo, nil) 60 s.plugInfo = plugSnap.Plugs["home"] 61 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 62 } 63 64 func (s *HomeInterfaceSuite) TestName(c *C) { 65 c.Assert(s.iface.Name(), Equals, "home") 66 } 67 68 func (s *HomeInterfaceSuite) TestSanitizeSlot(c *C) { 69 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 70 } 71 72 func (s *HomeInterfaceSuite) TestSanitizePlugNoAttrib(c *C) { 73 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 74 } 75 76 func (s *HomeInterfaceSuite) TestSanitizePlugWithAttrib(c *C) { 77 const mockSnapYaml = `name: home-plug-snap 78 version: 1.0 79 plugs: 80 home: 81 read: all 82 ` 83 info := snaptest.MockInfo(c, mockSnapYaml, nil) 84 plug := info.Plugs["home"] 85 c.Assert(interfaces.BeforePreparePlug(s.iface, plug), IsNil) 86 } 87 88 func (s *HomeInterfaceSuite) TestSanitizePlugWithBadAttrib(c *C) { 89 const mockSnapYaml = `name: home-plug-snap 90 version: 1.0 91 plugs: 92 home: 93 read: bad 94 ` 95 info := snaptest.MockInfo(c, mockSnapYaml, nil) 96 plug := info.Plugs["home"] 97 c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, 98 `home plug requires "read" be 'all'`) 99 } 100 101 func (s *HomeInterfaceSuite) TestSanitizePlugWithEmptyAttrib(c *C) { 102 const mockSnapYaml = `name: home-plug-snap 103 version: 1.0 104 plugs: 105 home: 106 read: "" 107 ` 108 info := snaptest.MockInfo(c, mockSnapYaml, nil) 109 plug := info.Plugs["home"] 110 c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, 111 `home plug requires "read" be 'all'`) 112 } 113 114 func (s *HomeInterfaceSuite) TestSanitizePlugWithBadAttribOwner(c *C) { 115 const mockSnapYaml = `name: home-plug-snap 116 version: 1.0 117 plugs: 118 home: 119 read: owner 120 ` 121 info := snaptest.MockInfo(c, mockSnapYaml, nil) 122 plug := info.Plugs["home"] 123 c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, 124 `home plug requires "read" be 'all'`) 125 } 126 127 func (s *HomeInterfaceSuite) TestSanitizePlugWithBadAttribDict(c *C) { 128 const mockSnapYaml = `name: home-plug-snap 129 version: 1.0 130 plugs: 131 home: 132 read: 133 all: bad 134 bad: all 135 ` 136 info := snaptest.MockInfo(c, mockSnapYaml, nil) 137 plug := info.Plugs["home"] 138 c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, 139 `home plug requires "read" be 'all'`) 140 } 141 142 func (s *HomeInterfaceSuite) TestConnectedPlugAppArmorWithoutAttrib(c *C) { 143 apparmorSpec := &apparmor.Specification{} 144 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 145 c.Assert(err, IsNil) 146 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 147 c.Check(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `owner @{HOME}/ r,`) 148 c.Check(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `audit deny @{HOME}/bin/{,**} wl,`) 149 c.Check(apparmorSpec.SnippetForTag("snap.other.app"), Not(testutil.Contains), `# Allow non-owner read`) 150 } 151 152 func (s *HomeInterfaceSuite) TestConnectedPlugAppArmorWithAttribAll(c *C) { 153 const mockSnapYaml = `name: home-plug-snap 154 version: 1.0 155 plugs: 156 home: 157 read: all 158 apps: 159 app2: 160 command: foo 161 ` 162 info := snaptest.MockInfo(c, mockSnapYaml, nil) 163 plug := interfaces.NewConnectedPlug(info.Plugs["home"], nil, nil) 164 165 apparmorSpec := &apparmor.Specification{} 166 err := apparmorSpec.AddConnectedPlug(s.iface, plug, s.slot) 167 c.Assert(err, IsNil) 168 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.home-plug-snap.app2"}) 169 c.Check(apparmorSpec.SnippetForTag("snap.home-plug-snap.app2"), testutil.Contains, `audit deny @{HOME}/bin/{,**} wl,`) 170 c.Check(apparmorSpec.SnippetForTag("snap.home-plug-snap.app2"), testutil.Contains, `owner @{HOME}/ r,`) 171 c.Check(apparmorSpec.SnippetForTag("snap.home-plug-snap.app2"), testutil.Contains, `# Allow non-owner read`) 172 } 173 174 func (s *HomeInterfaceSuite) TestInterfaces(c *C) { 175 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 176 }