github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/media_hub_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/seccomp" 29 "github.com/snapcore/snapd/release" 30 "github.com/snapcore/snapd/snap" 31 "github.com/snapcore/snapd/snap/snaptest" 32 "github.com/snapcore/snapd/testutil" 33 ) 34 35 type MediaHubInterfaceSuite struct { 36 iface interfaces.Interface 37 slotInfo *snap.SlotInfo 38 slot *interfaces.ConnectedSlot 39 plugInfo *snap.PlugInfo 40 plug *interfaces.ConnectedPlug 41 } 42 43 var _ = Suite(&MediaHubInterfaceSuite{ 44 iface: builtin.MustInterface("media-hub"), 45 }) 46 47 func (s *MediaHubInterfaceSuite) SetUpTest(c *C) { 48 var mockPlugSnapInfoYaml = `name: other 49 version: 1.0 50 apps: 51 app: 52 command: foo 53 plugs: [media-hub] 54 ` 55 const mockSlotSnapInfoYaml = `name: media-hub 56 version: 1.0 57 slots: 58 media-hub: 59 interface: media-hub 60 apps: 61 app: 62 command: foo 63 slots: [media-hub] 64 ` 65 snapInfo := snaptest.MockInfo(c, mockSlotSnapInfoYaml, nil) 66 s.slotInfo = snapInfo.Slots["media-hub"] 67 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 68 snapInfo = snaptest.MockInfo(c, mockPlugSnapInfoYaml, nil) 69 s.plugInfo = snapInfo.Plugs["media-hub"] 70 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 71 } 72 73 func (s *MediaHubInterfaceSuite) TestName(c *C) { 74 c.Assert(s.iface.Name(), Equals, "media-hub") 75 } 76 77 // The label glob when all apps are bound to the media-hub slot 78 func (s *MediaHubInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) { 79 app1 := &snap.AppInfo{Name: "app1"} 80 app2 := &snap.AppInfo{Name: "app2"} 81 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 82 Snap: &snap.Info{ 83 SuggestedName: "media-hub", 84 Apps: map[string]*snap.AppInfo{"app1": app1, 85 "app2": app2}, 86 }, 87 Name: "media-hub", 88 Interface: "media-hub", 89 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 90 }, nil, nil) 91 92 release.OnClassic = false 93 94 apparmorSpec := &apparmor.Specification{} 95 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 96 c.Assert(err, IsNil) 97 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 98 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, 99 `peer=(label="snap.media-hub.*"),`) 100 } 101 102 // The label uses alternation when some, but not all, apps is bound to the media-hub slot 103 func (s *MediaHubInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) { 104 app1 := &snap.AppInfo{Name: "app1"} 105 app2 := &snap.AppInfo{Name: "app2"} 106 app3 := &snap.AppInfo{Name: "app3"} 107 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 108 Snap: &snap.Info{ 109 SuggestedName: "media-hub", 110 Apps: map[string]*snap.AppInfo{"app1": app1, 111 "app2": app2, 112 "app3": app3}, 113 }, 114 Name: "media-hub", 115 Interface: "media-hub", 116 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 117 }, nil, nil) 118 119 release.OnClassic = false 120 121 apparmorSpec := &apparmor.Specification{} 122 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 123 c.Assert(err, IsNil) 124 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 125 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, 126 `peer=(label="snap.media-hub.{app1,app2}"),`) 127 } 128 129 // The label uses short form when exactly one app is bound to the media-hub slot 130 func (s *MediaHubInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) { 131 app := &snap.AppInfo{Name: "app"} 132 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 133 Snap: &snap.Info{ 134 SuggestedName: "media-hub", 135 Apps: map[string]*snap.AppInfo{"app": app}, 136 }, 137 Name: "media-hub", 138 Interface: "media-hub", 139 Apps: map[string]*snap.AppInfo{"app": app}, 140 }, nil, nil) 141 142 release.OnClassic = false 143 144 apparmorSpec := &apparmor.Specification{} 145 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 146 c.Assert(err, IsNil) 147 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 148 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, 149 `peer=(label="snap.media-hub.app"),`) 150 } 151 152 func (s *MediaHubInterfaceSuite) TestConnectedPlugSnippetAppArmor(c *C) { 153 apparmorSpec := &apparmor.Specification{} 154 155 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 156 c.Assert(err, IsNil) 157 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 158 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), Not(IsNil)) 159 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, 160 `#include <abstractions/dbus-session-strict>`) 161 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, 162 `peer=(label="snap.media-hub.app"),`) 163 } 164 165 func (s *MediaHubInterfaceSuite) TestPermanentSlotSnippetAppArmor(c *C) { 166 apparmorSpec := &apparmor.Specification{} 167 168 err := apparmorSpec.AddPermanentSlot(s.iface, s.slotInfo) 169 c.Assert(err, IsNil) 170 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.media-hub.app"}) 171 c.Assert(apparmorSpec.SnippetForTag("snap.media-hub.app"), Not(IsNil)) 172 c.Assert(apparmorSpec.SnippetForTag("snap.media-hub.app"), testutil.Contains, 173 `#include <abstractions/dbus-session-strict>`) 174 c.Assert(apparmorSpec.SnippetForTag("snap.media-hub.app"), testutil.Contains, 175 `peer=(label=unconfined),`) 176 } 177 178 func (s *MediaHubInterfaceSuite) TestConnectedSlotSnippetAppArmor(c *C) { 179 apparmorSpec := &apparmor.Specification{} 180 181 err := apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.slot) 182 c.Assert(err, IsNil) 183 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.media-hub.app"}) 184 c.Assert(apparmorSpec.SnippetForTag("snap.media-hub.app"), Not(IsNil)) 185 c.Assert(apparmorSpec.SnippetForTag("snap.media-hub.app"), Not(testutil.Contains), 186 `peer=(label=unconfined),`) 187 } 188 189 func (s *MediaHubInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) { 190 spec := &seccomp.Specification{} 191 c.Assert(spec.AddPermanentSlot(s.iface, s.slotInfo), IsNil) 192 c.Assert(spec.SnippetForTag("snap.media-hub.app"), testutil.Contains, "bind\n") 193 } 194 195 func (s *MediaHubInterfaceSuite) TestInterfaces(c *C) { 196 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 197 }