github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/interfaces/builtin/upower_observe_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/seccomp" 29 "github.com/snapcore/snapd/release" 30 "github.com/snapcore/snapd/snap" 31 "github.com/snapcore/snapd/snap/snaptest" 32 "github.com/snapcore/snapd/testutil" 33 ) 34 35 type UPowerObserveInterfaceSuite struct { 36 iface interfaces.Interface 37 coreSlotInfo *snap.SlotInfo 38 coreSlot *interfaces.ConnectedSlot 39 classicSlotInfo *snap.SlotInfo 40 classicSlot *interfaces.ConnectedSlot 41 plugInfo *snap.PlugInfo 42 plug *interfaces.ConnectedPlug 43 } 44 45 var _ = Suite(&UPowerObserveInterfaceSuite{ 46 iface: builtin.MustInterface("upower-observe"), 47 }) 48 49 func (s *UPowerObserveInterfaceSuite) SetUpTest(c *C) { 50 const mockPlugSnapInfoYaml = `name: other 51 version: 1.0 52 apps: 53 app: 54 command: foo 55 plugs: [upower-observe] 56 ` 57 const upowerMockClassicSlotSnapInfoYaml = `name: core 58 version: 0 59 type: os 60 slots: 61 upower-observe: 62 interface: upower-observe 63 ` 64 const upowerMockSlotSnapInfoYaml = `name: upowerd 65 version: 1.0 66 slots: 67 upower-observe: 68 interface: upower-observe 69 apps: 70 app: 71 command: foo 72 slots: [upower-observe] 73 ` 74 // upower snap with upower-server slot on an core/all-snap install. 75 snapInfo := snaptest.MockInfo(c, upowerMockSlotSnapInfoYaml, nil) 76 s.coreSlotInfo = snapInfo.Slots["upower-observe"] 77 s.coreSlot = interfaces.NewConnectedSlot(s.coreSlotInfo, nil, nil) 78 // upower-observe slot on a core snap in a classic install. 79 snapInfo = snaptest.MockInfo(c, upowerMockClassicSlotSnapInfoYaml, nil) 80 s.classicSlotInfo = snapInfo.Slots["upower-observe"] 81 s.classicSlot = interfaces.NewConnectedSlot(s.classicSlotInfo, nil, nil) 82 // snap with the upower-observe plug 83 snapInfo = snaptest.MockInfo(c, mockPlugSnapInfoYaml, nil) 84 s.plugInfo = snapInfo.Plugs["upower-observe"] 85 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 86 } 87 88 func (s *UPowerObserveInterfaceSuite) TestName(c *C) { 89 c.Assert(s.iface.Name(), Equals, "upower-observe") 90 } 91 92 func (s *UPowerObserveInterfaceSuite) TestSanitizeSlot(c *C) { 93 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.coreSlotInfo), IsNil) 94 } 95 96 func (s *UPowerObserveInterfaceSuite) TestSanitizePlug(c *C) { 97 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 98 } 99 100 // The label glob when all apps are bound to the ofono slot 101 func (s *UPowerObserveInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) { 102 app1 := &snap.AppInfo{Name: "app1"} 103 app2 := &snap.AppInfo{Name: "app2"} 104 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 105 Snap: &snap.Info{ 106 SuggestedName: "upower", 107 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 108 }, 109 Name: "upower", 110 Interface: "upower-observe", 111 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 112 }, nil, nil) 113 114 release.OnClassic = false 115 116 apparmorSpec := &apparmor.Specification{} 117 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 118 c.Assert(err, IsNil) 119 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 120 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.upower.*"),`) 121 } 122 123 // The label uses alternation when some, but not all, apps is bound to the ofono slot 124 func (s *UPowerObserveInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) { 125 app1 := &snap.AppInfo{Name: "app1"} 126 app2 := &snap.AppInfo{Name: "app2"} 127 app3 := &snap.AppInfo{Name: "app3"} 128 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 129 Snap: &snap.Info{ 130 SuggestedName: "upower", 131 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3}, 132 }, 133 Name: "upower", 134 Interface: "upower", 135 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 136 }, nil, nil) 137 138 release.OnClassic = false 139 140 apparmorSpec := &apparmor.Specification{} 141 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 142 c.Assert(err, IsNil) 143 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 144 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.upower.{app1,app2}"),`) 145 } 146 147 // The label uses short form when exactly one app is bound to the upower-observe slot 148 func (s *UPowerObserveInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) { 149 app := &snap.AppInfo{Name: "app"} 150 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 151 Snap: &snap.Info{ 152 SuggestedName: "upower", 153 Apps: map[string]*snap.AppInfo{"app": app}, 154 }, 155 Name: "upower", 156 Interface: "upower", 157 Apps: map[string]*snap.AppInfo{"app": app}, 158 }, nil, nil) 159 160 release.OnClassic = false 161 162 apparmorSpec := &apparmor.Specification{} 163 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 164 c.Assert(err, IsNil) 165 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 166 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.upower.app"),`) 167 } 168 169 func (s *UPowerObserveInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelOnClassic(c *C) { 170 release.OnClassic = true 171 apparmorSpec := &apparmor.Specification{} 172 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.classicSlot) 173 c.Assert(err, IsNil) 174 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 175 snippet := apparmorSpec.SnippetForTag("snap.other.app") 176 // verify apparmor connected 177 c.Assert(string(snippet), testutil.Contains, "#include <abstractions/dbus-strict>") 178 // verify classic connected 179 c.Assert(string(snippet), testutil.Contains, "peer=(label=unconfined),") 180 } 181 182 func (s *UPowerObserveInterfaceSuite) TestConnectedPlugSnippetAppArmor(c *C) { 183 release.OnClassic = false 184 apparmorSpec := &apparmor.Specification{} 185 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.coreSlot) 186 c.Assert(err, IsNil) 187 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 188 snippet := apparmorSpec.SnippetForTag("snap.other.app") 189 // verify apparmor connected 190 c.Assert(string(snippet), testutil.Contains, "#include <abstractions/dbus-strict>") 191 // verify classic didn't connect 192 c.Assert(string(snippet), Not(testutil.Contains), "peer=(label=unconfined),") 193 } 194 195 func (s *UPowerObserveInterfaceSuite) TestPermanentSlotSnippetAppArmor(c *C) { 196 apparmorSpec := &apparmor.Specification{} 197 err := apparmorSpec.AddPermanentSlot(s.iface, s.coreSlotInfo) 198 c.Assert(err, IsNil) 199 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.upowerd.app"}) 200 c.Check(apparmorSpec.SnippetForTag("snap.upowerd.app"), testutil.Contains, "org.freedesktop.UPower") 201 } 202 203 func (s *UPowerObserveInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) { 204 seccompSpec := &seccomp.Specification{} 205 err := seccompSpec.AddPermanentSlot(s.iface, s.coreSlotInfo) 206 c.Assert(err, IsNil) 207 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.upowerd.app"}) 208 c.Check(seccompSpec.SnippetForTag("snap.upowerd.app"), testutil.Contains, "bind\n") 209 } 210 211 func (s *UPowerObserveInterfaceSuite) TestConnectedSlotSnippetUsesPlugLabelOne(c *C) { 212 app := &snap.AppInfo{Name: "app"} 213 plug := interfaces.NewConnectedPlug(&snap.PlugInfo{ 214 Snap: &snap.Info{ 215 SuggestedName: "upower", 216 Apps: map[string]*snap.AppInfo{"app": app}, 217 }, 218 Name: "upower", 219 Interface: "upower-observe", 220 Apps: map[string]*snap.AppInfo{"app": app}, 221 }, nil, nil) 222 223 apparmorSpec := &apparmor.Specification{} 224 err := apparmorSpec.AddConnectedSlot(s.iface, plug, s.coreSlot) 225 c.Assert(err, IsNil) 226 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.upowerd.app"}) 227 c.Assert(apparmorSpec.SnippetForTag("snap.upowerd.app"), testutil.Contains, `peer=(label="snap.upower.app"),`) 228 } 229 230 func (s *UPowerObserveInterfaceSuite) TestInterfaces(c *C) { 231 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 232 }