github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/interfaces/builtin/greengrass_support_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/seccomp" 29 "github.com/snapcore/snapd/interfaces/udev" 30 "github.com/snapcore/snapd/release" 31 "github.com/snapcore/snapd/snap" 32 "github.com/snapcore/snapd/testutil" 33 ) 34 35 type GreengrassSupportInterfaceSuite struct { 36 iface interfaces.Interface 37 slotInfo *snap.SlotInfo 38 slot *interfaces.ConnectedSlot 39 plugInfo *snap.PlugInfo 40 plug *interfaces.ConnectedPlug 41 extraSlotInfo *snap.SlotInfo 42 extraSlot *interfaces.ConnectedSlot 43 extraPlugInfo *snap.PlugInfo 44 extraPlug *interfaces.ConnectedPlug 45 } 46 47 const coreSlotYaml = `name: core 48 version: 0 49 type: os 50 slots: 51 network-control: 52 greengrass-support: 53 ` 54 const ggMockPlugSnapInfoYaml = `name: other 55 version: 1.0 56 apps: 57 app2: 58 command: foo 59 plugs: [greengrass-support, network-control] 60 ` 61 62 var _ = Suite(&GreengrassSupportInterfaceSuite{ 63 iface: builtin.MustInterface("greengrass-support"), 64 }) 65 66 func (s *GreengrassSupportInterfaceSuite) SetUpTest(c *C) { 67 s.plug, s.plugInfo = MockConnectedPlug(c, ggMockPlugSnapInfoYaml, nil, "greengrass-support") 68 s.slot, s.slotInfo = MockConnectedSlot(c, coreSlotYaml, nil, "greengrass-support") 69 s.extraPlug, s.extraPlugInfo = MockConnectedPlug(c, ggMockPlugSnapInfoYaml, nil, "network-control") 70 s.extraSlot, s.extraSlotInfo = MockConnectedSlot(c, coreSlotYaml, nil, "network-control") 71 72 } 73 74 func (s *GreengrassSupportInterfaceSuite) TestName(c *C) { 75 c.Assert(s.iface.Name(), Equals, "greengrass-support") 76 } 77 78 func (s *GreengrassSupportInterfaceSuite) TestSanitizeSlot(c *C) { 79 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 80 } 81 82 func (s *GreengrassSupportInterfaceSuite) TestSanitizePlug(c *C) { 83 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 84 } 85 86 func (s *GreengrassSupportInterfaceSuite) TestAppArmorSpec(c *C) { 87 spec := &apparmor.Specification{} 88 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 89 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) 90 c.Check(spec.SnippetForTag("snap.other.app2"), testutil.Contains, "mount options=(rw, bind) /var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/** -> /var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/** ,\n") 91 c.Check(spec.UsesPtraceTrace(), Equals, true) 92 } 93 94 func (s *GreengrassSupportInterfaceSuite) TestSecCompSpec(c *C) { 95 spec := &seccomp.Specification{} 96 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 97 c.Check(spec.SnippetForTag("snap.other.app2"), testutil.Contains, "# for overlayfs and various bind mounts\nmount\numount2\npivot_root\n") 98 } 99 100 func (s *GreengrassSupportInterfaceSuite) TestUdevTaggingDisablingRemoveLast(c *C) { 101 // make a spec with network-control that has udev tagging 102 spec := &udev.Specification{} 103 c.Assert(spec.AddConnectedPlug(builtin.MustInterface("network-control"), s.extraPlug, s.extraSlot), IsNil) 104 c.Assert(spec.Snippets(), HasLen, 3) 105 106 // connect the greengrass-support interface and ensure the spec is now nil 107 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 108 c.Check(spec.Snippets(), HasLen, 0) 109 } 110 111 func (s *GreengrassSupportInterfaceSuite) TestUdevTaggingDisablingRemoveFirst(c *C) { 112 spec := &udev.Specification{} 113 // connect the greengrass-support interface and ensure the spec is nil 114 c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil) 115 c.Check(spec.Snippets(), HasLen, 0) 116 117 // add network-control and ensure the spec is still nil 118 c.Assert(spec.AddConnectedPlug(builtin.MustInterface("network-control"), s.extraPlug, s.extraSlot), IsNil) 119 c.Assert(spec.Snippets(), HasLen, 0) 120 } 121 122 func (s *GreengrassSupportInterfaceSuite) TestInterfaces(c *C) { 123 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 124 } 125 126 func (s *GreengrassSupportInterfaceSuite) TestPermanentSlotAppArmorSessionNative(c *C) { 127 restore := release.MockOnClassic(false) 128 defer restore() 129 130 apparmorSpec := &apparmor.Specification{} 131 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 132 c.Assert(err, IsNil) 133 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) 134 135 // verify core rule present 136 c.Check(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "# /system-data/var/snap/greengrass/x1/ggc-writable/packages/1.7.0/var/worker/overlays/$UUID/upper/\n") 137 } 138 139 func (s *GreengrassSupportInterfaceSuite) TestPermanentSlotAppArmorSessionClassic(c *C) { 140 restore := release.MockOnClassic(true) 141 defer restore() 142 143 apparmorSpec := &apparmor.Specification{} 144 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 145 c.Assert(err, IsNil) 146 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) 147 148 // verify core rule not present 149 c.Check(apparmorSpec.SnippetForTag("snap.other.app2"), Not(testutil.Contains), "# /system-data/var/snap/greengrass/x1/ggc-writable/packages/1.7.0/var/worker/overlays/$UUID/upper/\n") 150 }