github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/cups_control_test.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/cups_control_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	. "gopkg.in/check.v1"
    24  
    25  	"github.com/snapcore/snapd/interfaces"
    26  	"github.com/snapcore/snapd/interfaces/apparmor"
    27  	"github.com/snapcore/snapd/interfaces/builtin"
    28  	"github.com/snapcore/snapd/release"
    29  	"github.com/snapcore/snapd/snap"
    30  	"github.com/snapcore/snapd/testutil"
    31  )
    32  
    33  type cupsControlSuite struct {
    34  	iface            interfaces.Interface
    35  	coreSlotInfo     *snap.SlotInfo
    36  	coreSlot         *interfaces.ConnectedSlot
    37  	plugInfo         *snap.PlugInfo
    38  	plug             *interfaces.ConnectedPlug
    39  	providerSlotInfo *snap.SlotInfo
    40  	providerSlot     *interfaces.ConnectedSlot
    41  }
    42  
    43  var _ = Suite(&cupsControlSuite{iface: builtin.MustInterface("cups-control")})
    44  
    45  const cupsControlConsumerYaml = `name: consumer
    46  version: 0
    47  apps:
    48   app:
    49    plugs: [cups-control]
    50  `
    51  
    52  const cupsControlCoreYaml = `name: core
    53  version: 0
    54  type: os
    55  slots:
    56    cups-control:
    57  `
    58  
    59  const cupsControlProviderYaml = `name: provider
    60  version: 0
    61  apps:
    62   app:
    63    slots: [cups-control]
    64  `
    65  
    66  func (s *cupsControlSuite) SetUpTest(c *C) {
    67  	s.plug, s.plugInfo = MockConnectedPlug(c, cupsControlConsumerYaml, nil, "cups-control")
    68  	s.coreSlot, s.coreSlotInfo = MockConnectedSlot(c, cupsControlCoreYaml, nil, "cups-control")
    69  	s.providerSlot, s.providerSlotInfo = MockConnectedSlot(c, cupsControlProviderYaml, nil, "cups-control")
    70  }
    71  
    72  func (s *cupsControlSuite) TestName(c *C) {
    73  	c.Assert(s.iface.Name(), Equals, "cups-control")
    74  }
    75  
    76  func (s *cupsControlSuite) TestSanitizeSlot(c *C) {
    77  	c.Assert(interfaces.BeforePrepareSlot(s.iface, s.coreSlotInfo), IsNil)
    78  }
    79  
    80  func (s *cupsControlSuite) TestSanitizePlug(c *C) {
    81  	c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil)
    82  }
    83  
    84  func (s *cupsControlSuite) TestAppArmorSpecCore(c *C) {
    85  	restore := release.MockOnClassic(false)
    86  	defer restore()
    87  
    88  	// core to consumer on core is empty for ConnectedPlug
    89  	spec := &apparmor.Specification{}
    90  	c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.coreSlot), IsNil)
    91  	c.Assert(spec.SecurityTags(), HasLen, 0)
    92  
    93  	// core to consumer on core is empty for PermanentSlot
    94  	spec = &apparmor.Specification{}
    95  	c.Assert(spec.AddPermanentSlot(s.iface, s.coreSlotInfo), IsNil)
    96  	c.Assert(spec.SecurityTags(), HasLen, 0)
    97  
    98  	// core to consumer on core is empty for ConnectedSlot
    99  	spec = &apparmor.Specification{}
   100  	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.coreSlot), IsNil)
   101  	c.Assert(spec.SecurityTags(), HasLen, 0)
   102  
   103  	// consumer to provider on core for ConnectedPlug
   104  	spec = &apparmor.Specification{}
   105  	c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.providerSlot), IsNil)
   106  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
   107  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
   108  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
   109  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.provider.app\"")
   110  	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
   111  
   112  	// provider to consumer on core for PermanentSlot
   113  	spec = &apparmor.Specification{}
   114  	c.Assert(spec.AddPermanentSlot(s.iface, s.providerSlotInfo), IsNil)
   115  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
   116  	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "# Allow daemon access to create the CUPS socket")
   117  	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "label=\"snap.consumer.app\"")
   118  
   119  	// provider to consumer on core for ConnectedSlot
   120  	spec = &apparmor.Specification{}
   121  	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.providerSlot), IsNil)
   122  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
   123  	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.consumer.app\"")
   124  }
   125  
   126  func (s *cupsControlSuite) TestAppArmorSpecClassic(c *C) {
   127  	restore := release.MockOnClassic(true)
   128  	defer restore()
   129  
   130  	// consumer to core on classic for ConnectedPlug
   131  	spec := &apparmor.Specification{}
   132  	c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.coreSlot), IsNil)
   133  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
   134  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
   135  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
   136  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"{unconfined,/usr/sbin/cupsd,cupsd}\"")
   137  	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
   138  
   139  	// core to consumer on classic is empty for PermanentSlot
   140  	spec = &apparmor.Specification{}
   141  	c.Assert(spec.AddPermanentSlot(s.iface, s.coreSlotInfo), IsNil)
   142  	c.Assert(spec.SecurityTags(), HasLen, 0)
   143  
   144  	// core to consumer on classic is empty for ConnectedSlot
   145  	spec = &apparmor.Specification{}
   146  	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.coreSlot), IsNil)
   147  	c.Assert(spec.SecurityTags(), HasLen, 0)
   148  
   149  	// consumer to provider on classic for ConnectedPlug
   150  	spec = &apparmor.Specification{}
   151  	c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.providerSlot), IsNil)
   152  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
   153  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "# Allow communicating with the cups server for printing and configuration.")
   154  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "#include <abstractions/cups-client>")
   155  	c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.provider.app\"")
   156  	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "# Allow daemon access to create the CUPS socket")
   157  
   158  	// provider to consumer on classic for PermanentSlot
   159  	spec = &apparmor.Specification{}
   160  	c.Assert(spec.AddPermanentSlot(s.iface, s.providerSlotInfo), IsNil)
   161  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
   162  	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "# Allow daemon access to create the CUPS socket")
   163  	c.Assert(spec.SnippetForTag("snap.provider.app"), Not(testutil.Contains), "label=\"snap.consumer.app\"")
   164  
   165  	// provider to consumer on classic for ConnectedSlot
   166  	spec = &apparmor.Specification{}
   167  	c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.providerSlot), IsNil)
   168  	c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.provider.app"})
   169  	c.Assert(spec.SnippetForTag("snap.provider.app"), testutil.Contains, "peer=(name=org.freedesktop.DBus,label=\"snap.consumer.app\"")
   170  }
   171  
   172  func (s *cupsControlSuite) TestStaticInfo(c *C) {
   173  	si := interfaces.StaticInfoOf(s.iface)
   174  	c.Assert(si.ImplicitOnCore, Equals, false)
   175  	c.Assert(si.ImplicitOnClassic, Equals, true)
   176  	c.Assert(si.Summary, Equals, `allows access to the CUPS control socket`)
   177  	c.Assert(si.BaseDeclarationSlots, testutil.Contains, "cups-control")
   178  	c.Assert(si.BaseDeclarationSlots, testutil.Contains, "deny-auto-connection: true")
   179  }
   180  
   181  func (s *cupsControlSuite) TestInterfaces(c *C) {
   182  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   183  }