github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity7_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/seccomp" 29 "github.com/snapcore/snapd/snap" 30 "github.com/snapcore/snapd/snap/snaptest" 31 "github.com/snapcore/snapd/testutil" 32 ) 33 34 type Unity7InterfaceSuite struct { 35 iface interfaces.Interface 36 slotInfo *snap.SlotInfo 37 slot *interfaces.ConnectedSlot 38 plugInfo *snap.PlugInfo 39 plug *interfaces.ConnectedPlug 40 plugInstInfo *snap.PlugInfo 41 plugInst *interfaces.ConnectedPlug 42 } 43 44 var _ = Suite(&Unity7InterfaceSuite{ 45 iface: builtin.MustInterface("unity7"), 46 }) 47 48 const unity7mockPlugSnapInfoYaml = `name: other-snap 49 version: 1.0 50 apps: 51 app2: 52 command: foo 53 plugs: [unity7] 54 ` 55 56 func (s *Unity7InterfaceSuite) SetUpTest(c *C) { 57 s.slotInfo = &snap.SlotInfo{ 58 Snap: &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS}, 59 Name: "unity7", 60 Interface: "unity7", 61 } 62 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 63 plugSnap := snaptest.MockInfo(c, unity7mockPlugSnapInfoYaml, nil) 64 s.plugInfo = plugSnap.Plugs["unity7"] 65 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 66 67 plugSnapInst := snaptest.MockInfo(c, unity7mockPlugSnapInfoYaml, nil) 68 plugSnapInst.InstanceKey = "instance" 69 s.plugInstInfo = plugSnapInst.Plugs["unity7"] 70 s.plugInst = interfaces.NewConnectedPlug(s.plugInstInfo, nil, nil) 71 } 72 73 func (s *Unity7InterfaceSuite) TestName(c *C) { 74 c.Assert(s.iface.Name(), Equals, "unity7") 75 } 76 77 func (s *Unity7InterfaceSuite) TestSanitizeSlot(c *C) { 78 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 79 } 80 81 func (s *Unity7InterfaceSuite) TestSanitizePlug(c *C) { 82 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 83 } 84 85 func (s *Unity7InterfaceSuite) TestUsedSecuritySystems(c *C) { 86 // connected plugs have a non-nil security snippet for apparmor 87 apparmorSpec := &apparmor.Specification{} 88 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 89 c.Assert(err, IsNil) 90 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other-snap.app2"}) 91 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `/usr/share/pixmaps`) 92 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `path=/com/canonical/indicator/messages/other_snap_*_desktop`) 93 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `deny /var/lib/snapd/desktop/applications/mimeinfo.cache r,`) 94 95 // getDesktopFileRules() rules 96 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `# This leaks the names of snaps with desktop files`) 97 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `/var/lib/snapd/desktop/applications/ r,`) 98 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `/var/lib/snapd/desktop/applications/@{SNAP_INSTANCE_DESKTOP}_*.desktop r,`) 99 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `deny /var/lib/snapd/desktop/applications/@{SNAP_INSTANCE_DESKTOP}[^_.]*.desktop r,`) 100 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `deny /var/lib/snapd/desktop/applications/[^o]* r,`) 101 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, `deny /var/lib/snapd/desktop/applications/other-sna[^p]* r,`) 102 103 // connected plugs for instance name have a non-nil security snippet for apparmor 104 apparmorSpec = &apparmor.Specification{} 105 err = apparmorSpec.AddConnectedPlug(s.iface, s.plugInst, s.slot) 106 c.Assert(err, IsNil) 107 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other-snap_instance.app2"}) 108 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap_instance.app2"), testutil.Contains, `/usr/share/pixmaps`) 109 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap_instance.app2"), testutil.Contains, `path=/com/canonical/indicator/messages/other_snap_instance_*_desktop`) 110 111 // connected plugs for instance name have a non-nil security snippet for apparmor 112 apparmorSpec = &apparmor.Specification{} 113 err = apparmorSpec.AddConnectedPlug(s.iface, s.plugInst, s.slot) 114 c.Assert(err, IsNil) 115 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other-snap_instance.app2"}) 116 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap_instance.app2"), testutil.Contains, `/usr/share/pixmaps`) 117 c.Assert(apparmorSpec.SnippetForTag("snap.other-snap_instance.app2"), testutil.Contains, `path=/com/canonical/indicator/messages/other_snap_instance_*_desktop`) 118 119 // connected plugs have a non-nil security snippet for seccomp 120 seccompSpec := &seccomp.Specification{} 121 err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 122 c.Assert(err, IsNil) 123 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.other-snap.app2"}) 124 c.Check(seccompSpec.SnippetForTag("snap.other-snap.app2"), testutil.Contains, "bind\n") 125 } 126 127 func (s *Unity7InterfaceSuite) TestInterfaces(c *C) { 128 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 129 }