github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity8_contacts_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/seccomp" 29 "github.com/snapcore/snapd/release" 30 "github.com/snapcore/snapd/snap" 31 "github.com/snapcore/snapd/snap/snaptest" 32 "github.com/snapcore/snapd/testutil" 33 ) 34 35 type Unity8ContactsInterfaceSuite struct { 36 iface interfaces.Interface 37 slotInfo *snap.SlotInfo 38 slot *interfaces.ConnectedSlot 39 coreSlotInfo *snap.SlotInfo 40 coreSlot *interfaces.ConnectedSlot 41 plugInfo *snap.PlugInfo 42 plug *interfaces.ConnectedPlug 43 } 44 45 var _ = Suite(&Unity8ContactsInterfaceSuite{ 46 iface: builtin.MustInterface("unity8-contacts"), 47 }) 48 49 func (s *Unity8ContactsInterfaceSuite) SetUpTest(c *C) { 50 const mockPlugSnapInfo = `name: other 51 version: 1.0 52 apps: 53 app: 54 command: foo 55 plugs: [unity8-contacts] 56 ` 57 58 const mockCoreSlotInfoYaml = `name: contacts 59 version: 1.0 60 apps: 61 app: 62 command: foo 63 slots: [unity8-contacts] 64 ` 65 s.slotInfo = &snap.SlotInfo{ 66 Snap: &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS}, 67 Name: "unity8-contacts", 68 Interface: "unity8-contacts", 69 } 70 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 71 72 plugSnap := snaptest.MockInfo(c, mockPlugSnapInfo, nil) 73 s.plugInfo = plugSnap.Plugs["unity8-contacts"] 74 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 75 76 slotSnap := snaptest.MockInfo(c, mockCoreSlotInfoYaml, nil) 77 s.coreSlotInfo = slotSnap.Slots["unity8-contacts"] 78 s.coreSlot = interfaces.NewConnectedSlot(s.coreSlotInfo, nil, nil) 79 } 80 81 func (s *Unity8ContactsInterfaceSuite) TestName(c *C) { 82 c.Assert(s.iface.Name(), Equals, "unity8-contacts") 83 } 84 85 func (s *Unity8ContactsInterfaceSuite) TestSanitizePlug(c *C) { 86 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 87 } 88 89 func (s *Unity8ContactsInterfaceSuite) TestUsedSecuritySystems(c *C) { 90 // connected plugs have a non-nil security snippet for apparmor 91 apparmorSpec := &apparmor.Specification{} 92 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 93 c.Assert(err, IsNil) 94 c.Assert(apparmorSpec.SecurityTags(), HasLen, 1) 95 } 96 97 // The label glob when all apps are bound to the contacts slot 98 func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) { 99 app1 := &snap.AppInfo{Name: "app1"} 100 app2 := &snap.AppInfo{Name: "app2"} 101 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 102 Snap: &snap.Info{ 103 SuggestedName: "unity8", 104 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 105 }, 106 Name: "unity8-contacts", 107 Interface: "unity8-contacts", 108 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 109 }, nil, nil) 110 111 release.OnClassic = false 112 113 apparmorSpec := &apparmor.Specification{} 114 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 115 c.Assert(err, IsNil) 116 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 117 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.*"),`) 118 } 119 120 // The label uses alternation when some, but not all, apps is bound to the contacts slot 121 func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) { 122 app1 := &snap.AppInfo{Name: "app1"} 123 app2 := &snap.AppInfo{Name: "app2"} 124 app3 := &snap.AppInfo{Name: "app3"} 125 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 126 Snap: &snap.Info{ 127 SuggestedName: "unity8", 128 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3}, 129 }, 130 Name: "unity8-contacts", 131 Interface: "unity8-contacts", 132 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 133 }, nil, nil) 134 135 release.OnClassic = false 136 137 apparmorSpec := &apparmor.Specification{} 138 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 139 c.Assert(err, IsNil) 140 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 141 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.{app1,app2}"),`) 142 } 143 144 // The label uses short form when exactly one app is bound to the calendar slot 145 func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) { 146 app := &snap.AppInfo{Name: "app"} 147 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 148 Snap: &snap.Info{ 149 SuggestedName: "unity8", 150 Apps: map[string]*snap.AppInfo{"app": app}, 151 }, 152 Name: "unity8-contacts", 153 Interface: "unity8-contacts", 154 Apps: map[string]*snap.AppInfo{"app": app}, 155 }, nil, nil) 156 157 release.OnClassic = false 158 159 apparmorSpec := &apparmor.Specification{} 160 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot) 161 c.Assert(err, IsNil) 162 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 163 c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.app"),`) 164 } 165 166 func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelOnClassic(c *C) { 167 release.OnClassic = true 168 169 apparmorSpec := &apparmor.Specification{} 170 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 171 c.Assert(err, IsNil) 172 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 173 snippet := apparmorSpec.SnippetForTag("snap.other.app") 174 175 // verify apparmor connected 176 c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>") 177 // verify classic connected 178 c.Assert(snippet, testutil.Contains, "peer=(label=unconfined),") 179 } 180 181 func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetAppArmor(c *C) { 182 release.OnClassic = false 183 184 apparmorSpec := &apparmor.Specification{} 185 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 186 c.Assert(err, IsNil) 187 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"}) 188 snippet := apparmorSpec.SnippetForTag("snap.other.app") 189 // verify apparmor connected 190 c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>") 191 // verify classic didn't connect 192 c.Assert(snippet, Not(testutil.Contains), "peer=(label=unconfined),") 193 } 194 195 func (s *Unity8ContactsInterfaceSuite) TestConnectedSlotSnippetAppArmor(c *C) { 196 apparmorSpec := &apparmor.Specification{} 197 err := apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.coreSlot) 198 c.Assert(err, IsNil) 199 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"}) 200 c.Assert(apparmorSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "peer=(label=\"snap.other.app\")") 201 } 202 203 func (s *Unity8ContactsInterfaceSuite) TestPermanentSlotSnippetAppArmor(c *C) { 204 apparmorSpec := &apparmor.Specification{} 205 err := apparmorSpec.AddPermanentSlot(s.iface, s.coreSlotInfo) 206 c.Assert(err, IsNil) 207 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"}) 208 c.Assert(apparmorSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "name=\"org.gnome.evolution.dataserver.Sources5\"") 209 } 210 211 func (s *Unity8ContactsInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) { 212 seccompSpec := &seccomp.Specification{} 213 err := seccompSpec.AddPermanentSlot(s.iface, s.coreSlotInfo) 214 c.Assert(err, IsNil) 215 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"}) 216 c.Check(seccompSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "listen\n") 217 } 218 219 func (s *Unity8ContactsInterfaceSuite) TestInterfaces(c *C) { 220 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 221 }