github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity8_contacts_test.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/interfaces/builtin/unity8_contacts_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	. "gopkg.in/check.v1"
    24  
    25  	"github.com/snapcore/snapd/interfaces"
    26  	"github.com/snapcore/snapd/interfaces/apparmor"
    27  	"github.com/snapcore/snapd/interfaces/builtin"
    28  	"github.com/snapcore/snapd/interfaces/seccomp"
    29  	"github.com/snapcore/snapd/release"
    30  	"github.com/snapcore/snapd/snap"
    31  	"github.com/snapcore/snapd/snap/snaptest"
    32  	"github.com/snapcore/snapd/testutil"
    33  )
    34  
    35  type Unity8ContactsInterfaceSuite struct {
    36  	iface        interfaces.Interface
    37  	slotInfo     *snap.SlotInfo
    38  	slot         *interfaces.ConnectedSlot
    39  	coreSlotInfo *snap.SlotInfo
    40  	coreSlot     *interfaces.ConnectedSlot
    41  	plugInfo     *snap.PlugInfo
    42  	plug         *interfaces.ConnectedPlug
    43  }
    44  
    45  var _ = Suite(&Unity8ContactsInterfaceSuite{
    46  	iface: builtin.MustInterface("unity8-contacts"),
    47  })
    48  
    49  func (s *Unity8ContactsInterfaceSuite) SetUpTest(c *C) {
    50  	const mockPlugSnapInfo = `name: other
    51  version: 1.0
    52  apps:
    53   app:
    54    command: foo
    55    plugs: [unity8-contacts]
    56  `
    57  
    58  	const mockCoreSlotInfoYaml = `name: contacts
    59  version: 1.0
    60  apps:
    61   app:
    62    command: foo
    63    slots: [unity8-contacts]
    64  `
    65  	s.slotInfo = &snap.SlotInfo{
    66  		Snap:      &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS},
    67  		Name:      "unity8-contacts",
    68  		Interface: "unity8-contacts",
    69  	}
    70  	s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil)
    71  
    72  	plugSnap := snaptest.MockInfo(c, mockPlugSnapInfo, nil)
    73  	s.plugInfo = plugSnap.Plugs["unity8-contacts"]
    74  	s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil)
    75  
    76  	slotSnap := snaptest.MockInfo(c, mockCoreSlotInfoYaml, nil)
    77  	s.coreSlotInfo = slotSnap.Slots["unity8-contacts"]
    78  	s.coreSlot = interfaces.NewConnectedSlot(s.coreSlotInfo, nil, nil)
    79  }
    80  
    81  func (s *Unity8ContactsInterfaceSuite) TestName(c *C) {
    82  	c.Assert(s.iface.Name(), Equals, "unity8-contacts")
    83  }
    84  
    85  func (s *Unity8ContactsInterfaceSuite) TestSanitizePlug(c *C) {
    86  	c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil)
    87  }
    88  
    89  func (s *Unity8ContactsInterfaceSuite) TestUsedSecuritySystems(c *C) {
    90  	// connected plugs have a non-nil security snippet for apparmor
    91  	apparmorSpec := &apparmor.Specification{}
    92  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    93  	c.Assert(err, IsNil)
    94  	c.Assert(apparmorSpec.SecurityTags(), HasLen, 1)
    95  }
    96  
    97  // The label glob when all apps are bound to the contacts slot
    98  func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) {
    99  	app1 := &snap.AppInfo{Name: "app1"}
   100  	app2 := &snap.AppInfo{Name: "app2"}
   101  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   102  		Snap: &snap.Info{
   103  			SuggestedName: "unity8",
   104  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   105  		},
   106  		Name:      "unity8-contacts",
   107  		Interface: "unity8-contacts",
   108  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   109  	}, nil, nil)
   110  
   111  	release.OnClassic = false
   112  
   113  	apparmorSpec := &apparmor.Specification{}
   114  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   115  	c.Assert(err, IsNil)
   116  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   117  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.*"),`)
   118  }
   119  
   120  // The label uses alternation when some, but not all, apps is bound to the contacts slot
   121  func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) {
   122  	app1 := &snap.AppInfo{Name: "app1"}
   123  	app2 := &snap.AppInfo{Name: "app2"}
   124  	app3 := &snap.AppInfo{Name: "app3"}
   125  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   126  		Snap: &snap.Info{
   127  			SuggestedName: "unity8",
   128  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3},
   129  		},
   130  		Name:      "unity8-contacts",
   131  		Interface: "unity8-contacts",
   132  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   133  	}, nil, nil)
   134  
   135  	release.OnClassic = false
   136  
   137  	apparmorSpec := &apparmor.Specification{}
   138  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   139  	c.Assert(err, IsNil)
   140  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   141  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.{app1,app2}"),`)
   142  }
   143  
   144  // The label uses short form when exactly one app is bound to the calendar slot
   145  func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) {
   146  	app := &snap.AppInfo{Name: "app"}
   147  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   148  		Snap: &snap.Info{
   149  			SuggestedName: "unity8",
   150  			Apps:          map[string]*snap.AppInfo{"app": app},
   151  		},
   152  		Name:      "unity8-contacts",
   153  		Interface: "unity8-contacts",
   154  		Apps:      map[string]*snap.AppInfo{"app": app},
   155  	}, nil, nil)
   156  
   157  	release.OnClassic = false
   158  
   159  	apparmorSpec := &apparmor.Specification{}
   160  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   161  	c.Assert(err, IsNil)
   162  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   163  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.app"),`)
   164  }
   165  
   166  func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelOnClassic(c *C) {
   167  	release.OnClassic = true
   168  
   169  	apparmorSpec := &apparmor.Specification{}
   170  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   171  	c.Assert(err, IsNil)
   172  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   173  	snippet := apparmorSpec.SnippetForTag("snap.other.app")
   174  
   175  	// verify apparmor connected
   176  	c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>")
   177  	// verify classic connected
   178  	c.Assert(snippet, testutil.Contains, "peer=(label=unconfined),")
   179  }
   180  
   181  func (s *Unity8ContactsInterfaceSuite) TestConnectedPlugSnippetAppArmor(c *C) {
   182  	release.OnClassic = false
   183  
   184  	apparmorSpec := &apparmor.Specification{}
   185  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   186  	c.Assert(err, IsNil)
   187  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   188  	snippet := apparmorSpec.SnippetForTag("snap.other.app")
   189  	// verify apparmor connected
   190  	c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>")
   191  	// verify classic didn't connect
   192  	c.Assert(snippet, Not(testutil.Contains), "peer=(label=unconfined),")
   193  }
   194  
   195  func (s *Unity8ContactsInterfaceSuite) TestConnectedSlotSnippetAppArmor(c *C) {
   196  	apparmorSpec := &apparmor.Specification{}
   197  	err := apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.coreSlot)
   198  	c.Assert(err, IsNil)
   199  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"})
   200  	c.Assert(apparmorSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "peer=(label=\"snap.other.app\")")
   201  }
   202  
   203  func (s *Unity8ContactsInterfaceSuite) TestPermanentSlotSnippetAppArmor(c *C) {
   204  	apparmorSpec := &apparmor.Specification{}
   205  	err := apparmorSpec.AddPermanentSlot(s.iface, s.coreSlotInfo)
   206  	c.Assert(err, IsNil)
   207  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"})
   208  	c.Assert(apparmorSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "name=\"org.gnome.evolution.dataserver.Sources5\"")
   209  }
   210  
   211  func (s *Unity8ContactsInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) {
   212  	seccompSpec := &seccomp.Specification{}
   213  	err := seccompSpec.AddPermanentSlot(s.iface, s.coreSlotInfo)
   214  	c.Assert(err, IsNil)
   215  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.contacts.app"})
   216  	c.Check(seccompSpec.SnippetForTag("snap.contacts.app"), testutil.Contains, "listen\n")
   217  }
   218  
   219  func (s *Unity8ContactsInterfaceSuite) TestInterfaces(c *C) {
   220  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   221  }