github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/interfaces/builtin/daemon_notify_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2018 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/snap" 29 "github.com/snapcore/snapd/testutil" 30 ) 31 32 type daemoNotifySuite struct { 33 iface interfaces.Interface 34 slotInfo *snap.SlotInfo 35 slot *interfaces.ConnectedSlot 36 plugInfo *snap.PlugInfo 37 plug *interfaces.ConnectedPlug 38 } 39 40 var _ = Suite(&daemoNotifySuite{ 41 iface: builtin.MustInterface("daemon-notify"), 42 }) 43 44 const daemoNotifyMockSlotSnapInfoYaml = `name: provider 45 version: 1.0 46 type: os 47 slots: 48 daemon-notify: 49 interface: daemon-notify 50 ` 51 const daemoNotifyMockPlugSnapInfoYaml = `name: consumer 52 version: 1.0 53 apps: 54 app: 55 command: foo 56 plugs: [daemon-notify] 57 ` 58 59 func (s *daemoNotifySuite) SetUpTest(c *C) { 60 s.slot, s.slotInfo = builtin.MockConnectedSlot(c, daemoNotifyMockSlotSnapInfoYaml, nil, "daemon-notify") 61 s.plug, s.plugInfo = builtin.MockConnectedPlug(c, daemoNotifyMockPlugSnapInfoYaml, nil, "daemon-notify") 62 } 63 64 func (s *daemoNotifySuite) TestName(c *C) { 65 c.Assert(s.iface.Name(), Equals, "daemon-notify") 66 } 67 68 func (s *daemoNotifySuite) TestBeforePrepareSlot(c *C) { 69 c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) 70 } 71 72 func (s *daemoNotifySuite) TestBeforePreparePlug(c *C) { 73 c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) 74 } 75 76 func (s *daemoNotifySuite) TestAppArmorConnectedPlugNotifySocketDefault(c *C) { 77 restore := builtin.MockOsGetenv(func(what string) string { 78 c.Assert(what, Equals, "NOTIFY_SOCKET") 79 return "" 80 }) 81 defer restore() 82 83 // connected plugs have a non-nil security snippet for apparmor 84 spec := &apparmor.Specification{} 85 err := spec.AddConnectedPlug(s.iface, s.plug, s.slot) 86 c.Assert(err, IsNil) 87 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 88 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "\n\"/run/systemd/notify\" w,") 89 } 90 91 func (s *daemoNotifySuite) TestAppArmorConnectedPlugNotifySocketEnvAbstractSpecial(c *C) { 92 restore := builtin.MockOsGetenv(func(what string) string { 93 c.Assert(what, Equals, "NOTIFY_SOCKET") 94 return "@/org/freedesktop/systemd1/notify/13334051644891137417" 95 }) 96 defer restore() 97 98 // connected plugs have a non-nil security snippet for apparmor 99 spec := &apparmor.Specification{} 100 err := spec.AddConnectedPlug(s.iface, s.plug, s.slot) 101 c.Assert(err, IsNil) 102 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 103 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, 104 "\nunix (connect, send) type=dgram peer=(label=unconfined,addr=\"@/org/freedesktop/systemd1/notify/[0-9]*\"),") 105 } 106 107 func (s *daemoNotifySuite) TestAppArmorConnectedPlugNotifySocketEnvAbstractAny(c *C) { 108 restore := builtin.MockOsGetenv(func(what string) string { 109 c.Assert(what, Equals, "NOTIFY_SOCKET") 110 return "@foo/bar" 111 }) 112 defer restore() 113 114 // connected plugs have a non-nil security snippet for apparmor 115 spec := &apparmor.Specification{} 116 err := spec.AddConnectedPlug(s.iface, s.plug, s.slot) 117 c.Assert(err, IsNil) 118 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 119 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, 120 "\nunix (connect, send) type=dgram peer=(label=unconfined,addr=\"@foo/bar\"),") 121 } 122 123 func (s *daemoNotifySuite) TestAppArmorConnectedPlugNotifySocketEnvFsPath(c *C) { 124 restore := builtin.MockOsGetenv(func(what string) string { 125 c.Assert(what, Equals, "NOTIFY_SOCKET") 126 return "/foo/bar" 127 }) 128 defer restore() 129 130 // connected plugs have a non-nil security snippet for apparmor 131 spec := &apparmor.Specification{} 132 err := spec.AddConnectedPlug(s.iface, s.plug, s.slot) 133 c.Assert(err, IsNil) 134 c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) 135 c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "\n\"/foo/bar\" w,") 136 } 137 138 func (s *daemoNotifySuite) TestAppArmorConnectedPlugNotifySocketEnvBadFormat(c *C) { 139 var socketPath string 140 restore := builtin.MockOsGetenv(func(what string) string { 141 c.Assert(what, Equals, "NOTIFY_SOCKET") 142 return socketPath 143 }) 144 defer restore() 145 146 for idx, tc := range []struct { 147 format string 148 error string 149 }{ 150 {"foo/bar", `cannot use \".*\" as notify socket path: not absolute`}, 151 {"[", `cannot use ".*" as notify socket path: not absolute`}, 152 {"@^", `cannot use \".*\" as notify socket path: \".*\" contains a reserved apparmor char from .*`}, 153 {`/foo/bar"[]`, `cannot use \".*\" as notify socket path: \".*\" contains a reserved apparmor char from .*`}, 154 } { 155 c.Logf("trying %d: %v", idx, tc) 156 socketPath = tc.format 157 // connected plugs have a non-nil security snippet for apparmor 158 spec := &apparmor.Specification{} 159 err := spec.AddConnectedPlug(s.iface, s.plug, s.slot) 160 c.Assert(err, ErrorMatches, tc.error) 161 } 162 } 163 164 func (s *daemoNotifySuite) TestInterfaces(c *C) { 165 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 166 }