github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/fwupd_test.go

github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/fwupd_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	. "gopkg.in/check.v1"
    24  
    25  	"github.com/snapcore/snapd/interfaces"
    26  	"github.com/snapcore/snapd/interfaces/apparmor"
    27  	"github.com/snapcore/snapd/interfaces/builtin"
    28  	"github.com/snapcore/snapd/interfaces/dbus"
    29  	"github.com/snapcore/snapd/interfaces/seccomp"
    30  	"github.com/snapcore/snapd/snap"
    31  	"github.com/snapcore/snapd/snap/snaptest"
    32  	"github.com/snapcore/snapd/testutil"
    33  )
    34  
    35  type FwupdInterfaceSuite struct {
    36  	iface    interfaces.Interface
    37  	slotInfo *snap.SlotInfo
    38  	slot     *interfaces.ConnectedSlot
    39  	plugInfo *snap.PlugInfo
    40  	plug     *interfaces.ConnectedPlug
    41  }
    42  
    43  const mockPlugSnapInfoYaml = `name: uefi-fw-tools
    44  version: 1.0
    45  apps:
    46   app:
    47    command: foo
    48    plugs: [fwupd]
    49  `
    50  
    51  const mockSlotSnapInfoYaml = `name: uefi-fw-tools
    52  version: 1.0
    53  apps:
    54   app2:
    55    command: foo
    56    slots: [fwupd]
    57  `
    58  
    59  var _ = Suite(&FwupdInterfaceSuite{
    60  	iface: builtin.MustInterface("fwupd"),
    61  })
    62  
    63  func (s *FwupdInterfaceSuite) SetUpTest(c *C) {
    64  	slotSnap := snaptest.MockInfo(c, mockSlotSnapInfoYaml, nil)
    65  	plugSnap := snaptest.MockInfo(c, mockPlugSnapInfoYaml, nil)
    66  	s.slotInfo = slotSnap.Slots["fwupd"]
    67  	s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil)
    68  	s.plugInfo = plugSnap.Plugs["fwupd"]
    69  	s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil)
    70  }
    71  
    72  func (s *FwupdInterfaceSuite) TestName(c *C) {
    73  	c.Assert(s.iface.Name(), Equals, "fwupd")
    74  }
    75  
    76  // The label glob when all apps are bound to the fwupd slot
    77  func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) {
    78  	app1 := &snap.AppInfo{Name: "app1"}
    79  	app2 := &snap.AppInfo{Name: "app2"}
    80  	slot := &snap.SlotInfo{
    81  		Snap: &snap.Info{
    82  			SuggestedName: "uefi-fw-tools",
    83  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2},
    84  		},
    85  		Name:      "fwupd",
    86  		Interface: "fwupd",
    87  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
    88  	}
    89  
    90  	// connected plugs have a non-nil security snippet for apparmor
    91  	apparmorSpec := &apparmor.Specification{}
    92  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, interfaces.NewConnectedSlot(slot, nil, nil))
    93  	c.Assert(err, IsNil)
    94  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"})
    95  	c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.*"),`)
    96  }
    97  
    98  // The label uses alternation when some, but not all, apps is bound to the fwupd slot
    99  func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) {
   100  	app1 := &snap.AppInfo{Name: "app1"}
   101  	app2 := &snap.AppInfo{Name: "app2"}
   102  	app3 := &snap.AppInfo{Name: "app3"}
   103  	slot := &snap.SlotInfo{
   104  		Snap: &snap.Info{
   105  			SuggestedName: "uefi-fw-tools",
   106  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3},
   107  		},
   108  		Name:      "fwupd",
   109  		Interface: "fwupd",
   110  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   111  	}
   112  
   113  	apparmorSpec := &apparmor.Specification{}
   114  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, interfaces.NewConnectedSlot(slot, nil, nil))
   115  	c.Assert(err, IsNil)
   116  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"})
   117  	c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.{app1,app2}"),`)
   118  }
   119  
   120  // The label uses short form when exactly one app is bound to the fwupd slot
   121  func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) {
   122  	apparmorSpec := &apparmor.Specification{}
   123  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   124  	c.Assert(err, IsNil)
   125  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"})
   126  	c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.app2"),`)
   127  }
   128  
   129  func (s *FwupdInterfaceSuite) TestUsedSecuritySystems(c *C) {
   130  	// connected plugs have a non-nil security snippet for apparmor
   131  	apparmorSpec := &apparmor.Specification{}
   132  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   133  	c.Assert(err, IsNil)
   134  	err = apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.slot)
   135  	c.Assert(err, IsNil)
   136  	err = apparmorSpec.AddPermanentSlot(s.iface, s.slotInfo)
   137  	c.Assert(err, IsNil)
   138  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app", "snap.uefi-fw-tools.app2"})
   139  
   140  	dbusSpec := &dbus.Specification{}
   141  	err = dbusSpec.AddPermanentSlot(s.iface, s.slotInfo)
   142  	c.Assert(err, IsNil)
   143  	c.Assert(dbusSpec.SecurityTags(), HasLen, 1)
   144  }
   145  
   146  func (s *FwupdInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) {
   147  	seccompSpec := &seccomp.Specification{}
   148  	err := seccompSpec.AddPermanentSlot(s.iface, s.slotInfo)
   149  	c.Assert(err, IsNil)
   150  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app2"})
   151  	c.Check(seccompSpec.SnippetForTag("snap.uefi-fw-tools.app2"), testutil.Contains, "bind\n")
   152  }
   153  
   154  func (s *FwupdInterfaceSuite) TestPermanentSlotDBus(c *C) {
   155  	dbusSpec := &dbus.Specification{}
   156  	err := dbusSpec.AddPermanentSlot(s.iface, s.slotInfo)
   157  	c.Assert(err, IsNil)
   158  	c.Assert(dbusSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app2"})
   159  	c.Assert(dbusSpec.SnippetForTag("snap.uefi-fw-tools.app2"), testutil.Contains, `<allow own="org.freedesktop.fwupd"/>`)
   160  }
   161  
   162  func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetSecComp(c *C) {
   163  	seccompSpec := &seccomp.Specification{}
   164  	err := seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   165  	c.Assert(err, IsNil)
   166  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"})
   167  	c.Check(seccompSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, "bind\n")
   168  }
   169  
   170  func (s *FwupdInterfaceSuite) TestInterfaces(c *C) {
   171  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   172  }