github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/fwupd_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/dbus" 29 "github.com/snapcore/snapd/interfaces/seccomp" 30 "github.com/snapcore/snapd/snap" 31 "github.com/snapcore/snapd/snap/snaptest" 32 "github.com/snapcore/snapd/testutil" 33 ) 34 35 type FwupdInterfaceSuite struct { 36 iface interfaces.Interface 37 slotInfo *snap.SlotInfo 38 slot *interfaces.ConnectedSlot 39 plugInfo *snap.PlugInfo 40 plug *interfaces.ConnectedPlug 41 } 42 43 const mockPlugSnapInfoYaml = `name: uefi-fw-tools 44 version: 1.0 45 apps: 46 app: 47 command: foo 48 plugs: [fwupd] 49 ` 50 51 const mockSlotSnapInfoYaml = `name: uefi-fw-tools 52 version: 1.0 53 apps: 54 app2: 55 command: foo 56 slots: [fwupd] 57 ` 58 59 var _ = Suite(&FwupdInterfaceSuite{ 60 iface: builtin.MustInterface("fwupd"), 61 }) 62 63 func (s *FwupdInterfaceSuite) SetUpTest(c *C) { 64 slotSnap := snaptest.MockInfo(c, mockSlotSnapInfoYaml, nil) 65 plugSnap := snaptest.MockInfo(c, mockPlugSnapInfoYaml, nil) 66 s.slotInfo = slotSnap.Slots["fwupd"] 67 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 68 s.plugInfo = plugSnap.Plugs["fwupd"] 69 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 70 } 71 72 func (s *FwupdInterfaceSuite) TestName(c *C) { 73 c.Assert(s.iface.Name(), Equals, "fwupd") 74 } 75 76 // The label glob when all apps are bound to the fwupd slot 77 func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) { 78 app1 := &snap.AppInfo{Name: "app1"} 79 app2 := &snap.AppInfo{Name: "app2"} 80 slot := &snap.SlotInfo{ 81 Snap: &snap.Info{ 82 SuggestedName: "uefi-fw-tools", 83 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 84 }, 85 Name: "fwupd", 86 Interface: "fwupd", 87 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 88 } 89 90 // connected plugs have a non-nil security snippet for apparmor 91 apparmorSpec := &apparmor.Specification{} 92 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, interfaces.NewConnectedSlot(slot, nil, nil)) 93 c.Assert(err, IsNil) 94 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"}) 95 c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.*"),`) 96 } 97 98 // The label uses alternation when some, but not all, apps is bound to the fwupd slot 99 func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) { 100 app1 := &snap.AppInfo{Name: "app1"} 101 app2 := &snap.AppInfo{Name: "app2"} 102 app3 := &snap.AppInfo{Name: "app3"} 103 slot := &snap.SlotInfo{ 104 Snap: &snap.Info{ 105 SuggestedName: "uefi-fw-tools", 106 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3}, 107 }, 108 Name: "fwupd", 109 Interface: "fwupd", 110 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 111 } 112 113 apparmorSpec := &apparmor.Specification{} 114 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, interfaces.NewConnectedSlot(slot, nil, nil)) 115 c.Assert(err, IsNil) 116 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"}) 117 c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.{app1,app2}"),`) 118 } 119 120 // The label uses short form when exactly one app is bound to the fwupd slot 121 func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) { 122 apparmorSpec := &apparmor.Specification{} 123 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 124 c.Assert(err, IsNil) 125 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"}) 126 c.Assert(apparmorSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, `peer=(label="snap.uefi-fw-tools.app2"),`) 127 } 128 129 func (s *FwupdInterfaceSuite) TestUsedSecuritySystems(c *C) { 130 // connected plugs have a non-nil security snippet for apparmor 131 apparmorSpec := &apparmor.Specification{} 132 err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 133 c.Assert(err, IsNil) 134 err = apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.slot) 135 c.Assert(err, IsNil) 136 err = apparmorSpec.AddPermanentSlot(s.iface, s.slotInfo) 137 c.Assert(err, IsNil) 138 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app", "snap.uefi-fw-tools.app2"}) 139 140 dbusSpec := &dbus.Specification{} 141 err = dbusSpec.AddPermanentSlot(s.iface, s.slotInfo) 142 c.Assert(err, IsNil) 143 c.Assert(dbusSpec.SecurityTags(), HasLen, 1) 144 } 145 146 func (s *FwupdInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) { 147 seccompSpec := &seccomp.Specification{} 148 err := seccompSpec.AddPermanentSlot(s.iface, s.slotInfo) 149 c.Assert(err, IsNil) 150 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app2"}) 151 c.Check(seccompSpec.SnippetForTag("snap.uefi-fw-tools.app2"), testutil.Contains, "bind\n") 152 } 153 154 func (s *FwupdInterfaceSuite) TestPermanentSlotDBus(c *C) { 155 dbusSpec := &dbus.Specification{} 156 err := dbusSpec.AddPermanentSlot(s.iface, s.slotInfo) 157 c.Assert(err, IsNil) 158 c.Assert(dbusSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app2"}) 159 c.Assert(dbusSpec.SnippetForTag("snap.uefi-fw-tools.app2"), testutil.Contains, `<allow own="org.freedesktop.fwupd"/>`) 160 } 161 162 func (s *FwupdInterfaceSuite) TestConnectedPlugSnippetSecComp(c *C) { 163 seccompSpec := &seccomp.Specification{} 164 err := seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot) 165 c.Assert(err, IsNil) 166 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.uefi-fw-tools.app"}) 167 c.Check(seccompSpec.SnippetForTag("snap.uefi-fw-tools.app"), testutil.Contains, "bind\n") 168 } 169 170 func (s *FwupdInterfaceSuite) TestInterfaces(c *C) { 171 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 172 }