github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/modem_manager_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016-2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin_test 21 22 import ( 23 . "gopkg.in/check.v1" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/apparmor" 27 "github.com/snapcore/snapd/interfaces/builtin" 28 "github.com/snapcore/snapd/interfaces/dbus" 29 "github.com/snapcore/snapd/interfaces/seccomp" 30 "github.com/snapcore/snapd/interfaces/udev" 31 "github.com/snapcore/snapd/release" 32 "github.com/snapcore/snapd/snap" 33 "github.com/snapcore/snapd/snap/snaptest" 34 "github.com/snapcore/snapd/testutil" 35 ) 36 37 type ModemManagerInterfaceSuite struct { 38 iface interfaces.Interface 39 slotInfo *snap.SlotInfo 40 slot *interfaces.ConnectedSlot 41 plugInfo *snap.PlugInfo 42 plug *interfaces.ConnectedPlug 43 } 44 45 const modemmgrMockSlotSnapInfoYaml = `name: modem-manager 46 version: 1.0 47 apps: 48 mm: 49 command: foo 50 slots: [modem-manager] 51 ` 52 53 const modemmgrMockPlugSnapInfoYaml = `name: modem-manager 54 version: 1.0 55 plugs: 56 modem-manager: 57 interface: modem-manager 58 apps: 59 mmcli: 60 command: foo 61 plugs: 62 - modem-manager 63 ` 64 65 var _ = Suite(&ModemManagerInterfaceSuite{ 66 iface: builtin.MustInterface("modem-manager"), 67 }) 68 69 func (s *ModemManagerInterfaceSuite) SetUpTest(c *C) { 70 s.plugInfo = &snap.PlugInfo{ 71 Snap: &snap.Info{SuggestedName: "modem-manager"}, 72 Name: "mmcli", 73 Interface: "modem-manager", 74 } 75 s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil) 76 slotSnap := snaptest.MockInfo(c, modemmgrMockSlotSnapInfoYaml, nil) 77 s.slotInfo = slotSnap.Slots["modem-manager"] 78 s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil) 79 } 80 81 func (s *ModemManagerInterfaceSuite) TestName(c *C) { 82 c.Assert(s.iface.Name(), Equals, "modem-manager") 83 } 84 85 // The label glob when all apps are bound to the modem-manager slot 86 func (s *ModemManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) { 87 app1 := &snap.AppInfo{Name: "app1"} 88 app2 := &snap.AppInfo{Name: "app2"} 89 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 90 Snap: &snap.Info{ 91 SuggestedName: "modem-manager-prod", 92 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 93 }, 94 Name: "modem-manager", 95 Interface: "modem-manager", 96 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 97 }, nil, nil) 98 99 release.OnClassic = false 100 101 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 102 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 103 104 apparmorSpec := &apparmor.Specification{} 105 err := apparmorSpec.AddConnectedPlug(s.iface, plug, slot) 106 c.Assert(err, IsNil) 107 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 108 c.Assert(apparmorSpec.SnippetForTag("snap.modem-manager.mmcli"), testutil.Contains, `peer=(label="snap.modem-manager-prod.*"),`) 109 } 110 111 // The label uses alternation when some, but not all, apps is bound to the modem-manager slot 112 func (s *ModemManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) { 113 app1 := &snap.AppInfo{Name: "app1"} 114 app2 := &snap.AppInfo{Name: "app2"} 115 app3 := &snap.AppInfo{Name: "app3"} 116 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 117 Snap: &snap.Info{ 118 SuggestedName: "modem-manager", 119 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3}, 120 }, 121 Name: "modem-manager", 122 Interface: "modem-manager", 123 Apps: map[string]*snap.AppInfo{"app1": app1, "app2": app2}, 124 }, nil, nil) 125 126 release.OnClassic = false 127 128 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 129 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 130 131 apparmorSpec := &apparmor.Specification{} 132 err := apparmorSpec.AddConnectedPlug(s.iface, plug, slot) 133 c.Assert(err, IsNil) 134 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 135 c.Assert(apparmorSpec.SnippetForTag("snap.modem-manager.mmcli"), testutil.Contains, `peer=(label="snap.modem-manager.{app1,app2}"),`) 136 } 137 138 // The label uses short form when exactly one app is bound to the modem-manager slot 139 func (s *ModemManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) { 140 app := &snap.AppInfo{Name: "app"} 141 slot := interfaces.NewConnectedSlot(&snap.SlotInfo{ 142 Snap: &snap.Info{ 143 SuggestedName: "modem-manager", 144 Apps: map[string]*snap.AppInfo{"app": app}, 145 }, 146 Name: "modem-manager", 147 Interface: "modem-manager", 148 Apps: map[string]*snap.AppInfo{"app": app}, 149 }, nil, nil) 150 151 release.OnClassic = false 152 153 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 154 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 155 156 apparmorSpec := &apparmor.Specification{} 157 err := apparmorSpec.AddConnectedPlug(s.iface, plug, slot) 158 c.Assert(err, IsNil) 159 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 160 c.Assert(apparmorSpec.SnippetForTag("snap.modem-manager.mmcli"), testutil.Contains, `peer=(label="snap.modem-manager.app"),`) 161 } 162 163 func (s *ModemManagerInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelNot(c *C) { 164 release.OnClassic = false 165 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 166 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 167 168 apparmorSpec := &apparmor.Specification{} 169 err := apparmorSpec.AddConnectedPlug(s.iface, plug, s.slot) 170 c.Assert(err, IsNil) 171 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 172 snippet := apparmorSpec.SnippetForTag("snap.modem-manager.mmcli") 173 c.Assert(snippet, Not(testutil.Contains), "peer=(label=unconfined),") 174 c.Assert(snippet, testutil.Contains, "org/freedesktop/ModemManager1") 175 } 176 177 func (s *ModemManagerInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelOnClassic(c *C) { 178 release.OnClassic = true 179 180 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 181 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 182 apparmorSpec := &apparmor.Specification{} 183 err := apparmorSpec.AddConnectedPlug(s.iface, plug, s.slot) 184 c.Assert(err, IsNil) 185 c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 186 c.Assert(apparmorSpec.SnippetForTag("snap.modem-manager.mmcli"), testutil.Contains, "peer=(label=unconfined),") 187 } 188 189 func (s *ModemManagerInterfaceSuite) TestUsedSecuritySystems(c *C) { 190 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 191 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 192 apparmorSpec := &apparmor.Specification{} 193 err := apparmorSpec.AddConnectedPlug(s.iface, plug, s.slot) 194 c.Assert(err, IsNil) 195 c.Assert(apparmorSpec.SecurityTags(), HasLen, 1) 196 197 dbusSpec := &dbus.Specification{} 198 err = dbusSpec.AddConnectedPlug(s.iface, plug, s.slot) 199 c.Assert(err, IsNil) 200 c.Assert(dbusSpec.SecurityTags(), HasLen, 1) 201 202 dbusSpec = &dbus.Specification{} 203 err = dbusSpec.AddPermanentSlot(s.iface, s.slotInfo) 204 c.Assert(err, IsNil) 205 c.Assert(dbusSpec.SecurityTags(), HasLen, 1) 206 207 udevSpec := &udev.Specification{} 208 c.Assert(udevSpec.AddPermanentSlot(s.iface, s.slotInfo), IsNil) 209 c.Assert(udevSpec.Snippets(), HasLen, 3) 210 c.Assert(udevSpec.Snippets()[0], testutil.Contains, `SUBSYSTEMS=="usb"`) 211 c.Assert(udevSpec.Snippets(), testutil.Contains, `# modem-manager 212 KERNEL=="tty[a-zA-Z]*[0-9]*|cdc-wdm[0-9]*", TAG+="snap_modem-manager_mm"`) 213 c.Assert(udevSpec.Snippets(), testutil.Contains, `TAG=="snap_modem-manager_mm", RUN+="/usr/lib/snapd/snap-device-helper $env{ACTION} snap_modem-manager_mm $devpath $major:$minor"`) 214 } 215 216 func (s *ModemManagerInterfaceSuite) TestPermanentSlotDBus(c *C) { 217 dbusSpec := &dbus.Specification{} 218 err := dbusSpec.AddPermanentSlot(s.iface, s.slotInfo) 219 c.Assert(err, IsNil) 220 c.Assert(dbusSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mm"}) 221 snippet := dbusSpec.SnippetForTag("snap.modem-manager.mm") 222 c.Assert(snippet, testutil.Contains, "allow own=\"org.freedesktop.ModemManager1\"") 223 c.Assert(snippet, testutil.Contains, "allow send_destination=\"org.freedesktop.ModemManager1\"") 224 } 225 226 func (s *ModemManagerInterfaceSuite) TestPermanentSlotSecComp(c *C) { 227 seccompSpec := &seccomp.Specification{} 228 err := seccompSpec.AddPermanentSlot(s.iface, s.slotInfo) 229 c.Assert(err, IsNil) 230 c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mm"}) 231 c.Check(seccompSpec.SnippetForTag("snap.modem-manager.mm"), testutil.Contains, "listen\n") 232 } 233 234 func (s *ModemManagerInterfaceSuite) TestConnectedPlugDBus(c *C) { 235 plugSnap := snaptest.MockInfo(c, modemmgrMockPlugSnapInfoYaml, nil) 236 plug := interfaces.NewConnectedPlug(plugSnap.Plugs["modem-manager"], nil, nil) 237 238 dbusSpec := &dbus.Specification{} 239 err := dbusSpec.AddConnectedPlug(s.iface, plug, s.slot) 240 c.Assert(err, IsNil) 241 c.Assert(dbusSpec.SecurityTags(), DeepEquals, []string{"snap.modem-manager.mmcli"}) 242 snippet := dbusSpec.SnippetForTag("snap.modem-manager.mmcli") 243 c.Assert(snippet, testutil.Contains, "deny own=\"org.freedesktop.ModemManager1\"") 244 c.Assert(snippet, testutil.Contains, "deny send_destination=\"org.freedesktop.ModemManager1\"") 245 } 246 247 func (s *ModemManagerInterfaceSuite) TestInterfaces(c *C) { 248 c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) 249 }