github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/unity8_calendar_test.go

github.com/rigado/snapd@v2.42.5-go-mod+incompatible/interfaces/builtin/unity8_calendar_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2016 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	. "gopkg.in/check.v1"
    24  
    25  	"github.com/snapcore/snapd/interfaces"
    26  	"github.com/snapcore/snapd/interfaces/apparmor"
    27  	"github.com/snapcore/snapd/interfaces/builtin"
    28  	"github.com/snapcore/snapd/interfaces/seccomp"
    29  	"github.com/snapcore/snapd/release"
    30  	"github.com/snapcore/snapd/snap"
    31  	"github.com/snapcore/snapd/snap/snaptest"
    32  	"github.com/snapcore/snapd/testutil"
    33  )
    34  
    35  type Unity8CalendarInterfaceSuite struct {
    36  	iface        interfaces.Interface
    37  	slotInfo     *snap.SlotInfo
    38  	slot         *interfaces.ConnectedSlot
    39  	coreSlotInfo *snap.SlotInfo
    40  	coreSlot     *interfaces.ConnectedSlot
    41  	plugInfo     *snap.PlugInfo
    42  	plug         *interfaces.ConnectedPlug
    43  }
    44  
    45  var _ = Suite(&Unity8CalendarInterfaceSuite{
    46  	iface: builtin.MustInterface("unity8-calendar"),
    47  })
    48  
    49  func (s *Unity8CalendarInterfaceSuite) SetUpTest(c *C) {
    50  	const mockCoreSlotInfoYaml = `name: unity8-calendar
    51  version: 1.0
    52  apps:
    53   app:
    54    command: foo
    55    slots: [unity8-calendar]
    56  `
    57  	const mockPlugSnapInfo = `name: other
    58  version: 1.0
    59  apps:
    60   app:
    61    command: foo
    62    plugs: [unity8-calendar]
    63  `
    64  	s.slotInfo = &snap.SlotInfo{
    65  		Snap:      &snap.Info{SuggestedName: "core", SnapType: snap.TypeOS},
    66  		Name:      "unity8-calendar",
    67  		Interface: "unity8-calendar",
    68  	}
    69  	s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil)
    70  
    71  	plugSnap := snaptest.MockInfo(c, mockPlugSnapInfo, nil)
    72  	s.plugInfo = plugSnap.Plugs["unity8-calendar"]
    73  	s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil)
    74  
    75  	slotSnap := snaptest.MockInfo(c, mockCoreSlotInfoYaml, nil)
    76  	s.coreSlotInfo = slotSnap.Slots["unity8-calendar"]
    77  	s.coreSlot = interfaces.NewConnectedSlot(s.coreSlotInfo, nil, nil)
    78  }
    79  
    80  func (s *Unity8CalendarInterfaceSuite) TestName(c *C) {
    81  	c.Assert(s.iface.Name(), Equals, "unity8-calendar")
    82  }
    83  
    84  func (s *Unity8CalendarInterfaceSuite) TestSanitizePlug(c *C) {
    85  	c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil)
    86  }
    87  
    88  func (s *Unity8CalendarInterfaceSuite) TestUsedSecuritySystems(c *C) {
    89  	// connected plugs have a non-nil security snippet for apparmor
    90  	apparmorSpec := &apparmor.Specification{}
    91  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    92  	c.Assert(err, IsNil)
    93  	c.Assert(apparmorSpec.SecurityTags(), HasLen, 1)
    94  }
    95  
    96  // The label glob when all apps are bound to the calendar slot
    97  func (s *Unity8CalendarInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(c *C) {
    98  	app1 := &snap.AppInfo{Name: "app1"}
    99  	app2 := &snap.AppInfo{Name: "app2"}
   100  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   101  		Snap: &snap.Info{
   102  			SuggestedName: "unity8",
   103  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   104  		},
   105  		Name:      "unity8-calendar",
   106  		Interface: "unity8-calendar",
   107  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   108  	}, nil, nil)
   109  
   110  	release.OnClassic = false
   111  
   112  	apparmorSpec := &apparmor.Specification{}
   113  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   114  	c.Assert(err, IsNil)
   115  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   116  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.*"),`)
   117  }
   118  
   119  // The label uses alternation when some, but not all, apps is bound to the calendar slot
   120  func (s *Unity8CalendarInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome(c *C) {
   121  	app1 := &snap.AppInfo{Name: "app1"}
   122  	app2 := &snap.AppInfo{Name: "app2"}
   123  	app3 := &snap.AppInfo{Name: "app3"}
   124  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   125  		Snap: &snap.Info{
   126  			SuggestedName: "unity8",
   127  			Apps:          map[string]*snap.AppInfo{"app1": app1, "app2": app2, "app3": app3},
   128  		},
   129  		Name:      "unity8-calendar",
   130  		Interface: "unity8-calendar",
   131  		Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
   132  	}, nil, nil)
   133  
   134  	release.OnClassic = false
   135  
   136  	apparmorSpec := &apparmor.Specification{}
   137  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   138  	c.Assert(err, IsNil)
   139  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   140  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.{app1,app2}"),`)
   141  }
   142  
   143  // The label uses short form when exactly one app is bound to the calendar slot
   144  func (s *Unity8CalendarInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(c *C) {
   145  	app := &snap.AppInfo{Name: "app"}
   146  	slot := interfaces.NewConnectedSlot(&snap.SlotInfo{
   147  		Snap: &snap.Info{
   148  			SuggestedName: "unity8",
   149  			Apps:          map[string]*snap.AppInfo{"app": app},
   150  		},
   151  		Name:      "unity8-calendar",
   152  		Interface: "unity8-calendar",
   153  		Apps:      map[string]*snap.AppInfo{"app": app},
   154  	}, nil, nil)
   155  
   156  	release.OnClassic = false
   157  
   158  	apparmorSpec := &apparmor.Specification{}
   159  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, slot)
   160  	c.Assert(err, IsNil)
   161  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   162  	c.Assert(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, `peer=(label="snap.unity8.app"),`)
   163  }
   164  
   165  func (s *Unity8CalendarInterfaceSuite) TestConnectedPlugSnippetUsesUnconfinedLabelOnClassic(c *C) {
   166  	release.OnClassic = true
   167  
   168  	apparmorSpec := &apparmor.Specification{}
   169  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   170  	c.Assert(err, IsNil)
   171  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   172  	snippet := apparmorSpec.SnippetForTag("snap.other.app")
   173  	// verify apparmor connected
   174  	c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>")
   175  	// verify classic connected
   176  	c.Assert(snippet, testutil.Contains, "peer=(label=unconfined),")
   177  }
   178  
   179  func (s *Unity8CalendarInterfaceSuite) TestConnectedPlugSnippetAppArmor(c *C) {
   180  	release.OnClassic = false
   181  	apparmorSpec := &apparmor.Specification{}
   182  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
   183  	c.Assert(err, IsNil)
   184  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
   185  	snippet := apparmorSpec.SnippetForTag("snap.other.app")
   186  	// verify apparmor connected
   187  	c.Assert(snippet, testutil.Contains, "#include <abstractions/dbus-session-strict>")
   188  	// verify classic didn't connect
   189  	c.Assert(snippet, Not(testutil.Contains), "peer=(label=unconfined),")
   190  }
   191  
   192  func (s *Unity8CalendarInterfaceSuite) TestConnectedSlotSnippetAppArmor(c *C) {
   193  	apparmorSpec := &apparmor.Specification{}
   194  	err := apparmorSpec.AddConnectedSlot(s.iface, s.plug, s.coreSlot)
   195  	c.Assert(err, IsNil)
   196  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.unity8-calendar.app"})
   197  	c.Check(apparmorSpec.SnippetForTag("snap.unity8-calendar.app"), testutil.Contains, "peer=(label=\"snap.other.app\")")
   198  }
   199  
   200  func (s *Unity8CalendarInterfaceSuite) TestPermanentSlotSnippetAppArmor(c *C) {
   201  	apparmorSpec := &apparmor.Specification{}
   202  	err := apparmorSpec.AddPermanentSlot(s.iface, s.coreSlotInfo)
   203  	c.Assert(err, IsNil)
   204  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.unity8-calendar.app"})
   205  	c.Check(apparmorSpec.SnippetForTag("snap.unity8-calendar.app"), testutil.Contains, "name=\"org.gnome.evolution.dataserver.Sources5\"")
   206  }
   207  
   208  func (s *Unity8CalendarInterfaceSuite) TestPermanentSlotSnippetSecComp(c *C) {
   209  	seccompSpec := &seccomp.Specification{}
   210  	err := seccompSpec.AddPermanentSlot(s.iface, s.coreSlotInfo)
   211  	c.Assert(err, IsNil)
   212  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.unity8-calendar.app"})
   213  	c.Check(seccompSpec.SnippetForTag("snap.unity8-calendar.app"), testutil.Contains, "listen\n")
   214  }
   215  
   216  func (s *Unity8CalendarInterfaceSuite) TestInterfaces(c *C) {
   217  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   218  }