Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| // -*- Mode: Go; indent-tabs-mode: t -*- | |
| /* | |
| * Copyright (C) 2016 Canonical Ltd | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License version 3 as | |
| * published by the Free Software Foundation. | |
| * | |
| * This program is distributed in the hope that it will be useful, | |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| * GNU General Public License for more details. | |
| * | |
| * You should have received a copy of the GNU General Public License | |
| * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| * | |
| */ | |
| package builtin_test | |
| import ( | |
| . "gopkg.in/check.v1" | |
| "github.com/snapcore/snapd/interfaces" | |
| "github.com/snapcore/snapd/interfaces/apparmor" | |
| "github.com/snapcore/snapd/interfaces/builtin" | |
| "github.com/snapcore/snapd/interfaces/seccomp" | |
| "github.com/snapcore/snapd/snap" | |
| "github.com/snapcore/snapd/snap/snaptest" | |
| "github.com/snapcore/snapd/testutil" | |
| ) | |
| type NetworkInterfaceSuite struct { | |
| iface interfaces.Interface | |
| slotInfo *snap.SlotInfo | |
| slot *interfaces.ConnectedSlot | |
| plugInfo *snap.PlugInfo | |
| plug *interfaces.ConnectedPlug | |
| } | |
| const netMockPlugSnapInfoYaml = `name: other | |
| version: 1.0 | |
| apps: | |
| app2: | |
| command: foo | |
| plugs: [network] | |
| ` | |
| var _ = Suite(&NetworkInterfaceSuite{ | |
| iface: builtin.MustInterface("network"), | |
| }) | |
| func (s *NetworkInterfaceSuite) SetUpTest(c *C) { | |
| s.slotInfo = &snap.SlotInfo{ | |
| Snap: &snap.Info{SuggestedName: "core", Type: snap.TypeOS}, | |
| Name: "network", | |
| Interface: "network", | |
| } | |
| s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil) | |
| plugSnap := snaptest.MockInfo(c, netMockPlugSnapInfoYaml, nil) | |
| s.plugInfo = plugSnap.Plugs["network"] | |
| s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil) | |
| } | |
| func (s *NetworkInterfaceSuite) TestName(c *C) { | |
| c.Assert(s.iface.Name(), Equals, "network") | |
| } | |
| func (s *NetworkInterfaceSuite) TestSanitizeSlot(c *C) { | |
| c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil) | |
| slot := &snap.SlotInfo{ | |
| Snap: &snap.Info{SuggestedName: "some-snap"}, | |
| Name: "network", | |
| Interface: "network", | |
| } | |
| c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches, | |
| "network slots are reserved for the core snap") | |
| } | |
| func (s *NetworkInterfaceSuite) TestSanitizePlug(c *C) { | |
| c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil) | |
| } | |
| func (s *NetworkInterfaceSuite) TestUsedSecuritySystems(c *C) { | |
| // connected plugs have a non-nil security snippet for apparmor | |
| apparmorSpec := &apparmor.Specification{} | |
| err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot) | |
| c.Assert(err, IsNil) | |
| c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) | |
| c.Assert(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, `tcp_fastopen`) | |
| // connected plugs have a non-nil security snippet for seccomp | |
| seccompSpec := &seccomp.Specification{} | |
| err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot) | |
| c.Assert(err, IsNil) | |
| c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"}) | |
| c.Check(seccompSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "bind\n") | |
| } | |
| func (s *NetworkInterfaceSuite) TestInterfaces(c *C) { | |
| c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface) | |
| } |