Skip to content

Commit

Permalink
many: make interfaces.NewSnapAppSet return an error to prevent adding…
Browse files Browse the repository at this point in the history 
… components from the wrong snap
  • Loading branch information
@andrewphelpsj
andrewphelpsj committed Apr 17, 2024
1 parent 58a0ab3 commit 5f5b3ab
Show file tree
Hide file tree
Showing 201 changed files with 2,641 additions and 1,072 deletions.
76 changes: 47 additions & 29 deletions interfaces/apparmor/backend_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,8 @@ func (s *backendSuite) TestTimings(c *C) {
meas := perf.StartSpan("", "")

snapInfo := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
appSet := interfaces.NewSnapAppSet(snapInfo, nil)
appSet, err := interfaces.NewSnapAppSet(snapInfo, nil)
c.Assert(err, IsNil)
c.Assert(s.Backend.Setup(appSet, opts, s.Repo, meas), IsNil)

st := state.New(nil)
Expand Down Expand Up @@ -402,8 +403,9 @@ func (s *backendSuite) TestProfilesAreAlwaysLoaded(c *C) {
snapInfo := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
s.loadProfilesCalls = nil

appSet := interfaces.NewSnapAppSet(snapInfo, nil)
err := s.Backend.Setup(appSet, opts, s.Repo, s.meas)
appSet, err := interfaces.NewSnapAppSet(snapInfo, nil)
c.Assert(err, IsNil)
err = s.Backend.Setup(appSet, opts, s.Repo, s.meas)
c.Assert(err, IsNil)
updateNSProfile := filepath.Join(dirs.SnapAppArmorDir, "snap-update-ns.samba")
profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd")
Expand Down Expand Up @@ -545,13 +547,15 @@ func (s *backendSuite) TestSetupManyProfilesAreAlwaysLoaded(c *C) {
for _, opts := range testedConfinementOpts {
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil
setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
err := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(err, IsNil)
errs := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(errs, IsNil)
snap1nsProfile := filepath.Join(dirs.SnapAppArmorDir, "snap-update-ns.samba")
snap1AAprofile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd")
snap2nsProfile := filepath.Join(dirs.SnapAppArmorDir, "snap-update-ns.some-snap")
Expand All @@ -568,8 +572,10 @@ func (s *backendSuite) TestSetupManyProfilesWithChanged(c *C) {
for _, opts := range testedConfinementOpts {
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil

snap1nsProfile := filepath.Join(dirs.SnapAppArmorDir, "snap-update-ns.samba")
Expand All @@ -583,8 +589,8 @@ func (s *backendSuite) TestSetupManyProfilesWithChanged(c *C) {

setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
err := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(err, IsNil)
errs := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(errs, IsNil)

// expect two batch executions - one for changed profiles, second for unchanged profiles.
c.Check(s.loadProfilesCalls, DeepEquals, []loadProfilesParams{
Expand Down Expand Up @@ -621,8 +627,10 @@ func (s *backendSuite) TestSetupManyApparmorBatchProcessingPermanentError(c *C)
// note, InstallSnap here uses s.parserCmd which mocks happy apparmor_parser
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil
setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
Expand Down Expand Up @@ -656,8 +664,10 @@ func (s *backendSuite) TestSetupManyApparmorBatchProcessingErrorWithFallbackOK(c
// note, InstallSnap here uses s.parserCmd which mocks happy apparmor_parser
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil
setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
Expand Down Expand Up @@ -699,8 +709,10 @@ func (s *backendSuite) TestSetupManyApparmorBatchProcessingErrorWithFallbackPart
// note, InstallSnap here uses s.parserCmd which mocks happy apparmor_parser
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil
setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
Expand Down Expand Up @@ -808,9 +820,10 @@ func (s *backendSuite) TestDefaultCoreRuntimesTemplateOnlyUsed(c *C) {
testYaml := ifacetest.SambaYamlV1 + base + "\n"

snapInfo := snaptest.MockInfo(c, testYaml, nil)
appSet := interfaces.NewSnapAppSet(snapInfo, nil)
appSet, err := interfaces.NewSnapAppSet(snapInfo, nil)
c.Assert(err, IsNil)
// NOTE: we don't call apparmor.MockTemplate()
err := s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.meas)
err = s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.meas)
c.Assert(err, IsNil)
profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd")
data, err := os.ReadFile(profile)
Expand Down Expand Up @@ -848,9 +861,10 @@ func (s *backendSuite) TestBaseDefaultTemplateOnlyUsed(c *C) {
testYaml := ifacetest.SambaYamlV1 + "base: other\n"

snapInfo := snaptest.MockInfo(c, testYaml, nil)
appSet := interfaces.NewSnapAppSet(snapInfo, nil)
appSet, err := interfaces.NewSnapAppSet(snapInfo, nil)
c.Assert(err, IsNil)
// NOTE: we don't call apparmor.MockTemplate()
err := s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.meas)
err = s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.meas)
c.Assert(err, IsNil)
profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd")
data, err := os.ReadFile(profile)
Expand Down Expand Up @@ -1569,9 +1583,10 @@ func (s *backendSuite) TestSnapConfineProfileDiscardedLateSnapd(c *C) {
defer restorer()
// snapd snap at revision 222.
snapdInfo := snaptest.MockInfo(c, snapdYaml, &snap.SideInfo{Revision: snap.R(222)})
appSet := interfaces.NewSnapAppSet(snapdInfo, nil)
appSet, err := interfaces.NewSnapAppSet(snapdInfo, nil)
c.Assert(err, IsNil)
s.writeVanillaSnapConfineProfile(c, snapdInfo)
err := s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.perf)
err = s.Backend.Setup(appSet, interfaces.ConfinementOptions{}, s.Repo, s.perf)
c.Assert(err, IsNil)
// precondition
c.Assert(filepath.Join(dirs.SnapAppArmorDir, "snap-confine.snapd.222"), testutil.FilePresent)
Expand Down Expand Up @@ -2399,9 +2414,10 @@ func (s *backendSuite) TestPtraceTraceRule(c *C) {
}

snapInfo := s.InstallSnap(c, tc.opts, "", ifacetest.SambaYamlV1, 1)
appSet := interfaces.NewSnapAppSet(snapInfo, nil)
appSet, err := interfaces.NewSnapAppSet(snapInfo, nil)
c.Assert(err, IsNil)

err := s.Backend.Setup(appSet, tc.opts, s.Repo, s.meas)
err = s.Backend.Setup(appSet, tc.opts, s.Repo, s.meas)
c.Assert(err, IsNil)

profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd")
Expand Down Expand Up @@ -2600,8 +2616,10 @@ func (s *backendSuite) TestSetupManyInPreseedMode(c *C) {
for _, opts := range testedConfinementOpts {
snapInfo1 := s.InstallSnap(c, opts, "", ifacetest.SambaYamlV1, 1)
snapInfo2 := s.InstallSnap(c, opts, "", ifacetest.SomeSnapYamlV1, 1)
appSet1 := interfaces.NewSnapAppSet(snapInfo1, nil)
appSet2 := interfaces.NewSnapAppSet(snapInfo2, nil)
appSet1, err := interfaces.NewSnapAppSet(snapInfo1, nil)
c.Assert(err, IsNil)
appSet2, err := interfaces.NewSnapAppSet(snapInfo2, nil)
c.Assert(err, IsNil)
s.loadProfilesCalls = nil

snap1nsProfile := filepath.Join(dirs.SnapAppArmorDir, "snap-update-ns.samba")
Expand All @@ -2615,8 +2633,8 @@ func (s *backendSuite) TestSetupManyInPreseedMode(c *C) {

setupManyInterface, ok := s.Backend.(interfaces.SecurityBackendSetupMany)
c.Assert(ok, Equals, true)
err := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(err, IsNil)
errs := setupManyInterface.SetupMany([]*interfaces.SnapAppSet{appSet1, appSet2}, func(snapName string) interfaces.ConfinementOptions { return opts }, s.Repo, s.meas)
c.Assert(errs, IsNil)

// expect two batch executions - one for changed profiles, second for unchanged profiles.
c.Check(s.loadProfilesCalls, DeepEquals, []loadProfilesParams{
Expand Down
16 changes: 13 additions & 3 deletions interfaces/apparmor/spec_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,10 @@ func (s *specSuite) SetUpTest(c *C) {
s.BaseTest.SetUpTest(c)
s.BaseTest.AddCleanup(snap.MockSanitizePlugsSlots(func(snapInfo *snap.Info) {}))

s.spec = apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err := interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)

s.spec = apparmor.NewSpecification(appSet)
s.plug = interfaces.NewConnectedPlug(s.plugInfo, nil, nil)
s.slot = interfaces.NewConnectedSlot(s.slotInfo, nil, nil)
}
Expand All @@ -101,15 +104,21 @@ func (s *specSuite) TearDownTest(c *C) {

// The spec.Specification can be used through the interfaces.Specification interface
func (s *specSuite) TestSpecificationIface(c *C) {
spec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err := interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)

spec := apparmor.NewSpecification(appSet)
var r interfaces.Specification = spec
c.Assert(r.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(r.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
c.Assert(spec.Snippets(), DeepEquals, map[string][]string{
"snap.snap1.app1": {"connected-plug", "permanent-plug"},
})

spec = apparmor.NewSpecification(interfaces.NewSnapAppSet(s.slotInfo.Snap, nil))
appSet, err = interfaces.NewSnapAppSet(s.slotInfo.Snap, nil)
c.Assert(err, IsNil)

spec = apparmor.NewSpecification(appSet)
r = spec
c.Assert(r.AddConnectedSlot(s.iface, s.plug, s.slot), IsNil)
c.Assert(r.AddPermanentSlot(s.iface, s.slotInfo), IsNil)
Expand Down Expand Up @@ -287,6 +296,7 @@ func (s *specSuite) TestApparmorSnippetsFromLayout(c *C) {
defer restore()

s.spec.AddLayout(snapInfo)

c.Assert(s.spec.Snippets(), DeepEquals, map[string][]string{
"snap.vanguard.vanguard": {
"# Layout path: /etc/foo.conf\n\"/etc/foo.conf\" mrwklix,",
Expand Down
10 changes: 7 additions & 3 deletions interfaces/builtin/account_control_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,13 +87,17 @@ func (s *AccountControlSuite) TestSanitizePlug(c *C) {

func (s *AccountControlSuite) TestUsedSecuritySystems(c *C) {
// connected plugs have a non-nil security snippet for apparmor
apparmorSpec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
apparmorSpec := apparmor.NewSpecification(appSet)
err = apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
c.Assert(err, IsNil)
c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"})
c.Assert(apparmorSpec.SnippetForTag("snap.other.app2"), testutil.Contains, "/{,usr/}sbin/chpasswd")

seccompSpec := seccomp.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
seccompSpec := seccomp.NewSpecification(appSet)
err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
c.Assert(err, IsNil)
c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.other.app2"})
Expand Down
4 changes: 3 additions & 1 deletion interfaces/builtin/accounts_service_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,9 @@ func (s *AccountsServiceInterfaceSuite) TestSanitize(c *C) {
}

func (s *AccountsServiceInterfaceSuite) TestAppArmorConnectedPlug(c *C) {
spec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec := apparmor.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 1)
c.Check(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, `interface=org.gnome.OnlineAccounts.*`)
Expand Down
8 changes: 6 additions & 2 deletions interfaces/builtin/acrn_support_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,9 @@ func (s *acrnSupportInterfaceSuite) TestSanitizePlug(c *C) {
}

func (s *acrnSupportInterfaceSuite) TestAppArmorSpec(c *C) {
spec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec := apparmor.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
c.Assert(spec.SnippetForTag("snap.consumer.app"), Equals, `
Expand All @@ -94,7 +96,9 @@ func (s *acrnSupportInterfaceSuite) TestAppArmorSpec(c *C) {
}

func (s *acrnSupportInterfaceSuite) TestUDevSpec(c *C) {
spec := udev.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec := udev.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.Snippets(), HasLen, 2)
c.Assert(spec.Snippets()[0], Equals, `# acrn-support
Expand Down
48 changes: 36 additions & 12 deletions interfaces/builtin/adb_support_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,54 +82,76 @@ func (s *adbSupportSuite) TestSanitizePlug(c *C) {
}

func (s *adbSupportSuite) TestSecCompSpec(c *C) {
spec := seccomp.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err := interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)
spec := seccomp.NewSpecification(appSet)
c.Assert(spec.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)

spec = seccomp.NewSpecification(interfaces.NewSnapAppSet(s.slotInfo.Snap, nil))
appSet, err = interfaces.NewSnapAppSet(s.slotInfo.Snap, nil)
c.Assert(err, IsNil)
spec = seccomp.NewSpecification(appSet)
c.Assert(spec.AddPermanentSlot(s.iface, s.slotInfo), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)

spec = seccomp.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec = seccomp.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)

spec = seccomp.NewSpecification(interfaces.NewSnapAppSet(s.slot.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.slot.Snap(), nil)
c.Assert(err, IsNil)
spec = seccomp.NewSpecification(appSet)
c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)
}

func (s *adbSupportSuite) TestAppArmorSpec(c *C) {
spec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err := interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)
spec := apparmor.NewSpecification(appSet)
c.Assert(spec.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)

spec = apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err = interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)
spec = apparmor.NewSpecification(appSet)
c.Assert(spec.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
c.Assert(spec.AddPermanentSlot(s.iface, s.slotInfo), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)

spec = apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec = apparmor.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 1)
c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/dev/bus/usb/[0-9][0-9][0-9]/[0-9][0-9][0-9] rw,")
c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "/run/udev/data/c189:* r,")

spec = apparmor.NewSpecification(interfaces.NewSnapAppSet(s.slot.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.slot.Snap(), nil)
c.Assert(err, IsNil)
spec = apparmor.NewSpecification(appSet)
c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.SecurityTags(), HasLen, 0)
}

func (s *adbSupportSuite) TestUDevSpec(c *C) {
spec := udev.NewSpecification(interfaces.NewSnapAppSet(s.plugInfo.Snap, nil))
appSet, err := interfaces.NewSnapAppSet(s.plugInfo.Snap, nil)
c.Assert(err, IsNil)
spec := udev.NewSpecification(appSet)
c.Assert(spec.AddPermanentPlug(s.iface, s.plugInfo), IsNil)
c.Assert(spec.Snippets(), HasLen, 0)

spec = udev.NewSpecification(interfaces.NewSnapAppSet(s.slotInfo.Snap, nil))
appSet, err = interfaces.NewSnapAppSet(s.slotInfo.Snap, nil)
c.Assert(err, IsNil)
spec = udev.NewSpecification(appSet)
c.Assert(spec.AddPermanentSlot(s.iface, s.slotInfo), IsNil)
c.Assert(spec.Snippets(), HasLen, 0)

spec = udev.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec = udev.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.Snippets(), HasLen, 82)
c.Assert(spec.Snippets(), testutil.Contains, `# adb-support
Expand All @@ -142,7 +164,9 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", TAG+="snap_consumer_app"`)
c.Assert(spec.Snippets(), testutil.Contains, `# adb-support
SUBSYSTEM=="usb", ATTR{idVendor}=="2a70", TAG+="snap_consumer_app"`)

spec = udev.NewSpecification(interfaces.NewSnapAppSet(s.slot.Snap(), nil))
appSet, err = interfaces.NewSnapAppSet(s.slot.Snap(), nil)
c.Assert(err, IsNil)
spec = udev.NewSpecification(appSet)
c.Assert(spec.AddConnectedSlot(s.iface, s.plug, s.slot), IsNil)
c.Assert(spec.Snippets(), HasLen, 1)
c.Assert(spec.Snippets()[0], testutil.Contains, `SUBSYSTEM=="usb", ATTR{idVendor}=="0502", MODE="0666"`)
Expand Down
8 changes: 6 additions & 2 deletions interfaces/builtin/allegro_vcu_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,9 @@ func (s *AllegroVcuInterfaceSuite) TestSanitizePlug(c *C) {
}

func (s *AllegroVcuInterfaceSuite) TestAppArmorSpec(c *C) {
spec := apparmor.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec := apparmor.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.coreSlot), IsNil)
c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"})
c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, `/dev/allegroDecodeIP rw,`)
Expand All @@ -86,7 +88,9 @@ func (s *AllegroVcuInterfaceSuite) TestAppArmorSpec(c *C) {
}

func (s *AllegroVcuInterfaceSuite) TestUDevSpec(c *C) {
spec := udev.NewSpecification(interfaces.NewSnapAppSet(s.plug.Snap(), nil))
appSet, err := interfaces.NewSnapAppSet(s.plug.Snap(), nil)
c.Assert(err, IsNil)
spec := udev.NewSpecification(appSet)
c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.coreSlot), IsNil)
c.Assert(spec.Snippets(), HasLen, 4)
c.Assert(spec.Snippets(), testutil.Contains, `# allegro-vcu
Expand Down
Loading

0 comments on commit 5f5b3ab

Please sign in to comment.