c/snap-confine, i/udev, i/ifacetest: update snap-confine and snap-device-helper to understand component hook security tags

[andrewphelpsj]

This PR teaches snap-confine and snap-device-helper how to parse security tags that represent component hooks.

An example of a security tag from a component hook would be: snap.name+comp.hook.install
And one with an instance key: snap.name_instance+comp.hook.install

Something important to note is how these are encoded as udev tags. Currently, when converting a security tag to a udev tag, we replace all . characters in the tag with _ characters because systemd limits udev tags to having only alphanumeric characters, with the addition of the characters - and _. Since security tags can now contain +
characters, those will be encoded as two consecutive _ characters.

For example:

"snap.name+comp.hook.install" -> "snap_name__comp_hook_install"
"snap.name_instance+comp.hook.install" -> "snap_name_instance__comp_hook_install"

This allows the conversion to maintain its reversibility.

[bboozzoo]

shellcheck appears to be unhappy:

In tests/main/component-hooks/comp-with-install-hook/meta/hooks/install line 5:
printf "GET /ip HTTP/1.0\r\n\r\n" | nc httpbin.org 80 2>&1 > "${SNAP_COMMON}/install-logs" 
                                                      ^--^ SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ cmd > file; } 2>&1' to clarify).

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 5.26316% with 18 lines in your changes missing coverage. Please review.

Project coverage is 78.71%. Comparing base (c01787f) to head (a6de4f3).
Report is 27 commits behind head on master.

Files	Patch %	Lines
interfaces/ifacetest/app_set.go	0.00%	18 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #13775      +/-   ##
==========================================
- Coverage   78.72%   78.71%   -0.02%     
==========================================
  Files        1053     1053              
  Lines      137711   138127     +416     
==========================================
+ Hits       108419   108731     +312     
- Misses      22494    22580      +86     
- Partials     6798     6816      +18     

Flag	Coverage Δ
unittests	78.71% <5.26%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[andrewphelpsj]

It looks like the inclusive naming check is picking up some of the snap-confine files that were changed. I think that we probably don't want to include a bunch of renames in this PR, but we don't have a way to skip that check right now. I could add a tag (and a check in the action for that tag) that would allow us to skip it if we want.

[alfonsosanchezbeato]

Looks good, some comments but mainly nitpicks.

[alfonsosanchezbeato]

LGTM, thanks!

[jslarraz]

Maybe those are too evident, but we may still want to add a couple of simple test cases for (string == NULL) and (prefix == NULL && suffix == NULL)

[andrewphelpsj]

Thanks! Done in fc05b1b.

[jslarraz]

LGTM, just one minor comment about some extra tests, but feel free to ignore it if you think they do not add much value.

I think it will be worth giving @alexmurray a chance to take a look at it before merging just to be sure I'm not overlooking anything

[alexmurray]

LGTM!

[zyga]

Please check my comment on reverse_component_separator_encoding. I left some nitpicks in othe places.

[zyga]

You can use some preprocessor magic to inject SNAP_NAME_LEN as a value there, at compile time, with #SNAP_NAME_LEN. See https://gcc.gnu.org/onlinedocs/cpp/Stringizing.html

Alternatively just %d and pass the limit as an argument.

[zyga]

Please clarify that snap name and component name are copied into the given buffers.

[zyga]

I was thinking about this and I kind of think that it's "probably" better to just use strdup+strtok instead.

No need to fuss around with buffers and handle them by hand. One allocation for all the needs for handling typical tag names. Each token can be replaced with \0 for a ready-to-use string.

[zyga]

Nitpick, this should probably be just const int, enum feels not much like C.

[andrewphelpsj]

Using a const int would result in this being a variable-length array, if you compile with -Wvla, you'll see a warning.

Example:

phelps@arch ~/tmp> cat main.c
int main() {
    const int size = 10;
    int array[size];
    return 0;
}
phelps@arch ~/tmp> gcc -Wvla -o main ./main.c
./main.c: In function ‘main’:
./main.c:3:5: warning: ISO C90 forbids variable length array ‘array’ [-Wvla]
    3 |     int array[size];
      |     ^~~
phelps@arch ~/tmp> cat other.c
int main() {
    enum { size = 10 };
    int array[size];
    return 0;
}
phelps@arch ~/tmp> gcc -Wvla -o main ./other.c

Alfonso suggested the enum over a #define, but I don't really have a strong opinion.

[zyga]

TIL

[zyga]

We should clarify exactly what is the allowed pattern, as now there's a disagreement between snapd and snapcraft. Can you circle back to the spec and make sure it says what is allowed (digits).

[zyga]

LGTM

I'll follow up on some string operations but this is okay.