apparmor.d/pkg/prebuild/directive/dbus_test.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package directive

import (
	"testing"

	"github.com/roddhjav/apparmor.d/pkg/paths"
)

const dbusOwnSystemd1 = `  unix bind type=stream addr=@@{udbus}/bus/fake-own/system,

  dbus bind bus=system name=org.freedesktop.systemd1{,.*},
  dbus receive bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.systemd1{,.*}
       peer=(name="@{busname}"),
  dbus send bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.systemd1{,.*}
       peer=(name="{@{busname},org.freedesktop.DBus}"),
  dbus (send receive) bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.DBus.Properties
       member={Get,GetAll,Set,PropertiesChanged}
       peer=(name="{@{busname},org.freedesktop.DBus}"),
  dbus receive bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name="@{busname}"),
  dbus receive bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member=GetManagedObjects
       peer=(name="{@{busname},org.freedesktop.systemd1{,.*}}"),
  dbus send bus=system path=/org/freedesktop/systemd1{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member={InterfacesAdded,InterfacesRemoved}
       peer=(name="{@{busname},org.freedesktop.DBus}"),`

func TestDbus_Apply(t *testing.T) {
	tests := []struct {
		name    string
		opt     *Option
		profile string
		want    string
		wantErr bool
	}{
		{
			name: "own",
			opt: &Option{
				Name: "dbus",
				ArgMap: map[string]string{
					"bus":  "system",
					"name": "org.freedesktop.systemd1",
					"own":  "",
				},
				ArgList: []string{"own", "bus=system", "name=org.freedesktop.systemd1"},
				File:    paths.New("fake-own"),
				Raw:     "  #aa:dbus own bus=system name=org.freedesktop.systemd1",
			},
			profile: "  #aa:dbus own bus=system name=org.freedesktop.systemd1",
			want:    dbusOwnSystemd1,
		},
		{
			name: "own-interface",
			opt: &Option{
				Name: "dbus",
				ArgMap: map[string]string{
					"bus":        "session",
					"name":       "com.rastersoft.ding",
					"interface+": "org.gtk.Actions",
					"own":        "",
				},
				ArgList: []string{"own", "bus=session", "name=com.rastersoft.ding", "interface+=org.gtk.Actions"},
				File:    paths.New("fake-interface"),
				Raw:     "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
			},
			profile: "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
			want: `  unix bind type=stream addr=@@{udbus}/bus/fake-interface/session,

  dbus bind bus=session name=com.rastersoft.ding{,.*},
  dbus receive bus=session path=/com/rastersoft/ding{,/**}
       interface=com.rastersoft.ding{,.*}
       peer=(name="@{busname}"),
  dbus send bus=session path=/com/rastersoft/ding{,/**}
       interface=com.rastersoft.ding{,.*}
       peer=(name="{@{busname},org.freedesktop.DBus}"),
  dbus receive bus=session path=/com/rastersoft/ding{,/**}
       interface=org.gtk.Actions
       peer=(name="@{busname}"),
  dbus send bus=session path=/com/rastersoft/ding{,/**}
       interface=org.gtk.Actions
       peer=(name="{@{busname},org.freedesktop.DBus}"),
  dbus (send receive) bus=session path=/com/rastersoft/ding{,/**}
       interface=org.freedesktop.DBus.Properties
       member={Get,GetAll,Set,PropertiesChanged}
       peer=(name="{@{busname},org.freedesktop.DBus}"),
  dbus receive bus=session path=/com/rastersoft/ding{,/**}
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name="@{busname}"),
  dbus receive bus=session path=/com/rastersoft/ding{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member=GetManagedObjects
       peer=(name="{@{busname},com.rastersoft.ding{,.*}}"),
  dbus send bus=session path=/com/rastersoft/ding{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member={InterfacesAdded,InterfacesRemoved}
       peer=(name="{@{busname},org.freedesktop.DBus}"),`,
		},
		{
			name: "talk",
			opt: &Option{
				Name: "dbus",
				ArgMap: map[string]string{
					"bus":   "system",
					"name":  "org.freedesktop.Accounts",
					"label": "accounts-daemon",
					"talk":  "",
				},
				ArgList: []string{"talk", "bus=system", "name=org.freedesktop.Accounts", "label=accounts-daemon"},
				File:    paths.New("gdm-session-worker"),
				Raw:     "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
			},
			profile: "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
			want: `  unix bind type=stream addr=@@{udbus}/bus/gdm-session-wor/system,

  dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.Accounts{,.*}
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
  dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.DBus.Properties
       member={Get,GetAll,Set,PropertiesChanged}
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
  dbus send bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.DBus.Introspectable
       member=Introspect
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
  dbus send bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member=GetManagedObjects
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
  dbus receive bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.DBus.ObjectManager
       member={InterfacesAdded,InterfacesRemoved}
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := Directives["dbus"].Apply(tt.opt, tt.profile)
			if (err != nil) != tt.wantErr {
				t.Errorf("Dbus.Apply() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != tt.want {
				t.Errorf("Dbus.Apply() = %v, want %v", got, tt.want)
			}
		})
	}
}
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package directive`

			`import (`
			`"testing"`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00
			`"github.com/roddhjav/apparmor.d/pkg/paths"`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`)`

build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			const dbusOwnSystemd1 = ` unix bind type=stream addr=@@{udbus}/bus/fake-own/system,

			`dbus bind bus=system name=org.freedesktop.systemd1{,.*},`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`dbus receive bus=system path=/org/freedesktop/systemd1{,/**}`
			`interface=org.freedesktop.systemd1{,.*}`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="@{busname}"),`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`dbus send bus=system path=/org/freedesktop/systemd1{,/**}`
			`interface=org.freedesktop.systemd1{,.*}`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="{@{busname},org.freedesktop.DBus}"),`
			`dbus (send receive) bus=system path=/org/freedesktop/systemd1{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.freedesktop.DBus.Properties`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`member={Get,GetAll,Set,PropertiesChanged}`
			`peer=(name="{@{busname},org.freedesktop.DBus}"),`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`dbus receive bus=system path=/org/freedesktop/systemd1{,/**}`
			`interface=org.freedesktop.DBus.Introspectable`
			`member=Introspect`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="@{busname}"),`
			`dbus receive bus=system path=/org/freedesktop/systemd1{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
			`member=GetManagedObjects`
			`peer=(name="{@{busname},org.freedesktop.systemd1{,.*}}"),`
			`dbus send bus=system path=/org/freedesktop/systemd1{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
			`member={InterfacesAdded,InterfacesRemoved}`
			peer=(name="{@{busname},org.freedesktop.DBus}"),`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00
			`func TestDbus_Apply(t *testing.T) {`
			`tests := []struct {`
			`name string`
			`opt *Option`
			`profile string`
			`want string`
feat(prebuild): add err reporting to builder & directive tasks. 2024-05-25 22:30:20 +01:00			`wantErr bool`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`}{`
			`{`
			`name: "own",`
			`opt: &Option{`
			`Name: "dbus",`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`ArgMap: map[string]string{`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`"bus": "system",`
			`"name": "org.freedesktop.systemd1",`
			`"own": "",`
			`},`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`ArgList: []string{"own", "bus=system", "name=org.freedesktop.systemd1"},`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`File: paths.New("fake-own"),`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`Raw: " #aa:dbus own bus=system name=org.freedesktop.systemd1",`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
			`profile: " #aa:dbus own bus=system name=org.freedesktop.systemd1",`
			`want: dbusOwnSystemd1,`
			`},`
			`{`
			`name: "own-interface",`
			`opt: &Option{`
			`Name: "dbus",`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`ArgMap: map[string]string{`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`"bus": "session",`
			`"name": "com.rastersoft.ding",`
			`"interface+": "org.gtk.Actions",`
			`"own": "",`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`ArgList: []string{"own", "bus=session", "name=com.rastersoft.ding", "interface+=org.gtk.Actions"},`
			`File: paths.New("fake-interface"),`
			`Raw: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`profile: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",`
			want: ` unix bind type=stream addr=@@{udbus}/bus/fake-interface/session,

			`dbus bind bus=session name=com.rastersoft.ding{,.*},`
			`dbus receive bus=session path=/com/rastersoft/ding{,/**}`
			`interface=com.rastersoft.ding{,.*}`
			`peer=(name="@{busname}"),`
			`dbus send bus=session path=/com/rastersoft/ding{,/**}`
			`interface=com.rastersoft.ding{,.*}`
			`peer=(name="{@{busname},org.freedesktop.DBus}"),`
			`dbus receive bus=session path=/com/rastersoft/ding{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.gtk.Actions`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="@{busname}"),`
			`dbus send bus=session path=/com/rastersoft/ding{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.gtk.Actions`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="{@{busname},org.freedesktop.DBus}"),`
			`dbus (send receive) bus=session path=/com/rastersoft/ding{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.freedesktop.DBus.Properties`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`member={Get,GetAll,Set,PropertiesChanged}`
			`peer=(name="{@{busname},org.freedesktop.DBus}"),`
			`dbus receive bus=session path=/com/rastersoft/ding{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.freedesktop.DBus.Introspectable`
			`member=Introspect`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="@{busname}"),`
			`dbus receive bus=session path=/com/rastersoft/ding{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
			`member=GetManagedObjects`
			`peer=(name="{@{busname},com.rastersoft.ding{,.*}}"),`
			`dbus send bus=session path=/com/rastersoft/ding{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
			`member={InterfacesAdded,InterfacesRemoved}`
			peer=(name="{@{busname},org.freedesktop.DBus}"),`,
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
			`{`
			`name: "talk",`
			`opt: &Option{`
			`Name: "dbus",`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`ArgMap: map[string]string{`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`"bus": "system",`
			`"name": "org.freedesktop.Accounts",`
			`"label": "accounts-daemon",`
			`"talk": "",`
			`},`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`ArgList: []string{"talk", "bus=system", "name=org.freedesktop.Accounts", "label=accounts-daemon"},`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`File: paths.New("gdm-session-worker"),`
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00			`Raw: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
			`profile: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			want: ` unix bind type=stream addr=@@{udbus}/bus/gdm-session-wor/system,

			`dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.freedesktop.Accounts{,.*}`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`
			`dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`interface=org.freedesktop.DBus.Properties`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`member={Get,GetAll,Set,PropertiesChanged}`
			`peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`
			`dbus send bus=system path=/org/freedesktop/Accounts{,/**}`
			`interface=org.freedesktop.DBus.Introspectable`
			`member=Introspect`
			`peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`dbus send bus=system path=/org/freedesktop/Accounts{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`member=GetManagedObjects`
			`peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`dbus receive bus=system path=/org/freedesktop/Accounts{,/**}`
			`interface=org.freedesktop.DBus.ObjectManager`
build: improve the dbus directive. - Support for additional interfaces: += - Restrict the generated dbus rules - Add the required unix bind rule. 2025-02-23 20:53:49 +01:00			`member={InterfacesAdded,InterfacesRemoved}`
			peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`,
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
feat(prebuild): add err reporting to builder & directive tasks. 2024-05-25 22:30:20 +01:00			`got, err := Directives["dbus"].Apply(tt.opt, tt.profile)`
			`if (err != nil) != tt.wantErr {`
			`t.Errorf("Dbus.Apply() error = %v, wantErr %v", err, tt.wantErr)`
			`return`
			`}`
			`if got != tt.want {`
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00			`t.Errorf("Dbus.Apply() = %v, want %v", got, tt.want)`
			`}`
			`})`
			`}`
			`}`