1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
summary: Ensure that the system-files interface works.
details: |
The system-files interface allows access specific system files or directories.
systems:
# This test cannot work on Ubuntu Core
- -ubuntu-core-*
environment:
# keep in sync with ./test-snapd-sh/meta/snap.yaml
TESTDIR: /opt/ros/testdir
SNAP_TESTDIR: /var/lib/snapd/hostfs/opt/ros/testdir
prepare: |
"$TESTSTOOLS"/snaps-state install-local test-snapd-sh
# Fist layer of dirs and files
"$TESTSTOOLS"/fs-state mock-dir "$TESTDIR"
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.yaml
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.xacro
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.stl
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.urdf
# Second layer of dirs and files
"$TESTSTOOLS"/fs-state mock-dir "$TESTDIR"/testdir1
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/testdir1/file.yaml
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR/testdir1/file_no_extension"
"$TESTSTOOLS"/fs-state mock-dir "$TESTDIR"/empty_dir
# Not accessible dirs and files
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.so
"$TESTSTOOLS"/fs-state mock-file "$TESTDIR"/file.txt
restore: |
"$TESTSTOOLS"/fs-state restore-dir "$TESTDIR"
execute: |
echo "The interface is connected by default"
snap interfaces -i ros-opt-data | MATCH "test-snapd-sh:opt-ros"
echo "So the snap is able to access all the allowed files and dirs in /opt/ros"
test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.yaml" | MATCH "mock file"
test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.xacro" | MATCH "mock file"
test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.stl" | MATCH "mock file"
test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.urdf" | MATCH "mock file"
test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/testdir1/file.yaml" | MATCH "mock file"
test-snapd-sh.app-with-opt-ros-plug -c "ls $SNAP_TESTDIR/testdir1"
test-snapd-sh.app-with-opt-ros-plug -c "ls $SNAP_TESTDIR/empty_dir"
if [ "$(snap debug confinement)" = partial ] ; then
exit 0
fi
echo "Then the snap is not able to to write files"
if test-snapd-sh.app-with-opt-ros-plug -c "echo test >> $SNAP_TESTDIR/file.yaml" 2> call.error; then
echo "Expected permission error when writing a file, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
echo "Then the snap is not able to to access other files"
test-snapd-sh.app-with-opt-ros-plug -c "ls /root" 2>&1| MATCH "Permission denied"
if test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.txt" 2> call.error; then
echo "Expected permission error accessing file.txt, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
if test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.so" 2> call.error; then
echo "Expected permission error accessing file.so, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
if test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/testdir1/file_no_extension" 2> call.error; then
echo "Expected permission error accessing file with no extension, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
echo "When the plug is disconnected"
snap disconnect test-snapd-sh:opt-ros
echo "Then the snap is not able to read files and dirs in /opt/ros"
if test-snapd-sh.app-with-opt-ros-plug -c "ls $SNAP_TESTDIR" 2> call.error; then
echo "Expected permission error accessing the opt/ros dir, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
if test-snapd-sh.app-with-opt-ros-plug -c "cat $SNAP_TESTDIR/file.yaml" 2> call.error; then
echo "Expected permission error accessing a file.yaml, no error received"
exit 1
fi
MATCH "Permission denied" < call.error
|
