tests: update some unit tests to the last changes.

2025-09-07 21:20:32 +02:00 · 2025-09-07 21:20:32 +02:00 · 6400bc725c
commit 6400bc725c
parent 0ffc8f9fa6
3 changed files with 64 additions and 9 deletions
--- a/pkg/prebuild/builder/core_test.go
+++ b/pkg/prebuild/builder/core_test.go
@ -253,12 +253,58 @@ dbus send bus=session path=/org/freedesktop/DBus
       member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
       peer=(name=org.freedesktop.DBus, label=dbus-session//&unconfined),

+}`,
+		},
+		{
+			name: "base-strict-1",
+			b:    Builders["base-strict"],
+			profile: `
+profile foo {
+  include <abstractions/base>
+}`,
+			want: `
+profile foo {
+  include <abstractions/base-strict>
+}`,
+		},
+		{
+			name: "attach-1",
+			b:    Builders["attach"],
+			profile: `
+profile attach-1 flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/base-strict>
+  include <abstractions/consoles>
+}`,
+			want: `
+@{att} = /att/attach-1/
+profile attach-1 flags=(attach_disconnected,attach_disconnected.path=@{att}) {
+  include <abstractions/attached/base>
+  include <abstractions/attached/base>
+  include <abstractions/attached/consoles>
+}`,
+		},
+		{
+			name: "attach-2",
+			b:    Builders["attach"],
+			profile: `
+profile attach-2 flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/base-strict>
+  include <abstractions/consoles>
+}`,
+			want: `
+@{att} = ""
+profile attach-2 flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/base-strict>
+  include <abstractions/consoles>
 }`,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			opt := &Option{File: prebuild.RootApparmord.Join(tt.name)}
+			opt := &Option{File: prebuild.RootApparmord.Join(tt.name), Name: tt.name}
 			got, err := tt.b.Apply(opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Builder.Apply() error = %v, wantErr %v", err, tt.wantErr)
--- a/pkg/prebuild/directive/dbus.go
+++ b/pkg/prebuild/directive/dbus.go
@ -135,7 +135,7 @@ func (d Dbus) own(rules map[string]string) aa.Rules {
 	}

 	res = append(res,
-		// DBus.Properties
+		// DBus.Properties: reply to properties request from anyone
 		&aa.Dbus{
 			Access: []string{"send", "receive"}, Bus: rules["bus"], Path: rules["path"],
 			Interface: "org.freedesktop.DBus.Properties",
@ -143,7 +143,7 @@ func (d Dbus) own(rules map[string]string) aa.Rules {
 			PeerName:  `"{@{busname},org.freedesktop.DBus}"`,
 		},

-		// DBus.Introspectable
+		// DBus.Introspectable: allow clients to introspect the service
 		&aa.Dbus{
 			Access: []string{"receive"}, Bus: rules["bus"], Path: rules["path"],
 			Interface: "org.freedesktop.DBus.Introspectable",
@ -151,7 +151,7 @@ func (d Dbus) own(rules map[string]string) aa.Rules {
 			PeerName:  `"@{busname}"`,
 		},

-		// DBus.ObjectManager
+		// DBus.ObjectManager: allow clients to enumerate sources
 		&aa.Dbus{
 			Access: []string{"receive"}, Bus: rules["bus"], Path: rules["path"],
 			Interface: "org.freedesktop.DBus.ObjectManager",
@ -170,7 +170,14 @@ func (d Dbus) own(rules map[string]string) aa.Rules {

 func (d Dbus) talk(rules map[string]string) aa.Rules {
 	interfaces := getInterfaces(rules)
-	res := aa.Rules{}
+	res := aa.Rules{
+		&aa.Unix{
+			Type:      "stream",
+			Address:   "none",
+			PeerLabel: rules["label"],
+			PeerAddr:  "none",
+		},
+	}

 	// Interfaces
 	for _, iface := range interfaces {
@ -198,7 +205,7 @@ func (d Dbus) talk(rules map[string]string) aa.Rules {
 			PeerName:  `"{@{busname},` + rules["name"] + `}"`, PeerLabel: rules["label"],
 		},

-		// DBus.ObjectManager
+		// DBus.ObjectManager: allow clients to enumerate sources
 		&aa.Dbus{
 			Access: []string{"send"}, Bus: rules["bus"], Path: rules["path"],
 			Interface: "org.freedesktop.DBus.ObjectManager",
--- a/pkg/prebuild/directive/dbus_test.go
+++ b/pkg/prebuild/directive/dbus_test.go
@ -8,7 +8,7 @@ import (
 	"testing"
 )

-const dbusOwnSystemd1 = `  include <abstractions/bus/own-system>
+const dbusOwnSystemd1 = `  include <abstractions/bus/system/own>

  dbus bind bus=system name=org.freedesktop.systemd1{,.*},
  dbus receive bus=system path=/org/freedesktop/systemd1{,/**}
@ -73,7 +73,7 @@ func TestDbus_Apply(t *testing.T) {
 				Raw:     "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
 			},
 			profile: "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
-			want: `  include <abstractions/bus/own-session>
+			want: `  include <abstractions/bus/session/own>

  dbus bind bus=session name=com.rastersoft.ding{,.*},
  dbus receive bus=session path=/com/rastersoft/ding{,/**}
@ -120,7 +120,9 @@ func TestDbus_Apply(t *testing.T) {
 				Raw:     "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
 			},
 			profile: "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
-			want: `  dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
+			want: `  unix type=stream addr=none peer=(label=accounts-daemon, addr=none),
+
+  dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
       interface=org.freedesktop.Accounts{,.*}
       peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
  dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}