interfaces: allow network-manager interface to work on desktop too

canonical · May 17, 2016 · ef0598f · ef0598f
1 parent 233d039
commit ef0598f
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 6 deletions.
diff --git a/interfaces/builtin/network_manager.go b/interfaces/builtin/network_manager.go
@@ -23,6 +23,7 @@ import (
 	"bytes"
 
 	"github.com/ubuntu-core/snappy/interfaces"
+	"github.com/ubuntu-core/snappy/release"
 )
 
 var networkManagerPermanentSlotAppArmor = []byte(`
@@ -377,7 +378,14 @@ func (iface *NetworkManagerInterface) ConnectedPlugSnippet(plug *interfaces.Plug
 		return nil, nil
 	case interfaces.SecurityAppArmor:
 		old := []byte("###SLOT_SECURITY_TAGS###")
-		new := slotAppLabelExpr(slot)
+		new := []byte("")
+		if release.OnClassic {
+			// If we're running on classic NetworkManager will be part
+			// of the OS snap and will run unconfined.
+			new = []byte("unconfined");
+		} else {
+			new = slotAppLabelExpr(slot)
+		}
 		snippet := bytes.Replace(networkManagerConnectedPlugAppArmor, old, new, -1)
 		return snippet, nil
 	case interfaces.SecuritySecComp:

diff --git a/interfaces/builtin/network_manager_test.go b/interfaces/builtin/network_manager_test.go
@@ -25,6 +25,7 @@ import (
 	"github.com/ubuntu-core/snappy/interfaces"
 	"github.com/ubuntu-core/snappy/interfaces/builtin"
 	"github.com/ubuntu-core/snappy/snap"
+	"github.com/ubuntu-core/snappy/release"
 	"github.com/ubuntu-core/snappy/testutil"
 )
 
@@ -71,9 +72,10 @@ func (s *NetworkManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelAll(
 			Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
 		},
 	}
+	release.OnClassic = false
 	snippet, err := s.iface.ConnectedPlugSnippet(s.plug, slot, interfaces.SecurityAppArmor)
 	c.Assert(err, IsNil)
-	c.Assert(string(snippet), testutil.Contains, "peer=(label=snap.network-manager.*),")
+	c.Assert(string(snippet), testutil.Contains, `peer=(label="snap.network-manager.*"),`)
 }
 
 // The label uses alternation when some, but not all, apps is bound to the network-manager slot
@@ -92,9 +94,10 @@ func (s *NetworkManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelSome
 			Apps:      map[string]*snap.AppInfo{"app1": app1, "app2": app2},
 		},
 	}
+	release.OnClassic = false
 	snippet, err := s.iface.ConnectedPlugSnippet(s.plug, slot, interfaces.SecurityAppArmor)
 	c.Assert(err, IsNil)
-	c.Assert(string(snippet), testutil.Contains, "peer=(label=snap.network-manager.{app1,app2}),")
+	c.Assert(string(snippet), testutil.Contains, `peer=(label="snap.network-manager.{app1,app2}"),`)
 }
 
 // The label uses short form when exactly one app is bound to the network-manager slot
@@ -111,9 +114,18 @@ func (s *NetworkManagerInterfaceSuite) TestConnectedPlugSnippetUsesSlotLabelOne(
 			Apps:      map[string]*snap.AppInfo{"app": app},
 		},
 	}
+	release.OnClassic = false
 	snippet, err := s.iface.ConnectedPlugSnippet(s.plug, slot, interfaces.SecurityAppArmor)
 	c.Assert(err, IsNil)
-	c.Assert(string(snippet), testutil.Contains, "peer=(label=snap.network-manager.app),")
+	c.Assert(string(snippet), testutil.Contains, `peer=(label="snap.network-manager.app"),`)
+}
+
+func (s *NetworkManagerInterfaceSuite) TestConnectedPlugSnippedUsesUnconfinedLabelOnClassic(c *C) {
+	slot := &interfaces.Slot{}
+	release.OnClassic = true
+	snippet, err := s.iface.ConnectedPlugSnippet(s.plug, slot, interfaces.SecurityAppArmor)
+	c.Assert(err, IsNil)
+	c.Assert(string(snippet), testutil.Contains, "peer=(label=unconfined),")
 }
 
 func (s *NetworkManagerInterfaceSuite) TestUnusedSecuritySystems(c *C) {

diff --git a/overlord/ifacestate/ifacemgr_test.go b/overlord/ifacestate/ifacemgr_test.go
@@ -451,7 +451,7 @@ func (s *interfaceManagerSuite) TestDoSetupProfilesAddsImplicitSlots(c *C) {
 	// Ensure that we have slots on the OS snap.
 	repo := mgr.Repository()
 	slots := repo.Slots(snapInfo.Name())
-	c.Assert(slots, HasLen, 16)
+	c.Assert(slots, HasLen, 17)
 }
 
 func (s *interfaceManagerSuite) TestDoSetupSnapSecuirtyReloadsConnectionsWhenInvokedOnPlugSide(c *C) {

diff --git a/snap/implicit.go b/snap/implicit.go
@@ -41,6 +41,7 @@ var implicitClassicSlots = []string{
 	"unity7",
 	"x11",
 	"opengl",
+	"network-manager",
 }
 
 // AddImplicitSlots adds implicitly defined slots to a given snap.

diff --git a/snap/implicit_test.go b/snap/implicit_test.go
@@ -56,7 +56,7 @@ func (s *InfoSnapYamlTestSuite) TestAddImplicitSlotsOnClassic(c *C) {
 	c.Assert(info.Slots["unity7"].Interface, Equals, "unity7")
 	c.Assert(info.Slots["unity7"].Name, Equals, "unity7")
 	c.Assert(info.Slots["unity7"].Snap, Equals, info)
-	c.Assert(info.Slots, HasLen, 16)
+	c.Assert(info.Slots, HasLen, 17)
 }
 
 func (s *InfoSnapYamlTestSuite) TestImplicitSlotsAreRealInterfaces(c *C) {