| // Copyright 2020 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be found in the LICENSE file. |
| |
| use { |
| anyhow::{Context, Error}, |
| fidl_fidl_examples_echo as fidl_echo, |
| fuchsia_async::{self as fasync}, |
| fuchsia_component::client::{launch, launcher}, |
| lazy_static::lazy_static, |
| }; |
| |
| macro_rules! policy_url { |
| ($cmx:expr) => { |
| format!("{}{}", "fuchsia-pkg://fuchsia.com/policy-integration-tests#meta/", $cmx) |
| }; |
| } |
| |
| lazy_static! { |
| static ref NONE_ACCEPTED_URL: String = policy_url!("none.cmx"); |
| static ref PACKAGE_CACHE_DENIED_URL: String = policy_url!("package_cache_denied.cmx"); |
| static ref PACKAGE_CACHE_ALLOWED_URL: String = policy_url!("package_cache_allowed.cmx"); |
| static ref PACKAGE_RESOLVER_DENIED_URL: String = policy_url!("package_resolver_denied.cmx"); |
| static ref PACKAGE_RESOLVER_ALLOWED_URL: String = policy_url!("package_resolver_allowed.cmx"); |
| static ref ROOT_JOB_DENIED_URL: String = policy_url!("root_job_denied.cmx"); |
| static ref ROOT_JOB_ALLOWED_URL: String = policy_url!("root_job_allowed.cmx"); |
| static ref DEBUG_RESOURCE_DENIED_URL: String = policy_url!("debug_resource_denied.cmx"); |
| static ref DEBUG_RESOURCE_ALLOWED_URL: String = policy_url!("debug_resource_allowed.cmx"); |
| static ref HYPERVISOR_RESOURCE_DENIED_URL: String = |
| policy_url!("hypervisor_resource_denied.cmx"); |
| static ref HYPERVISOR_RESOURCE_ALLOWED_URL: String = |
| policy_url!("hypervisor_resource_allowed.cmx"); |
| static ref MMIO_RESOURCE_DENIED_URL: String = policy_url!("mmio_resource_denied.cmx"); |
| static ref MMIO_RESOURCE_ALLOWED_URL: String = policy_url!("mmio_resource_allowed.cmx"); |
| static ref INFO_RESOURCE_DENIED_URL: String = policy_url!("info_resource_denied.cmx"); |
| static ref INFO_RESOURCE_ALLOWED_URL: String = policy_url!("info_resource_allowed.cmx"); |
| static ref IRQ_RESOURCE_DENIED_URL: String = policy_url!("irq_resource_denied.cmx"); |
| static ref IRQ_RESOURCE_ALLOWED_URL: String = policy_url!("irq_resource_allowed.cmx"); |
| static ref IOPORT_RESOURCE_DENIED_URL: String = policy_url!("ioport_resource_denied.cmx"); |
| static ref IOPORT_RESOURCE_ALLOWED_URL: String = policy_url!("ioport_resource_allowed.cmx"); |
| static ref SMC_RESOURCE_DENIED_URL: String = policy_url!("smc_resource_denied.cmx"); |
| static ref SMC_RESOURCE_ALLOWED_URL: String = policy_url!("smc_resource_allowed.cmx"); |
| static ref ROOT_RESOURCE_DENIED_URL: String = policy_url!("root_resource_denied.cmx"); |
| static ref ROOT_RESOURCE_ALLOWED_URL: String = policy_url!("root_resource_allowed.cmx"); |
| static ref VMEX_RESOURCE_DENIED_URL: String = policy_url!("vmex_resource_denied.cmx"); |
| static ref VMEX_RESOURCE_ALLOWED_URL: String = policy_url!("vmex_resource_allowed.cmx"); |
| static ref PKGFS_VERSIONS_DENIED_URL: String = policy_url!("pkgfs_versions_denied.cmx"); |
| static ref PKGFS_VERSIONS_ALLOWED_URL: String = policy_url!("pkgfs_versions_allowed.cmx"); |
| static ref DEPRECATED_SHELL_DENIED_URL: String = policy_url!("deprecated_shell_denied.cmx"); |
| static ref DEPRECATED_SHELL_ALLOWED_URL: String = policy_url!("deprecated_shell_allowed.cmx"); |
| static ref DEPRECATED_EXEC_DENIED_URL: String = |
| policy_url!("deprecated_ambient_replace_as_exec_denied.cmx"); |
| static ref DEPRECATED_EXEC_ALLOWED_URL: String = |
| policy_url!("deprecated_ambient_replace_as_exec_allowed.cmx"); |
| } |
| |
| async fn launch_component(component_url: &str) -> Result<String, Error> { |
| let launcher = launcher().context("failed to open the launcher")?; |
| let app = |
| launch(&launcher, component_url.to_string(), None).context("failed to launch service")?; |
| let echo = app |
| .connect_to_service::<fidl_echo::EchoMarker>() |
| .context("Failed to connect to echo service")?; |
| let result = echo.echo_string(Some("policy")).await?; |
| Ok(result.unwrap()) |
| } |
| |
| async fn assert_launch_allowed(component_url: &str) { |
| assert!(launch_component(component_url).await.unwrap() == "policy") |
| } |
| |
| async fn assert_launch_denied(component_url: &str) { |
| assert!(launch_component(component_url).await.is_err()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn none_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&NONE_ACCEPTED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn package_cache_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&PACKAGE_CACHE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn package_cache_denied() -> Result<(), Error> { |
| assert_launch_denied(&PACKAGE_CACHE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn package_resolver_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&PACKAGE_RESOLVER_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn package_resolver_denied() -> Result<(), Error> { |
| assert_launch_denied(&PACKAGE_RESOLVER_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn root_job_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&ROOT_JOB_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn root_job_denied() -> Result<(), Error> { |
| assert_launch_denied(&ROOT_JOB_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn debug_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&DEBUG_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn debug_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&DEBUG_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn hypervisor_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&HYPERVISOR_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn hypervisor_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&HYPERVISOR_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn mmio_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&MMIO_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn mmio_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&MMIO_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn info_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&INFO_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn info_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&INFO_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn irq_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&IRQ_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn irq_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&IRQ_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn ioport_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&IOPORT_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn ioport_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&IOPORT_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn smc_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&SMC_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn smc_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&SMC_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn root_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&ROOT_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn root_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&ROOT_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn vmex_resource_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&VMEX_RESOURCE_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn vmex_resource_denied() -> Result<(), Error> { |
| assert_launch_denied(&VMEX_RESOURCE_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn pkgfs_versions_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&PKGFS_VERSIONS_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn pkgfs_versions_denied() -> Result<(), Error> { |
| assert_launch_denied(&PKGFS_VERSIONS_DENIED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn deprecated_shell_allowed() -> Result<(), Error> { |
| assert_launch_allowed(&DEPRECATED_SHELL_ALLOWED_URL).await; |
| Ok(()) |
| } |
| |
| #[fasync::run_singlethreaded(test)] |
| async fn deprecated_shell_denied() -> Result<(), Error> { |
| assert_launch_denied(&DEPRECATED_SHELL_DENIED_URL).await; |
| Ok(()) |
| } |