#!/bin/sh
# ------------------------------------------------------------------
#
#    Copyright (C) 2013-2015 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

set -e

rc="0"
prefix="com.example.click-aa-profile-test"

# Find a non-system user or use SUDO_USER if running under sudo
user=`getent passwd | sort -t: -nk3 | awk -F: '{if ($3 >= 500) { print $1; exit } }'`
if [ -n "$SUDO_USER" ]; then
    user="$SUDO_USER"
fi
if [ -z "$user" ]; then
    echo "Couldn't detect user" >&2
    exit 1
fi

click list --user=$user

cleanup() {
    mv -f /sbin/apparmor_parser.orig /sbin/apparmor_parser
    mv -f /usr/lib/python3/dist-packages/apparmor/click.py.orig /usr/lib/python3/dist-packages/apparmor/click.py

    click list --user=$user | grep "$prefix" | while read line ; do
        pkgname=`echo $line | awk '{print $1}'`
        pkgvers=`echo $line | awk '{print $2}'`
        click unregister --user=$user $pkgname $pkgvers
        echo "Removed: $pkgname $pkgvers"

        app_id="${p}_app1_${v}"
        rm -f "/var/cache/apparmor/profile_${app_id}"
        rm -f "/var/lib/apparmor/snappy/profiles/${app_id}"
        rm -f "/var/lib/apparmor/profiles/profile_${app_id}"
    done
}
trap cleanup EXIT HUP INT QUIT TERM

unpack_dir=`pwd`

cp -a ./debian/tests/data "$ADTTMP"

#
# Main
#
# divert apparmor_parser and substitute /bin/true so we don't need to load
# policy into the kernel
cp -f /sbin/apparmor_parser /sbin/apparmor_parser.orig
cp -f /bin/true /sbin/apparmor_parser
cp -f /usr/lib/python3/dist-packages/apparmor/click.py /usr/lib/python3/dist-packages/apparmor/click.py.orig
sed -i 's/^mock_testenv = False/mock_testenv = True/' /usr/lib/python3/dist-packages/apparmor/click.py

for dir in `ls -1d ./debian/tests/data/${prefix}_*` ; do
    c=`basename $dir`

    cd "$ADTTMP"
    click build "$ADTTMP/data/$c"
    cd "$unpack_dir"

    click install --force-missing-framework --user=$user "$ADTTMP/${c}_all.click"
    touch "/var/cache/apparmor/profile_${app_id}"
    echo -n "Installing: "
    p=`echo "$c" | cut -d '_' -f 1`
    v=`echo "$c" | cut -d '_' -f 2`
    echo -n "$p $c ($fr $pv): "

    # make sure click-apparmor did its job
    app_id="${p}_app1_${v}"

    this_rc="0"
    for f in /var/lib/apparmor/snappy/profiles/${app_id} /var/lib/apparmor/profiles/profile_${app_id} ; do
        test -e "$f" || {
            rc="1"
            echo "'$f' does not exist"
            this_rc="1"
        }
        test -s "/var/lib/apparmor/snappy/profiles/${app_id}" || {
            rc="1"
            echo "'/var/lib/apparmor/snappy/profiles/${app_id}' is empty"
            this_rc="1"
        }
    done

    if [ "$this_rc" = "0" ]; then
        echo "Generated security profile:"
        cat "/var/lib/apparmor/profiles/profile_${app_id}"
        for i in "###VAR###" "###PROFILEATTACH###" ; do
            grep -q "$i" /var/lib/apparmor/profiles/profile_${app_id} && {
                rc="1"
                echo "'$i' was not substituted"
                this_rc="1"
            }
        done
    fi

    if [ "$this_rc" = "0" ]; then
        echo PASS
    else
        echo FAIL
    fi
    echo "Click manifest:"
    cat "$ADTTMP/data/$c/manifest.json"
    echo "Security profile:"
    cat "$ADTTMP/data/$c/apparmor.profile"
    echo ""

    # cleanup
    click unregister --user=$user "$p" "$v"
done

if [ "$rc" = "0" ]; then
    echo "PASS (all tests)"
else
    echo "FAIL (one or more failed tests)"
fi

exit $rc
