#!/bin/sh

set -e

. $(pwd)/common.sh

cat >$TMP/unrestricted <<EOF
# some comment
@unrestricted
EOF

cat >$TMP/restricted <<EOF
# filter that works ok for true
open
close

mmap
munmap
mprotect

fstat
access
read

brk
execve

arch_prctl
exit_group

# required for not setting nnp
geteuid
getuid

# unknown syscalls are ignore
i-dont-exit
EOF

# $1: Path to check existence for and potentially remove at the end
# $2: Profile name
# $3: True if success is expected, false otherwise
run_launcher() {
   pass=false
   if $L snap.name.app $2 /bin/true 2>/dev/null; then
      if $3; then
         if [ ! -d "$1" ]; then
            pass=false
         fi

         pass=true
      else
         pass=false
      fi
   else
      if $3; then
         pass=false
      else
         pass=true
      fi
   fi

   if [ -d "$1" ]; then
      rmdir $1
   fi

   if $pass; then
      return 0
   else
      return 1
   fi
}

# $1 = $SNAP_USER_DATA definition
# $2 = Profile name
# $3 = True if success is expected, false otherwise
run_current() {
   export SNAP_USER_DATA=$1
   run_launcher $1 $2 $3
   pass=$?
   unset SNAP_USER_DATA

   return $pass
}

printf "Test that an unrestricted launcher creates user data"
run_current $TMP/user_data unrestricted true

printf "Test that a restricted launcher creates user data"
run_current $TMP/user_data restricted true

printf "Test that an unrestricted launcher creates user data with parent directory"
run_current $TMP/parent/user_data unrestricted true

printf "Test that a restricted launcher creates user data with parent directory"
run_current $TMP/parent/user_data restricted true

printf "Test that user data can contain multiple path separators"
run_current $TMP//user_data unrestricted true

printf "Test that user data must be absolute"
run_current "../foo" unrestricted false

printf "Testing that user data cannot be contained within a symlink"
mkdir $TMP/nefarious_parent
ln -s $TMP/nefarious_parent $TMP/parent
run_current $TMP/parent/user_data unrestricted, false

printf "Test that an unrestricted launcher works when user data exists (current)"
mkdir $TMP/user_data
if run_current $TMP/user_data unrestricted true; then
   PASS
else
   FAIL
fi

printf "Test that an restricted launcher works when user data exists (current)"
mkdir $TMP/user_data
if run_current $TMP/user_data restricted true; then
   PASS
else
   FAIL
fi
