#!/bin/sh

set -e

# shellcheck source=snap-confine/tests/common.sh
. "${srcdir:-.}/snap-confine/tests/common.sh"

get_common_syscalls >"$TMP"/tmpl
cat >>"$TMP"/tmpl <<EOF
# what we are testing
EOF

for i in 'AF_UNI' 'AF_UNIXX' 'AF_UN!X' 'PF_UNI' ; do
    printf "Test bad seccomp arg filtering (socket %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "socket $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done

for i in 'SOCK_STREA' 'SOCK_STREAMM' ; do
    printf "Test bad seccomp arg filtering (socket - %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "socket - $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done

for i in 'NETLINK_ROUT' 'NETLINK_ROUTEE' 'NETLINK_R0UTE' ; do
    printf "Test bad seccomp arg filtering (socket PF_NETLINK - %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "socket - $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done
