#!/bin/sh

set -e

# shellcheck source=snap-confine/tests/common.sh
. "${srcdir:-.}/snap-confine/tests/common.sh"

get_common_syscalls >"$TMP"/tmpl
cat >>"$TMP"/tmpl <<EOF
getpriority
EOF

for pre in AF PF ; do
  for i in UNIX LOCAL INET INET6 IPX NETLINK X25 AX25 ATMPVC APPLETALK PACKET ALG CAN BRIDGE NETROM ROSE NETBEUI SECURITY KEY ASH ECONET SNA IRDA PPPOX WANPIPE BLUETOOTH RDS LLC TIPC IUCV RXRPC ISDN PHONET IEEE802154 CAIF NFC VSOCK MPLS IB ; do
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "socket ${pre}_$i" >>"$TMP"/snap.name.app

    printf "Test good seccomp arg filtering (socket %s)" "${pre}_$i"
    # ensure that the command "true" can run with the right filter
    if $L snap.name.app /bin/true ; then
        PASS
    else
        FAIL
    fi

    for j in SOCK_STREAM SOCK_DGRAM SOCK_SEQPACKET SOCK_RAW SOCK_RDM SOCK_PACKET ; do
        cat "$TMP"/tmpl >"$TMP"/snap.name.app
        echo "socket ${pre}_$i $j" >>"$TMP"/snap.name.app

        printf "Test good seccomp arg filtering (socket %s %s)" "${pre}_$i" "$j"
        # ensure that the command "true" can run with the right filter
        if $L snap.name.app /bin/true ; then
            PASS
        else
            dmesg|tail -n1
            FAIL
        fi
    done
  done
done

for i in NETLINK_ROUTE NETLINK_USERSOCK NETLINK_FIREWALL NETLINK_SOCK_DIAG NETLINK_NFLOG NETLINK_XFRM NETLINK_SELINUX NETLINK_ISCSI NETLINK_AUDIT NETLINK_FIB_LOOKUP NETLINK_CONNECTOR NETLINK_NETFILTER NETLINK_IP6_FW NETLINK_DNRTMSG NETLINK_KOBJECT_UEVENT NETLINK_GENERIC NETLINK_SCSITRANSPORT NETLINK_ECRYPTFS NETLINK_RDMA NETLINK_CRYPTO NETLINK_INET_DIAG ; do
    for j in AF_NETLINK PF_NETLINK ; do
        cat "$TMP"/tmpl >"$TMP"/snap.name.app
        echo "socket $j - $i" >>"$TMP"/snap.name.app

        printf "Test good seccomp arg filtering (socket %s - %s)" "$j" "$i"
        # ensure that the command "true" can run with the right filter
        if $L snap.name.app /bin/true ; then
            PASS
        else
            FAIL
        fi
    done
done
