#!/bin/sh

set -e

. $(pwd)/common.sh

cat >$TMP/unrestricted <<EOF
# some comment
@unrestricted
EOF

cat >$TMP/restricted <<EOF
# filter that works ok for true
open
close

mmap
munmap
mprotect

fstat
access
read

brk
execve

arch_prctl
exit_group

# unknown syscalls are ignore
i-dont-exit
EOF

# $1: Path to check existence for and potentially remove at the end
# $2: Profile name
# $3: True if success is expected, false otherwise
run_launcher() {
   pass=false
   if $L appid $2 /bin/true 2>/dev/null; then
      if $3; then
         if [ ! -d "$1" ]; then
            pass=false
         fi

         pass=true
      else
         pass=false
      fi
   else
      if $3; then
         pass=false
      else
         pass=true
      fi
   fi

   if [ -d "$1" ]; then
      rmdir $1
   fi

   if $pass; then
      return 0
   else
      return 1
   fi
}

# $1 = $SNAP_USER_DATA definition
# $2 = Profile name
# $3 = True if success is expected, false otherwise
run_current() {
   export SNAP_USER_DATA=$1
   run_launcher $1 $2 $3
   pass=$?
   unset SNAP_USER_DATA

   return $pass
}

# $1 = $SNAP_APP_USER_DATA_PATH definition
# $2 = Profile name
# $3 = True if success is expected, false otherwise
run_deprecated() {
   export SNAP_APP_USER_DATA_PATH=$1
   run_launcher $1 $2 $3
   pass=$?
   unset SNAP_APP_USER_DATA_PATH

   return $pass
}

# $1 = User data path
# $2 = Profile name
# $3 = True if success is expected, false otherwise
run_both() {
   run_current $1 $2 $3
   current_pass=$?
   run_deprecated $1 $2 $3
   deprecated_pass=$?

   if [ $current_pass -a $deprecated_pass ]; then
      PASS
   else
      FAIL
   fi
}

printf "Test that an unrestricted launcher creates user data"
run_both $TMP/user_data unrestricted true

printf "Test that a restricted launcher creates user data"
run_both $TMP/user_data restricted true

printf "Test that an unrestricted launcher creates user data with parent directory"
run_both $TMP/parent/user_data unrestricted true

printf "Test that a restricted launcher creates user data with parent directory"
run_both $TMP/parent/user_data restricted true

printf "Test that user data can contain multiple path separators"
run_both $TMP//user_data unrestricted true

printf "Test that user data must be absolute"
run_both "../foo" unrestricted false

printf "Testing that user data cannot be contained within a symlink"
mkdir $TMP/nefarious_parent
ln -s $TMP/nefarious_parent $TMP/parent
run_both $TMP/parent/user_data unrestricted, false

printf "Test that an unrestricted launcher works when user data exists (current)"
mkdir $TMP/user_data
if run_current $TMP/user_data unrestricted true; then
   PASS
else
   FAIL
fi

printf "Test that an restricted launcher works when user data exists (current)"
mkdir $TMP/user_data
if run_current $TMP/user_data restricted true; then
   PASS
else
   FAIL
fi

printf "Test that an unrestricted launcher works when user data exists (deprecated)"
mkdir $TMP/user_data
if run_deprecated $TMP/user_data unrestricted true; then
   PASS
else
   FAIL
fi

printf "Test that an restricted launcher works when user data exists (deprecated)"
mkdir $TMP/user_data
if run_deprecated $TMP/user_data restricted true; then
   PASS
else
   FAIL
fi
