From e4ee8df83c12fc9a2a56d1fb97242892579e5d82 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 14 Oct 2025 01:51:01 +0900
Subject: [PATCH] internal/app/spdbus: check behaviour

This is not done very cleanly, however this op is pending removal for the in-process dbus proxy so not worth spending too much effort here. As long as it checks all paths it is good enough.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/app/spdbus_test.go | 227 ++++++++++++++++++++++++++++++++++++
 1 file changed, 227 insertions(+)
 create mode 100644 internal/app/spdbus_test.go

diff --git a/internal/app/spdbus_test.go b/internal/app/spdbus_test.go
new file mode 100644
index 0000000..0adf2be
--- /dev/null
+++ b/internal/app/spdbus_test.go
@@ -0,0 +1,227 @@
+package app
+
+import (
+	"maps"
+	"reflect"
+	"syscall"
+	"testing"
+
+	"hakurei.app/container"
+	"hakurei.app/container/stub"
+	"hakurei.app/helper"
+	"hakurei.app/hst"
+	"hakurei.app/message"
+	"hakurei.app/system"
+	"hakurei.app/system/acl"
+	"hakurei.app/system/dbus"
+)
+
+func TestSpDBusOp(t *testing.T) {
+	config := hst.Template()
+	const instancePrefix = container.Nonexistent + "/tmp/hakurei.0/" + wantAutoEtcPrefix
+
+	checkOpBehaviour(t, []opBehaviourTestCase{
+		{"not enabled", func(bool, bool) outcomeOp {
+			return new(spDBusOp)
+		}, func() *hst.Config {
+			c := hst.Template()
+			*c.Enablements = 0
+			return c
+		}, nil, nil, nil, nil, errNotEnabled, nil, nil, nil, nil, nil},
+
+		{"invalid", func(bool, bool) outcomeOp {
+			return new(spDBusOp)
+		}, func() *hst.Config {
+			c := hst.Template()
+			c.SessionBus.Talk[0] += "\x00"
+			c.SystemBus = nil
+			return c
+		}, nil, []stub.Call{
+			call("dbusAddress", stub.ExpectArgs{}, [2]string{
+				"unix:path=/run/user/1000/bus",
+				"unix:path=/var/run/dbus/system_bus_socket",
+			}, nil),
+		}, nil, func(t *testing.T, state *outcomeStateSys) {
+			if want := m(instancePrefix); !reflect.DeepEqual(state.sharePath, want) {
+				t.Errorf("outcomeStateSys: sharePath = %v, want %v", state.sharePath, want)
+			}
+		}, &system.OpError{
+			Op:     "dbus",
+			Err:    syscall.EINVAL,
+			Msg:    "message bus proxy configuration contains NUL byte",
+			Revert: false,
+		}, nil, nil, nil, nil, nil},
+
+		{"success default", func(bool, bool) outcomeOp {
+			return new(spDBusOp)
+		}, func() *hst.Config {
+			c := hst.Template()
+			c.SessionBus, c.SystemBus = nil, nil
+			return c
+		}, nil, []stub.Call{
+			call("dbusAddress", stub.ExpectArgs{}, [2]string{
+				"unix:path=/run/user/1000/bus",
+				"unix:path=/var/run/dbus/system_bus_socket",
+			}, nil),
+			call("isVerbose", stub.ExpectArgs{}, true, nil),
+			call("verbose", stub.ExpectArgs{[]any{"session bus proxy:", []string{
+				"unix:path=/run/user/1000/bus",
+				instancePrefix + "/bus",
+				"--filter",
+				"--talk=org.freedesktop.DBus",
+				"--talk=org.freedesktop.Notifications",
+				"--own=org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+				"--call=org.freedesktop.portal.*=*",
+				"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
+			}}}, nil, nil),
+			call("verbose", stub.ExpectArgs{[]any{"message bus proxy final args:", helper.MustNewCheckedArgs(
+				"unix:path=/run/user/1000/bus",
+				instancePrefix+"/bus",
+				"--filter",
+				"--talk=org.freedesktop.DBus",
+				"--talk=org.freedesktop.Notifications",
+				"--own=org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+				"--call=org.freedesktop.portal.*=*",
+				"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
+			)}}, nil, nil),
+		}, func() *system.I {
+			sys := system.New(panicMsgContext{}, message.NewMsg(nil), checkExpectUid)
+			sys.Ephemeral(system.Process, m(instancePrefix), 0711)
+			if err := sys.ProxyDBus(
+				dbus.NewConfig(config.ID, true, true), nil,
+				dbus.ProxyPair{"unix:path=/run/user/1000/bus", instancePrefix + "/bus"},
+				dbus.ProxyPair{"unix:path=/var/run/dbus/system_bus_socket", instancePrefix + "/system_bus_socket"},
+			); err != nil {
+				t.Fatalf("cannot prepare sys: %v", err)
+			}
+			sys.UpdatePerm(m(instancePrefix+"/bus"), acl.Read, acl.Write)
+			return sys
+		}(), func(t *testing.T, state *outcomeStateSys) {
+			if want := m(instancePrefix); !reflect.DeepEqual(state.sharePath, want) {
+				t.Errorf("outcomeStateSys: sharePath = %v, want %v", state.sharePath, want)
+			}
+		}, nil, func(state *outcomeStateParams) {
+			state.params.Ops = new(container.Ops)
+
+			// emulates spRuntimeOp
+			state.runtimeDir = m("/run/user/1000")
+		}, []stub.Call{
+			// this op configures the container state and does not make calls during toContainer
+		}, &container.Params{
+			Ops: new(container.Ops).
+				Bind(m(instancePrefix+"/bus"),
+					m("/run/user/1000/bus"), 0),
+		}, func(t *testing.T, state *outcomeStateParams) {
+			wantEnv := map[string]string{
+				"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/1000/bus",
+			}
+			maps.Copy(wantEnv, config.Container.Env)
+			if !maps.Equal(state.env, wantEnv) {
+				t.Errorf("toContainer: env = %#v, want %#v", state.env, wantEnv)
+			}
+		}, nil},
+
+		{"success", func(isShim, _ bool) outcomeOp {
+			if !isShim {
+				return new(spDBusOp)
+			}
+			return &spDBusOp{ProxySystem: true}
+		}, hst.Template, nil, []stub.Call{
+			call("dbusAddress", stub.ExpectArgs{}, [2]string{
+				"unix:path=/run/user/1000/bus",
+				"unix:path=/var/run/dbus/system_bus_socket",
+			}, nil),
+			call("isVerbose", stub.ExpectArgs{}, true, nil),
+			call("verbose", stub.ExpectArgs{[]any{"session bus proxy:", []string{
+				"unix:path=/run/user/1000/bus",
+				instancePrefix + "/bus",
+				"--filter",
+				"--talk=org.freedesktop.Notifications",
+				"--talk=org.freedesktop.FileManager1",
+				"--talk=org.freedesktop.ScreenSaver",
+				"--talk=org.freedesktop.secrets",
+				"--talk=org.kde.kwalletd5",
+				"--talk=org.kde.kwalletd6",
+				"--talk=org.gnome.SessionManager",
+				"--own=org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.chromium.*",
+				"--call=org.freedesktop.portal.*=*",
+				"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
+			}}}, nil, nil),
+			call("verbose", stub.ExpectArgs{[]any{"system bus proxy:", []string{
+				"unix:path=/var/run/dbus/system_bus_socket",
+				instancePrefix + "/system_bus_socket",
+				"--filter",
+				"--talk=org.bluez",
+				"--talk=org.freedesktop.Avahi",
+				"--talk=org.freedesktop.UPower",
+			}}}, nil, nil),
+			call("verbose", stub.ExpectArgs{[]any{"message bus proxy final args:", helper.MustNewCheckedArgs(
+				"unix:path=/run/user/1000/bus",
+				instancePrefix+"/bus",
+				"--filter",
+				"--talk=org.freedesktop.Notifications",
+				"--talk=org.freedesktop.FileManager1",
+				"--talk=org.freedesktop.ScreenSaver",
+				"--talk=org.freedesktop.secrets",
+				"--talk=org.kde.kwalletd5",
+				"--talk=org.kde.kwalletd6",
+				"--talk=org.gnome.SessionManager",
+				"--own=org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+				"--own=org.mpris.MediaPlayer2.chromium.*",
+				"--call=org.freedesktop.portal.*=*",
+				"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
+
+				"unix:path=/var/run/dbus/system_bus_socket",
+				instancePrefix+"/system_bus_socket",
+				"--filter",
+				"--talk=org.bluez",
+				"--talk=org.freedesktop.Avahi",
+				"--talk=org.freedesktop.UPower",
+			)}}, nil, nil),
+		}, func() *system.I {
+			sys := system.New(panicMsgContext{}, message.NewMsg(nil), checkExpectUid)
+			sys.Ephemeral(system.Process, m(instancePrefix), 0711)
+			if err := sys.ProxyDBus(
+				config.SessionBus, config.SystemBus,
+				dbus.ProxyPair{"unix:path=/run/user/1000/bus", instancePrefix + "/bus"},
+				dbus.ProxyPair{"unix:path=/var/run/dbus/system_bus_socket", instancePrefix + "/system_bus_socket"},
+			); err != nil {
+				t.Fatalf("cannot prepare sys: %v", err)
+			}
+			sys.UpdatePerm(m(instancePrefix+"/bus"), acl.Read, acl.Write).
+				UpdatePerm(m(instancePrefix+"/system_bus_socket"), acl.Read, acl.Write)
+			return sys
+		}(), func(t *testing.T, state *outcomeStateSys) {
+			if want := m(instancePrefix); !reflect.DeepEqual(state.sharePath, want) {
+				t.Errorf("outcomeStateSys: sharePath = %v, want %v", state.sharePath, want)
+			}
+		}, nil, func(state *outcomeStateParams) {
+			state.params.Ops = new(container.Ops)
+
+			// emulates spRuntimeOp
+			state.runtimeDir = m("/run/user/1000")
+		}, []stub.Call{
+			// this op configures the container state and does not make calls during toContainer
+		}, &container.Params{
+			Ops: new(container.Ops).
+				Bind(m(instancePrefix+"/bus"),
+					m("/run/user/1000/bus"), 0).
+				Bind(m(instancePrefix+"/system_bus_socket"),
+					m("/var/run/dbus/system_bus_socket"), 0),
+		}, func(t *testing.T, state *outcomeStateParams) {
+			wantEnv := map[string]string{
+				"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/1000/bus",
+				"DBUS_SYSTEM_BUS_ADDRESS":  "unix:path=/var/run/dbus/system_bus_socket",
+			}
+			maps.Copy(wantEnv, config.Container.Env)
+			if !maps.Equal(state.env, wantEnv) {
+				t.Errorf("toContainer: env = %#v, want %#v", state.env, wantEnv)
+			}
+		}, nil},
+	})
+}