# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error
from autotest_lib.client.cros import device_jail_test_base
from autotest_lib.client.cros import device_jail_utils


class security_DeviceJail_AllowDeny(device_jail_test_base.DeviceJailTestBase):
    """
    Ensures that if device jail is present, it is functioning properly
    in that it allows access if and only if instructed (generally
    by permission_broker) and correctly locks down devices or detaches
    kernel drivers as instructed.
    """
    version = 1

    def run_once(self):
        usb_devices = device_jail_utils.get_usb_devices()
        if not usb_devices:
            error.TestNAError('No USB devices found')

        dev_path = usb_devices[0].device_node
        with device_jail_utils.JailDevice(dev_path) as jail:
            # This should succeed and return a file.
            f = jail.expect_open(device_jail_utils.REQUEST_ALLOW)
            if not f:
                raise error.TestError('Failed to open allowed jail')
            else:
                f.close()

            # This should not return a file.
            f = jail.expect_open(device_jail_utils.REQUEST_DENY)
            if f:
                raise error.TestError('Successfully opened denied jail')