/*
 * Copyright (C) 2018 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
 */

#include <config.h>

#include "qemusecuritytest.h"
#include "testutils.h"
#include "testutilsqemu.h"
#include "security/security_manager.h"
#include "security/security_util.h"
#include "conf/domain_conf.h"
#include "qemu/qemu_domain.h"
#include "qemu/qemu_security.h"

#define VIR_FROM_THIS VIR_FROM_NONE

struct testData {
    virQEMUDriver *driver;
    const char *file; /* file name to load VM def XML from; qemuxmlconfdata/ */
};


static int
prepareObjects(virQEMUDriver *driver,
               const char *xmlname,
               virDomainObj **vm_ret)
{
    qemuDomainObjPrivate *priv;
    g_autoptr(virDomainObj) vm = NULL;
    g_autofree char *filename = NULL;
    g_autofree char *domxml = NULL;
    g_autofree char *latestCapsFile = NULL;

    filename = g_strdup_printf("%s/qemuxmlconfdata/%s.xml", abs_srcdir, xmlname);

    if (virTestLoadFile(filename, &domxml) < 0)
        return -1;

    if (!(vm = virDomainObjNew(driver->xmlopt)))
        return -1;

    priv = vm->privateData;
    priv->chardevStdioLogd = false;
    priv->rememberOwner = true;

    if (!(latestCapsFile = testQemuGetLatestCapsForArch("x86_64", "xml")))
        return -1;

    if (!(priv->qemuCaps = qemuTestParseCapabilitiesArch(VIR_ARCH_X86_64, latestCapsFile)))
        return -1;

    virFileCacheClear(driver->qemuCapsCache);

    if (qemuTestCapsCacheInsert(driver->qemuCapsCache, priv->qemuCaps) < 0)
        return -1;

    if (!(vm->def = virDomainDefParseString(domxml,
                                            driver->xmlopt,
                                            NULL,
                                            0)))
        return -1;

    if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0)
        return -1;

    *vm_ret = g_steal_pointer(&vm);
    return 0;
}


static int
testDomain(const void *opaque)
{
    const struct testData *data = opaque;
    g_autoptr(virDomainObj) vm = NULL;
    g_autoptr(GHashTable) notRestored = virHashNew(NULL);
    size_t i;
    int ret = -1;

    if (prepareObjects(data->driver, data->file, &vm) < 0)
        return -1;

    for (i = 0; i < vm->def->ndisks; i++) {
        virStorageSource *src = vm->def->disks[i]->src;
        virStorageSource *n;

        if (!src)
            continue;

        if (virStorageSourceIsLocalStorage(src) && src->path &&
            (src->shared || src->readonly))
            g_hash_table_insert(notRestored, g_strdup(src->path), NULL);

        for (n = src->backingStore; virStorageSourceIsBacking(n); n = n->backingStore) {
            if (virStorageSourceIsLocalStorage(n) && n->path)
                g_hash_table_insert(notRestored, g_strdup(n->path), NULL);
        }
    }

    /* Mocking is enabled only when this env variable is set.
     * See mock code for explanation. */
    if (g_setenv(ENVVAR, "1", FALSE) == FALSE)
        return -1;

    if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0)
        goto cleanup;

    qemuSecurityRestoreAllLabel(data->driver, vm, false);

    if (checkPaths(notRestored) < 0)
        goto cleanup;

    ret = 0;
 cleanup:
    g_unsetenv(ENVVAR);
    freePaths();
    return ret;
}


static int
mymain(void)
{
    virQEMUDriver driver;
    virSecurityManager *stack = NULL;
    virSecurityManager *dac = NULL;
#ifdef WITH_SELINUX
    virSecurityManager *selinux = NULL;
#endif
    int ret = 0;

    if (!virSecurityXATTRNamespaceDefined())
        return EXIT_AM_SKIP;

    if (virInitialize() < 0 ||
        qemuTestDriverInit(&driver) < 0)
        return -1;

    /* Now fix the secdriver */
    virObjectUnref(driver.securityManager);

    if (!(dac = virSecurityManagerNewDAC("test", 1000, 1000,
                                         VIR_SECURITY_MANAGER_PRIVILEGED |
                                         VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP,
                                         NULL))) {
        fprintf(stderr, "Cannot initialize DAC security driver");
        ret = -1;
        goto cleanup;
    }

    if (!(stack = virSecurityManagerNewStack(dac))) {
        fprintf(stderr, "Cannot initialize stack security driver");
        ret = -1;
        goto cleanup;
    }
    dac = NULL;

#if WITH_SELINUX
    selinux = virSecurityManagerNew("selinux", "test",
                                    VIR_SECURITY_MANAGER_PRIVILEGED |
                                    VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
                                    VIR_SECURITY_MANAGER_REQUIRE_CONFINED);
    if (!selinux) {
        fprintf(stderr, "Cannot initialize selinux security driver");
        ret = -1;
        goto cleanup;
    }

    if (virSecurityManagerStackAddNested(stack, selinux) < 0) {
        fprintf(stderr, "Cannot add selinux security driver onto stack");
        ret = -1;
        goto cleanup;
    }
    selinux = NULL;
#endif

    driver.securityManager = g_steal_pointer(&stack);


#define DO_TEST_DOMAIN(f) \
    do { \
        struct testData data = {.driver = &driver, .file = f}; \
        if (virTestRun(f, testDomain, &data) < 0) \
            ret = -1; \
    } while (0)

    DO_TEST_DOMAIN("acpi-table");
    DO_TEST_DOMAIN("channel-unix-guestfwd");
    DO_TEST_DOMAIN("console-virtio-unix");
    DO_TEST_DOMAIN("controller-virtio-scsi");
    DO_TEST_DOMAIN("disk-aio");
    DO_TEST_DOMAIN("disk-backing-chains-noindex");
    DO_TEST_DOMAIN("disk-cache");
    DO_TEST_DOMAIN("disk-cdrom");
    DO_TEST_DOMAIN("disk-cdrom-bus-other");
    DO_TEST_DOMAIN("disk-cdrom-network");
    DO_TEST_DOMAIN("disk-cdrom-tray");
    DO_TEST_DOMAIN("disk-copy_on_read");
    DO_TEST_DOMAIN("disk-detect-zeroes");
    DO_TEST_DOMAIN("disk-error-policy");
    DO_TEST_DOMAIN("disk-floppy");
    DO_TEST_DOMAIN("disk-floppy-q35");
    DO_TEST_DOMAIN("disk-network-gluster");
    DO_TEST_DOMAIN("disk-network-iscsi");
    DO_TEST_DOMAIN("disk-network-nbd");
    DO_TEST_DOMAIN("disk-network-rbd");
    DO_TEST_DOMAIN("disk-network-sheepdog");
    DO_TEST_DOMAIN("disk-network-source-auth");
    DO_TEST_DOMAIN("disk-network-tlsx509-nbd");
    DO_TEST_DOMAIN("disk-network-tlsx509-vxhs");
    DO_TEST_DOMAIN("disk-readonly-disk");
    DO_TEST_DOMAIN("disk-scsi");
    DO_TEST_DOMAIN("disk-scsi-device-auto");
    DO_TEST_DOMAIN("disk-shared");
    DO_TEST_DOMAIN("disk-virtio");
    DO_TEST_DOMAIN("disk-virtio-scsi-reservations");
    DO_TEST_DOMAIN("graphics-vnc-tls-secret");
    DO_TEST_DOMAIN("hugepages-nvdimm");
    DO_TEST_DOMAIN("iothreads-virtio-scsi-pci");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm-access");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm-align");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm-label");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm-pmem");
    DO_TEST_DOMAIN("memory-hotplug-nvdimm-readonly");
    DO_TEST_DOMAIN("net-vhostuser");
    DO_TEST_DOMAIN("firmware-auto-bios");
    DO_TEST_DOMAIN("firmware-auto-efi");
    DO_TEST_DOMAIN("firmware-auto-efi-loader-secure");
    DO_TEST_DOMAIN("pci-bridge-many-disks");
    DO_TEST_DOMAIN("tseg-explicit-size");
    DO_TEST_DOMAIN("usb-redir-unix");
    DO_TEST_DOMAIN("virtio-non-transitional");
    DO_TEST_DOMAIN("virtio-transitional");
    DO_TEST_DOMAIN("x86_64-pc-graphics");
    DO_TEST_DOMAIN("x86_64-pc-headless");
    DO_TEST_DOMAIN("x86_64-q35-graphics");
    DO_TEST_DOMAIN("x86_64-q35-headless");

 cleanup:
    qemuTestDriverFree(&driver);
#ifdef WITH_SELINUX
    virObjectUnref(selinux);
#endif
    virObjectUnref(dac);
    virObjectUnref(stack);
    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}

VIR_TEST_MAIN_PRELOAD(mymain,
                      VIR_TEST_MOCK("domaincaps"))