Evaluate AppArmor support (#2784)

* Evaluate AppArmor support

* Update supervisor/resolution/evaluations/apparmor.py

Co-authored-by: Joakim Sørensen <joasoe@gmail.com>

Co-authored-by: Joakim Sørensen <joasoe@gmail.com>

supervisor/resolution/const.py

@@ -29,6 +29,7 @@ class UnsupportedReason(str, Enum):
 
     CONTAINER = "container"
     DBUS = "dbus"
+    APPARMOR = "apparmor"
     DOCKER_CONFIGURATION = "docker_configuration"
     DOCKER_VERSION = "docker_version"
     LXC = "lxc"

supervisor/resolution/evaluations/apparmor.py

@@ -0,0 +1,41 @@
+"""Evaluation class for AppArmor."""
+from pathlib import Path
+from typing import List
+
+from ...const import CoreState
+from ...coresys import CoreSys
+from ..const import UnsupportedReason
+from .base import EvaluateBase
+
+_APPARMOR_KERNEL = Path("/sys/module/apparmor/parameters/enabled")
+
+
+def setup(coresys: CoreSys) -> EvaluateBase:
+    """Initialize evaluation-setup function."""
+    return EvaluateAppArmor(coresys)
+
+
+class EvaluateAppArmor(EvaluateBase):
+    """Evaluate is supported/enabled AppArmor."""
+
+    @property
+    def reason(self) -> UnsupportedReason:
+        """Return a UnsupportedReason enum."""
+        return UnsupportedReason.APPARMOR
+
+    @property
+    def on_failure(self) -> str:
+        """Return a string that is printed when self.evaluate is False."""
+        return "AppArmor is required for Home Assistant."
+
+    @property
+    def states(self) -> List[CoreState]:
+        """Return a list of valid states when this evaluation can run."""
+        return [CoreState.INITIALIZE]
+
+    async def evaluate(self) -> None:
+        """Run evaluation."""
+        try:
+            return _APPARMOR_KERNEL.read_text().strip().upper() != "Y"
+        except OSError:
+            return True

tests/resolution/evaluation/test_evaluate_apparmor.py

@@ -0,0 +1,52 @@
+"""Test evaluation base."""
+# pylint: disable=import-error,protected-access
+from unittest.mock import patch
+
+from supervisor.const import CoreState
+from supervisor.coresys import CoreSys
+from supervisor.resolution.evaluations.apparmor import EvaluateAppArmor
+
+
+async def test_evaluation(coresys: CoreSys):
+    """Test evaluation."""
+    apparmor = EvaluateAppArmor(coresys)
+    coresys.core.state = CoreState.INITIALIZE
+
+    assert apparmor.reason not in coresys.resolution.unsupported
+
+    with patch("pathlib.Path.read_text", return_value="N"):
+        await apparmor()
+        assert apparmor.reason in coresys.resolution.unsupported
+
+    with patch("pathlib.Path.read_text", return_value="Y"):
+        await apparmor()
+        assert apparmor.reason not in coresys.resolution.unsupported
+
+    with patch("pathlib.Path.read_text", side_effect=OSError):
+        await apparmor()
+        assert apparmor.reason in coresys.resolution.unsupported
+
+
+async def test_did_run(coresys: CoreSys):
+    """Test that the evaluation ran as expected."""
+    apparmor = EvaluateAppArmor(coresys)
+    should_run = apparmor.states
+    should_not_run = [state for state in CoreState if state not in should_run]
+    assert len(should_run) != 0
+    assert len(should_not_run) != 0
+
+    with patch(
+        "supervisor.resolution.evaluations.apparmor.EvaluateAppArmor.evaluate",
+        return_value=None,
+    ) as evaluate:
+        for state in should_run:
+            coresys.core.state = state
+            await apparmor()
+            evaluate.assert_called_once()
+            evaluate.reset_mock()
+
+        for state in should_not_run:
+            coresys.core.state = state
+            await apparmor()
+            evaluate.assert_not_called()
+            evaluate.reset_mock()