From 9b1a061ea8c3b49cb76a5285de1e3de33681ac06 Mon Sep 17 00:00:00 2001
From: Daiderd Jordan <daiderd@gmail.com>
Date: Tue, 16 May 2017 00:11:05 +0200
Subject: [PATCH] add test for security.accessibilityPrograms

---
 release.nix                               |  7 ++-----
 tests/security-accessibility-programs.nix | 13 +++++++++++++
 2 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 tests/security-accessibility-programs.nix

diff --git a/release.nix b/release.nix
index dd8e0a76..188bdb6b 100644
--- a/release.nix
+++ b/release.nix
@@ -89,18 +89,15 @@ let
     examples.simple = genExample ./modules/examples/simple.nix;
 
     tests.environment-path = makeTest ./tests/environment-path.nix;
-
+    tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
+    tests.security-accessibility-programs = makeTest ./tests/security-accessibility-programs.nix;
     tests.services-activate-system = makeTest ./tests/services-activate-system.nix;
-
     tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
-
     tests.system-packages = makeTest ./tests/system-packages.nix;
     tests.system-path-bash = makeTest ./tests/system-path-bash.nix;
     tests.system-path-fish = makeTest ./tests/system-path-fish.nix;
     tests.system-path-zsh = makeTest ./tests/system-path-zsh.nix;
 
-    tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
-
   }
   // (mapTestOn (packagePlatforms packageSet));
 
diff --git a/tests/security-accessibility-programs.nix b/tests/security-accessibility-programs.nix
new file mode 100644
index 00000000..ae381f58
--- /dev/null
+++ b/tests/security-accessibility-programs.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  security.accessibilityPrograms = [ "${pkgs.hello}/bin/hello" ];
+
+  test = ''
+    echo checking sqlite command in /activate >&2
+    grep "/usr/bin/sqlite3 /Library/Application\\\\ Support/com.apple.TCC/TCC.db" ${config.out}/activate
+    echo checking sqlite queries /activate >&2
+    grep "INSERT or REPLACE INTO access VALUES ('kTCCServiceAccessibility','${pkgs.hello}/bin/hello',1,1,1,NULL,NULL)" ${config.out}/activate
+    grep "DELETE FROM access WHERE client LIKE '/nix/store/%' AND client NOT IN ('${pkgs.hello}/bin/hello')" ${config.out}/activate
+  '';
+}