CoCalc -- cap_test_capabilities.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tools/regression/security/cap_test/cap_test_capabilities.c
⁴⁸²⁶⁶ views
1
/*-
2
 * Copyright (c) 2009-2011 Robert N. M. Watson
3
 * Copyright (c) 2011 Jonathan Anderson
4
 * Copyright (c) 2012 FreeBSD Foundation
5
 * All rights reserved.
6
 *
7
 * Portions of this software were developed by Pawel Jakub Dawidek under
8
 * sponsorship from the FreeBSD Foundation.
9
 *
10
 * Redistribution and use in source and binary forms, with or without
11
 * modification, are permitted provided that the following conditions
12
 * are met:
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in the
17
 *    documentation and/or other materials provided with the distribution.
18
 *
19
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29
 * SUCH DAMAGE.
30
 */
31

32
/*
33
 * Test whether various operations on capabilities are properly masked for
34
 * various object types.
35
 */
36

37
#include <sys/param.h>
38
#include <sys/capsicum.h>
39
#include <sys/errno.h>
40
#include <sys/mman.h>
41
#include <sys/mount.h>
42
#include <sys/stat.h>
43

44
#include <err.h>
45
#include <fcntl.h>
46
#include <poll.h>
47
#include <stdint.h>
48
#include <stdio.h>
49
#include <stdlib.h>
50
#include <string.h>
51
#include <unistd.h>
52

53
#include "cap_test.h"
54

55
#define	SYSCALL_FAIL(syscall, message) \
56
	FAIL("%s:\t%s (rights 0x%jx)", #syscall, message, rights)
57

58
/*
59
 * Ensure that, if the capability had enough rights for the system call to
60
 * pass, then it did. Otherwise, ensure that the errno is ENOTCAPABLE;
61
 * capability restrictions should kick in before any other error logic.
62
 */
63
#define	CHECK_RESULT(syscall, rights_needed, succeeded)	do {		\
64
	if ((rights & (rights_needed)) == (rights_needed)) {		\
65
		if (succeeded) {					\
66
			if (success == -1)				\
67
				success = PASSED;			\
68
		} else {						\
69
			SYSCALL_FAIL(syscall, "failed");		\
70
		}							\
71
	} else {							\
72
		if (succeeded) {					\
73
			FAILX("%s:\tsucceeded when it shouldn't have"	\
74
			    " (rights 0x%jx)", #syscall,		\
75
			    (uintmax_t)rights);				\
76
		} else if (errno != ENOTCAPABLE) {			\
77
			SYSCALL_FAIL(syscall, "errno != ENOTCAPABLE");	\
78
		}							\
79
	}								\
80
	errno = 0;							\
81
} while (0)
82

83
/*
84
 * As above, but for the special mmap() case: unmap after successful mmap().
85
 */
86
#define	CHECK_MMAP_RESULT(rights_needed)	do {			\
87
	if ((rights & (rights_needed)) == (rights_needed)) {		\
88
		if (p == MAP_FAILED)					\
89
			SYSCALL_FAIL(mmap, "failed");			\
90
		else {							\
91
			(void)munmap(p, getpagesize());			\
92
			if (success == -1)				\
93
				success = PASSED;			\
94
		}							\
95
	} else {							\
96
		if (p != MAP_FAILED) {					\
97
			FAILX("%s:\tsucceeded when it shouldn't have"	\
98
			    " (rights 0x%jx)", "mmap", rights);		\
99
			(void)munmap(p, getpagesize());			\
100
		} else if (errno != ENOTCAPABLE)			\
101
			SYSCALL_FAIL(syscall, "errno != ENOTCAPABLE");	\
102
	}								\
103
	errno = 0;							\
104
} while (0)
105

106
/*
107
 * Given a file descriptor, create a capability with specific rights and
108
 * make sure only those rights work. 
109
*/
110
static int
111
try_file_ops(int filefd, int dirfd, cap_rights_t rights)
112
{
113
	struct stat sb;
114
	struct statfs sf;
115
	cap_rights_t erights;
116
	int fd_cap, fd_capcap, dfd_cap;
117
	ssize_t ssize, ssize2;
118
	off_t off;
119
	void *p;
120
	char ch;
121
	int ret, is_nfs;
122
	struct pollfd pollfd;
123
	int success = -1;
124

125
	REQUIRE(fstatfs(filefd, &sf));
126
	is_nfs = (strcmp("nfs", sf.f_fstypename) == 0);
127

128
	REQUIRE(fd_cap = cap_new(filefd, rights));
129
	CHECK(cap_getrights(fd_cap, &erights) == 0);
130
	CHECK(rights == erights);
131
	REQUIRE(fd_capcap = cap_new(fd_cap, rights));
132
	CHECK(cap_getrights(fd_capcap, &erights) == 0);
133
	CHECK(rights == erights);
134
	CHECK(fd_capcap != fd_cap);
135
	REQUIRE(dfd_cap = cap_new(dirfd, rights));
136
	CHECK(cap_getrights(dfd_cap, &erights) == 0);
137
	CHECK(rights == erights);
138

139
	ssize = read(fd_cap, &ch, sizeof(ch));
140
	CHECK_RESULT(read, CAP_READ, ssize >= 0);
141

142
	ssize = write(fd_cap, &ch, sizeof(ch));
143
	CHECK_RESULT(write, CAP_WRITE, ssize >= 0);
144

145
	off = lseek(fd_cap, 0, SEEK_SET);
146
	CHECK_RESULT(lseek, CAP_SEEK, off >= 0);
147

148
	ssize = pread(fd_cap, &ch, sizeof(ch), 0);
149
	ssize2 = pread(fd_cap, &ch, sizeof(ch), 0);
150
	CHECK_RESULT(pread, CAP_PREAD, ssize >= 0);
151
	CHECK(ssize == ssize2);
152

153
	ssize = pwrite(fd_cap, &ch, sizeof(ch), 0);
154
	CHECK_RESULT(pwrite, CAP_PWRITE, ssize >= 0);
155

156
	p = mmap(NULL, getpagesize(), PROT_NONE, MAP_SHARED, fd_cap, 0);
157
	CHECK_MMAP_RESULT(CAP_MMAP);
158

159
	p = mmap(NULL, getpagesize(), PROT_READ, MAP_SHARED, fd_cap, 0);
160
	CHECK_MMAP_RESULT(CAP_MMAP_R);
161

162
	p = mmap(NULL, getpagesize(), PROT_WRITE, MAP_SHARED, fd_cap, 0);
163
	CHECK_MMAP_RESULT(CAP_MMAP_W);
164

165
	p = mmap(NULL, getpagesize(), PROT_EXEC, MAP_SHARED, fd_cap, 0);
166
	CHECK_MMAP_RESULT(CAP_MMAP_X);
167

168
	p = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED,
169
	    fd_cap, 0);
170
	CHECK_MMAP_RESULT(CAP_MMAP_RW);
171

172
	p = mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_SHARED,
173
	    fd_cap, 0);
174
	CHECK_MMAP_RESULT(CAP_MMAP_RX);
175

176
	p = mmap(NULL, getpagesize(), PROT_EXEC | PROT_WRITE, MAP_SHARED,
177
	    fd_cap, 0);
178
	CHECK_MMAP_RESULT(CAP_MMAP_WX);
179

180
	p = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC,
181
	    MAP_SHARED, fd_cap, 0);
182
	CHECK_MMAP_RESULT(CAP_MMAP_RWX);
183

184
	ret = openat(dfd_cap, "cap_create", O_CREAT | O_RDONLY, 0600);
185
	CHECK_RESULT(openat(O_CREATE | O_RDONLY),
186
	    CAP_CREATE | CAP_READ | CAP_LOOKUP, ret >= 0);
187
	CHECK(ret == -1 || close(ret) == 0);
188
	CHECK(ret == -1 || unlinkat(dirfd, "cap_create", 0) == 0);
189
	ret = openat(dfd_cap, "cap_create", O_CREAT | O_WRONLY | O_APPEND,
190
	    0600);
191
	CHECK_RESULT(openat(O_CREATE | O_WRONLY | O_APPEND),
192
	    CAP_CREATE | CAP_WRITE | CAP_LOOKUP, ret >= 0);
193
	CHECK(ret == -1 || close(ret) == 0);
194
	CHECK(ret == -1 || unlinkat(dirfd, "cap_create", 0) == 0);
195
	ret = openat(dfd_cap, "cap_create", O_CREAT | O_RDWR | O_APPEND, 0600);
196
	CHECK_RESULT(openat(O_CREATE | O_RDWR | O_APPEND),
197
	    CAP_CREATE | CAP_READ | CAP_WRITE | CAP_LOOKUP, ret >= 0);
198
	CHECK(ret == -1 || close(ret) == 0);
199
	CHECK(ret == -1 || unlinkat(dirfd, "cap_create", 0) == 0);
200

201
	ret = fsync(fd_cap);
202
	CHECK_RESULT(fsync, CAP_FSYNC, ret == 0);
203

204
	ret = openat(dirfd, "cap_fsync", O_CREAT, 0600);
205
	CHECK(ret >= 0);
206
	CHECK(close(ret) == 0);
207
	ret = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDONLY);
208
	CHECK_RESULT(openat(O_FSYNC | O_RDONLY),
209
	    CAP_FSYNC | CAP_READ | CAP_LOOKUP, ret >= 0);
210
	CHECK(ret == -1 || close(ret) == 0);
211
	ret = openat(dfd_cap, "cap_fsync", O_FSYNC | O_WRONLY | O_APPEND);
212
	CHECK_RESULT(openat(O_FSYNC | O_WRONLY | O_APPEND),
213
	    CAP_FSYNC | CAP_WRITE | CAP_LOOKUP, ret >= 0);
214
	CHECK(ret == -1 || close(ret) == 0);
215
	ret = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDWR | O_APPEND);
216
	CHECK_RESULT(openat(O_FSYNC | O_RDWR | O_APPEND),
217
	    CAP_FSYNC | CAP_READ | CAP_WRITE | CAP_LOOKUP, ret >= 0);
218
	CHECK(ret == -1 || close(ret) == 0);
219
	ret = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDONLY);
220
	CHECK_RESULT(openat(O_SYNC | O_RDONLY),
221
	    CAP_FSYNC | CAP_READ | CAP_LOOKUP, ret >= 0);
222
	CHECK(ret == -1 || close(ret) == 0);
223
	ret = openat(dfd_cap, "cap_fsync", O_SYNC | O_WRONLY | O_APPEND);
224
	CHECK_RESULT(openat(O_SYNC | O_WRONLY | O_APPEND),
225
	    CAP_FSYNC | CAP_WRITE | CAP_LOOKUP, ret >= 0);
226
	CHECK(ret == -1 || close(ret) == 0);
227
	ret = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDWR | O_APPEND);
228
	CHECK_RESULT(openat(O_SYNC | O_RDWR | O_APPEND),
229
	    CAP_FSYNC | CAP_READ | CAP_WRITE | CAP_LOOKUP, ret >= 0);
230
	CHECK(ret == -1 || close(ret) == 0);
231
	CHECK(unlinkat(dirfd, "cap_fsync", 0) == 0);
232

233
	ret = ftruncate(fd_cap, 0);
234
	CHECK_RESULT(ftruncate, CAP_FTRUNCATE, ret == 0);
235

236
	ret = openat(dirfd, "cap_ftruncate", O_CREAT, 0600);
237
	CHECK(ret >= 0);
238
	CHECK(close(ret) == 0);
239
	ret = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_RDONLY);
240
	CHECK_RESULT(openat(O_TRUNC | O_RDONLY),
241
	    CAP_FTRUNCATE | CAP_READ | CAP_LOOKUP, ret >= 0);
242
	CHECK(ret == -1 || close(ret) == 0);
243
	ret = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_WRONLY);
244
	CHECK_RESULT(openat(O_TRUNC | O_WRONLY),
245
	    CAP_FTRUNCATE | CAP_WRITE | CAP_LOOKUP, ret >= 0);
246
	CHECK(ret == -1 || close(ret) == 0);
247
	ret = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_RDWR);
248
	CHECK_RESULT(openat(O_TRUNC | O_RDWR),
249
	    CAP_FTRUNCATE | CAP_READ | CAP_WRITE | CAP_LOOKUP, ret >= 0);
250
	CHECK(ret == -1 || close(ret) == 0);
251
	CHECK(unlinkat(dirfd, "cap_ftruncate", 0) == 0);
252

253
	ret = openat(dfd_cap, "cap_create", O_CREAT | O_WRONLY, 0600);
254
	CHECK_RESULT(openat(O_CREATE | O_WRONLY),
255
	    CAP_CREATE | CAP_WRITE | CAP_SEEK | CAP_LOOKUP, ret >= 0);
256
	CHECK(ret == -1 || close(ret) == 0);
257
	CHECK(ret == -1 || unlinkat(dirfd, "cap_create", 0) == 0);
258
	ret = openat(dfd_cap, "cap_create", O_CREAT | O_RDWR, 0600);
259
	CHECK_RESULT(openat(O_CREATE | O_RDWR),
260
	    CAP_CREATE | CAP_READ | CAP_WRITE | CAP_SEEK | CAP_LOOKUP,
261
	    ret >= 0);
262
	CHECK(ret == -1 || close(ret) == 0);
263
	CHECK(ret == -1 || unlinkat(dirfd, "cap_create", 0) == 0);
264

265
	ret = openat(dirfd, "cap_fsync", O_CREAT, 0600);
266
	CHECK(ret >= 0);
267
	CHECK(close(ret) == 0);
268
	ret = openat(dfd_cap, "cap_fsync", O_FSYNC | O_WRONLY);
269
	CHECK_RESULT(openat(O_FSYNC | O_WRONLY),
270
	    CAP_FSYNC | CAP_WRITE | CAP_SEEK | CAP_LOOKUP, ret >= 0);
271
	CHECK(ret == -1 || close(ret) == 0);
272
	ret = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDWR);
273
	CHECK_RESULT(openat(O_FSYNC | O_RDWR),
274
	    CAP_FSYNC | CAP_READ | CAP_WRITE | CAP_SEEK | CAP_LOOKUP, ret >= 0);
275
	CHECK(ret == -1 || close(ret) == 0);
276
	ret = openat(dfd_cap, "cap_fsync", O_SYNC | O_WRONLY);
277
	CHECK_RESULT(openat(O_SYNC | O_WRONLY),
278
	    CAP_FSYNC | CAP_WRITE | CAP_SEEK | CAP_LOOKUP, ret >= 0);
279
	CHECK(ret == -1 || close(ret) == 0);
280
	ret = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDWR);
281
	CHECK_RESULT(openat(O_SYNC | O_RDWR),
282
	    CAP_FSYNC | CAP_READ | CAP_WRITE | CAP_SEEK | CAP_LOOKUP, ret >= 0);
283
	CHECK(ret == -1 || close(ret) == 0);
284
	CHECK(unlinkat(dirfd, "cap_fsync", 0) == 0);
285

286
	/*
287
	 * Note: this is not expected to work over NFS.
288
	 */
289
	ret = fchflags(fd_cap, UF_NODUMP);
290
	CHECK_RESULT(fchflags, CAP_FCHFLAGS,
291
	    ret == 0 || (is_nfs && errno == EOPNOTSUPP));
292

293
	ret = openat(dirfd, "cap_chflagsat", O_CREAT, 0600);
294
	CHECK(ret >= 0);
295
	CHECK(close(ret) == 0);
296
	ret = chflagsat(dfd_cap, "cap_chflagsat", UF_NODUMP, 0);
297
	CHECK_RESULT(chflagsat, CAP_CHFLAGSAT | CAP_LOOKUP, ret == 0);
298
	CHECK(unlinkat(dirfd, "cap_chflagsat", 0) == 0);
299

300
	ret = fchown(fd_cap, -1, -1);
301
	CHECK_RESULT(fchown, CAP_FCHOWN, ret == 0);
302

303
	ret = openat(dirfd, "cap_fchownat", O_CREAT, 0600);
304
	CHECK(ret >= 0);
305
	CHECK(close(ret) == 0);
306
	ret = fchownat(dfd_cap, "cap_fchownat", -1, -1, 0);
307
	CHECK_RESULT(fchownat, CAP_FCHOWN | CAP_LOOKUP, ret == 0);
308
	CHECK(unlinkat(dirfd, "cap_fchownat", 0) == 0);
309

310
	ret = fchmod(fd_cap, 0644);
311
	CHECK_RESULT(fchmod, CAP_FCHMOD, ret == 0);
312

313
	ret = openat(dirfd, "cap_fchmodat", O_CREAT, 0600);
314
	CHECK(ret >= 0);
315
	CHECK(close(ret) == 0);
316
	ret = fchmodat(dfd_cap, "cap_fchmodat", 0600, 0);
317
	CHECK_RESULT(fchmodat, CAP_FCHMOD | CAP_LOOKUP, ret == 0);
318
	CHECK(unlinkat(dirfd, "cap_fchmodat", 0) == 0);
319

320
	ret = fcntl(fd_cap, F_GETFL);
321
	CHECK_RESULT(fcntl(F_GETFL), CAP_FCNTL, ret >= 0);
322
	ret = fcntl(fd_cap, F_SETFL, ret);
323
	CHECK_RESULT(fcntl(F_SETFL), CAP_FCNTL, ret == 0);
324

325
	/* XXX flock */
326

327
	ret = fstat(fd_cap, &sb);
328
	CHECK_RESULT(fstat, CAP_FSTAT, ret == 0);
329

330
	ret = openat(dirfd, "cap_fstatat", O_CREAT, 0600);
331
	CHECK(ret >= 0);
332
	CHECK(close(ret) == 0);
333
	ret = fstatat(dfd_cap, "cap_fstatat", &sb, 0);
334
	CHECK_RESULT(fstatat, CAP_FSTAT | CAP_LOOKUP, ret == 0);
335
	CHECK(unlinkat(dirfd, "cap_fstatat", 0) == 0);
336

337
	ret = fstatfs(fd_cap, &sf);
338
	CHECK_RESULT(fstatfs, CAP_FSTATFS, ret == 0);
339

340
	ret = fpathconf(fd_cap, _PC_NAME_MAX);
341
	CHECK_RESULT(fpathconf, CAP_FPATHCONF, ret >= 0);
342

343
	ret = futimes(fd_cap, NULL);
344
	CHECK_RESULT(futimes, CAP_FUTIMES, ret == 0);
345

346
	ret = openat(dirfd, "cap_futimesat", O_CREAT, 0600);
347
	CHECK(ret >= 0);
348
	CHECK(close(ret) == 0);
349
	ret = futimesat(dfd_cap, "cap_futimesat", NULL);
350
	CHECK_RESULT(futimesat, CAP_FUTIMES | CAP_LOOKUP, ret == 0);
351
	CHECK(unlinkat(dirfd, "cap_futimesat", 0) == 0);
352

353
	ret = openat(dirfd, "cap_linkat_src", O_CREAT, 0600);
354
	CHECK(ret >= 0);
355
	CHECK(close(ret) == 0);
356
	ret = linkat(dirfd, "cap_linkat_src", dfd_cap, "cap_linkat_dst", 0);
357
	CHECK_RESULT(linkat, CAP_LINKAT | CAP_LOOKUP, ret == 0);
358
	CHECK(unlinkat(dirfd, "cap_linkat_src", 0) == 0);
359
	CHECK(ret == -1 || unlinkat(dirfd, "cap_linkat_dst", 0) == 0);
360

361
	ret = mkdirat(dfd_cap, "cap_mkdirat", 0700);
362
	CHECK_RESULT(mkdirat, CAP_MKDIRAT | CAP_LOOKUP, ret == 0);
363
	CHECK(ret == -1 || unlinkat(dirfd, "cap_mkdirat", AT_REMOVEDIR) == 0);
364

365
	ret = mkfifoat(dfd_cap, "cap_mkfifoat", 0600);
366
	CHECK_RESULT(mkfifoat, CAP_MKFIFOAT | CAP_LOOKUP, ret == 0);
367
	CHECK(ret == -1 || unlinkat(dirfd, "cap_mkfifoat", 0) == 0);
368

369
	ret = mknodat(dfd_cap, "cap_mknodat", S_IFCHR | 0600, 0);
370
	CHECK_RESULT(mknodat, CAP_MKNODAT | CAP_LOOKUP, ret == 0);
371
	CHECK(ret == -1 || unlinkat(dirfd, "cap_mknodat", 0) == 0);
372

373
	/* TODO: renameat(2) */
374

375
	ret = symlinkat("test", dfd_cap, "cap_symlinkat");
376
	CHECK_RESULT(symlinkat, CAP_SYMLINKAT | CAP_LOOKUP, ret == 0);
377
	CHECK(ret == -1 || unlinkat(dirfd, "cap_symlinkat", 0) == 0);
378

379
	ret = openat(dirfd, "cap_unlinkat", O_CREAT, 0600);
380
	CHECK(ret >= 0);
381
	CHECK(close(ret) == 0);
382
	ret = unlinkat(dfd_cap, "cap_unlinkat", 0);
383
	CHECK_RESULT(unlinkat, CAP_UNLINKAT | CAP_LOOKUP, ret == 0);
384
	CHECK(ret == 0 || unlinkat(dirfd, "cap_unlinkat", 0) == 0);
385
	ret = mkdirat(dirfd, "cap_unlinkat", 0700);
386
	CHECK(ret == 0);
387
	ret = unlinkat(dfd_cap, "cap_unlinkat", AT_REMOVEDIR);
388
	CHECK_RESULT(unlinkat, CAP_UNLINKAT | CAP_LOOKUP, ret == 0);
389
	CHECK(ret == 0 || unlinkat(dirfd, "cap_unlinkat", AT_REMOVEDIR) == 0);
390

391
	pollfd.fd = fd_cap;
392
	pollfd.events = POLLIN | POLLERR | POLLHUP;
393
	pollfd.revents = 0;
394

395
	ret = poll(&pollfd, 1, 0);
396
	if (rights & CAP_EVENT)
397
		CHECK((pollfd.revents & POLLNVAL) == 0);
398
	else
399
		CHECK((pollfd.revents & POLLNVAL) != 0);
400

401
	/* XXX: select, kqueue */
402

403
	close(fd_cap);
404
	close(fd_capcap);
405

406
	if (success == -1) {
407
		fprintf(stderr, "No tests for rights 0x%jx.\n",
408
		    (uintmax_t)rights);
409
		success = FAILED;
410
	}
411
	return (success);
412
}
413

414
#define TRY(rights) \
415
do { \
416
	if (success == PASSED) \
417
		success = try_file_ops(filefd, dirfd, (rights)); \
418
	else \
419
		/* We've already failed, but try the test anyway. */ \
420
		try_file_ops(filefd, dirfd, (rights)); \
421
} while (0)
422

423
#define	KEEP_ERRNO(...)	do {						\
424
	int _saved_errno = errno;					\
425
	__VA_ARGS__;							\
426
	errno = _saved_errno;						\
427
} while (0);
428

429
int
430
test_capabilities(void)
431
{
432
	int filefd, dirfd, tmpfd;
433
	int success = PASSED;
434
	char file[] = "/tmp/cap_test.XXXXXXXXXX";
435
	char dir[] = "/tmp/cap_test.XXXXXXXXXX";
436

437
	filefd = mkstemp(file);
438
	if (filefd < 0)
439
		err(-1, "mkstemp");
440
	if (mkdtemp(dir) == NULL) {
441
		KEEP_ERRNO(unlink(file));
442
		err(-1, "mkdtemp");
443
	}
444
	dirfd = open(dir, O_RDONLY | O_DIRECTORY);
445
	if (dirfd == -1) {
446
		KEEP_ERRNO(unlink(file));
447
		KEEP_ERRNO(rmdir(dir));
448
		err(-1, "open");
449
	}
450
	tmpfd = open("/tmp", O_RDONLY | O_DIRECTORY);
451
	if (tmpfd == -1) {
452
		KEEP_ERRNO(unlink(file));
453
		KEEP_ERRNO(rmdir(dir));
454
		err(-1, "open");
455
	}
456

457
	if (cap_enter() == -1) {
458
		KEEP_ERRNO(unlink(file));
459
		KEEP_ERRNO(rmdir(dir));
460
		err(-1, "cap_enter");
461
	}
462

463
	TRY(CAP_READ);
464
	TRY(CAP_WRITE);
465
	TRY(CAP_SEEK);
466
	TRY(CAP_PREAD);
467
	TRY(CAP_PWRITE);
468
	TRY(CAP_READ | CAP_WRITE);
469
	TRY(CAP_PREAD | CAP_PWRITE);
470
	TRY(CAP_MMAP);
471
	TRY(CAP_MMAP_R);
472
	TRY(CAP_MMAP_W);
473
	TRY(CAP_MMAP_X);
474
	TRY(CAP_MMAP_RW);
475
	TRY(CAP_MMAP_RX);
476
	TRY(CAP_MMAP_WX);
477
	TRY(CAP_MMAP_RWX);
478
	TRY(CAP_CREATE | CAP_READ | CAP_LOOKUP);
479
	TRY(CAP_CREATE | CAP_WRITE | CAP_LOOKUP);
480
	TRY(CAP_CREATE | CAP_READ | CAP_WRITE | CAP_LOOKUP);
481
#ifdef TODO
482
	TRY(CAP_FEXECVE);
483
#endif
484
	TRY(CAP_FSYNC);
485
	TRY(CAP_FSYNC | CAP_READ | CAP_LOOKUP);
486
	TRY(CAP_FSYNC | CAP_WRITE | CAP_LOOKUP);
487
	TRY(CAP_FSYNC | CAP_READ | CAP_WRITE | CAP_LOOKUP);
488
	TRY(CAP_FTRUNCATE);
489
	TRY(CAP_FTRUNCATE | CAP_READ | CAP_LOOKUP);
490
	TRY(CAP_FTRUNCATE | CAP_WRITE | CAP_LOOKUP);
491
	TRY(CAP_FTRUNCATE | CAP_READ | CAP_WRITE | CAP_LOOKUP);
492
#ifdef TODO
493
	TRY(CAP_FCHDIR);
494
#endif
495
	TRY(CAP_FCHFLAGS);
496
	TRY(CAP_FCHOWN);
497
	TRY(CAP_FCHOWN | CAP_LOOKUP);
498
	TRY(CAP_FCHMOD | CAP_LOOKUP);
499
	TRY(CAP_FCNTL);
500
#ifdef TODO
501
	TRY(CAP_FLOCK);
502
#endif
503
	TRY(CAP_FPATHCONF);
504
#ifdef TODO
505
	TRY(CAP_FSCK);
506
#endif
507
	TRY(CAP_FSTAT | CAP_LOOKUP);
508
	TRY(CAP_FSTATFS);
509
	TRY(CAP_FUTIMES | CAP_LOOKUP);
510
	TRY(CAP_LINKAT | CAP_LOOKUP);
511
	TRY(CAP_MKDIRAT | CAP_LOOKUP);
512
	TRY(CAP_MKFIFOAT | CAP_LOOKUP);
513
	TRY(CAP_MKNODAT | CAP_LOOKUP);
514
	TRY(CAP_SYMLINKAT | CAP_LOOKUP);
515
	TRY(CAP_UNLINKAT | CAP_LOOKUP);
516
	/* Rename needs CAP_RENAMEAT on source directory and CAP_LINKAT on destination directory. */
517
	TRY(CAP_RENAMEAT | CAP_UNLINKAT | CAP_LOOKUP);
518
#ifdef TODO
519
	TRY(CAP_LOOKUP);
520
	TRY(CAP_EXTATTR_DELETE);
521
	TRY(CAP_EXTATTR_GET);
522
	TRY(CAP_EXTATTR_LIST);
523
	TRY(CAP_EXTATTR_SET);
524
	TRY(CAP_ACL_CHECK);
525
	TRY(CAP_ACL_DELETE);
526
	TRY(CAP_ACL_GET);
527
	TRY(CAP_ACL_SET);
528
	TRY(CAP_ACCEPT);
529
	TRY(CAP_BIND);
530
	TRY(CAP_CONNECT);
531
	TRY(CAP_GETPEERNAME);
532
	TRY(CAP_GETSOCKNAME);
533
	TRY(CAP_GETSOCKOPT);
534
	TRY(CAP_LISTEN);
535
	TRY(CAP_PEELOFF);
536
	TRY(CAP_RECV);
537
	TRY(CAP_SEND);
538
	TRY(CAP_SETSOCKOPT);
539
	TRY(CAP_SHUTDOWN);
540
	TRY(CAP_MAC_GET);
541
	TRY(CAP_MAC_SET);
542
	TRY(CAP_SEM_GETVALUE);
543
	TRY(CAP_SEM_POST);
544
	TRY(CAP_SEM_WAIT);
545
	TRY(CAP_POST_EVENT);
546
	TRY(CAP_EVENT);
547
	TRY(CAP_IOCTL);
548
	TRY(CAP_TTYHOOK);
549
	TRY(CAP_PDGETPID);
550
	TRY(CAP_PDWAIT);
551
	TRY(CAP_PDKILL);
552
#endif
553

554
	(void)unlinkat(tmpfd, file + strlen("/tmp/"), 0);
555
	(void)unlinkat(tmpfd, dir + strlen("/tmp/"), AT_REMOVEDIR);
556

557
	return (success);
558
}
559

560
Product

Resources

Company
