Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tools/regression/security/cap_test/cap_test_fcntl.c
48266 views
1
/*-

2
 * Copyright (c) 2009-2011 Robert N. M. Watson

3
 * Copyright (c) 2011 Jonathan Anderson

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 * 1. Redistributions of source code must retain the above copyright

10
 *    notice, this list of conditions and the following disclaimer.

11
 * 2. Redistributions in binary form must reproduce the above copyright

12
 *    notice, this list of conditions and the following disclaimer in the

13
 *    documentation and/or other materials provided with the distribution.

14
 *

15
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
 * SUCH DAMAGE.

26
 */

27


28
/*

29
 * Test that fcntl works in capability mode.

30
 */

31


32
#include <sys/types.h>

33
#include <sys/capsicum.h>

34
#include <sys/errno.h>

35
#include <sys/ipc.h>

36
#include <sys/mman.h>

37
#include <sys/socket.h>

38
#include <sys/stat.h>

39
#include <sys/sysctl.h>

40
#include <sys/wait.h>

41


42
#include <err.h>

43
#include <fcntl.h>

44
#include <stdio.h>

45
#include <stdlib.h>

46
#include <unistd.h>

47


48
#include "cap_test.h"

49


50
/* A filename->descriptor mapping. */

51
struct fd {

52
	char	*f_name;

53
	int	 f_fd;

54
};

55


56
/*

57
 * Ensure that fcntl() works consistently for both regular file descriptors and

58
 * capability-wrapped ones.

59
 */

60
int

61
test_fcntl(void)

62
{

63
	int success = PASSED;

64
	cap_rights_t rights = CAP_READ | CAP_FCNTL;

65


66
	/*

67
	 * Open some files of different types, and wrap them in capabilities.

68
	 */

69
	struct fd files[] = {

70
		{ "file",         open("/etc/passwd", O_RDONLY) },

71
		{ "socket",       socket(PF_LOCAL, SOCK_STREAM, 0) },

72
		{ "SHM",          shm_open(SHM_ANON, O_RDWR, 0600) },

73
	};

74
	REQUIRE(files[0].f_fd);

75
	REQUIRE(files[1].f_fd);

76
	REQUIRE(files[2].f_fd);

77


78
	struct fd caps[] = {

79
		{ "file cap",     cap_new(files[0].f_fd, rights) },

80
		{ "socket cap",   cap_new(files[1].f_fd, rights) },

81
		{ "SHM cap",      cap_new(files[2].f_fd, rights) },

82
	};

83
	REQUIRE(caps[0].f_fd);

84
	REQUIRE(caps[1].f_fd);

85
	REQUIRE(caps[2].f_fd);

86


87
	struct fd all[] = {

88
		files[0], caps[0],

89
		files[1], caps[1],

90
		files[2], caps[2],

91
	};

92
	const size_t len = sizeof(all) / sizeof(struct fd);

93


94
	REQUIRE(cap_enter());

95


96
	/*

97
	 * Ensure that we can fcntl() all the files that we opened above.

98
	 */

99
	for (size_t i = 0; i < len; i++)

100
	{

101
		struct fd f = all[i];

102
		int cap;

103


104
		CHECK_SYSCALL_SUCCEEDS(fcntl, f.f_fd, F_GETFL, 0);

105
		REQUIRE(cap = cap_new(f.f_fd, CAP_READ));

106
		if (fcntl(f.f_fd, F_GETFL, 0) == -1)

107
			FAIL("Error calling fcntl('%s', F_GETFL)", f.f_name);

108
		else

109
			CHECK_NOTCAPABLE(fcntl, cap, F_GETFL, 0);

110
	}

111


112
	return (success);

113
}

114


115


116