diff options
author | Paul Moore <paul@paul-moore.com> | 2019-05-02 19:29:59 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2019-05-03 19:25:54 -0400 |
commit | 78497a5d1da200ab0356e1189f5efb8724ad70a1 (patch) | |
tree | ad6acfb2d6ee457821deac951101ef4e3428e70d /tests | |
parent | e15f41574db5845a9f262f0867f3d13dba5e3452 (diff) | |
download | libseccomp-78497a5d1da200ab0356e1189f5efb8724ad70a1.tar.gz |
tests: add notification tests
Some of this was taken from Tycho's original patch.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/.gitignore | 1 | ||||
-rw-r--r-- | tests/13-basic-attrs.c | 2 | ||||
-rwxr-xr-x | tests/13-basic-attrs.py | 2 | ||||
-rw-r--r-- | tests/51-live-user_notification.c | 112 | ||||
-rwxr-xr-x | tests/51-live-user_notification.py | 60 | ||||
-rw-r--r-- | tests/51-live-user_notification.tests | 11 | ||||
-rw-r--r-- | tests/Makefile.am | 6 |
7 files changed, 190 insertions, 4 deletions
diff --git a/tests/.gitignore b/tests/.gitignore index a5bc9e4..6710243 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -56,3 +56,4 @@ util.pyc 48-sim-32b_args 49-sim-64b_comparisons 50-sim-hash_collision +51-live-user_notification diff --git a/tests/13-basic-attrs.c b/tests/13-basic-attrs.c index 28147bd..e7b14f0 100644 --- a/tests/13-basic-attrs.c +++ b/tests/13-basic-attrs.c @@ -32,7 +32,7 @@ int main(int argc, char *argv[]) uint32_t val = (uint32_t)(-1); scmp_filter_ctx ctx = NULL; - rc = seccomp_api_set(4); + rc = seccomp_api_set(5); if (rc != 0) return EOPNOTSUPP; diff --git a/tests/13-basic-attrs.py b/tests/13-basic-attrs.py index b4b54b9..38971c0 100755 --- a/tests/13-basic-attrs.py +++ b/tests/13-basic-attrs.py @@ -29,7 +29,7 @@ import util from seccomp import * def test(): - set_api(4) + set_api(5) f = SyscallFilter(ALLOW) if f.get_attr(Attr.ACT_DEFAULT) != ALLOW: diff --git a/tests/51-live-user_notification.c b/tests/51-live-user_notification.c new file mode 100644 index 0000000..de31d2f --- /dev/null +++ b/tests/51-live-user_notification.c @@ -0,0 +1,112 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com> + * Author: Paul Moore <paul@paul-moore.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#include <sys/types.h> +#include <sys/wait.h> +#include <unistd.h> +#include <seccomp.h> +#include <signal.h> +#include <syscall.h> +#include <errno.h> +#include <stdlib.h> + +#include "util.h" + +#define MAGIC 0x1122334455667788UL + +int main(int argc, char *argv[]) +{ + int rc, fd = -1, status; + struct seccomp_notif *req = NULL; + struct seccomp_notif_resp *resp = NULL; + scmp_filter_ctx ctx = NULL; + pid_t pid = 0; + + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL); + if (rc) + goto out; + + rc = seccomp_load(ctx); + if (rc < 0) + goto out; + + rc = seccomp_notify_fd(ctx); + if (rc < 0) + goto out; + fd = rc; + + pid = fork(); + if (pid == 0) + exit(syscall(SCMP_SYS(getpid)) != MAGIC); + + rc = seccomp_notify_alloc(&req, &resp); + if (rc) + goto out; + + rc = seccomp_notify_receive(fd, req); + if (rc) + goto out; + if (req->data.nr != SCMP_SYS(getpid)) { + rc = -EFAULT; + goto out; + } + rc = seccomp_notify_id_valid(fd, req->id); + if (rc) + goto out; + + resp->id = req->id; + resp->val = MAGIC; + resp->error = 0; + resp->flags = 0; + rc = seccomp_notify_respond(fd, resp); + if (rc) + goto out; + + if (waitpid(pid, &status, 0) != pid) { + rc = -EFAULT; + goto out; + } + + if (!WIFEXITED(status)) { + rc = -EFAULT; + goto out; + } + if (WEXITSTATUS(status)) { + rc = -EFAULT; + goto out; + } + +out: + if (fd >= 0) + close(fd); + if (pid) + kill(pid, SIGKILL); + seccomp_notify_free(req, resp); + seccomp_release(ctx); + + if (rc != 0) + return (rc < 0 ? -rc : rc); + return 160; +} diff --git a/tests/51-live-user_notification.py b/tests/51-live-user_notification.py new file mode 100755 index 0000000..0d81f5e --- /dev/null +++ b/tests/51-live-user_notification.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com> +# Author: Paul Moore <paul@paul-moore.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import os +import signal +import sys + +import util + +from seccomp import * + +def test(): + magic = os.getuid() + 1 + f = SyscallFilter(ALLOW) + f.add_rule(NOTIFY, "getuid") + f.load() + pid = os.fork() + if pid == 0: + val = os.getuid() + if val != magic: + raise RuntimeError("Response return value failed") + quit(1) + quit(0) + else: + notify = f.receive_notify() + if notify.syscall != resolve_syscall(Arch(), "getuid"): + raise RuntimeError("Notification failed") + f.respond_notify(NotificationResponse(notify, magic, 0, 0)) + wpid, rc = os.waitpid(pid, 0) + if os.WIFEXITED(rc) == 0: + raise RuntimeError("Child process error") + if os.WEXITSTATUS(rc) != 0: + raise RuntimeError("Child process error") + quit(160) + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/51-live-user_notification.tests b/tests/51-live-user_notification.tests new file mode 100644 index 0000000..4c5e964 --- /dev/null +++ b/tests/51-live-user_notification.tests @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright Cisco Systems 2019 +# Author: Tycho Andersen <tycho@tycho.ws> +# + +test type: live + +# Testname API Result +51-live-user_notification 5 ALLOW diff --git a/tests/Makefile.am b/tests/Makefile.am index eb84e14..83e41c4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -89,7 +89,8 @@ check_PROGRAMS = \ 47-live-kill_process \ 48-sim-32b_args \ 49-sim-64b_comparisons \ - 50-sim-hash_collision + 50-sim-hash_collision \ + 51-live-user_notification EXTRA_DIST_TESTPYTHON = \ util.py \ @@ -193,7 +194,8 @@ EXTRA_DIST_TESTCFGS = \ 47-live-kill_process.tests \ 48-sim-32b_args.tests \ 49-sim-64b_comparisons.tests \ - 50-sim-hash_collision.tests + 50-sim-hash_collision.tests \ + 51-live-user_notification.tests EXTRA_DIST_TESTSCRIPTS = \ 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc |