From: Eugene Syromyatnikov Date: Sat, 10 Dec 2016 04:05:31 +0000 (+0300) Subject: tests: check decoding of prctl PR_[GS]ET_SECUREBITS operations X-Git-Tag: v4.16~351 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2dd34a4da7f8b1939e2edd08f2cb3af143964715;p=strace tests: check decoding of prctl PR_[GS]ET_SECUREBITS operations * tests/prctl-securebits.c: New file. * tests/prctl-securebits.test: New test. * tests/.gitignore: Add prctl-securebits. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Add prctl-securebits.test. --- diff --git a/tests/.gitignore b/tests/.gitignore index e2d07bb8..fe0e0480 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -214,6 +214,7 @@ prctl-name prctl-pdeathsig prctl-seccomp-filter-v prctl-seccomp-strict +prctl-securebits prctl-tsc pread64-pwrite64 preadv diff --git a/tests/Makefile.am b/tests/Makefile.am index df7c882a..65c90f09 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -274,6 +274,7 @@ check_PROGRAMS = \ prctl-pdeathsig \ prctl-seccomp-filter-v \ prctl-seccomp-strict \ + prctl-securebits \ prctl-tsc \ pread64-pwrite64 \ preadv \ @@ -656,6 +657,7 @@ DECODER_TESTS = \ prctl-pdeathsig.test \ prctl-seccomp-filter-v.test \ prctl-seccomp-strict.test \ + prctl-securebits.test \ prctl-tsc.test \ pread64-pwrite64.test \ preadv-pwritev.test \ diff --git a/tests/prctl-securebits.c b/tests/prctl-securebits.c new file mode 100644 index 00000000..741973af --- /dev/null +++ b/tests/prctl-securebits.c @@ -0,0 +1,106 @@ +/* + * Check decoding of prctl PR_GET_SECUREBITS/PR_SET_SECUREBITS operations. + * + * Copyright (c) 2016 Eugene Syromyatnikov + * Copyright (c) 2016 Dmitry V. Levin + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tests.h" +#include +#include + +#if defined __NR_prctl && defined PR_GET_SECUREBITS && defined PR_SET_SECUREBITS + +# include +# include + +# include "xlat.h" +# include "xlat/secbits.h" + +static const char *errstr; + +static long +prctl(kernel_ulong_t arg1, kernel_ulong_t arg2) +{ + static const kernel_ulong_t bogus_arg = + (kernel_ulong_t) 0xdeadbeefbadc0dedULL; + long rc = syscall(__NR_prctl, arg1, arg2, bogus_arg); + errstr = sprintrc(rc); + return rc; +} + +int +main(void) +{ + static const kernel_ulong_t bits1 = + (kernel_ulong_t) 0xdeadc0defacebeefULL; + static const kernel_ulong_t bits2 = + (kernel_ulong_t) 0xbadc0ded00000000ULL; + static const kernel_ulong_t bits3 = + (kernel_ulong_t) 0xffULL; + + prctl(PR_SET_SECUREBITS, 0); + printf("prctl(PR_SET_SECUREBITS, 0) = %s\n", errstr); + + prctl(PR_SET_SECUREBITS, bits1); + printf("prctl(PR_SET_SECUREBITS, SECBIT_NOROOT|SECBIT_NOROOT_LOCKED|" + "SECBIT_NO_SETUID_FIXUP|SECBIT_NO_SETUID_FIXUP_LOCKED|" + "SECBIT_KEEP_CAPS_LOCKED|SECBIT_NO_CAP_AMBIENT_RAISE|" + "SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED|%#llx) = %s\n", + (unsigned long long) bits1 & ~0xffULL, errstr); + + if (bits2) { + prctl(PR_SET_SECUREBITS, bits2); + printf("prctl(PR_SET_SECUREBITS, %#llx /* SECBIT_??? */)" + " = %s\n", (unsigned long long) bits2, errstr); + } + + prctl(PR_SET_SECUREBITS, bits3); + printf("prctl(PR_SET_SECUREBITS, SECBIT_NOROOT|SECBIT_NOROOT_LOCKED|" + "SECBIT_NO_SETUID_FIXUP|SECBIT_NO_SETUID_FIXUP_LOCKED|" + "SECBIT_KEEP_CAPS|SECBIT_KEEP_CAPS_LOCKED|" + "SECBIT_NO_CAP_AMBIENT_RAISE|SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED)" + " = %s\n", errstr); + + long rc = prctl(PR_GET_SECUREBITS, bits1); + printf("prctl(PR_GET_SECUREBITS) = %s", errstr); + if (rc > 0) { + printf(" ("); + printflags(secbits, rc, NULL); + printf(")"); + } + + puts(""); + + puts("+++ exited with 0 +++"); + return 0; +} + +#else + +SKIP_MAIN_UNDEFINED("__NR_prctl && PR_GET_SECUREBITS && PR_SET_SECUREBITS") + +#endif diff --git a/tests/prctl-securebits.test b/tests/prctl-securebits.test new file mode 100755 index 00000000..c91e62a6 --- /dev/null +++ b/tests/prctl-securebits.test @@ -0,0 +1,12 @@ +#!/bin/sh + +# Check decoding of prctl PR_GET_SECUREBITS/PR_SET_SECUREBITS operations. +. "${srcdir=.}/init.sh" + +check_prog grep +run_prog > /dev/null +run_strace -a25 -eprctl $args > "$EXP" +grep -v '^prctl(PR_[GS]ET_[^S][^E][^C][^U]' < "$LOG" > "$OUT" +match_diff "$OUT" "$EXP" + +rm -f "$EXP" "$OUT"