From 8bcce81a6842fef35e4da01889e8fc2e33154924 Mon Sep 17 00:00:00 2001 From: jeremy Date: Sat, 31 Aug 2024 20:03:03 +0000 Subject: [PATCH] Add regression test for access(2)+unveil(2) ok deraadt --- regress/sys/kern/unveil/Makefile | 3 +- regress/sys/kern/unveil/access-expected | 17 +++++++ regress/sys/kern/unveil/access.c | 63 +++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 regress/sys/kern/unveil/access-expected create mode 100644 regress/sys/kern/unveil/access.c diff --git a/regress/sys/kern/unveil/Makefile b/regress/sys/kern/unveil/Makefile index 3bf6dc74835..7eee884d1ee 100644 --- a/regress/sys/kern/unveil/Makefile +++ b/regress/sys/kern/unveil/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2022/09/17 12:51:23 benno Exp $ +# $OpenBSD: Makefile,v 1.6 2024/08/31 20:03:03 jeremy Exp $ WARNINGS= yes @@ -10,5 +10,6 @@ run-regress-syscalls: ${SUDO} ./syscalls PROGS+= socket +PROGS+= access .include diff --git a/regress/sys/kern/unveil/access-expected b/regress/sys/kern/unveil/access-expected new file mode 100644 index 00000000000..1be1994ba12 --- /dev/null +++ b/regress/sys/kern/unveil/access-expected @@ -0,0 +1,17 @@ +unveil:access +: +r:RF +w: +x: +c: +rw:RWF +rx:RXF +rc:RF +wx: +wc: +xc: +rwx:RWXF +rwc:RWF +rxc:RXF +wxc: +rwxc:RWXF diff --git a/regress/sys/kern/unveil/access.c b/regress/sys/kern/unveil/access.c new file mode 100644 index 00000000000..24dbfaa6cd8 --- /dev/null +++ b/regress/sys/kern/unveil/access.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include +#include +#include +#include + +#define UV_SHOULD_SUCCEED(A, B) do { \ + if (A) { \ + err(1, "%s:%d - %s", __FILE__, __LINE__, B); \ + } \ +} while (0) + +#define NUM_PERMS 16 +static char uv_dir[] = "/tmp/uvdir.XXXXXX"; /* test directory */ +static char uv_file[] = "/tmp/uvfile.XXXXXX"; /* log file */ + +const char* perms[] = {"", "r", "w", "x", "c", "rw", "rx", "rc", + "wx", "wc","xc", "rwx", "rwc", "rxc", "wxc", "rwxc"}; +const char* filenames[] = {"f", "fr", "fw", "fx", "fc", "frw", "frx", "frc", + "fwx", "fwc", "fxc", "frwx", + "frwc", "frxc", "fwxc", "frwxc"}; +const char* header = "unveil:access\n"; + +int main(int argc, char** argv) { + int i; + int log_fd; + FILE *log; + char expected[PATH_MAX]; + char *exp; + + UV_SHOULD_SUCCEED(((exp = realpath("access-expected", expected)) == NULL), "realpath"); + UV_SHOULD_SUCCEED(((log_fd = mkstemp(uv_file)) == -1), "mkstemp"); + UV_SHOULD_SUCCEED(((log = fdopen(log_fd, "w")) == NULL), "fdopen"); + UV_SHOULD_SUCCEED((mkdtemp(uv_dir) == NULL), "mkdtmp"); + UV_SHOULD_SUCCEED((unveil("/", "rwxc") == -1), "unveil"); + UV_SHOULD_SUCCEED((chdir(uv_dir) == -1), "chdir"); + + fwrite(header, strlen(header), 1, log); + for (i = 0; i < NUM_PERMS; i++) { + const char *perm = perms[i]; + const char *filename = filenames[i]; + int fd; + UV_SHOULD_SUCCEED(((fd = open(filename, O_WRONLY|O_CREAT, 0700)) == -1), "open"); + UV_SHOULD_SUCCEED((close(fd) == -1), "close"); + UV_SHOULD_SUCCEED((unveil(filename, perm) == -1), "unveil"); + UV_SHOULD_SUCCEED((fwrite(perm, 1, strlen(perm), log) != strlen(perm)), "fwrite"); + UV_SHOULD_SUCCEED((fwrite(":", 1, 1, log) != 1), "fwrite"); + if (access(filename, R_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("R", 1, 1, log) != 1), "fwrite"); + if (access(filename, W_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("W", 1, 1, log) != 1), "fwrite"); + if (access(filename, X_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("X", 1, 1, log) != 1), "fwrite"); + if (access(filename, F_OK) == 0) + UV_SHOULD_SUCCEED((fwrite("F", 1, 1, log) != 1), "fwrite"); + UV_SHOULD_SUCCEED((fwrite("\n", 1, 1, log) != 1), "fwrite"); + } + UV_SHOULD_SUCCEED((fclose(log) == -1), "fclose"); + + return execl("/usr/bin/diff", "diff", "-u", uv_file, expected, NULL); +} -- 2.20.1