mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Add some basic tests for openat(). Need to add tests that delete the

Browse Source 
opened directory before the openat() call occurs.
This commit is contained in:
Steve Beattie 2007-03-13 11:57:36 +00:00
parent 3f32351793
commit 30a2252adf
3 changed files with 120 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/regression/subdomain/Makefile
View File

@ -38,6 +38,7 @@ SRC=access.c \
named_pipe.c \ named_pipe.c \
net_raw.c \ net_raw.c \
open.c \ open.c \
openat.c \
pipe.c \ pipe.c \
ptrace.c \ ptrace.c \
ptrace_helper.c \ ptrace_helper.c \
@ -119,7 +120,9 @@ TESTS=access \
mult_mount \ mult_mount \
named_pipe \ named_pipe \
net_raw \ net_raw \
open pipe \ open \
openat \
pipe \
ptrace \ ptrace \
pwrite \ pwrite \
regex \ regex \

52
tests/regression/subdomain/openat.c Normal file
View File

@ -0,0 +1,52 @@
/* $Id$ */
/*
* Copyright (C) 2002-2007 Novell/SUSE
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
int main(int argc, char *argv[])
{
int fd = -1, dirfd = -1;
if (argc != 3){
fprintf(stderr, "usage: %s dir file\n", argv[0]);
return 1;
}
dirfd = open(argv[1], O_RDONLY | O_DIRECTORY);
if (dirfd == -1) {
fprintf(stderr, "FAIL: open %s failed - %s\n",
argv[1], strerror(errno));
return 1;
}
fd = openat(dirfd, argv[2], O_RDWR | O_CREAT, S_IWUSR | S_IRUSR);
if (fd == -1) {
fprintf(stderr, "FAIL: openat %s failed - %s\n",
argv[2], strerror(errno));
close(dirfd);
return 1;
}
close(fd);
close(dirfd);
printf("PASS\n");
return 0;
}

64
tests/regression/subdomain/openat.sh Executable file
View File

@ -0,0 +1,64 @@
#! /bin/bash
# $Id$
# Copyright (C) 2002-2007 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2 of the
# License.
#=NAME open
#=DESCRIPTION
# Verify that the openat syscall is correctly managed for confined profiles.
# FIXME: need to add tests that delete the directory after it is opened
# but before the openat() call occurs.
#=END
pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
subdir=deleteme
file=${subdir}/file
filepath=${tmpdir}/${file}
okperm=rw
badperm1=r
badperm2=w
mkdir ${tmpdir}/${subdir}
# PASS UNCONFINED
runchecktest "OPENAT unconfined RW (create) " pass $tmpdir $file
# PASS TEST (the file shouldn't exist, so open should create it
rm -f ${filepath}
genprofile ${tmpdir}:r ${filepath}:$okperm
runchecktest "OPENAT RW (create) " pass $tmpdir $file
# PASS TEST
genprofile ${tmpdir}:r ${filepath}:$okperm
runchecktest "OPENAT RW" pass $tmpdir $file
# FAILURE TEST (1)
genprofile ${tmpdir}:r ${filepath}:$badperm1
runchecktest "OPENAT R" fail $tmpdir $file
# FAILURE TEST (2)
genprofile ${tmpdir}:r ${filepath}:$badperm2
runchecktest "OPENAT W" fail $tmpdir $file
# FAILURE TEST (3)
genprofile ${tmpdir}:r ${filepath}:$badperm1 cap:dac_override
runchecktest "OPENAT R+dac_override" fail $tmpdir $file
# FAILURE TEST (4)
# This is testing for bug: https://bugs.wirex.com/show_bug.cgi?id=2885
# When we open O_CREAT|O_RDWR, we are (were?) allowing only write access
# to be required.
rm -f ${filepath}
genprofile ${tmpdir}:r ${filepath}:$badperm2
runchecktest "OPENAT W (create)" fail $tmpdir $file