2019-03-12 01:43:01 +00:00
|
|
|
/* -*- C++ -*- */
|
|
|
|
|
#ifndef CAPSICUM_TEST_H
|
|
|
|
|
#define CAPSICUM_TEST_H
|
|
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/wait.h>
|
|
|
|
|
#include <sys/resource.h>
|
|
|
|
|
#include <signal.h>
|
|
|
|
|
|
|
|
|
|
#include <ios>
|
|
|
|
|
#include <ostream>
|
2021-02-16 13:12:51 +00:00
|
|
|
#include <string>
|
2019-03-12 01:43:01 +00:00
|
|
|
|
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
|
|
|
|
|
|
extern bool verbose;
|
|
|
|
|
extern std::string tmpdir;
|
|
|
|
|
extern bool tmpdir_on_tmpfs;
|
|
|
|
|
extern bool force_mt;
|
|
|
|
|
extern bool force_nofork;
|
|
|
|
|
extern uid_t other_uid;
|
|
|
|
|
|
2019-03-29 21:41:14 +00:00
|
|
|
static inline void *WaitingThreadFn(void *) {
|
2019-03-12 01:43:01 +00:00
|
|
|
// Loop until cancelled
|
|
|
|
|
while (true) {
|
|
|
|
|
usleep(10000);
|
|
|
|
|
pthread_testcancel();
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If force_mt is set, run another thread in parallel with the test. This forces
|
|
|
|
|
// the kernel into multi-threaded mode.
|
|
|
|
|
template <typename T, typename Function>
|
|
|
|
|
void MaybeRunWithThread(T *self, Function fn) {
|
|
|
|
|
pthread_t subthread;
|
|
|
|
|
if (force_mt) {
|
|
|
|
|
pthread_create(&subthread, NULL, WaitingThreadFn, NULL);
|
|
|
|
|
}
|
|
|
|
|
(self->*fn)();
|
|
|
|
|
if (force_mt) {
|
|
|
|
|
pthread_cancel(subthread);
|
|
|
|
|
pthread_join(subthread, NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
template <typename Function>
|
|
|
|
|
void MaybeRunWithThread(Function fn) {
|
|
|
|
|
pthread_t subthread;
|
|
|
|
|
if (force_mt) {
|
|
|
|
|
pthread_create(&subthread, NULL, WaitingThreadFn, NULL);
|
|
|
|
|
}
|
|
|
|
|
(fn)();
|
|
|
|
|
if (force_mt) {
|
|
|
|
|
pthread_cancel(subthread);
|
|
|
|
|
pthread_join(subthread, NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return the absolute path of a filename in the temp directory, `tmpdir`,
|
|
|
|
|
// with the given pathname, e.g., "/tmp/<pathname>", if `tmpdir` was set to
|
|
|
|
|
// "/tmp".
|
|
|
|
|
const char *TmpFile(const char *pathname);
|
|
|
|
|
|
|
|
|
|
// Run the given test function in a forked process, so that trapdoor
|
|
|
|
|
// entry doesn't affect other tests, and watch out for hung processes.
|
|
|
|
|
// Implemented as a macro to allow access to the test case instance's
|
|
|
|
|
// HasFailure() method, which is reported as the forked process's
|
|
|
|
|
// exit status.
|
|
|
|
|
#define _RUN_FORKED(INNERCODE, TESTCASENAME, TESTNAME) \
|
|
|
|
|
pid_t pid = force_nofork ? 0 : fork(); \
|
|
|
|
|
if (pid == 0) { \
|
|
|
|
|
INNERCODE; \
|
|
|
|
|
if (!force_nofork) { \
|
|
|
|
|
exit(HasFailure()); \
|
|
|
|
|
} \
|
|
|
|
|
} else if (pid > 0) { \
|
|
|
|
|
int rc, status; \
|
2021-02-16 13:12:51 +00:00
|
|
|
int remaining_us = 30000000; \
|
2019-03-12 01:43:01 +00:00
|
|
|
while (remaining_us > 0) { \
|
|
|
|
|
status = 0; \
|
|
|
|
|
rc = waitpid(pid, &status, WNOHANG); \
|
|
|
|
|
if (rc != 0) break; \
|
|
|
|
|
remaining_us -= 10000; \
|
|
|
|
|
usleep(10000); \
|
|
|
|
|
} \
|
|
|
|
|
if (remaining_us <= 0) { \
|
|
|
|
|
fprintf(stderr, "Warning: killing unresponsive test " \
|
|
|
|
|
"%s.%s (pid %d)\n", \
|
|
|
|
|
TESTCASENAME, TESTNAME, pid); \
|
|
|
|
|
kill(pid, SIGKILL); \
|
|
|
|
|
ADD_FAILURE() << "Test hung"; \
|
|
|
|
|
} else if (rc < 0) { \
|
|
|
|
|
fprintf(stderr, "Warning: waitpid error %s (%d)\n", \
|
|
|
|
|
strerror(errno), errno); \
|
|
|
|
|
ADD_FAILURE() << "Failed to wait for child"; \
|
|
|
|
|
} else { \
|
|
|
|
|
int rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1; \
|
|
|
|
|
EXPECT_EQ(0, rc); \
|
|
|
|
|
} \
|
|
|
|
|
}
|
|
|
|
|
#define _RUN_FORKED_MEM(THIS, TESTFN, TESTCASENAME, TESTNAME) \
|
|
|
|
|
_RUN_FORKED(MaybeRunWithThread(THIS, &TESTFN), TESTCASENAME, TESTNAME);
|
|
|
|
|
#define _RUN_FORKED_FN(TESTFN, TESTCASENAME, TESTNAME) \
|
|
|
|
|
_RUN_FORKED(MaybeRunWithThread(&TESTFN), TESTCASENAME, TESTNAME);
|
|
|
|
|
|
|
|
|
|
// Run a test case in a forked process, possibly cleaning up a
|
|
|
|
|
// test file after completion
|
|
|
|
|
#define FORK_TEST_ON(test_case_name, test_name, test_file) \
|
|
|
|
|
static void test_case_name##_##test_name##_ForkTest(); \
|
|
|
|
|
TEST(test_case_name, test_name ## Forked) { \
|
|
|
|
|
_RUN_FORKED_FN(test_case_name##_##test_name##_ForkTest, \
|
|
|
|
|
#test_case_name, #test_name); \
|
|
|
|
|
const char *filename = test_file; \
|
|
|
|
|
if (filename) unlink(filename); \
|
|
|
|
|
} \
|
|
|
|
|
static void test_case_name##_##test_name##_ForkTest()
|
|
|
|
|
|
|
|
|
|
#define FORK_TEST(test_case_name, test_name) FORK_TEST_ON(test_case_name, test_name, NULL)
|
|
|
|
|
|
|
|
|
|
// Run a test case fixture in a forked process, so that trapdoors don't
|
|
|
|
|
// affect other tests.
|
|
|
|
|
#define ICLASS_NAME(test_case_name, test_name) Forked##test_case_name##_##test_name
|
|
|
|
|
#define FORK_TEST_F(test_case_name, test_name) \
|
|
|
|
|
class ICLASS_NAME(test_case_name, test_name) : public test_case_name { \
|
|
|
|
|
public: \
|
|
|
|
|
ICLASS_NAME(test_case_name, test_name)() {} \
|
|
|
|
|
void InnerTestBody(); \
|
|
|
|
|
}; \
|
|
|
|
|
TEST_F(ICLASS_NAME(test_case_name, test_name), _) { \
|
|
|
|
|
_RUN_FORKED_MEM(this, \
|
|
|
|
|
ICLASS_NAME(test_case_name, test_name)::InnerTestBody, \
|
|
|
|
|
#test_case_name, #test_name); \
|
|
|
|
|
} \
|
|
|
|
|
void ICLASS_NAME(test_case_name, test_name)::InnerTestBody()
|
|
|
|
|
|
|
|
|
|
// Emit errno information on failure
|
|
|
|
|
#define EXPECT_OK(v) EXPECT_LE(0, v) << " errno " << errno << " " << strerror(errno)
|
|
|
|
|
|
|
|
|
|
// Expect a syscall to fail with the given error.
|
|
|
|
|
#define EXPECT_SYSCALL_FAIL(E, C) \
|
|
|
|
|
do { \
|
2021-03-02 16:22:31 +00:00
|
|
|
SCOPED_TRACE(#C); \
|
2019-03-12 01:43:01 +00:00
|
|
|
EXPECT_GT(0, C); \
|
2021-03-02 16:22:31 +00:00
|
|
|
EXPECT_EQ(E, errno) << "expected '" << strerror(E) \
|
|
|
|
|
<< "' but got '" << strerror(errno) << "'"; \
|
2019-03-12 01:43:01 +00:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
// Expect a syscall to fail with anything other than the given error.
|
|
|
|
|
#define EXPECT_SYSCALL_FAIL_NOT(E, C) \
|
|
|
|
|
do { \
|
|
|
|
|
EXPECT_GT(0, C); \
|
2021-03-02 16:22:31 +00:00
|
|
|
EXPECT_NE(E, errno) << strerror(E); \
|
2019-03-12 01:43:01 +00:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
// Expect a void syscall to fail with anything other than the given error.
|
|
|
|
|
#define EXPECT_VOID_SYSCALL_FAIL_NOT(E, C) \
|
|
|
|
|
do { \
|
|
|
|
|
errno = 0; \
|
|
|
|
|
C; \
|
|
|
|
|
EXPECT_NE(E, errno) << #C << " failed with ECAPMODE"; \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail due to path traversal; exact error
|
|
|
|
|
// code is OS-specific.
|
|
|
|
|
#ifdef O_BENEATH
|
|
|
|
|
#define EXPECT_OPENAT_FAIL_TRAVERSAL(fd, path, flags) \
|
2021-03-02 16:22:31 +00:00
|
|
|
do { \
|
|
|
|
|
SCOPED_TRACE(GTEST_STRINGIFY_(openat((fd), (path), (flags)))); \
|
2019-03-12 01:43:01 +00:00
|
|
|
const int result = openat((fd), (path), (flags)); \
|
|
|
|
|
if (((flags) & O_BENEATH) == O_BENEATH) { \
|
|
|
|
|
EXPECT_SYSCALL_FAIL(E_NO_TRAVERSE_O_BENEATH, result); \
|
|
|
|
|
} else { \
|
|
|
|
|
EXPECT_SYSCALL_FAIL(E_NO_TRAVERSE_CAPABILITY, result); \
|
|
|
|
|
} \
|
2021-02-16 13:12:51 +00:00
|
|
|
if (result >= 0) { close(result); } \
|
2019-03-12 01:43:01 +00:00
|
|
|
} while (0)
|
|
|
|
|
#else
|
|
|
|
|
#define EXPECT_OPENAT_FAIL_TRAVERSAL(fd, path, flags) \
|
|
|
|
|
do { \
|
2021-03-02 16:22:31 +00:00
|
|
|
SCOPED_TRACE(GTEST_STRINGIFY_(openat((fd), (path), (flags)))); \
|
2019-03-12 01:43:01 +00:00
|
|
|
const int result = openat((fd), (path), (flags)); \
|
|
|
|
|
EXPECT_SYSCALL_FAIL(E_NO_TRAVERSE_CAPABILITY, result); \
|
2021-02-16 13:12:51 +00:00
|
|
|
if (result >= 0) { close(result); } \
|
2019-03-12 01:43:01 +00:00
|
|
|
} while (0)
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail with ECAPMODE.
|
|
|
|
|
#define EXPECT_CAPMODE(C) EXPECT_SYSCALL_FAIL(ECAPMODE, C)
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail, but not with ECAPMODE.
|
|
|
|
|
#define EXPECT_FAIL_NOT_CAPMODE(C) EXPECT_SYSCALL_FAIL_NOT(ECAPMODE, C)
|
|
|
|
|
#define EXPECT_FAIL_VOID_NOT_CAPMODE(C) EXPECT_VOID_SYSCALL_FAIL_NOT(ECAPMODE, C)
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail with ENOTCAPABLE.
|
|
|
|
|
#define EXPECT_NOTCAPABLE(C) EXPECT_SYSCALL_FAIL(ENOTCAPABLE, C)
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail, but not with ENOTCAPABLE.
|
|
|
|
|
#define EXPECT_FAIL_NOT_NOTCAPABLE(C) EXPECT_SYSCALL_FAIL_NOT(ENOTCAPABLE, C)
|
|
|
|
|
|
|
|
|
|
// Expect a system call to fail with either ENOTCAPABLE or ECAPMODE.
|
|
|
|
|
#define EXPECT_CAPFAIL(C) \
|
|
|
|
|
do { \
|
|
|
|
|
int rc = C; \
|
|
|
|
|
EXPECT_GT(0, rc); \
|
|
|
|
|
EXPECT_TRUE(errno == ECAPMODE || errno == ENOTCAPABLE) \
|
2021-03-02 16:22:31 +00:00
|
|
|
<< #C << " did not fail with ECAPMODE/ENOTCAPABLE but " << errno \
|
|
|
|
|
<< "(" << strerror(errno) << ")"; \
|
2019-03-12 01:43:01 +00:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
// Ensure that 'rights' are a subset of 'max'.
|
|
|
|
|
#define EXPECT_RIGHTS_IN(rights, max) \
|
|
|
|
|
EXPECT_TRUE(cap_rights_contains((max), (rights))) \
|
|
|
|
|
<< "rights " << std::hex << *(rights) \
|
|
|
|
|
<< " not a subset of " << std::hex << *(max)
|
|
|
|
|
|
|
|
|
|
// Ensure rights are identical
|
|
|
|
|
#define EXPECT_RIGHTS_EQ(a, b) \
|
|
|
|
|
do { \
|
|
|
|
|
EXPECT_RIGHTS_IN((a), (b)); \
|
|
|
|
|
EXPECT_RIGHTS_IN((b), (a)); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
// Get the state of a process as a single character.
|
|
|
|
|
// - 'D': disk wait
|
|
|
|
|
// - 'R': runnable
|
|
|
|
|
// - 'S': sleeping/idle
|
|
|
|
|
// - 'T': stopped
|
|
|
|
|
// - 'Z': zombie
|
|
|
|
|
// On error, return either '?' or '\0'.
|
|
|
|
|
char ProcessState(int pid);
|
|
|
|
|
|
|
|
|
|
// Check process state reaches a particular expected state (or two).
|
|
|
|
|
// Retries a few times to allow for timing issues.
|
|
|
|
|
#define EXPECT_PID_REACHES_STATES(pid, expected1, expected2) { \
|
|
|
|
|
int counter = 5; \
|
|
|
|
|
char state; \
|
|
|
|
|
do { \
|
|
|
|
|
state = ProcessState(pid); \
|
|
|
|
|
if (state == expected1 || state == expected2) break; \
|
|
|
|
|
usleep(100000); \
|
|
|
|
|
} while (--counter > 0); \
|
|
|
|
|
EXPECT_TRUE(state == expected1 || state == expected2) \
|
|
|
|
|
<< " pid " << pid << " in state " << state; \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define EXPECT_PID_ALIVE(pid) EXPECT_PID_REACHES_STATES(pid, 'R', 'S')
|
|
|
|
|
#define EXPECT_PID_DEAD(pid) EXPECT_PID_REACHES_STATES(pid, 'Z', '\0')
|
|
|
|
|
#define EXPECT_PID_ZOMBIE(pid) EXPECT_PID_REACHES_STATES(pid, 'Z', 'Z');
|
|
|
|
|
#define EXPECT_PID_GONE(pid) EXPECT_PID_REACHES_STATES(pid, '\0', '\0');
|
|
|
|
|
|
2021-03-02 16:22:31 +00:00
|
|
|
enum {
|
|
|
|
|
// Magic numbers for messages sent by child processes.
|
|
|
|
|
MSG_CHILD_STARTED = 1234,
|
|
|
|
|
MSG_CHILD_FD_RECEIVED = 4321,
|
|
|
|
|
// Magic numbers for messages sent by parent processes.
|
|
|
|
|
MSG_PARENT_REQUEST_CHILD_EXIT = 9999,
|
|
|
|
|
MSG_PARENT_CLOSED_FD = 10000,
|
|
|
|
|
MSG_PARENT_CHILD_SHOULD_RUN = 10001,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define SEND_INT_MESSAGE(fd, message) \
|
|
|
|
|
do { \
|
|
|
|
|
int _msg = message; \
|
|
|
|
|
EXPECT_EQ(sizeof(_msg), (size_t)write(fd, &_msg, sizeof(_msg))); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
#define AWAIT_INT_MESSAGE(fd, expected) \
|
|
|
|
|
do { \
|
|
|
|
|
int _msg = 0; \
|
|
|
|
|
EXPECT_EQ(sizeof(_msg), (size_t)read(fd, &_msg, sizeof(_msg))); \
|
|
|
|
|
EXPECT_EQ(expected, _msg); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2019-03-12 01:43:01 +00:00
|
|
|
// Mark a test that can only be run as root.
|
2021-02-16 13:12:51 +00:00
|
|
|
#define GTEST_SKIP_IF_NOT_ROOT() \
|
|
|
|
|
if (getuid() != 0) { GTEST_SKIP() << "requires root"; }
|
|
|
|
|
|
|
|
|
|
extern std::string capsicum_test_bindir;
|
2019-03-12 01:43:01 +00:00
|
|
|
|
|
|
|
|
#endif // CAPSICUM_TEST_H
|
