Merge the following changes from the capsicum-test project [1]
Log: ``` commit feb47278d7cffa8cf4bc8c8ff78047126fa41e82 (HEAD -> dev, origin/dev, origin/HEAD) Author: ngie-eign <1574099+ngie-eign@users.noreply.github.com> Date: Fri Mar 22 10:51:04 2019 -0700 Remove `FAIL` macro use for non-x86 architectures when testing `sysarch(2)` (#38) `FAIL()` does not support being called in the form noted in the test, which causes a test failure on non-x86 architectures. The alternatives (use `ADD_TEST_FAILURE()` or `GTEST_SKIP()`) would be misleading (in both cases), and in the case of `GTEST_SKIP()` is unavailable on the version of googletest packaged with capsicum-test. Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> commit 32ad0f3e4c11be7f7463d40eef8d4a78ac9f61a5 Author: Enji Cooper <yaneurabeya@gmail.com> Date: Fri Mar 15 20:01:56 2019 -0700 Fix `-Wunused-parameter` issues Remove variable declarations from functions/methods where the variable is not required. Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> commit 9437b4c550110200ef190ac39fb26c1d8fc55d9a Author: Enji Cooper <yaneurabeya@gmail.com> Date: Fri Mar 15 19:59:00 2019 -0700 Fix `-Wshadow` issues with `EXPECT_OPEN_OK(..)` macro * Wrap in do-while(0) block to avoid variable shadowing issue with multiple calls in the same function. * Prefix block local variables with `_` to try and avoid variable name clashes with values local to test methods. Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> commit adf4a21a233b5da5cac440f4006e258ffba09510 Author: Enji Cooper <yaneurabeya@gmail.com> Date: Fri Mar 15 19:55:00 2019 -0700 Fix `-Wmissing-variable-declarations` issue with `known_rights` global Staticize it since it is only used in the file. Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> ``` This merges a number of the outstanding changes made locally to ^/projects/capsicum-test that were accepted into the upstream project. The sync was done like so: ``` curl -L https://github.com/google/capsicum-test/tarball/dd7eac98c0cf | tar --strip-components=1 -xvzf - -C dist/ rm -Rf dist/*/ ``` 1. https://github.com/google/capsicum-test
This commit is contained in:
parent
70d75d7acf
commit
3105399b23
78
dist/capability-fd.cc
vendored
78
dist/capability-fd.cc
vendored
@ -25,7 +25,7 @@ typedef struct {
|
||||
uint64_t right;
|
||||
const char* name;
|
||||
} right_info;
|
||||
right_info known_rights[] = {
|
||||
static right_info known_rights[] = {
|
||||
/* Rights that are common to all versions of Capsicum */
|
||||
RIGHTS_INFO(CAP_READ),
|
||||
RIGHTS_INFO(CAP_WRITE),
|
||||
@ -713,22 +713,34 @@ static void TryDirOps(int dirfd, cap_rights_t rights) {
|
||||
EXPECT_OK(close(rc));
|
||||
rc = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDONLY);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_READ, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_FSYNC | O_WRONLY | O_APPEND);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDWR | O_APPEND);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_READ, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDONLY);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_READ, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_SYNC | O_WRONLY | O_APPEND);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDWR | O_APPEND);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FSYNC, CAP_READ, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_fsync", 0));
|
||||
|
||||
rc = openat(dirfd, "cap_ftruncate", O_CREAT, 0600);
|
||||
@ -736,13 +748,19 @@ static void TryDirOps(int dirfd, cap_rights_t rights) {
|
||||
EXPECT_OK(close(rc));
|
||||
rc = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_RDONLY);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FTRUNCATE, CAP_READ, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_WRONLY);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FTRUNCATE, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_ftruncate", O_TRUNC | O_RDWR);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_FTRUNCATE, CAP_READ, CAP_WRITE, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_ftruncate", 0));
|
||||
|
||||
rc = openat(dfd_cap, "cap_create", O_CREAT | O_WRONLY, 0600);
|
||||
@ -764,19 +782,27 @@ static void TryDirOps(int dirfd, cap_rights_t rights) {
|
||||
rc = openat(dfd_cap, "cap_fsync", O_FSYNC | O_WRONLY);
|
||||
CHECK_RIGHT_RESULT(rc,
|
||||
rights, CAP_FSYNC, CAP_WRITE, CAP_SEEK, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_FSYNC | O_RDWR);
|
||||
CHECK_RIGHT_RESULT(rc,
|
||||
rights, CAP_FSYNC, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_SYNC | O_WRONLY);
|
||||
CHECK_RIGHT_RESULT(rc,
|
||||
rights, CAP_FSYNC, CAP_WRITE, CAP_SEEK, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
rc = openat(dfd_cap, "cap_fsync", O_SYNC | O_RDWR);
|
||||
CHECK_RIGHT_RESULT(rc,
|
||||
rights, CAP_FSYNC, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(close(rc));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(close(rc));
|
||||
}
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_fsync", 0));
|
||||
|
||||
#ifdef HAVE_CHFLAGSAT
|
||||
@ -826,28 +852,38 @@ static void TryDirOps(int dirfd, cap_rights_t rights) {
|
||||
|
||||
rc = linkat(dirfd, "cap_linkat_src", dfd_cap, "cap_linkat_dst", 0);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_LINKAT_TARGET);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_linkat_dst", 0));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_linkat_dst", 0));
|
||||
}
|
||||
|
||||
rc = linkat(dfd_cap, "cap_linkat_src", dirfd, "cap_linkat_dst", 0);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_LINKAT_SOURCE);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_linkat_dst", 0));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_linkat_dst", 0));
|
||||
}
|
||||
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_linkat_src", 0));
|
||||
|
||||
rc = mkdirat(dfd_cap, "cap_mkdirat", 0700);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_MKDIRAT, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_mkdirat", AT_REMOVEDIR));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_mkdirat", AT_REMOVEDIR));
|
||||
}
|
||||
|
||||
#ifdef HAVE_MKFIFOAT
|
||||
rc = mkfifoat(dfd_cap, "cap_mkfifoat", 0600);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_MKFIFOAT, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_mkfifoat", 0));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_mkfifoat", 0));
|
||||
}
|
||||
#endif
|
||||
|
||||
if (getuid() == 0) {
|
||||
rc = mknodat(dfd_cap, "cap_mknodat", S_IFCHR | 0600, 0);
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_MKNODAT, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_mknodat", 0));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_mknodat", 0));
|
||||
}
|
||||
}
|
||||
|
||||
// For renameat(2), need:
|
||||
@ -880,7 +916,9 @@ static void TryDirOps(int dirfd, cap_rights_t rights) {
|
||||
|
||||
rc = symlinkat("test", dfd_cap, "cap_symlinkat");
|
||||
CHECK_RIGHT_RESULT(rc, rights, CAP_SYMLINKAT, CAP_LOOKUP);
|
||||
if (rc >= 0) EXPECT_OK(unlinkat(dirfd, "cap_symlinkat", 0));
|
||||
if (rc >= 0) {
|
||||
EXPECT_OK(unlinkat(dirfd, "cap_symlinkat", 0));
|
||||
}
|
||||
|
||||
rc = openat(dirfd, "cap_unlinkat", O_CREAT, 0600);
|
||||
EXPECT_OK(rc);
|
||||
|
13
dist/capmode.cc
vendored
13
dist/capmode.cc
vendored
@ -132,7 +132,9 @@ FORK_TEST_F(WithFiles, AllowedFileSyscalls) {
|
||||
|
||||
#ifdef HAVE_CHFLAGS
|
||||
rc = fchflags(fd_file_, UF_NODUMP);
|
||||
if (rc < 0) EXPECT_NE(ECAPMODE, errno);
|
||||
if (rc < 0) {
|
||||
EXPECT_NE(ECAPMODE, errno);
|
||||
}
|
||||
#endif
|
||||
|
||||
char buf[1024];
|
||||
@ -173,7 +175,9 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscalls) {
|
||||
|
||||
// recvfrom() either returns -1 with EAGAIN, or 0.
|
||||
int rc = recvfrom(fd_socket_, NULL, 0, MSG_DONTWAIT, NULL, NULL);
|
||||
if (rc < 0) EXPECT_EQ(EAGAIN, errno);
|
||||
if (rc < 0) {
|
||||
EXPECT_EQ(EAGAIN, errno);
|
||||
}
|
||||
char ch;
|
||||
EXPECT_OK(write(fd_file_, &ch, sizeof(ch)));
|
||||
|
||||
@ -558,8 +562,7 @@ FORK_TEST_F(WithFiles, AllowedMiscSyscalls) {
|
||||
long sysarch_arg = 0;
|
||||
EXPECT_CAPMODE(sysarch(I386_SET_IOPERM, &sysarch_arg));
|
||||
#else
|
||||
// TOOD(jra): write a test for arm
|
||||
FAIL("capmode:no sysarch() test for current architecture");
|
||||
// TOOD(jra): write a test for other architectures, like arm
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
@ -627,7 +630,7 @@ FORK_TEST(Capmode, NewThread) {
|
||||
}
|
||||
|
||||
static int had_signal = 0;
|
||||
static void handle_signal(int x) { had_signal = 1; }
|
||||
static void handle_signal(int) { had_signal = 1; }
|
||||
|
||||
FORK_TEST(Capmode, SelfKill) {
|
||||
pid_t me = getpid();
|
||||
|
2
dist/capsicum-test.h
vendored
2
dist/capsicum-test.h
vendored
@ -20,7 +20,7 @@ extern bool force_mt;
|
||||
extern bool force_nofork;
|
||||
extern uid_t other_uid;
|
||||
|
||||
static inline void *WaitingThreadFn(void *p) {
|
||||
static inline void *WaitingThreadFn(void *) {
|
||||
// Loop until cancelled
|
||||
while (true) {
|
||||
usleep(10000);
|
||||
|
2
dist/mqueue.cc
vendored
2
dist/mqueue.cc
vendored
@ -24,7 +24,7 @@
|
||||
static void test_case_name##_##test_name##_ForkTest()
|
||||
|
||||
static bool invoked;
|
||||
void seen_it_done_it(int v) {
|
||||
void seen_it_done_it(int) {
|
||||
invoked = true;
|
||||
}
|
||||
|
||||
|
14
dist/openat.cc
vendored
14
dist/openat.cc
vendored
@ -11,9 +11,9 @@
|
||||
|
||||
// Check an open call works and close the resulting fd.
|
||||
#define EXPECT_OPEN_OK(f) do { \
|
||||
int fd = f; \
|
||||
EXPECT_OK(fd); \
|
||||
close(fd); \
|
||||
int _fd = f; \
|
||||
EXPECT_OK(_fd); \
|
||||
close(_fd); \
|
||||
} while (0)
|
||||
|
||||
static void CreateFile(const char *filename, const char *contents) {
|
||||
@ -176,10 +176,14 @@ class OpenatTest : public ::testing::Test {
|
||||
// Create a couple of nested directories
|
||||
int rc = mkdir(TmpFile(TOPDIR), 0755);
|
||||
EXPECT_OK(rc);
|
||||
if (rc < 0) EXPECT_EQ(EEXIST, errno);
|
||||
if (rc < 0) {
|
||||
EXPECT_EQ(EEXIST, errno);
|
||||
}
|
||||
rc = mkdir(TmpFile(SUBDIR_ABS), 0755);
|
||||
EXPECT_OK(rc);
|
||||
if (rc < 0) EXPECT_EQ(EEXIST, errno);
|
||||
if (rc < 0) {
|
||||
EXPECT_EQ(EEXIST, errno);
|
||||
}
|
||||
|
||||
// Figure out a path prefix (like "../..") that gets us to the root
|
||||
// directory from TmpFile(TOPDIR).
|
||||
|
4
dist/procdesc.cc
vendored
4
dist/procdesc.cc
vendored
@ -223,7 +223,7 @@ TEST(Pdfork, NonProcessDescriptor) {
|
||||
close(fd);
|
||||
}
|
||||
|
||||
static void *SubThreadMain(void *data) {
|
||||
static void *SubThreadMain(void *) {
|
||||
while (true) {
|
||||
if (verbose) fprintf(stderr, " subthread: \"I aten't dead\"\n");
|
||||
usleep(100000);
|
||||
@ -231,7 +231,7 @@ static void *SubThreadMain(void *data) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void *ThreadMain(void *data) {
|
||||
static void *ThreadMain(void *) {
|
||||
int pd;
|
||||
pid_t child = pdfork(&pd, 0);
|
||||
if (child == 0) {
|
||||
|
2
dist/syscalls.h
vendored
2
dist/syscalls.h
vendored
@ -53,7 +53,7 @@ inline ssize_t flistxattr_(int fd, char *list, size_t size) {
|
||||
inline ssize_t fgetxattr_(int fd, const char *name, void *value, size_t size) {
|
||||
return extattr_get_fd(fd, EXTATTR_NAMESPACE_USER, name, value, size);
|
||||
}
|
||||
inline int fsetxattr_(int fd, const char *name, const void *value, size_t size, int flags) {
|
||||
inline int fsetxattr_(int fd, const char *name, const void *value, size_t size, int) {
|
||||
return extattr_set_fd(fd, EXTATTR_NAMESPACE_USER, name, value, size);
|
||||
}
|
||||
inline int fremovexattr_(int fd, const char *name) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user