|
Packit |
56e23f |
#!/usr/bin/env python
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# Seccomp Library test program
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
|
|
Packit |
56e23f |
# Author: Tom Hromatka <tom.hromatka@oracle.com>
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# This library is free software; you can redistribute it and/or modify it
|
|
Packit |
56e23f |
# under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
Packit |
56e23f |
# published by the Free Software Foundation.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# This library is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit |
56e23f |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
Packit |
56e23f |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
Packit |
56e23f |
# for more details.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
56e23f |
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
import argparse
|
|
Packit |
56e23f |
import os
|
|
Packit |
56e23f |
import sys
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
import util
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
from seccomp import *
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
DEFAULT_ACTION_ERRNO = 100
|
|
Packit |
56e23f |
DEFAULT_ACTION = ERRNO(DEFAULT_ACTION_ERRNO)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
test_cases = [
|
|
Packit |
56e23f |
{'sz': 1, 'exp_rc': 1},
|
|
Packit |
56e23f |
{'sz': 10, 'exp_rc': 10},
|
|
Packit |
56e23f |
{'sz': 50, 'exp_rc': 50},
|
|
Packit |
56e23f |
{'sz': 100, 'exp_rc': -DEFAULT_ACTION_ERRNO},
|
|
Packit |
56e23f |
{'sz': 200, 'exp_rc': -5},
|
|
Packit |
56e23f |
{'sz': 256, 'exp_rc': -5},
|
|
Packit |
56e23f |
{'sz': 257, 'exp_rc': -6},
|
|
Packit |
56e23f |
{'sz': 400, 'exp_rc': -6},
|
|
Packit |
56e23f |
{'sz': 800, 'exp_rc': -7},
|
|
Packit |
56e23f |
{'sz': 1600, 'exp_rc': -8},
|
|
Packit |
56e23f |
{'sz': 3200, 'exp_rc': -9},
|
|
Packit |
56e23f |
{'sz': 4095, 'exp_rc': -9},
|
|
Packit |
56e23f |
{'sz': 4096, 'exp_rc': -9},
|
|
Packit |
56e23f |
{'sz': 4097, 'exp_rc': -10},
|
|
Packit |
56e23f |
{'sz': 8000, 'exp_rc': -10},
|
|
Packit |
56e23f |
{'sz': 8192, 'exp_rc': -10},
|
|
Packit |
56e23f |
{'sz': 16383, 'exp_rc': -11},
|
|
Packit |
56e23f |
{'sz': 16384, 'exp_rc': -11},
|
|
Packit |
56e23f |
{'sz': 16385, 'exp_rc': -12},
|
|
Packit |
56e23f |
{'sz': 35000, 'exp_rc': -12},
|
|
Packit |
56e23f |
]
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
def do_read():
|
|
Packit |
56e23f |
fd = os.open("/dev/zero", os.O_RDONLY)
|
|
Packit |
56e23f |
for x in test_cases:
|
|
Packit |
56e23f |
try:
|
|
Packit |
56e23f |
os.read(fd, x['sz'])
|
|
Packit |
56e23f |
if x['exp_rc'] < 0:
|
|
Packit |
56e23f |
os.close(fd)
|
|
Packit |
56e23f |
raise IOError("Erroneously read %d bytes. Expected rc = %d" %
|
|
Packit |
56e23f |
(x['sz'], x['exp_rc']))
|
|
Packit |
56e23f |
except OSError as ex:
|
|
Packit |
56e23f |
if -ex.errno != x['exp_rc']:
|
|
Packit |
56e23f |
os.close(fd)
|
|
Packit |
56e23f |
raise IOError("Expected errno %d but os.read(%d bytes) caused errno %d" %
|
|
Packit |
56e23f |
(-x['exp_rc'], x['sz'], ex.errno))
|
|
Packit |
56e23f |
os.close(fd)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
def test():
|
|
Packit |
56e23f |
f = SyscallFilter(DEFAULT_ACTION)
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "read", Arg(2, LE, 64))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(5), "read", Arg(2, GT, 128))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(6), "read", Arg(2, GT, 256))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(7), "read", Arg(2, GT, 512))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(8), "read", Arg(2, GT, 1024))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(9), "read", Arg(2, GT, 2048))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(10), "read", Arg(2, GT, 4096))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(11), "read", Arg(2, GT, 8192))
|
|
Packit |
56e23f |
f.add_rule(ERRNO(12), "read", Arg(2, GT, 16384))
|
|
Packit |
56e23f |
# NOTE: additional syscalls required for python
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "close")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "rt_sigaction")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "rt_sigreturn")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "sigaltstack")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "exit_group")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "exit")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "brk")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "open")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "openat")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "stat")
|
|
Packit |
56e23f |
f.add_rule(ALLOW, "write")
|
|
Packit |
56e23f |
f.load()
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
do_read()
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
# all reads behaved as expected
|
|
Packit |
56e23f |
quit(160)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
test()
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
# kate: syntax python;
|
|
Packit |
56e23f |
# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
|