2021-04-27 02:39:32 -07:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2020, the SerenityOS developers.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <LibTest/TestCase.h>
|
2021-07-23 08:23:29 -07:00
|
|
|
#include <errno.h>
|
2021-04-27 02:39:32 -07:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2021-07-23 08:23:29 -07:00
|
|
|
TEST_CASE(test_argument_validation)
|
|
|
|
{
|
|
|
|
auto res = unveil("/etc", "aaaaaaaaaaaa");
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
|
|
|
|
res = unveil(nullptr, "r");
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
|
|
|
|
res = unveil("/etc", nullptr);
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
|
|
|
|
res = unveil("", "r");
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
|
|
|
|
res = unveil("test", "r");
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
|
|
|
|
res = unveil("/etc", "f");
|
|
|
|
EXPECT_EQ(res, -1);
|
|
|
|
EXPECT_EQ(errno, EINVAL);
|
|
|
|
}
|
|
|
|
|
2021-04-27 02:39:32 -07:00
|
|
|
TEST_CASE(test_failures)
|
|
|
|
{
|
|
|
|
auto res = unveil("/etc", "r");
|
|
|
|
if (res < 0)
|
|
|
|
FAIL("unveil read only failed");
|
|
|
|
|
|
|
|
res = unveil("/etc", "w");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil write permitted after unveil read only");
|
|
|
|
|
|
|
|
res = unveil("/etc", "x");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil execute permitted after unveil read only");
|
|
|
|
|
|
|
|
res = unveil("/etc", "c");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil create permitted after unveil read only");
|
|
|
|
|
|
|
|
res = unveil("/tmp/doesnotexist", "c");
|
|
|
|
if (res < 0)
|
|
|
|
FAIL("unveil create on non-existent path failed");
|
|
|
|
|
|
|
|
res = unveil("/home", "b");
|
|
|
|
if (res < 0)
|
|
|
|
FAIL("unveil browse failed");
|
|
|
|
|
|
|
|
res = unveil("/home", "w");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil write permitted after unveil browse only");
|
|
|
|
|
|
|
|
res = unveil("/home", "x");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil execute permitted after unveil browse only");
|
|
|
|
|
|
|
|
res = unveil("/home", "c");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil create permitted after unveil browse only");
|
|
|
|
|
|
|
|
res = unveil(nullptr, nullptr);
|
|
|
|
if (res < 0)
|
|
|
|
FAIL("unveil state lock failed");
|
|
|
|
|
|
|
|
res = unveil("/bin", "w");
|
|
|
|
if (res >= 0)
|
|
|
|
FAIL("unveil permitted after unveil state locked");
|
2021-05-30 00:05:55 +04:30
|
|
|
|
|
|
|
res = access("/bin/id", F_OK);
|
|
|
|
if (res == 0)
|
|
|
|
FAIL("access(..., F_OK) permitted after locked veil without relevant unveil");
|
2021-04-27 02:39:32 -07:00
|
|
|
}
|