int main()
{
int children[3];
int i;
for (i = 0; i < 3; ++i) {
sleep(20);
int pid = fork();
if (pid == 0)
child();
else
children[i] = pid;
}
sleep(100);
for (i = 0; i < 3; ++i) {
sleep(20);
cprintf("send SIGUSR1 to %d\n", children[i]);
tkill(children[i], SIGUSR1);
cprintf("SIGUSR1 end\n");
}
sleep(200);
for (i = 0; i < 3; ++i) {
sleep(20);
cprintf("send SIGUSR2 to %d\n", children[i]);
tkill(children[i], SIGUSR2);
cprintf("SIGUSR2 end\n");
}
sleep(400);
for (i = 0; i < 3; ++i) {
sleep(20);
cprintf("send SIGKILL to %d\n", children[i]);
tkill(children[i], SIGKILL);
cprintf("SIGKILL end\n");
}
return 0;
}
static void command_signal(char * token, Channel * c) {
int err = 0;
char id[256];
int signal = 0;
pid_t pid, parent;
json_read_string(&c->inp, id, sizeof(id));
if (read_stream(&c->inp) != 0) exception(ERR_JSON_SYNTAX);
signal = (int)json_read_long(&c->inp);
if (read_stream(&c->inp) != 0) exception(ERR_JSON_SYNTAX);
if (read_stream(&c->inp) != MARKER_EOM) exception(ERR_JSON_SYNTAX);
pid = id2pid(id, &parent);
write_stringz(&c->out, "R");
write_stringz(&c->out, token);
#if defined(WIN32)
err = ENOSYS;
#elif defined(_WRS_KERNEL)
if (kill(pid, signal) < 0) err = errno;
#elif defined(__APPLE__)
if (kill(pid, signal) < 0) err = errno;
#else
if (parent == 0) {
if (kill(pid, signal) < 0) err = errno;
}
else {
if (tkill(pid, signal) < 0) err = errno;
}
#endif
write_errno(&c->out, err);
write_stream(&c->out, MARKER_EOM);
}
static void _run_tests(void) {
char *local_argv[] = {
"-f",
NULL
};
int local_argc = 0;
for (char **p = &local_argv[0]; *p != NULL; p++) {
++local_argc;
}
#if defined(TEST_CPU)
// Currently this test is the only one that runs as a black screen
extern int test_cpu(int, char *[]);
test_cpu(local_argc, local_argv);
tkill(getpid(), SIGKILL); // and we're done ...
#elif defined(TEST_VM)
extern int test_vm(int, char *[]);
test_vm(local_argc, local_argv);
#elif defined(TEST_DISPLAY)
extern int test_display(int, char *[]);
test_display(local_argc, local_argv);
#elif defined(TEST_DISK)
extern int test_disk(int, char *[]);
test_disk(local_argc, local_argv);
#else
# error "OOPS, no tests specified"
#endif
}
static inline void __pmp_thread_wake (pmp_thread_t *thread)
{
int32_t sync = __pmp_atomic_cmpxchg32(&thread->sync, PMP_SYNC_IDLE,
PMP_SYNC_UNBLOCKED);
assert(sync != PMP_SYNC_UNBLOCKED);
if (sync == PMP_SYNC_BLOCKED) {
__pmp_debug(PMP_DEBUG_THREAD, "thread global_id %d is being signaled\n",
thread->global_id);
thread->sync = PMP_SYNC_IDLE;
assert(thread->tid != -1);
__pmp_sample(PMP_PROFILE_THREAD_RESCHEDULE);
#if (defined PMP_USE_PTHREAD_SIGNALS)
if (pthread_kill(thread->pthread_id, SIGPMP) != 0) {
__pmp_fatal("unable to wake thread using pthread_kill\n");
}
#elif (defined PMP_NO_NPTL)
if (kill(thread->tid, SIGPMP) != 0) {
__pmp_fatal("unable to wake thread using kill\n");
}
#else
if (tkill(thread->tid, SIGPMP) != 0) {
__pmp_fatal("unable to wake thread using tkill\n");
}
#endif
}
else {
__pmp_debug(PMP_DEBUG_THREAD, "thread global_id %d is woken\n",
thread->global_id);
}
}
int run_test_process(ContextAttachCallBack * done, void * data) {
#if defined(WIN32)
char fnm[FILE_PATH_SIZE];
char cmd[FILE_PATH_SIZE];
int res = 0;
STARTUPINFO si;
PROCESS_INFORMATION prs;
ContextAttachArgs * args;
memset(&si, 0, sizeof(si));
memset(&prs, 0, sizeof(prs));
memset(fnm, 0, sizeof(fnm));
if (GetModuleFileName(NULL, fnm, sizeof(fnm)) == 0) {
set_win32_errno(GetLastError());
return -1;
}
si.cb = sizeof(si);
strcpy(cmd, "agent.exe -t");
if (CreateProcess(fnm, cmd, NULL, NULL,
FALSE, CREATE_SUSPENDED | CREATE_DEFAULT_ERROR_MODE | CREATE_NO_WINDOW,
NULL, NULL, &si, &prs) == 0) {
set_win32_errno(GetLastError());
return -1;
}
args = (ContextAttachArgs *)loc_alloc(sizeof(ContextAttachArgs));
args->done = done;
args->data = data;
args->thread = prs.hThread;
args->process = prs.hProcess;
res = context_attach(prs.dwProcessId, done_context_attach, args, 0);
if (res != 0) loc_free(args);
return res;
#elif defined(_WRS_KERNEL)
int tid = taskCreate("tTcf", 100, 0, 0x4000, (FUNCPTR)test_proc, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
if (tid == 0) return -1;
taskStop(tid);
taskActivate(tid);
assert(taskIsStopped(tid));
return context_attach(tid, done, data, 0);
#else
/* Create child process to debug */
int pid = fork();
if (pid < 0) return -1;
if (pid == 0) {
int fd;
if (context_attach_self() < 0) exit(1);
fd = sysconf(_SC_OPEN_MAX);
while (fd-- > 2) close(fd);
if (tkill(getpid(), SIGSTOP) < 0) exit(1);
test_proc();
exit(0);
}
return context_attach(pid, done, data, CONTEXT_ATTACH_SELF);
#endif
}
int
mono_threads_pthread_kill (MonoThreadInfo *info, int signum)
{
#if defined (PLATFORM_ANDROID)
int result, old_errno = errno;
result = tkill (info->native_handle, signum);
if (result < 0) {
result = errno;
errno = old_errno;
}
return result;
#else
return pthread_kill (mono_thread_info_get_tid (info), signum);
#endif
}
int
mono_threads_pthread_kill (MonoThreadInfo *info, int signum)
{
#if defined (PLATFORM_ANDROID)
int result, old_errno = errno;
result = tkill (info->native_handle, signum);
if (result < 0) {
result = errno;
errno = old_errno;
}
return result;
#elif defined(__native_client__)
/* Workaround pthread_kill abort() in NaCl glibc. */
return 0;
#else
return pthread_kill (mono_thread_info_get_tid (info), signum);
#endif
}
int
mono_threads_pthread_kill (MonoThreadInfo *info, int signum)
{
THREADS_SUSPEND_DEBUG ("sending signal %d to %p[%p]\n", signum, info, mono_thread_info_get_tid (info));
#ifdef USE_TKILL_ON_ANDROID
int result, old_errno = errno;
result = tkill (info->native_handle, signum);
if (result < 0) {
result = errno;
errno = old_errno;
}
return result;
#elif defined(__native_client__)
/* Workaround pthread_kill abort() in NaCl glibc. */
return 0;
#else
return pthread_kill (mono_thread_info_get_tid (info), signum);
#endif
}
int context_stop(Context * ctx) {
trace(LOG_CONTEXT, "context:%s suspending ctx %#lx id %s",
ctx->pending_intercept ? "" : " temporary", ctx, ctx->id);
assert(is_dispatch_thread());
assert(!ctx->exited);
assert(!ctx->stopped);
assert(!EXT(ctx)->regs_dirty);
if (tkill(EXT(ctx)->pid, SIGSTOP) < 0) {
int err = errno;
if (err == ESRCH) {
ctx->exiting = 1;
return 0;
}
trace(LOG_ALWAYS, "error: tkill(SIGSTOP) failed: ctx %#lx, id %s, error %d %s",
ctx, ctx->id, err, errno_to_str(err));
errno = err;
return -1;
}
return 0;
}
/* send a Unix signal to a specific thread */
int send_thread_signal( struct thread *thread, int sig )
{
int ret = -1;
if (thread->unix_pid != -1)
{
if (thread->unix_tid != -1)
{
ret = tkill( thread->unix_pid, thread->unix_tid, sig );
if (ret == -1 && errno == ENOSYS) ret = kill( thread->unix_pid, sig );
}
else ret = kill( thread->unix_pid, sig );
if (ret == -1 && errno == ESRCH) /* thread got killed */
{
thread->unix_pid = -1;
thread->unix_tid = -1;
}
}
if (debug_level && ret != -1)
fprintf( stderr, "%04x: *sent signal* signal=%d\n", thread->id, sig );
return (ret != -1);
}
static int
fn (void *unused)
{
tkill (gettid (), SIGUSR1);
return 0;
}
static void stage_capability_test(void)
{
char tmp1[128];
char tmp2[128];
memset(tmp1, 0, sizeof(tmp1));
memset(tmp2, 0, sizeof(tmp2));
capability = "inet_tcp_create";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_STREAM, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_STREAM, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
{
int fd1 = socket(AF_INET, SOCK_STREAM, 0);
int fd2 = socket(AF_INET, SOCK_STREAM, 0);
int fd3 = socket(AF_INET, SOCK_STREAM, 0);
int fd4 = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in addr;
socklen_t size = sizeof(addr);
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_port = htons(0);
bind(fd1, (struct sockaddr *) &addr, sizeof(addr));
bind(fd2, (struct sockaddr *) &addr, sizeof(addr));
bind(fd3, (struct sockaddr *) &addr, sizeof(addr));
bind(fd4, (struct sockaddr *) &addr, sizeof(addr));
getsockname(fd1, (struct sockaddr *) &addr, &size);
capability = "inet_tcp_listen";
set_capability();
if (write_policy()) {
show_result(listen(fd1, 5), 1);
delete_policy();
show_result(listen(fd2, 5), 0);
}
unset_capability();
capability = "inet_tcp_connect";
set_capability();
if (write_policy()) {
show_result(connect(fd3, (struct sockaddr *) &addr,
sizeof(addr)), 1);
delete_policy();
show_result(connect(fd4, (struct sockaddr *) &addr,
sizeof(addr)), 0);
}
unset_capability();
if (fd1 != EOF)
close(fd1);
if (fd2 != EOF)
close(fd2);
if (fd3 != EOF)
close(fd3);
if (fd4 != EOF)
close(fd4);
}
capability = "use_inet_udp";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_DGRAM, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_DGRAM, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_inet_ip";
set_capability();
if (write_policy()) {
int fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_route";
set_capability();
if (write_policy()) {
int fd = socket(AF_ROUTE, SOCK_RAW, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_ROUTE, SOCK_RAW, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_packet";
set_capability();
if (write_policy()) {
int fd = socket(AF_PACKET, SOCK_RAW, 0);
show_result(fd, 1);
if (fd != EOF)
close(fd);
delete_policy();
fd = socket(AF_PACKET, SOCK_RAW, 0);
show_result(fd, 0);
if (fd != EOF)
close(fd);
}
unset_capability();
capability = "use_kernel_module";
set_capability();
if (write_policy()) {
if (!is_kernel26)
show_result((int) create_module("", 0), 1);
show_result(init_module("", NULL), 1);
show_result(delete_module(""), 1);
delete_policy();
if (!is_kernel26)
show_result((int) create_module("", 0), 0);
show_result(init_module("", NULL), 0);
show_result(delete_module(""), 0);
}
unset_capability();
capability = "create_fifo";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFIFO, 0), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFIFO, 0), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_block_dev";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFBLK, MKDEV(1, 0)), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_char_dev";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFCHR, MKDEV(1, 3)), 0);
unlink(tmp1);
}
unset_capability();
capability = "create_unix_socket";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/XXXXXX");
close(mkstemp(tmp1));
unlink(tmp1);
show_result(mknod(tmp1, S_IFSOCK, 0), 1);
unlink(tmp1);
delete_policy();
show_result(mknod(tmp1, S_IFSOCK, 0), 0);
unlink(tmp1);
}
if (write_policy()) {
struct sockaddr_un addr;
int fd1 = socket(AF_UNIX, SOCK_STREAM, 0);
int fd2 = socket(AF_UNIX, SOCK_STREAM, 0);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strcpy(tmp1, "/tmp/XXXXXX");
strncpy(addr.sun_path, tmp1, sizeof(addr.sun_path) - 1);
show_result(bind(fd1, (struct sockaddr *) &addr, sizeof(addr)),
1);
unlink(tmp1);
delete_policy();
show_result(bind(fd2, (struct sockaddr *) &addr, sizeof(addr)),
0);
unlink(tmp1);
if (fd1 != EOF)
close(fd1);
if (fd2 != EOF)
close(fd2);
}
unset_capability();
capability = "SYS_MOUNT";
set_capability();
if (write_policy()) {
show_result(mount("/", "/", "tmpfs", 0, NULL), 1);
delete_policy();
show_result(mount("/", "/", "tmpfs", 0, NULL), 0);
}
unset_capability();
capability = "SYS_UMOUNT";
set_capability();
if (write_policy()) {
mount("/tmp", "/tmp", "tmpfs", 0, NULL);
show_result(umount("/tmp"), 1);
delete_policy();
mount("/tmp", "/tmp", "tmpfs", 0, NULL);
show_result(umount("/"), 0);
}
unset_capability();
capability = "SYS_REBOOT";
set_capability();
if (write_policy()) {
FILE *fp = fopen("/proc/sys/kernel/ctrl-alt-del", "a+");
unsigned int c;
if (fp && fscanf(fp, "%u", &c) == 1) {
show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 1);
delete_policy();
show_result(reboot(LINUX_REBOOT_CMD_CAD_ON), 0);
fprintf(fp, "%u\n", c);
} else {
/* Use invalid value */
show_result(reboot(0x0000C0DE), 1);
delete_policy();
show_result(reboot(0x0000C0DE), 0);
}
if (fp)
fclose(fp);
}
unset_capability();
capability = "SYS_CHROOT";
set_capability();
if (write_policy()) {
show_result(chroot("/"), 1);
delete_policy();
show_result(chroot("/"), 0);
}
unset_capability();
capability = "SYS_PIVOT_ROOT";
set_capability();
if (write_policy()) {
int error;
char *stack = malloc(8192);
pid_t pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR)
error += 0; /* Dummy. */
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
show_result(errno ? EOF : 0, 1);
delete_policy();
pid = clone(child, stack + (8192 / 2), CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF && errno == EINTR)
error += 0; /* Dummy. */
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
show_result(errno ? EOF : 0, 0);
free(stack);
}
unset_capability();
signal(SIGINT, SIG_IGN);
capability = "SYS_KILL";
set_capability();
if (write_policy()) {
show_result(kill(pid, SIGINT), 1);
show_result(tkill(gettid(), SIGINT), 1);
#ifdef __NR_tgkill
if (is_kernel26)
show_result(tgkill(pid, gettid(), SIGINT), 1);
#endif
delete_policy();
show_result(kill(pid, SIGINT), 0);
show_result(tkill(gettid(), SIGINT), 0);
#ifdef __NR_tgkill
if (is_kernel26)
show_result(tgkill(pid, gettid(), SIGINT), 0);
#endif
}
unset_capability();
signal(SIGINT, SIG_DFL);
capability = "SYS_KEXEC_LOAD";
set_capability();
if (write_policy()) {
#ifdef __NR_sys_kexec_load
if (is_kernel26)
show_result(sys_kexec_load(0, 0, NULL, 0), 1);
#endif
delete_policy();
#ifdef __NR_sys_kexec_load
if (is_kernel26)
show_result(sys_kexec_load(0, 0, NULL, 0), 0);
#endif
}
unset_capability();
capability = "SYS_VHANGUP";
set_capability();
if (write_policy()) {
int pty_fd = EOF, status = 0;
int pipe_fd[2] = { EOF, EOF };
pipe(pipe_fd);
switch (forkpty(&pty_fd, NULL, NULL, NULL)) {
case 0:
errno = 0;
vhangup();
/* Unreachable if vhangup() succeeded. */
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "forkpty() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
close(pty_fd);
errno = status;
show_result(status ? EOF : 0, 1);
}
delete_policy();
status = 0;
pipe(pipe_fd);
switch (forkpty(&pty_fd, NULL, NULL, NULL)) {
case 0:
errno = 0;
vhangup();
/* Unreachable if vhangup() succeeded. */
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "forkpty() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
close(pty_fd);
errno = status;
show_result(status ? EOF : 0, 0);
}
}
unset_capability();
capability = "SYS_TIME";
set_capability();
if (write_policy()) {
struct timeval tv;
struct timezone tz;
struct timex buf;
time_t now = time(NULL);
show_result(stime(&now), 1);
gettimeofday(&tv, &tz);
show_result(settimeofday(&tv, &tz), 1);
memset(&buf, 0, sizeof(buf));
buf.modes = 0x100; /* Use invalid value so that the clock
won't change. */
show_result(adjtimex(&buf), 1);
delete_policy();
now = time(NULL);
show_result(stime(&now), 0);
gettimeofday(&tv, &tz);
show_result(settimeofday(&tv, &tz), 0);
memset(&buf, 0, sizeof(buf));
buf.modes = 0x100; /* Use invalid value so that the clock
won't change. */
show_result(adjtimex(&buf), 0);
}
unset_capability();
capability = "SYS_NICE";
set_capability();
if (write_policy()) {
show_result(nice(0), 1);
show_result(setpriority(PRIO_PROCESS, pid,
getpriority(PRIO_PROCESS, pid)), 1);
delete_policy();
show_result(nice(0), 0);
show_result(setpriority(PRIO_PROCESS, pid,
getpriority(PRIO_PROCESS, pid)), 0);
}
unset_capability();
capability = "SYS_SETHOSTNAME";
set_capability();
if (write_policy()) {
char buffer[4096];
memset(buffer, 0, sizeof(buffer));
gethostname(buffer, sizeof(buffer) - 1);
show_result(sethostname(buffer, strlen(buffer)), 1);
getdomainname(buffer, sizeof(buffer) - 1);
show_result(setdomainname(buffer, strlen(buffer)), 1);
delete_policy();
gethostname(buffer, sizeof(buffer) - 1);
show_result(sethostname(buffer, strlen(buffer)), 0);
getdomainname(buffer, sizeof(buffer) - 1);
show_result(setdomainname(buffer, strlen(buffer)), 0);
}
unset_capability();
capability = "SYS_LINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/link_source_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/link_target_XXXXXX");
show_result(link(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/link_source_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/link_target_XXXXXX");
show_result(link(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_SYMLINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/symlink_target_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/symlink_source_XXXXXX");
show_result(symlink(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/symlink_target_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/symlink_source_XXXXXX");
show_result(symlink(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_RENAME";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/rename_old_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/rename_new_XXXXXX");
show_result(rename(tmp1, tmp2), 1);
unlink(tmp2);
unlink(tmp1);
delete_policy();
strcpy(tmp1, "/tmp/rename_old_XXXXXX");
close(mkstemp(tmp1));
strcpy(tmp2, "/tmp/rename_new_XXXXXX");
show_result(rename(tmp1, tmp2), 0);
unlink(tmp2);
unlink(tmp1);
}
unset_capability();
capability = "SYS_UNLINK";
set_capability();
if (write_policy()) {
strcpy(tmp1, "/tmp/unlinkXXXXXX");
close(mkstemp(tmp1));
show_result(unlink(tmp1), 1);
delete_policy();
strcpy(tmp1, "/tmp/unlinkXXXXXX");
close(mkstemp(tmp1));
show_result(unlink(tmp1), 0);
}
unset_capability();
unlink(tmp1);
capability = "SYS_CHMOD";
set_capability();
if (write_policy()) {
show_result(chmod("/dev/null", 0222), 1);
delete_policy();
show_result(chmod("/dev/null", 0444), 0);
}
unset_capability();
chmod("/dev/null", 0666);
capability = "SYS_CHOWN";
set_capability();
if (write_policy()) {
show_result(chown("/dev/null", 1, 1), 1);
delete_policy();
show_result(chown("/dev/null", 2, 2), 0);
}
unset_capability();
chown("/dev/null", 0, 0);
capability = "SYS_IOCTL";
set_capability();
if (0 && write_policy()) {
int fd = open("/dev/null", O_RDONLY);
show_result(ioctl(fd, 0 /* Use invalid value so that nothing
happen. */), 1);
delete_policy();
show_result(ioctl(fd, 0 /* Use invalid value so that nothing
happen. */), 0);
close(fd);
}
if (write_policy()) {
struct ifreq ifreq;
int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
memset(&ifreq, 0, sizeof(ifreq));
snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
show_result(ioctl(fd, 35123, &ifreq), 1);
delete_policy();
show_result(ioctl(fd, 35123, &ifreq), 0);
close(fd);
}
unset_capability();
capability = "SYS_PTRACE";
set_capability();
if (write_policy()) {
int status = 0;
int pipe_fd[2] = { EOF, EOF };
pipe(pipe_fd);
switch (fork()) {
case 0:
errno = 0;
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "fork() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
errno = status;
show_result(status ? EOF : 0, 1);
}
delete_policy();
status = 0;
pipe(pipe_fd);
switch (fork()) {
case 0:
errno = 0;
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
status = errno;
write(pipe_fd[1], &status, sizeof(status));
_exit(0);
case -1:
fprintf(stderr, "fork() failed.\n");
break;
default:
close(pipe_fd[1]);
read(pipe_fd[0], &status, sizeof(status));
wait(NULL);
close(pipe_fd[0]);
errno = status;
show_result(status ? EOF : 0, 0);
}
}
unset_capability();
}
/* Comments by Gene:
* Here, syscall is the wrapper, and the call to syscall would be _real_syscall
* We would add a special case for SYS_gettid, while all others default as below
* It depends on the idea that arguments are stored in registers, whose
* natural size is: sizeof(void*)
* So, we pass six arguments to syscall, and it will ignore any extra arguments
* I believe that all Linux system calls have no more than 7 args.
* clone() is an example of one with 7 arguments.
* If we discover system calls for which the 7 args strategy doesn't work,
* we can special case them.
*
* XXX: DO NOT USE JTRACE/JNOTE/JASSERT in this function; even better, do not
* use any STL here. (--Kapil)
*/
extern "C" long int syscall(long int sys_num, ... )
{
long int ret;
va_list ap;
va_start(ap, sys_num);
switch ( sys_num ) {
case SYS_gettid:
{
ret = gettid();
break;
}
case SYS_tkill:
{
SYSCALL_GET_ARGS_2(int, tid, int, sig);
ret = tkill(tid, sig);
break;
}
case SYS_tgkill:
{
SYSCALL_GET_ARGS_3(int, tgid, int, tid, int, sig);
ret = tgkill(tgid, tid, sig);
break;
}
case SYS_getpid:
{
ret = getpid();
break;
}
case SYS_getppid:
{
ret = getppid();
break;
}
case SYS_getpgrp:
{
ret = getpgrp();
break;
}
case SYS_getpgid:
{
SYSCALL_GET_ARG(pid_t,pid);
ret = getpgid(pid);
break;
}
case SYS_setpgid:
{
SYSCALL_GET_ARGS_2(pid_t,pid,pid_t,pgid);
ret = setpgid(pid, pgid);
break;
}
case SYS_getsid:
{
SYSCALL_GET_ARG(pid_t,pid);
ret = getsid(pid);
break;
}
case SYS_setsid:
{
ret = setsid();
break;
}
case SYS_kill:
{
SYSCALL_GET_ARGS_2(pid_t,pid,int,sig);
ret = kill(pid, sig);
break;
}
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,9))
case SYS_waitid:
{
//SYSCALL_GET_ARGS_4(idtype_t,idtype,id_t,id,siginfo_t*,infop,int,options);
SYSCALL_GET_ARGS_4(int,idtype,id_t,id,siginfo_t*,infop,int,options);
ret = waitid((idtype_t)idtype, id, infop, options);
break;
}
#endif
case SYS_wait4:
{
SYSCALL_GET_ARGS_4(pid_t,pid,__WAIT_STATUS,status,int,options,
struct rusage*,rusage);
ret = wait4(pid, status, options, rusage);
break;
}
#ifdef __i386__
case SYS_waitpid:
{
SYSCALL_GET_ARGS_3(pid_t,pid,int*,status,int,options);
ret = waitpid(pid, status, options);
break;
}
#endif
case SYS_setgid:
{
SYSCALL_GET_ARG(gid_t,gid);
ret = setgid(gid);
break;
}
case SYS_setuid:
{
SYSCALL_GET_ARG(uid_t,uid);
ret = setuid(uid);
break;
}
#ifndef DISABLE_SYS_V_IPC
# ifdef __x86_64__
// These SYS_xxx are only defined for 64-bit Linux
case SYS_shmget:
{
SYSCALL_GET_ARGS_3(key_t,key,size_t,size,int,shmflg);
ret = shmget(key, size, shmflg);
break;
}
case SYS_shmat:
{
SYSCALL_GET_ARGS_3(int,shmid,const void*,shmaddr,int,shmflg);
ret = (unsigned long) shmat(shmid, shmaddr, shmflg);
break;
}
case SYS_shmdt:
{
SYSCALL_GET_ARG(const void*,shmaddr);
ret = shmdt(shmaddr);
break;
}
case SYS_shmctl:
{
SYSCALL_GET_ARGS_3(int,shmid,int,cmd,struct shmid_ds*,buf);
ret = shmctl(shmid, cmd, buf);
break;
}
# endif
#endif
default:
{
SYSCALL_GET_ARGS_7(void*, arg1, void*, arg2, void*, arg3, void*, arg4,
void*, arg5, void*, arg6, void*, arg7);
ret = _real_syscall(sys_num, arg1, arg2, arg3, arg4, arg5, arg6, arg7);
break;
}
}
va_end(ap);
return ret;
}