maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[Sanitizer] capsicum api subset interception 

- For the moment a subset of this api dealing with file descriptors permissions and ioctls.

Reviewers: vitalybuka, krytarowski

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D55368

llvm-svn: 348668
This commit is contained in:
David Carlier 2018-12-08 00:14:04 +00:00
parent 5e1b05b091
commit a0d0202d89
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h
View File

@ -529,6 +529,7 @@
#define SANITIZER_INTERCEPT_SYSCTLGETMIBINFO SI_NETBSD
#define SANITIZER_INTERCEPT_NL_LANGINFO (SI_NETBSD || SI_FREEBSD)
#define SANITIZER_INTERCEPT_MODCTL SI_NETBSD
#define SANITIZER_INTERCEPT_CAPSICUM SI_FREEBSD
#define SANITIZER_INTERCEPT_STRTONUM SI_NETBSD
#define SANITIZER_INTERCEPT_FPARSELN SI_NETBSD
#define SANITIZER_INTERCEPT_STATVFS1 SI_NETBSD

48
compiler-rt/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc Normal file
View File

@ -0,0 +1,48 @@
// RUN: %clangxx -O0 -g %s -o %t && %run %t 2>&1 | FileCheck %s
#include <sys/capsicum.h>
#include <sys/ioctl.h>
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <termios.h>
#include <string.h>
#include <assert.h>
void test_cap_ioctls() {
cap_rights_t rights;
unsigned long ncmds[] = {TIOCGETA, TIOCGWINSZ, FIODTYPE};
unsigned long rcmds = 0;
cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
assert(rptr);
int rv = cap_rights_limit(STDIN_FILENO, &rights);
assert(rv == 0);
rv = cap_ioctls_limit(STDIN_FILENO, ncmds, 3);
assert(rv == 0);
ssize_t rz = cap_ioctls_get(STDIN_FILENO, &rcmds, 3);
assert(rz == 3);
printf("ioctls test: %ld commands authorized\n", rz);
}
void test_cap_rights() {
cap_rights_t rights, grights;
cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
assert(rptr);
int rv = cap_rights_limit(STDIN_FILENO, &rights);
assert(rv == 0);
rv = cap_rights_get(STDIN_FILENO, &grights);
assert(rv == 0);
assert(memcmp(&grights, &rights, sizeof(grights)) == 0);
printf("rights test: %d\n", rv);
}
int main(void) {
test_cap_ioctls();
test_cap_rights();
// CHECK: ioctls test: {{.*}} commands authorized
// CHECK: rights test: {{.*}}
}