forked from OSchip/llvm-project
David Carlier
parent
a0d0202d89
commit
cc3be702b0
|
|
@ -7840,9 +7840,57 @@ INTERCEPTOR(UINTMAX_T, strtou, const char *nptr, char **endptr, int base,
|
|||
#define INIT_STRTOI
|
||||
#endif
|
||||
|
||||
#if SANITIZER_INTERCEPT_CAPSICUM
|
||||
INTERCEPTOR(int, cap_rights_limit, int fd,
|
||||
const __sanitizer_cap_rights_t *rights) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, cap_rights_limit, fd, rights);
|
||||
if (rights)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, rights, sizeof(*rights));
|
||||
|
||||
return REAL(cap_rights_limit)(fd, rights);
|
||||
}
|
||||
|
||||
INTERCEPTOR(int, cap_rights_get, int fd, __sanitizer_cap_rights_t *rights) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, cap_rights_get, fd, rights);
|
||||
int ret = REAL(cap_rights_get)(fd, rights);
|
||||
if (!ret && rights)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, rights, sizeof(*rights));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
INTERCEPTOR(int, cap_ioctls_limit, int fd, const uptr *cmds, SIZE_T ncmds) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, cap_ioctls_limit, fd, cmds, ncmds);
|
||||
if (cmds)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, cmds, sizeof(*cmds) * ncmds);
|
||||
|
||||
return REAL(cap_ioctls_limit)(fd, cmds, ncmds);
|
||||
}
|
||||
|
||||
INTERCEPTOR(int, cap_ioctls_get, int fd, uptr *cmds, SIZE_T maxcmds) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, cap_ioctls_get, fd, cmds, maxcmds);
|
||||
int ret = REAL(cap_ioctls_get)(fd, cmds, maxcmds);
|
||||
if (!ret && cmds)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, cmds, sizeof(*cmds) * maxcmds);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#define INIT_CAPSICUM \
|
||||
COMMON_INTERCEPT_FUNCTION(cap_rights_get); \
|
||||
COMMON_INTERCEPT_FUNCTION(cap_rights_limit); \
|
||||
COMMON_INTERCEPT_FUNCTION(cap_ioctls_get); \
|
||||
COMMON_INTERCEPT_FUNCTION(cap_ioctls_limit)
|
||||
#else
|
||||
#define INIT_CAPSICUM
|
||||
#endif
|
||||
|
||||
static void InitializeCommonInterceptors() {
|
||||
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
|
||||
interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap();
|
||||
interceptor_metadata_map = new ((void *)&metadata_mem) MetadataHashMap();
|
||||
|
||||
INIT_MMAP;
|
||||
INIT_MMAP64;
|
||||
|
|
@ -8108,6 +8156,7 @@ static void InitializeCommonInterceptors() {
|
|||
INIT_FPARSELN;
|
||||
INIT_STATVFS1;
|
||||
INIT_STRTOI;
|
||||
INIT_CAPSICUM;
|
||||
|
||||
INIT___PRINTF_CHK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -534,5 +534,6 @@
|
|||
#define SANITIZER_INTERCEPT_FPARSELN SI_NETBSD
|
||||
#define SANITIZER_INTERCEPT_STATVFS1 SI_NETBSD
|
||||
#define SANITIZER_INTERCEPT_STRTOI SI_NETBSD
|
||||
#define SANITIZER_INTERCEPT_CAPSICUM SI_FREEBSD
|
||||
|
||||
#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H
|
||||
|
|
|
|||
|
|
@ -46,3 +46,51 @@ int main(void) {
|
|||
// CHECK: ioctls test: {{.*}} commands authorized
|
||||
// CHECK: rights test: {{.*}}
|
||||
}
|
||||
// RUN: %clangxx -O0 -g %s -o %t && %run %t 2>&1 | FileCheck %s
|
||||
|
||||
#include <sys/capsicum.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <termios.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
|
||||
void test_cap_ioctls() {
|
||||
cap_rights_t rights;
|
||||
unsigned long ncmds[] = {TIOCGETA, TIOCGWINSZ, FIODTYPE};
|
||||
unsigned long rcmds = 0;
|
||||
cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
|
||||
assert(rptr);
|
||||
|
||||
int rv = cap_rights_limit(STDIN_FILENO, &rights);
|
||||
assert(rv == 0);
|
||||
rv = cap_ioctls_limit(STDIN_FILENO, ncmds, 3);
|
||||
assert(rv == 0);
|
||||
ssize_t rz = cap_ioctls_get(STDIN_FILENO, &rcmds, 3);
|
||||
assert(rz == 3);
|
||||
printf("ioctls test: %ld commands authorized\n", rz);
|
||||
}
|
||||
|
||||
void test_cap_rights() {
|
||||
cap_rights_t rights, grights;
|
||||
cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
|
||||
assert(rptr);
|
||||
|
||||
int rv = cap_rights_limit(STDIN_FILENO, &rights);
|
||||
assert(rv == 0);
|
||||
rv = cap_rights_get(STDIN_FILENO, &grights);
|
||||
assert(rv == 0);
|
||||
assert(memcmp(&grights, &rights, sizeof(grights)) == 0);
|
||||
printf("rights test: %d\n", rv);
|
||||
}
|
||||
|
||||
int main(void) {
|
||||
test_cap_ioctls();
|
||||
|
||||
test_cap_rights();
|
||||
|
||||
// CHECK: ioctls test: {{.*}} commands authorized
|
||||
// CHECK: rights test: {{.*}}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue