search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
staging: rtl8192u: remove redundant assignment to pointer crypt
[linux/fpc-iii.git] / tools / testing / selftests / safesetid / safesetid-test.c
blob8f40c6ecdad188458d526af08f4bf4731d34c30c
1 // SPDX-License-Identifier: GPL-2.0
2 #define _GNU_SOURCE
3 #include <stdio.h>
4 #include <errno.h>
5 #include <pwd.h>
6 #include <string.h>
7 #include <syscall.h>
8 #include <sys/capability.h>
9 #include <sys/types.h>
10 #include <sys/mount.h>
11 #include <sys/prctl.h>
12 #include <sys/wait.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <fcntl.h>
16 #include <stdbool.h>
17 #include <stdarg.h>
18
19 #ifndef CLONE_NEWUSER
20 # define CLONE_NEWUSER 0x10000000
21 #endif
22
23 #define ROOT_USER 0
24 #define RESTRICTED_PARENT 1
25 #define ALLOWED_CHILD1 2
26 #define ALLOWED_CHILD2 3
27 #define NO_POLICY_USER 4
28
29 char* add_whitelist_policy_file = "/sys/kernel/security/safesetid/add_whitelist_policy";
30
31 static void die(char *fmt, ...)
32 {
33 va_list ap;
34 va_start(ap, fmt);
35 vfprintf(stderr, fmt, ap);
36 va_end(ap);
37 exit(EXIT_FAILURE);
38 }
39
40 static bool vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap)
41 {
42 char buf[4096];
43 int fd;
44 ssize_t written;
45 int buf_len;
46
47 buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
48 if (buf_len < 0) {
49 printf("vsnprintf failed: %s\n",
50 strerror(errno));
51 return false;
52 }
53 if (buf_len >= sizeof(buf)) {
54 printf("vsnprintf output truncated\n");
55 return false;
56 }
57
58 fd = open(filename, O_WRONLY);
59 if (fd < 0) {
60 if ((errno == ENOENT) && enoent_ok)
61 return true;
62 return false;
63 }
64 written = write(fd, buf, buf_len);
65 if (written != buf_len) {
66 if (written >= 0) {
67 printf("short write to %s\n", filename);
68 return false;
69 } else {
70 printf("write to %s failed: %s\n",
71 filename, strerror(errno));
72 return false;
73 }
74 }
75 if (close(fd) != 0) {
76 printf("close of %s failed: %s\n",
77 filename, strerror(errno));
78 return false;
79 }
80 return true;
81 }
82
83 static bool write_file(char *filename, char *fmt, ...)
84 {
85 va_list ap;
86 bool ret;
87
88 va_start(ap, fmt);
89 ret = vmaybe_write_file(false, filename, fmt, ap);
90 va_end(ap);
91
92 return ret;
93 }
94
95 static void ensure_user_exists(uid_t uid)
96 {
97 struct passwd p;
98
99 FILE *fd;
100 char name_str[10];
101
102 if (getpwuid(uid) == NULL) {
103 memset(&p,0x00,sizeof(p));
104 fd=fopen("/etc/passwd","a");
105 if (fd == NULL)
106 die("couldn't open file\n");
107 if (fseek(fd, 0, SEEK_END))
108 die("couldn't fseek\n");
109 snprintf(name_str, 10, "%d", uid);
110 p.pw_name=name_str;
111 p.pw_uid=uid;
112 p.pw_gecos="Test account";
113 p.pw_dir="/dev/null";
114 p.pw_shell="/bin/false";
115 int value = putpwent(&p,fd);
116 if (value != 0)
117 die("putpwent failed\n");
118 if (fclose(fd))
119 die("fclose failed\n");
120 }
121 }
122
123 static void ensure_securityfs_mounted(void)
124 {
125 int fd = open(add_whitelist_policy_file, O_WRONLY);
126 if (fd < 0) {
127 if (errno == ENOENT) {
128 // Need to mount securityfs
129 if (mount("securityfs", "/sys/kernel/security",
130 "securityfs", 0, NULL) < 0)
131 die("mounting securityfs failed\n");
132 } else {
133 die("couldn't find securityfs for unknown reason\n");
134 }
135 } else {
136 if (close(fd) != 0) {
137 die("close of %s failed: %s\n",
138 add_whitelist_policy_file, strerror(errno));
139 }
140 }
141 }
142
143 static void write_policies(void)
144 {
145 static char *policy_str =
146 "1:2\n"
147 "1:3\n"
148 "2:2\n"
149 "3:3\n";
150 ssize_t written;
151 int fd;
152
153 fd = open(add_whitelist_policy_file, O_WRONLY);
154 if (fd < 0)
155 die("cant open add_whitelist_policy file\n");
156 written = write(fd, policy_str, strlen(policy_str));
157 if (written != strlen(policy_str)) {
158 if (written >= 0) {
159 die("short write to %s\n", add_whitelist_policy_file);
160 } else {
161 die("write to %s failed: %s\n",
162 add_whitelist_policy_file, strerror(errno));
163 }
164 }
165 if (close(fd) != 0) {
166 die("close of %s failed: %s\n",
167 add_whitelist_policy_file, strerror(errno));
168 }
169 }
170
171 static bool test_userns(bool expect_success)
172 {
173 uid_t uid;
174 char map_file_name[32];
175 size_t sz = sizeof(map_file_name);
176 pid_t cpid;
177 bool success;
178
179 uid = getuid();
180
181 int clone_flags = CLONE_NEWUSER;
182 cpid = syscall(SYS_clone, clone_flags, NULL);
183 if (cpid == -1) {
184 printf("clone failed");
185 return false;
186 }
187
188 if (cpid == 0) { /* Code executed by child */
189 // Give parent 1 second to write map file
190 sleep(1);
191 exit(EXIT_SUCCESS);
192 } else { /* Code executed by parent */
193 if(snprintf(map_file_name, sz, "/proc/%d/uid_map", cpid) < 0) {
194 printf("preparing file name string failed");
195 return false;
196 }
197 success = write_file(map_file_name, "0 0 1", uid);
198 return success == expect_success;
199 }
200
201 printf("should not reach here");
202 return false;
203 }
204
205 static void test_setuid(uid_t child_uid, bool expect_success)
206 {
207 pid_t cpid, w;
208 int wstatus;
209
210 cpid = fork();
211 if (cpid == -1) {
212 die("fork\n");
213 }
214
215 if (cpid == 0) { /* Code executed by child */
216 setuid(child_uid);
217 if (getuid() == child_uid)
218 exit(EXIT_SUCCESS);
219 else
220 exit(EXIT_FAILURE);
221 } else { /* Code executed by parent */
222 do {
223 w = waitpid(cpid, &wstatus, WUNTRACED | WCONTINUED);
224 if (w == -1) {
225 die("waitpid\n");
226 }
227
228 if (WIFEXITED(wstatus)) {
229 if (WEXITSTATUS(wstatus) == EXIT_SUCCESS) {
230 if (expect_success) {
231 return;
232 } else {
233 die("unexpected success\n");
234 }
235 } else {
236 if (expect_success) {
237 die("unexpected failure\n");
238 } else {
239 return;
240 }
241 }
242 } else if (WIFSIGNALED(wstatus)) {
243 if (WTERMSIG(wstatus) == 9) {
244 if (expect_success)
245 die("killed unexpectedly\n");
246 else
247 return;
248 } else {
249 die("unexpected signal: %d\n", wstatus);
250 }
251 } else {
252 die("unexpected status: %d\n", wstatus);
253 }
254 } while (!WIFEXITED(wstatus) && !WIFSIGNALED(wstatus));
255 }
256
257 die("should not reach here\n");
258 }
259
260 static void ensure_users_exist(void)
261 {
262 ensure_user_exists(ROOT_USER);
263 ensure_user_exists(RESTRICTED_PARENT);
264 ensure_user_exists(ALLOWED_CHILD1);
265 ensure_user_exists(ALLOWED_CHILD2);
266 ensure_user_exists(NO_POLICY_USER);
267 }
268
269 static void drop_caps(bool setid_retained)
270 {
271 cap_value_t cap_values[] = {CAP_SETUID, CAP_SETGID};
272 cap_t caps;
273
274 caps = cap_get_proc();
275 if (setid_retained)
276 cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET);
277 else
278 cap_clear(caps);
279 cap_set_proc(caps);
280 cap_free(caps);
281 }
282
283 int main(int argc, char **argv)
284 {
285 ensure_users_exist();
286 ensure_securityfs_mounted();
287 write_policies();
288
289 if (prctl(PR_SET_KEEPCAPS, 1L))
290 die("Error with set keepcaps\n");
291
292 // First test to make sure we can write userns mappings from a user
293 // that doesn't have any restrictions (as long as it has CAP_SETUID);
294 setuid(NO_POLICY_USER);
295 setgid(NO_POLICY_USER);
296
297 // Take away all but setid caps
298 drop_caps(true);
299
300 // Need PR_SET_DUMPABLE flag set so we can write /proc/[pid]/uid_map
301 // from non-root parent process.
302 if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0))
303 die("Error with set dumpable\n");
304
305 if (!test_userns(true)) {
306 die("test_userns failed when it should work\n");
307 }
308
309 setuid(RESTRICTED_PARENT);
310 setgid(RESTRICTED_PARENT);
311
312 test_setuid(ROOT_USER, false);
313 test_setuid(ALLOWED_CHILD1, true);
314 test_setuid(ALLOWED_CHILD2, true);
315 test_setuid(NO_POLICY_USER, false);
316
317 if (!test_userns(false)) {
318 die("test_userns worked when it should fail\n");
319 }
320
321 // Now take away all caps
322 drop_caps(false);
323 test_setuid(2, false);
324 test_setuid(3, false);
325 test_setuid(4, false);
326
327 // NOTE: this test doesn't clean up users that were created in
328 // /etc/passwd or flush policies that were added to the LSM.
329 return EXIT_SUCCESS;
330 }
Linux with added FPC-III support