memcheck/tests/freebsd/capsicum.c

   1 #include <sys/capsicum.h>
   2 #include <assert.h>
   3 #include <stdio.h>
   4 #include <stdlib.h>
   5 #include <string.h>
   6 #include <errno.h>
   7 #include <unistd.h>
   8 #include <err.h>
   9 #include <sys/ioccom.h>
  10 #include <net/bpf.h>
  11
  12 int main(void)
  13 {
  14     u_int mode;
  15     if (-1 == cap_getmode(&mode)) {
  16         perror("cap_getmode() failed:");
  17         exit(1);
  18     } else {
  19         assert(mode == 0U);
  20     }
  21
  22     // example from man cap_rights_get
  23     cap_rights_t setrights, getrights;
  24     int fd;
  25
  26     memset(&setrights, 0, sizeof(setrights));
  27     memset(&getrights, 0, sizeof(getrights));
  28
  29     fd = open("capsicum.c", O_RDONLY);
  30     if (fd < 0)
  31         err(1, "open() failed");
  32
  33     cap_rights_init(&setrights, CAP_IOCTL, CAP_FSTAT, CAP_READ);
  34     if (cap_rights_limit(fd, &setrights) < 0 && errno != ENOSYS)
  35         err(1, "cap_rights_limit() failed");
  36
  37     unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF };
  38     if (cap_ioctls_limit(fd, cmds, sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) {
  39         err(1, "cap_ioctls_limit() filed");
  40     }
  41
  42     uint32_t fcntlrights = CAP_FCNTL_GETFL | CAP_FCNTL_SETFL;
  43     if (cap_fcntls_limit(STDIN_FILENO, fcntlrights) < 0 && errno != ENOSYS) {
  44         err(1, "cap_fcnls_limit() filed");
  45     }
  46
  47     if (cap_rights_get(fd, &getrights) < 0 && errno != ENOSYS)
  48         err(1, "cap_rights_get() failed");
  49
  50     assert(memcmp(&setrights, &getrights, sizeof(setrights)) == 0);
  51
  52     unsigned long getcmds[2];
  53     if (cap_ioctls_get(fd, getcmds, 2) < 0 && errno != ENOSYS)
  54         err(1, "cap_ioctls_get() failed");
  55
  56     assert(memcmp(cmds, getcmds, sizeof(cmds)) == 0);
  57
  58     uint32_t getfcntlrights;
  59     if (cap_fcntls_get(STDIN_FILENO, &getfcntlrights) < 0 && errno != ENOSYS) {
  60         err(1, "cap_fcnls_limit() filed");
  61     }
  62
  63     assert(fcntlrights == getfcntlrights);
  64
  65     //close(fd);
  66
  67     cap_enter();
  68
  69     if (-1 == cap_getmode(&mode)) {
  70         perror("cap_getmode() failed:");
  71         exit(1);
  72     } else {
  73         assert(mode != 0U);
  74     }
  75
  76     // error section
  77
  78     int *px = malloc(sizeof(int));
  79     int x = px[0];
  80
  81     cap_getmode(NULL);
  82
  83     cap_rights_get(0, NULL);
  84     cap_rights_get(x, &getrights);
  85     cap_rights_t* badrights = malloc(sizeof(cap_rights_t));
  86     cap_rights_init(badrights, CAP_FSTAT, CAP_READ);
  87     free(badrights);
  88     cap_rights_get(0, badrights);
  89
  90     cap_rights_limit(x, &setrights);
  91
  92     cap_rights_limit(fd, badrights);
  93
  94     int fd2 = open("foo", O_RDWR);
  95     if (fd2 >= 0)
  96         err(1, "open in write mode should have failed");
  97 }