xref: /freebsd/contrib/capsicum-test/capability-fd-pair.cc (revision 99282790b7d01ec3c4072621d46a0d7302517ad4)
1 // Tests involving 2 capability file descriptors.
2 #include <sys/types.h>
3 #include <sys/socket.h>
4 #include <fcntl.h>
5 
6 #include "capsicum.h"
7 #include "syscalls.h"
8 #include "capsicum-test.h"
9 
10 TEST(CapabilityPair, sendfile) {
11   int in_fd = open(TmpFile("cap_sendfile_in"), O_CREAT|O_RDWR, 0644);
12   EXPECT_OK(write(in_fd, "1234", 4));
13   // Output fd for sendfile must be a stream socket in FreeBSD.
14   int sock_fds[2];
15   EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
16 
17   cap_rights_t r_rs;
18   cap_rights_init(&r_rs, CAP_READ, CAP_SEEK);
19   cap_rights_t r_ws;
20   cap_rights_init(&r_ws, CAP_WRITE, CAP_SEEK);
21 
22   int cap_in_ro = dup(in_fd);
23   EXPECT_OK(cap_in_ro);
24   EXPECT_OK(cap_rights_limit(cap_in_ro, &r_rs));
25   int cap_in_wo = dup(in_fd);
26   EXPECT_OK(cap_in_wo);
27   EXPECT_OK(cap_rights_limit(cap_in_wo, &r_ws));
28   int cap_out_ro = dup(sock_fds[0]);
29   EXPECT_OK(cap_out_ro);
30   EXPECT_OK(cap_rights_limit(cap_out_ro, &r_rs));
31   int cap_out_wo = dup(sock_fds[0]);
32   EXPECT_OK(cap_out_wo);
33   EXPECT_OK(cap_rights_limit(cap_out_wo, &r_ws));
34 
35   off_t offset = 0;
36   EXPECT_NOTCAPABLE(sendfile_(cap_out_ro, cap_in_ro, &offset, 4));
37   EXPECT_NOTCAPABLE(sendfile_(cap_out_wo, cap_in_wo, &offset, 4));
38   EXPECT_OK(sendfile_(cap_out_wo, cap_in_ro, &offset, 4));
39 
40   close(cap_in_ro);
41   close(cap_in_wo);
42   close(cap_out_ro);
43   close(cap_out_wo);
44   close(in_fd);
45   close(sock_fds[0]);
46   close(sock_fds[1]);
47   unlink(TmpFile("cap_sendfile_in"));
48 }
49 
50 #ifdef HAVE_TEE
51 TEST(CapabilityPair, tee) {
52   int pipe1_fds[2];
53   EXPECT_OK(pipe2(pipe1_fds, O_NONBLOCK));
54   int pipe2_fds[2];
55   EXPECT_OK(pipe2(pipe2_fds, O_NONBLOCK));
56 
57   // Put some data into pipe1.
58   unsigned char buffer[4] = {1, 2, 3, 4};
59   EXPECT_OK(write(pipe1_fds[1], buffer, 4));
60 
61   cap_rights_t r_ro;
62   cap_rights_init(&r_ro, CAP_READ);
63   cap_rights_t r_wo;
64   cap_rights_init(&r_wo, CAP_WRITE);
65   cap_rights_t r_rw;
66   cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
67 
68   // Various attempts to tee into pipe2.
69   int cap_in_wo = dup(pipe1_fds[0]);
70   EXPECT_OK(cap_in_wo);
71   EXPECT_OK(cap_rights_limit(cap_in_wo, &r_wo));
72   int cap_in_rw = dup(pipe1_fds[0]);
73   EXPECT_OK(cap_in_rw);
74   EXPECT_OK(cap_rights_limit(cap_in_rw, &r_rw));
75   int cap_out_ro = dup(pipe2_fds[1]);
76   EXPECT_OK(cap_out_ro);
77   EXPECT_OK(cap_rights_limit(cap_out_ro, &r_ro));
78   int cap_out_rw = dup(pipe2_fds[1]);
79   EXPECT_OK(cap_out_rw);
80   EXPECT_OK(cap_rights_limit(cap_out_rw, &r_rw));
81 
82   EXPECT_NOTCAPABLE(tee(cap_in_wo, cap_out_rw, 4, SPLICE_F_NONBLOCK));
83   EXPECT_NOTCAPABLE(tee(cap_in_rw, cap_out_ro, 4, SPLICE_F_NONBLOCK));
84   EXPECT_OK(tee(cap_in_rw, cap_out_rw, 4, SPLICE_F_NONBLOCK));
85 
86   close(cap_in_wo);
87   close(cap_in_rw);
88   close(cap_out_ro);
89   close(cap_out_rw);
90   close(pipe1_fds[0]);
91   close(pipe1_fds[1]);
92   close(pipe2_fds[0]);
93   close(pipe2_fds[1]);
94 }
95 #endif
96 
97 #ifdef HAVE_SPLICE
98 TEST(CapabilityPair, splice) {
99   int pipe1_fds[2];
100   EXPECT_OK(pipe2(pipe1_fds, O_NONBLOCK));
101   int pipe2_fds[2];
102   EXPECT_OK(pipe2(pipe2_fds, O_NONBLOCK));
103 
104   // Put some data into pipe1.
105   unsigned char buffer[4] = {1, 2, 3, 4};
106   EXPECT_OK(write(pipe1_fds[1], buffer, 4));
107 
108   cap_rights_t r_ro;
109   cap_rights_init(&r_ro, CAP_READ);
110   cap_rights_t r_wo;
111   cap_rights_init(&r_wo, CAP_WRITE);
112   cap_rights_t r_rs;
113   cap_rights_init(&r_rs, CAP_READ, CAP_SEEK);
114   cap_rights_t r_ws;
115   cap_rights_init(&r_ws, CAP_WRITE, CAP_SEEK);
116 
117   // Various attempts to splice.
118   int cap_in_wo = dup(pipe1_fds[0]);
119   EXPECT_OK(cap_in_wo);
120   EXPECT_OK(cap_rights_limit(cap_in_wo, &r_wo));
121   int cap_in_ro = dup(pipe1_fds[0]);
122   EXPECT_OK(cap_in_ro);
123   EXPECT_OK(cap_rights_limit(cap_in_ro, &r_ro));
124   int cap_in_ro_seek = dup(pipe1_fds[0]);
125   EXPECT_OK(cap_in_ro_seek);
126   EXPECT_OK(cap_rights_limit(cap_in_ro_seek, &r_rs));
127   int cap_out_wo = dup(pipe2_fds[1]);
128   EXPECT_OK(cap_out_wo);
129   EXPECT_OK(cap_rights_limit(cap_out_wo, &r_wo));
130   int cap_out_ro = dup(pipe2_fds[1]);
131   EXPECT_OK(cap_out_ro);
132   EXPECT_OK(cap_rights_limit(cap_out_ro, &r_ro));
133   int cap_out_wo_seek = dup(pipe2_fds[1]);
134   EXPECT_OK(cap_out_wo_seek);
135   EXPECT_OK(cap_rights_limit(cap_out_wo_seek, &r_ws));
136 
137   EXPECT_NOTCAPABLE(splice(cap_in_ro, NULL, cap_out_wo_seek, NULL, 4, SPLICE_F_NONBLOCK));
138   EXPECT_NOTCAPABLE(splice(cap_in_wo, NULL, cap_out_wo_seek, NULL, 4, SPLICE_F_NONBLOCK));
139   EXPECT_NOTCAPABLE(splice(cap_in_ro_seek, NULL, cap_out_ro, NULL, 4, SPLICE_F_NONBLOCK));
140   EXPECT_NOTCAPABLE(splice(cap_in_ro_seek, NULL, cap_out_wo, NULL, 4, SPLICE_F_NONBLOCK));
141   EXPECT_OK(splice(cap_in_ro_seek, NULL, cap_out_wo_seek, NULL, 4, SPLICE_F_NONBLOCK));
142 
143   close(cap_in_wo);
144   close(cap_in_ro);
145   close(cap_in_ro_seek);
146   close(cap_out_wo);
147   close(cap_out_ro);
148   close(cap_out_wo_seek);
149   close(pipe1_fds[0]);
150   close(pipe1_fds[1]);
151   close(pipe2_fds[0]);
152   close(pipe2_fds[1]);
153 }
154 #endif
155 
156 #ifdef HAVE_VMSPLICE
157 // Although it only involves a single file descriptor, test vmsplice(2) here too.
158 TEST(CapabilityPair, vmsplice) {
159   int pipe_fds[2];
160   EXPECT_OK(pipe2(pipe_fds, O_NONBLOCK));
161 
162   cap_rights_t r_ro;
163   cap_rights_init(&r_ro, CAP_READ);
164   cap_rights_t r_rw;
165   cap_rights_init(&r_rw, CAP_READ, CAP_WRITE);
166 
167   int cap_ro = dup(pipe_fds[1]);
168   EXPECT_OK(cap_ro);
169   EXPECT_OK(cap_rights_limit(cap_ro, &r_ro));
170   int cap_rw = dup(pipe_fds[1]);
171   EXPECT_OK(cap_rw);
172   EXPECT_OK(cap_rights_limit(cap_rw, &r_rw));
173 
174   unsigned char buffer[4] = {1, 2, 3, 4};
175   struct iovec iov;
176   memset(&iov, 0, sizeof(iov));
177   iov.iov_base = buffer;
178   iov.iov_len = sizeof(buffer);
179 
180   EXPECT_NOTCAPABLE(vmsplice(cap_ro, &iov, 1, SPLICE_F_NONBLOCK));
181   EXPECT_OK(vmsplice(cap_rw, &iov, 1, SPLICE_F_NONBLOCK));
182 
183   close(cap_ro);
184   close(cap_rw);
185   close(pipe_fds[0]);
186   close(pipe_fds[1]);
187 }
188 #endif
189