xref: /freebsd/tests/sys/capsicum/capability-fd-pair.cc (revision c2dee7786bf32cb66cedec226e42e79e06457c51) 
1 // Tests involving 2 capability file descriptors.
2 #include <sys/types.h>
3 #include <sys/socket.h>
4 #include <fcntl.h>
5 
6 #include "capsicum.h"
7 #include "syscalls.h"
8 #include "capsicum-test.h"
9 
10 TEST(CapabilityPair, sendfile) {
11   int in_fd = open(TmpFile("cap_sendfile_in"), O_CREAT|O_RDWR, 0644);
12   EXPECT_OK(write(in_fd, "1234", 4));
13   // Output fd for sendfile must be a stream socket in FreeBSD.
14   int sock_fds[2];
15   EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
16 
17   cap_rights_t r_rs;
18   cap_rights_init(&r_rs, CAP_READ, CAP_SEEK);
19   cap_rights_t r_ws;
20   cap_rights_init(&r_ws, CAP_WRITE, CAP_SEEK);
21 
22   int cap_in_ro = dup(in_fd);
23   EXPECT_OK(cap_in_ro);
24   EXPECT_OK(cap_rights_limit(cap_in_ro, &r_rs));
25   int cap_in_wo = dup(in_fd);
26   EXPECT_OK(cap_in_wo);
27   EXPECT_OK(cap_rights_limit(cap_in_wo, &r_ws));
28   int cap_out_ro = dup(sock_fds[0]);
29   EXPECT_OK(cap_out_ro);
30   EXPECT_OK(cap_rights_limit(cap_out_ro, &r_rs));
31   int cap_out_wo = dup(sock_fds[0]);
32   EXPECT_OK(cap_out_wo);
33   EXPECT_OK(cap_rights_limit(cap_out_wo, &r_ws));
34 
35   off_t offset = 0;
36   EXPECT_NOTCAPABLE(sendfile_(cap_out_ro, cap_in_ro, &offset, 4));
37   EXPECT_NOTCAPABLE(sendfile_(cap_out_wo, cap_in_wo, &offset, 4));
38   EXPECT_OK(sendfile_(cap_out_wo, cap_in_ro, &offset, 4));
39 
40   close(cap_in_ro);
41   close(cap_in_wo);
42   close(cap_out_ro);
43   close(cap_out_wo);
44   close(in_fd);
45   close(sock_fds[0]);
46   close(sock_fds[1]);
47   unlink(TmpFile("cap_sendfile_in"));
48 }
49