xref: /freebsd/tools/regression/capsicum/syscalls/cap_getmode.c (revision bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
1 /*-
2  * Copyright (c) 2012 The FreeBSD Foundation
3  *
4  * This software was developed by Pawel Jakub Dawidek under sponsorship from
5  * the FreeBSD Foundation.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/types.h>
30 #include <sys/capsicum.h>
31 #include <sys/procdesc.h>
32 #include <sys/wait.h>
33 
34 #include <err.h>
35 #include <errno.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <unistd.h>
39 
40 #include "misc.h"
41 
42 int
43 main(void)
44 {
45 	unsigned int mode;
46 	pid_t pid;
47 	int pfd;
48 
49 	printf("1..27\n");
50 
51 	mode = 666;
52 	CHECK(cap_getmode(&mode) == 0);
53 	/* If cap_getmode() succeeded mode should be modified. */
54 	CHECK(mode != 666);
55 	/* We are not in capability mode. */
56 	CHECK(mode == 0);
57 
58 	/* Expect EFAULT. */
59 	errno = 0;
60 	CHECK(cap_getmode(NULL) == -1);
61 	CHECK(errno == EFAULT);
62 	errno = 0;
63 	CHECK(cap_getmode((void *)(uintptr_t)0xdeadc0de) == -1);
64 	CHECK(errno == EFAULT);
65 
66 	/* If parent is not in capability mode, child after fork() also won't be. */
67 	pid = fork();
68 	switch (pid) {
69 	case -1:
70 		err(1, "fork() failed");
71 	case 0:
72 		mode = 666;
73 		CHECK(cap_getmode(&mode) == 0);
74 		/* If cap_getmode() succeeded mode should be modified. */
75 		CHECK(mode != 666);
76 		/* We are not in capability mode. */
77 		CHECK(mode == 0);
78 		exit(0);
79 	default:
80 		if (waitpid(pid, NULL, 0) == -1)
81 			err(1, "waitpid() failed");
82 	}
83 
84 	/* If parent is not in capability mode, child after pdfork() also won't be. */
85 	pid = pdfork(&pfd, 0);
86 	switch (pid) {
87 	case -1:
88 		err(1, "pdfork() failed");
89 	case 0:
90 		mode = 666;
91 		CHECK(cap_getmode(&mode) == 0);
92 		/* If cap_getmode() succeeded mode should be modified. */
93 		CHECK(mode != 666);
94 		/* We are not in capability mode. */
95 		CHECK(mode == 0);
96 		exit(0);
97 	default:
98 		if (pdwait(pfd) == -1)
99 			err(1, "pdwait() failed");
100 		close(pfd);
101 	}
102 
103 	/* In capability mode... */
104 
105 	CHECK(cap_enter() == 0);
106 
107 	mode = 666;
108 	CHECK(cap_getmode(&mode) == 0);
109 	/* If cap_getmode() succeeded mode should be modified. */
110 	CHECK(mode != 666);
111 	/* We are in capability mode. */
112 	CHECK(mode == 1);
113 
114 	/* Expect EFAULT. */
115 	errno = 0;
116 	CHECK(cap_getmode(NULL) == -1);
117 	CHECK(errno == EFAULT);
118 	errno = 0;
119 	CHECK(cap_getmode((void *)(uintptr_t)0xdeadc0de) == -1);
120 	CHECK(errno == EFAULT);
121 
122 	/* If parent is in capability mode, child after fork() also will be. */
123 	pid = fork();
124 	switch (pid) {
125 	case -1:
126 		err(1, "fork() failed");
127 	case 0:
128 		mode = 666;
129 		CHECK(cap_getmode(&mode) == 0);
130 		/* If cap_getmode() succeeded mode should be modified. */
131 		CHECK(mode != 666);
132 		/* We are in capability mode. */
133 		CHECK(mode == 1);
134 		exit(0);
135 	default:
136 		/*
137 		 * wait(2) and friends are not permitted in the capability mode,
138 		 * so we can only just wait for a while.
139 		 */
140 		sleep(1);
141 	}
142 
143 	/* If parent is in capability mode, child after pdfork() also will be. */
144 	pid = pdfork(&pfd, 0);
145 	switch (pid) {
146 	case -1:
147 		err(1, "pdfork() failed");
148 	case 0:
149 		mode = 666;
150 		CHECK(cap_getmode(&mode) == 0);
151 		/* If cap_getmode() succeeded mode should be modified. */
152 		CHECK(mode != 666);
153 		/* We are in capability mode. */
154 		CHECK(mode == 1);
155 		exit(0);
156 	default:
157 		if (pdwait(pfd) == -1)
158 			err(1, "pdwait() failed");
159 		close(pfd);
160 	}
161 
162 	exit(0);
163 }
164