[compiler-rt] r348668 - [Sanitizer] capsicum api subset interception
David Carlier via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 7 16:14:04 PST 2018
Author: devnexen
Date: Fri Dec 7 16:14:04 2018
New Revision: 348668
URL: http://llvm.org/viewvc/llvm-project?rev=348668&view=rev
Log:
[Sanitizer] capsicum api subset interception
- For the moment a subset of this api dealing with file descriptors permissions and ioctls.
Reviewers: vitalybuka, krytarowski
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D55368
Added:
compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/
compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc
Modified:
compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h?rev=348668&r1=348667&r2=348668&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h Fri Dec 7 16:14:04 2018
@@ -529,6 +529,7 @@
#define SANITIZER_INTERCEPT_SYSCTLGETMIBINFO SI_NETBSD
#define SANITIZER_INTERCEPT_NL_LANGINFO (SI_NETBSD || SI_FREEBSD)
#define SANITIZER_INTERCEPT_MODCTL SI_NETBSD
+#define SANITIZER_INTERCEPT_CAPSICUM SI_FREEBSD
#define SANITIZER_INTERCEPT_STRTONUM SI_NETBSD
#define SANITIZER_INTERCEPT_FPARSELN SI_NETBSD
#define SANITIZER_INTERCEPT_STATVFS1 SI_NETBSD
Added: compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc?rev=348668&view=auto
==============================================================================
--- compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc (added)
+++ compiler-rt/trunk/test/sanitizer_common/TestCases/FreeBSD/capsicum.cc Fri Dec 7 16:14:04 2018
@@ -0,0 +1,48 @@
+// RUN: %clangxx -O0 -g %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <sys/capsicum.h>
+#include <sys/ioctl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <termios.h>
+#include <string.h>
+#include <assert.h>
+
+void test_cap_ioctls() {
+ cap_rights_t rights;
+ unsigned long ncmds[] = {TIOCGETA, TIOCGWINSZ, FIODTYPE};
+ unsigned long rcmds = 0;
+ cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
+ assert(rptr);
+
+ int rv = cap_rights_limit(STDIN_FILENO, &rights);
+ assert(rv == 0);
+ rv = cap_ioctls_limit(STDIN_FILENO, ncmds, 3);
+ assert(rv == 0);
+ ssize_t rz = cap_ioctls_get(STDIN_FILENO, &rcmds, 3);
+ assert(rz == 3);
+ printf("ioctls test: %ld commands authorized\n", rz);
+}
+
+void test_cap_rights() {
+ cap_rights_t rights, grights;
+ cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
+ assert(rptr);
+
+ int rv = cap_rights_limit(STDIN_FILENO, &rights);
+ assert(rv == 0);
+ rv = cap_rights_get(STDIN_FILENO, &grights);
+ assert(rv == 0);
+ assert(memcmp(&grights, &rights, sizeof(grights)) == 0);
+ printf("rights test: %d\n", rv);
+}
+
+int main(void) {
+ test_cap_ioctls();
+
+ test_cap_rights();
+
+ // CHECK: ioctls test: {{.*}} commands authorized
+ // CHECK: rights test: {{.*}}
+}
More information about the llvm-commits
mailing list