[PATCH] D55368: [Sanitizer] capsicum api subset interception

David CARLIER via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Dec 7 16:17:10 PST 2018 

This revision was automatically updated to reflect the committed changes.
Closed by commit rCRT348668: [Sanitizer] capsicum api subset interception (authored by devnexen, committed by ).

Changed prior to commit:
  https://reviews.llvm.org/D55368?vs=177342&id=177353#toc

Repository:
  rCRT Compiler Runtime

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D55368/new/

https://reviews.llvm.org/D55368

Files:
  lib/sanitizer_common/sanitizer_platform_interceptors.h
  test/sanitizer_common/TestCases/FreeBSD/capsicum.cc


Index: lib/sanitizer_common/sanitizer_platform_interceptors.h
===================================================================
--- lib/sanitizer_common/sanitizer_platform_interceptors.h
+++ lib/sanitizer_common/sanitizer_platform_interceptors.h
@@ -529,6 +529,7 @@
 #define SANITIZER_INTERCEPT_SYSCTLGETMIBINFO SI_NETBSD
 #define SANITIZER_INTERCEPT_NL_LANGINFO (SI_NETBSD || SI_FREEBSD)
 #define SANITIZER_INTERCEPT_MODCTL SI_NETBSD
+#define SANITIZER_INTERCEPT_CAPSICUM SI_FREEBSD
 #define SANITIZER_INTERCEPT_STRTONUM SI_NETBSD
 #define SANITIZER_INTERCEPT_FPARSELN SI_NETBSD
 #define SANITIZER_INTERCEPT_STATVFS1 SI_NETBSD
Index: test/sanitizer_common/TestCases/FreeBSD/capsicum.cc
===================================================================
--- test/sanitizer_common/TestCases/FreeBSD/capsicum.cc
+++ test/sanitizer_common/TestCases/FreeBSD/capsicum.cc
@@ -0,0 +1,48 @@
+// RUN: %clangxx -O0 -g %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <sys/capsicum.h>
+#include <sys/ioctl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <termios.h>
+#include <string.h>
+#include <assert.h>
+
+void test_cap_ioctls() {
+	cap_rights_t rights;
+	unsigned long ncmds[] = {TIOCGETA, TIOCGWINSZ, FIODTYPE};
+	unsigned long rcmds = 0;
+	cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
+	assert(rptr);
+
+	int rv = cap_rights_limit(STDIN_FILENO, &rights);
+	assert(rv == 0);
+	rv = cap_ioctls_limit(STDIN_FILENO, ncmds, 3);
+	assert(rv == 0);
+	ssize_t rz = cap_ioctls_get(STDIN_FILENO, &rcmds, 3);
+	assert(rz == 3);
+	printf("ioctls test: %ld commands authorized\n", rz);
+}
+
+void test_cap_rights() {
+	cap_rights_t rights, grights;
+	cap_rights_t *rptr = cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
+	assert(rptr);
+
+	int rv = cap_rights_limit(STDIN_FILENO, &rights);
+	assert(rv == 0);
+	rv = cap_rights_get(STDIN_FILENO, &grights);
+	assert(rv == 0);
+	assert(memcmp(&grights, &rights, sizeof(grights)) == 0);
+	printf("rights test: %d\n", rv);
+}
+
+int main(void) {
+	test_cap_ioctls();
+	
+	test_cap_rights();
+
+	// CHECK: ioctls test: {{.*}} commands authorized
+	// CHECK: rights test: {{.*}}
+}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D55368.177353.patch
Type: text/x-patch
Size: 2164 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20181208/c25bf448/attachment.bin>

More information about the llvm-commits mailing list