258 lines
7.9 KiB
C
258 lines
7.9 KiB
C
/*
|
|
* Copyright 1991, Silicon Graphics, Inc.
|
|
* All Rights Reserved.
|
|
*
|
|
* This is UNPUBLISHED PROPRIETARY SOURCE CODE of Silicon Graphics, Inc.;
|
|
* the contents of this file may not be disclosed to third parties, copied or
|
|
* duplicated in any form, in whole or in part, without the prior written
|
|
* permission of Silicon Graphics, Inc.
|
|
*
|
|
* RESTRICTED RIGHTS LEGEND:
|
|
* Use, duplication or disclosure by the Government is subject to restrictions
|
|
* as set forth in subdivision (c)(1)(ii) of the Rights in Technical Data
|
|
* and Computer Software clause at DFARS 252.227-7013, and/or in similar or
|
|
* successor clauses in the FAR, DOD or NASA FAR Supplement. Unpublished -
|
|
* rights reserved under the Copyright Laws of the United States.
|
|
*/
|
|
|
|
/*
|
|
* setplabel_proc.c -- Tests for mac_set_proc() system call.
|
|
* For mac_set_proc() to succeed, the process must be the owner of the
|
|
* file and have search permission on the parent directory and all
|
|
* directories above it. If the process is owner of a directory,
|
|
* only the owner bits are checked. Otherwise, if the process's group id
|
|
* equals the directory's group id, only the group bits are checked.
|
|
* Otherwise, only the other bits are checked.
|
|
*
|
|
* Structure template is defined in a header file.
|
|
*/
|
|
#include "dac.h"
|
|
#include "mac.h"
|
|
|
|
static int setplabel_proc0(struct macinfo_2 *parmsptr);
|
|
|
|
static struct macinfo_2
|
|
setplabel_dinfo0[] =
|
|
{
|
|
/* O S
|
|
case case c_flag expect errno - Old - - New - uid
|
|
name num success msen mint msen mint
|
|
*/
|
|
"pos00", 0, 1, PASS, 0, MSL, MIE, MSH, MIE, SUPER,
|
|
"pos01", 1, 1, PASS, 0, MSH, MIE, MSL, MIE, SUPER,
|
|
"pos02", 2, 1, PASS, 0, MSH, MIL, MSH, MIH, SUPER,
|
|
"pos03", 3, 1, PASS, 0, MSH, MIH, MSH, MIL, SUPER,
|
|
|
|
"neg00", 4, 0, FAIL, EPERM, MSL, MIE, MSH, MIE, TEST0,
|
|
"neg01", 5, 0, FAIL, EPERM, MSH, MIE, MSL, MIE, TEST0,
|
|
"neg02", 6, 0, FAIL, EPERM, MSH, MIL, MSH, MIH, TEST0,
|
|
"neg03", 7, 0, FAIL, EPERM, MSH, MIH, MSH, MIL, TEST0,
|
|
|
|
"pos04", 8, 0, PASS, 0, MSH, MIE, MSH, MIE, TEST0,
|
|
"pos05", 9, 0, PASS, 0, MSH, MIE, MSMH, MIE, TEST0,
|
|
};
|
|
|
|
|
|
static char *setplabel_ddesc[] = {
|
|
"S suser, new MSEN > old, new MINT = old",
|
|
"S suser, new MSEN < old, new MINT = old",
|
|
"S suser, new MSEN = old, new MINT > old",
|
|
"S suser, new MSEN = old, new MINT < old",
|
|
|
|
"S not suser, new MSEN > old, new MINT = old",
|
|
"S not suser, new MSEN < old, new MINT = old",
|
|
"S not suser, new MSEN = old, new MINT > old",
|
|
"S not suser, new MSEN = old, new MINT < old",
|
|
|
|
"S not suser, setting label equal to current label",
|
|
"S not suser, setting label equal to equivalent MLD label",
|
|
};
|
|
|
|
int
|
|
setplabel_proc(void)
|
|
{
|
|
char str[MSGLEN]; /* used to write to logfiles */
|
|
char testname[SLEN]; /* used to write to logfiles */
|
|
short ncases0 = 10; /* number of test cases for label changes */
|
|
short i = 0; /* test case loop counter */
|
|
int fail = 0; /* set when a test case fails */
|
|
int incomplete = 0; /* set when a test case is incomplete */
|
|
|
|
strcpy(testname,"setplabel_proc");
|
|
/*
|
|
* Write formatted info to raw log.
|
|
*/
|
|
RAWLOG_SETUP(testname, ncases0);
|
|
/*
|
|
* Call function for each test case.
|
|
*/
|
|
for ( i = 0; i < ncases0; i++ ) {
|
|
/*
|
|
* Flush output streams before calling a function that forks!
|
|
*/
|
|
flush_raw_log();
|
|
/*
|
|
* Call setplabel_proc0() for each test case, passing a pointer to
|
|
* the structure containing the parameters for that case.
|
|
* A return value of 0 indicates PASS, 1 indicates FAIL, 2
|
|
* indicates the test was aborted due to an unexpected error.
|
|
*/
|
|
|
|
switch ( setplabel_proc0(&setplabel_dinfo0[i]) ) {
|
|
/*
|
|
* Write formatted result to raw log.
|
|
*/
|
|
case PASS: /* Passed */
|
|
RAWPASS(setplabel_dinfo0[i].casenum,
|
|
setplabel_dinfo0[i].casename );
|
|
break;
|
|
case FAIL: /* Failed */
|
|
RAWFAIL(setplabel_dinfo0[i].casenum,
|
|
setplabel_dinfo0[i].casename, setplabel_ddesc[i] );
|
|
fail = 1;
|
|
break;
|
|
default:
|
|
RAWINC(setplabel_dinfo0[i].casenum,
|
|
setplabel_dinfo0[i].casename );
|
|
incomplete = 1;
|
|
break; /* Incomplete */
|
|
}
|
|
flush_raw_log();
|
|
}
|
|
/*
|
|
* Return 0, 1, or 2 to calling function, which records
|
|
* result in summary log. If ANY case failed or was
|
|
* incomplete, the whole test is recorded as failed or
|
|
* incomplete. Incomplete supercedes fail.
|
|
*/
|
|
if (incomplete)
|
|
return(INCOMPLETE);
|
|
if (fail)
|
|
return(FAIL);
|
|
return(PASS);
|
|
}
|
|
|
|
/*
|
|
* This function sets up the conditions for a given case based on the
|
|
* parameters passed in the structure. Then it does the test and
|
|
* returns 0, 1, or 2 for PASS, FAIL, or INCOMPLETE, respectively.
|
|
*/
|
|
static int
|
|
setplabel_proc0(struct macinfo_2 *parmsptr)
|
|
{
|
|
char testname[SLEN]; /* used to write to logfiles */
|
|
char namestring[MSGLEN]; /* Used in error messages. */
|
|
int retval = 0; /* Return value of test call. */
|
|
mac_t testptr; /* MAC label pointer for test call. */
|
|
pid_t forkval; /* Returned value of fork call. */
|
|
int status; /* For wait. */
|
|
int loc_errno; /* Saves test call errno. */
|
|
|
|
strcpy(testname,"setplabel_proc");
|
|
sprintf(namestring, "%s, case %d, %s:\n ", testname,
|
|
parmsptr->casenum, parmsptr->casename);
|
|
|
|
/*
|
|
* Fork a child to do setup and test call.
|
|
*/
|
|
if ( ( forkval = fork() ) == -1 ) {
|
|
w_error(SYSCALL, namestring, err[F_FORK], errno);
|
|
return(INCOMPLETE);
|
|
}
|
|
|
|
if ( forkval ) {
|
|
/*
|
|
* This is the parent. Wait for child and return
|
|
* 2 on unexpected error. Otherwise, return child's
|
|
* exit code.
|
|
*/
|
|
if ( wait(&status) == -1 ) {
|
|
w_error(SYSCALL, namestring, err[F_WAIT], errno);
|
|
return(INCOMPLETE);
|
|
}
|
|
if ( !WIFEXITED(status) ) {
|
|
w_error(GENERAL, namestring, err[C_NOTEXIT], 0);
|
|
return(INCOMPLETE);
|
|
}
|
|
return(WEXITSTATUS(status) );
|
|
}
|
|
|
|
/*
|
|
* This is the child.
|
|
*/
|
|
|
|
|
|
/*
|
|
* As suser, set process label to initial value.
|
|
*/
|
|
testptr = mac_get_proc();
|
|
testptr->ml_msen_type = parmsptr->O_msen;
|
|
testptr->ml_mint_type = parmsptr->O_mint;
|
|
if ( cap_setplabel(testptr) ) {
|
|
w_error(SYSCALL,namestring,err[F_SETPLABEL],errno);
|
|
exit(INCOMPLETE);
|
|
}
|
|
mac_free(testptr);
|
|
|
|
/*
|
|
* Set process euid to test uid and verify.
|
|
*/
|
|
if ( ( cap_setreuid(-1, parmsptr->uid) ) == -1 ) {
|
|
w_error(SYSCALL, namestring, err[SETREUID_S], errno);
|
|
exit(INCOMPLETE);
|
|
}
|
|
if ( geteuid() != parmsptr->uid ) {
|
|
w_error(GENERAL, namestring, err[BADUIDS_S], 0);
|
|
exit(INCOMPLETE);
|
|
}
|
|
|
|
/*
|
|
* Malloc a mac_label pointer for test call and
|
|
* set up the buffer.
|
|
*/
|
|
testptr = mac_get_proc();
|
|
testptr->ml_msen_type = parmsptr->S_msen;
|
|
testptr->ml_mint_type = parmsptr->S_mint;
|
|
/*
|
|
* Here's the test:
|
|
*/
|
|
if (parmsptr->c_flag != 0) {
|
|
retval = cap_setplabel(testptr);
|
|
}else{
|
|
retval = mac_set_proc(testptr);
|
|
}
|
|
loc_errno = errno;
|
|
mac_free(testptr);
|
|
|
|
/*
|
|
* For positive cases: retval should be 0.
|
|
*/
|
|
if ( parmsptr->expect_success == PASS ) {
|
|
if ( retval == -1 ) {
|
|
w_error(SYSCALL, namestring, err[TESTCALL], loc_errno);
|
|
exit(FAIL);
|
|
}
|
|
if ( retval != 0 ) {
|
|
w_error(PRINTNUM, namestring, err[TEST_RETVAL],retval);
|
|
exit(FAIL);
|
|
}
|
|
exit(PASS);
|
|
}
|
|
|
|
/*
|
|
* For negative test cases, retval should be -1 and
|
|
* errno should equal parmsptr->expect_errno. If not,
|
|
* write error message. Exit 0 for PASS, 1 for FAIL.
|
|
*/
|
|
if ( retval != -1 ) {
|
|
w_error(PRINTNUM, namestring, err[TEST_RETVAL],retval);
|
|
exit(FAIL);
|
|
}
|
|
if ( loc_errno != parmsptr->expect_errno ) {
|
|
w_error(SYSCALL, namestring, err[TEST_ERRNO],loc_errno);
|
|
exit(FAIL);
|
|
}
|
|
exit(PASS);
|
|
return(PASS);
|
|
}
|