1
0

Seccomp_test.c 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  14. */
  15. #include "util/log/FileWriterLog.h"
  16. #include "memory/Allocator.h"
  17. #include "memory/MallocAllocator.h"
  18. #include "util/Seccomp.h"
  19. #include "util/events/EventBase.h"
  20. #include "util/events/Process.h"
  21. #include "util/events/Pipe.h"
  22. #include "util/events/Timeout.h"
  23. #include "util/CString.h"
  24. #include "crypto/random/Random.h"
  25. static void childComplete(void* vEventBase)
  26. {
  27. EventBase_endLoop((struct EventBase*)vEventBase);
  28. }
  29. static void onConnectionChild(struct Pipe* p, int status)
  30. {
  31. // hax
  32. struct Allocator* alloc = (struct Allocator*) p->iface.receiverContext;
  33. struct Log* logger = p->logger;
  34. Seccomp_dropPermissions(alloc, logger, NULL);
  35. Assert_true(Seccomp_isWorking());
  36. struct Message* ok = Message_new(0, 512, alloc);
  37. Message_push(ok, "OK", 3, NULL);
  38. Interface_sendMessage(&p->iface, ok);
  39. // just set a timeout long enough that we're pretty sure the parent will get the message
  40. // before we quit.
  41. Timeout_setInterval(childComplete, p->base, 10, p->base, alloc);
  42. }
  43. static void timeout(void* vNULL)
  44. {
  45. Assert_true(!"timed out");
  46. }
  47. static int child(char* pipeName, struct Allocator* alloc, struct Log* logger)
  48. {
  49. struct EventBase* eb = EventBase_new(alloc);
  50. struct Pipe* pipe = Pipe_named(pipeName, eb, NULL, alloc);
  51. pipe->onConnection = onConnectionChild;
  52. pipe->logger = logger;
  53. pipe->iface.receiverContext = alloc;
  54. Timeout_setTimeout(timeout, eb, 2000, eb, alloc);
  55. EventBase_beginLoop(eb);
  56. return 0;
  57. }
  58. static uint8_t receiveMessageParent(struct Message* msg, struct Interface* iface)
  59. {
  60. Assert_true(msg->length == 3);
  61. Assert_true(!Bits_memcmp(msg->bytes, "OK", 3));
  62. EventBase_endLoop(iface->receiverContext);
  63. return 0;
  64. }
  65. int main(int argc, char** argv)
  66. {
  67. struct Allocator* alloc = MallocAllocator_new(20000);
  68. struct Log* logger = FileWriterLog_new(stdout, alloc);
  69. if (!Seccomp_exists()) {
  70. Log_debug(logger, "Seccomp not supported on this system");
  71. return 0;
  72. }
  73. if (argc > 3 && !CString_strcmp("Seccomp_test", argv[1]) && !CString_strcmp("child", argv[2])) {
  74. child(argv[3], alloc, logger);
  75. Allocator_free(alloc);
  76. return 0;
  77. }
  78. struct EventBase* eb = EventBase_new(alloc);
  79. struct Random* rand = Random_new(alloc, logger, NULL);
  80. char name[32] = {0};
  81. Random_base32(rand, (uint8_t*)name, 31);
  82. struct Pipe* pipe = Pipe_named(name, eb, NULL, alloc);
  83. pipe->logger = logger;
  84. pipe->iface.receiveMessage = receiveMessageParent;
  85. pipe->iface.receiverContext = eb;
  86. char* path = Process_getPath(alloc);
  87. char* args[] = { "Seccomp_test", "child", name, NULL };
  88. Assert_true(!Process_spawn(path, args, eb, alloc));
  89. Timeout_setTimeout(timeout, NULL, 2000, eb, alloc);
  90. EventBase_beginLoop(eb);
  91. return 0;
  92. }