RubyGems - script_core - Versions diffs - 0.2.6 → 0.2.7 - Mend

script_core 0.2.6 → 0.2.7

Files changed (191) hide show

data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh ADDED

@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+####
+# functions
+#
+# Dependency check
+#
+# Arguments:
+#     1    Dependency to check for
+#
+function check_deps() {
+	[[ -z "$1" ]] && return
+	which "$1" >& /dev/null
+	return $?
+}
+#
+# Dependency verification
+#
+# Arguments:
+#     1    Dependency to check for
+#
+function verify_deps() {
+	[[ -z "$1" ]] && return
+	if ! check_deps "$1"; then
+		echo "error: install \"$1\" and include it in your \$PATH"
+		exit 1
+	fi
+}
+####
+# functions
+verify_deps diff
+# compare output to the known good output, fail if different
+./55-basic-pfc_binary_tree | \
+	diff -q ${srcdir:=.}/55-basic-pfc_binary_tree.pfc - > /dev/null

data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+test type: basic
+# Test command
+55-basic-pfc_binary_tree.sh

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c ADDED

@@ -0,0 +1,90 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+ * Author: Giuseppe Scrivano <gscrivan@redhat.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <seccomp.h>
+unsigned int arch_list[] = {
+	SCMP_ARCH_NATIVE,
+	SCMP_ARCH_X86,
+	SCMP_ARCH_X86_64,
+	SCMP_ARCH_X32,
+	SCMP_ARCH_ARM,
+	SCMP_ARCH_AARCH64,
+	SCMP_ARCH_MIPS,
+	SCMP_ARCH_MIPS64,
+	SCMP_ARCH_MIPS64N32,
+	SCMP_ARCH_MIPSEL,
+	SCMP_ARCH_MIPSEL64,
+	SCMP_ARCH_MIPSEL64N32,
+	SCMP_ARCH_PPC,
+	SCMP_ARCH_PPC64,
+	SCMP_ARCH_PPC64LE,
+	SCMP_ARCH_S390,
+	SCMP_ARCH_S390X,
+	SCMP_ARCH_PARISC,
+	SCMP_ARCH_PARISC64,
+	SCMP_ARCH_RISCV64,
+	-1
+};
+static int test_arch(int arch, int init)
+{
+	int n, iter = 0;
+	for (iter = init; iter < init + 1000; iter++) {
+		char *name;
+		name = seccomp_syscall_resolve_num_arch(arch, iter);
+		if (name == NULL)
+			continue;
+		n = seccomp_syscall_resolve_name_arch(arch, name);
+		if (n != iter)
+			return 1;
+	}
+	return 0;
+}
+int main(int argc, char *argv[])
+{
+	int iter = 0;
+	for (iter = 0; arch_list[iter] != -1; iter++) {
+		int init = 0;
+		if (arch_list[iter] == SCMP_ARCH_X32)
+			init = 0x40000000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS)
+			init = 4000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS64)
+			init = 5000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS64N32)
+			init = 6000;
+		if (test_arch(arch_list[iter], init) < 0)
+			return 1;
+	}
+	return 0;
+}

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py ADDED

@@ -0,0 +1,65 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+# Author: Giuseppe Scrivano <gscrivan@redhat.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import sys
+import util
+from seccomp import *
+arch_list = ["x86",
+             "x86_64",
+             "x32",
+             "arm",
+             "aarch64",
+             "mipsel",
+             "mipsel64",
+             "mipsel64n32",
+             "ppc64le",
+             "riscv64"]
+def test_arch(arch, init):
+    for i in range(init, init + 1000):
+        sys_name = resolve_syscall(arch, i)
+        if sys_name is None:
+            continue
+        n = resolve_syscall(i, sys_name)
+        if i != n:
+            raise RuntimeError("Test failure")
+def test():
+    for i in arch_list:
+        init = 0
+        if i == "x32":
+            init = 0x40000000
+        elif i == "mipsel":
+            init = 4000
+        elif i == "mipsel64":
+            init = 5000
+        elif i == "mipsel64n32":
+            init = 6000
+        test_arch(Arch(i), init)
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+# Author: Giuseppe Scrivano <gscrivan@redhat.com>
+#
+test type: basic
+# Test command
+56-basic-iterate_syscalls

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c ADDED

@@ -0,0 +1,64 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <seccomp.h>
+#include "util.h"
+int main(int argc, char *argv[])
+{
+	int rc;
+	int fd;
+	scmp_filter_ctx ctx = NULL;
+	rc = seccomp_api_set(3);
+	if (rc != 0)
+		return EOPNOTSUPP;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL) {
+		rc = ENOMEM;
+		goto out;
+	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_SYSRAWRC, 1);
+	if (rc != 0)
+		goto out;
+	/* we must use a closed/invalid fd for this to work */
+	fd = dup(2);
+	close(fd);
+	rc = seccomp_export_pfc(ctx, fd);
+	if (rc == -EBADF)
+		rc = 0;
+	else
+		rc = -1;
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py ADDED

@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import sys
+import os
+import util
+from seccomp import *
+def test():
+    # this test really isn't conclusive, but considering how python does error
+    # handling it may be the best we can do
+    f = SyscallFilter(ALLOW)
+    dummy = open("/dev/null", "w")
+    os.close(dummy.fileno())
+    try:
+        f = f.export_pfc(dummy)
+    except RuntimeError:
+        pass
+test()
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+test type: basic
+# Test command
+57-basic-rawsysrc

data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c ADDED

@@ -0,0 +1,116 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <seccomp.h>
+#include <signal.h>
+#include <syscall.h>
+#include <errno.h>
+#include <stdlib.h>
+#include "util.h"
+#define MAGIC 0x1122334455667788UL
+int main(int argc, char *argv[])
+{
+	int rc, fd = -1, status;
+	struct seccomp_notif *req = NULL;
+	struct seccomp_notif_resp *resp = NULL;
+	scmp_filter_ctx ctx = NULL;
+	pid_t pid = 0;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+	if (rc)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL);
+	if (rc)
+		goto out;
+	rc  = seccomp_load(ctx);
+	if (rc < 0)
+		goto out;
+	rc = seccomp_notify_fd(ctx);
+	if (rc < 0)
+		goto out;
+	fd = rc;
+	pid = fork();
+	if (pid == 0)
+		exit(syscall(SCMP_SYS(getpid)) != MAGIC);
+	rc = seccomp_notify_alloc(&req, &resp);
+	if (rc)
+		goto out;
+	rc = seccomp_notify_receive(fd, req);
+	if (rc)
+		goto out;
+	if (req->data.nr != SCMP_SYS(getpid)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	rc = seccomp_notify_id_valid(fd, req->id);
+	if (rc)
+		goto out;
+	resp->id = req->id;
+	resp->val = MAGIC;
+	resp->error = 0;
+	resp->flags = 0;
+	rc = seccomp_notify_respond(fd, resp);
+	if (rc)
+		goto out;
+	if (waitpid(pid, &status, 0) != pid) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (!WIFEXITED(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (WEXITSTATUS(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+out:
+	if (fd >= 0)
+		close(fd);
+	if (pid)
+		kill(pid, SIGKILL);
+	seccomp_notify_free(req, resp);
+	seccomp_release(ctx);
+	if (rc != 0)
+		return (rc < 0 ? -rc : rc);
+	return 160;
+}