[linux-seccomp.git] / libseccomp / tests / 08-sim-subtree_checks.c

/**
 * Seccomp Library test program
 *
 * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
 * Author: Paul Moore <paul@paul-moore.com>
 */

/*
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of version 2.1 of the GNU Lesser General Public License as
 * published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
 * for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this library; if not, see <http://www.gnu.org/licenses>.
 */

#include <errno.h>
#include <unistd.h>

#include <seccomp.h>

#include "util.h"

int main(int argc, char *argv[])
{
	int rc;
	struct util_options opts;
	scmp_filter_ctx ctx = NULL;

	rc = util_getopt(argc, argv, &opts);
	if (rc < 0)
		goto out;

	ctx = seccomp_init(SCMP_ACT_KILL);
	if (ctx == NULL)
		return ENOMEM;

	/* the syscall and argument numbers are all fake to make the test
	 * simpler */

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 2,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 1,
				    SCMP_A1(SCMP_CMP_EQ, 1));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 1,
				    SCMP_A1(SCMP_CMP_EQ, 1));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 2,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1002, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 3));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1002, 2,
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1003, 2,
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1003, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 3));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 3));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 2,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 11));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 33));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 2,
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 2,
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 3));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 2,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 11));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 4,
				    SCMP_A0(SCMP_CMP_EQ, 0),
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2),
				    SCMP_A3(SCMP_CMP_EQ, 33));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 2,
				    SCMP_A1(SCMP_CMP_NE, 1),
				    SCMP_A2(SCMP_CMP_EQ, 0));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 2,
				    SCMP_A1(SCMP_CMP_EQ, 1),
				    SCMP_A2(SCMP_CMP_EQ, 2));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 1,
				    SCMP_A1(SCMP_CMP_NE, 1));
	if (rc != 0)
		goto out;

	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1007, 2,
				    SCMP_A2(SCMP_CMP_EQ, 1),
				    SCMP_A3(SCMP_CMP_EQ, 3));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 2,
				    SCMP_A2(SCMP_CMP_EQ, 1),
				    SCMP_A3(SCMP_CMP_NE, 3));
	if (rc != 0)
		goto out;
	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 1,
				    SCMP_A3(SCMP_CMP_NE, 3));
	if (rc != 0)
		goto out;

	rc = util_filter_output(&opts, ctx);
	if (rc)
		goto out;

out:
	seccomp_release(ctx);
	return (rc < 0 ? -rc : rc);
}
Commit	Line	Data
8befd5cc MG	1	/**
	2	* Seccomp Library test program
	3	*
	4	* Copyright (c) 2012 Red Hat <pmoore@redhat.com>
	5	* Author: Paul Moore <paul@paul-moore.com>
	6	*/
	7
	8	/*
	9	* This library is free software; you can redistribute it and/or modify it
	10	* under the terms of version 2.1 of the GNU Lesser General Public License as
	11	* published by the Free Software Foundation.
	12	*
	13	* This library is distributed in the hope that it will be useful, but WITHOUT
	14	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	15	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
	16	* for more details.
	17	*
	18	* You should have received a copy of the GNU Lesser General Public License
	19	* along with this library; if not, see <http://www.gnu.org/licenses>.
	20	*/
	21
	22	#include <errno.h>
	23	#include <unistd.h>
	24
	25	#include <seccomp.h>
	26
	27	#include "util.h"
	28
	29	int main(int argc, char *argv[])
	30	{
	31	int rc;
	32	struct util_options opts;
	33	scmp_filter_ctx ctx = NULL;
	34
	35	rc = util_getopt(argc, argv, &opts);
	36	if (rc < 0)
	37	goto out;
	38
	39	ctx = seccomp_init(SCMP_ACT_KILL);
	40	if (ctx == NULL)
	41	return ENOMEM;
	42
	43	/* the syscall and argument numbers are all fake to make the test
	44	* simpler */
	45
	46	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 2,
	47	SCMP_A0(SCMP_CMP_EQ, 0),
	48	SCMP_A1(SCMP_CMP_EQ, 1));
	49	if (rc != 0)
	50	goto out;
	51	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 1,
	52	SCMP_A1(SCMP_CMP_EQ, 1));
	53	if (rc != 0)
	54	goto out;
	55
	56	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 1,
	57	SCMP_A1(SCMP_CMP_EQ, 1));
	58	if (rc != 0)
	59	goto out;
	60	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1001, 2,
	61	SCMP_A0(SCMP_CMP_EQ, 0),
	62	SCMP_A1(SCMP_CMP_EQ, 1));
	63	if (rc != 0)
	64	goto out;
65
66	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1002, 4,
67	SCMP_A0(SCMP_CMP_EQ, 0),
68	SCMP_A1(SCMP_CMP_EQ, 1),
69	SCMP_A2(SCMP_CMP_EQ, 2),
70	SCMP_A3(SCMP_CMP_EQ, 3));
71	if (rc != 0)
72	goto out;
73	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1002, 2,
74	SCMP_A1(SCMP_CMP_EQ, 1),
75	SCMP_A2(SCMP_CMP_EQ, 2));
76	if (rc != 0)
77	goto out;
78
79	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1003, 2,
80	SCMP_A1(SCMP_CMP_EQ, 1),
81	SCMP_A2(SCMP_CMP_EQ, 2));
82	if (rc != 0)
83	goto out;
84	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1003, 4,
85	SCMP_A0(SCMP_CMP_EQ, 0),
86	SCMP_A1(SCMP_CMP_EQ, 1),
87	SCMP_A2(SCMP_CMP_EQ, 2),
88	SCMP_A3(SCMP_CMP_EQ, 3));
89	if (rc != 0)
90	goto out;
91
92	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 4,
93	SCMP_A0(SCMP_CMP_EQ, 0),
94	SCMP_A1(SCMP_CMP_EQ, 1),
95	SCMP_A2(SCMP_CMP_EQ, 2),
96	SCMP_A3(SCMP_CMP_EQ, 3));
97	if (rc != 0)
98	goto out;
99	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 2,
100	SCMP_A0(SCMP_CMP_EQ, 0),
101	SCMP_A1(SCMP_CMP_EQ, 11));
102	if (rc != 0)
103	goto out;
104	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 4,
105	SCMP_A0(SCMP_CMP_EQ, 0),
106	SCMP_A1(SCMP_CMP_EQ, 1),
107	SCMP_A2(SCMP_CMP_EQ, 2),
108	SCMP_A3(SCMP_CMP_EQ, 33));
109	if (rc != 0)
110	goto out;
111	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1004, 2,
112	SCMP_A1(SCMP_CMP_EQ, 1),
113	SCMP_A2(SCMP_CMP_EQ, 2));
114	if (rc != 0)
115	goto out;
116
117	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 2,
118	SCMP_A1(SCMP_CMP_EQ, 1),
119	SCMP_A2(SCMP_CMP_EQ, 2));
120	if (rc != 0)
121	goto out;
122	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 4,
123	SCMP_A0(SCMP_CMP_EQ, 0),
124	SCMP_A1(SCMP_CMP_EQ, 1),
125	SCMP_A2(SCMP_CMP_EQ, 2),
126	SCMP_A3(SCMP_CMP_EQ, 3));
127	if (rc != 0)
128	goto out;
129	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 2,
130	SCMP_A0(SCMP_CMP_EQ, 0),
131	SCMP_A1(SCMP_CMP_EQ, 11));
132	if (rc != 0)
133	goto out;
134	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1005, 4,
135	SCMP_A0(SCMP_CMP_EQ, 0),
136	SCMP_A1(SCMP_CMP_EQ, 1),
137	SCMP_A2(SCMP_CMP_EQ, 2),
138	SCMP_A3(SCMP_CMP_EQ, 33));
139	if (rc != 0)
140	goto out;
141
142	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 2,
143	SCMP_A1(SCMP_CMP_NE, 1),
144	SCMP_A2(SCMP_CMP_EQ, 0));
145	if (rc != 0)
146	goto out;
147	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 2,
148	SCMP_A1(SCMP_CMP_EQ, 1),
149	SCMP_A2(SCMP_CMP_EQ, 2));
150	if (rc != 0)
151	goto out;
152	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1006, 1,
153	SCMP_A1(SCMP_CMP_NE, 1));
154	if (rc != 0)
155	goto out;
156
157	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_TRAP, 1007, 2,
158	SCMP_A2(SCMP_CMP_EQ, 1),
159	SCMP_A3(SCMP_CMP_EQ, 3));
160	if (rc != 0)
161	goto out;
162	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 2,
163	SCMP_A2(SCMP_CMP_EQ, 1),
164	SCMP_A3(SCMP_CMP_NE, 3));
165	if (rc != 0)
166	goto out;
167	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1007, 1,
168	SCMP_A3(SCMP_CMP_NE, 3));
169	if (rc != 0)
170	goto out;
171
172	rc = util_filter_output(&opts, ctx);
173	if (rc)
174	goto out;
175
176	out:
177	seccomp_release(ctx);
178	return (rc < 0 ? -rc : rc);
179	}