[linux-seccomp.git] / libseccomp / tests / util.c

/**
 * Seccomp Library utility code for tests
 *
 * Copyright (c) 2012 Red Hat <eparis@redhat.com>
 * Author: Eric Paris <eparis@redhat.com>
 */

/*
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of version 2.1 of the GNU Lesser General Public License as
 * published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
 * for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this library; if not, see <http://www.gnu.org/licenses>.
 */

#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <seccomp.h>

#include "util.h"

/**
 * SIGSYS signal handler
 * @param nr the signal number
 * @param info siginfo_t pointer
 * @param void_context handler context
 *
 * Simple signal handler for SIGSYS which exits with error code 161.
 *
 */
static void _trap_handler(int signal, siginfo_t *info, void *ctx)
{
	_exit(161);
}

/**
 * Parse the arguments passed to main
 * @param argc the argument count
 * @param argv the argument pointer
 * @param opts the options structure
 *
 * This function parses the arguments passed to the test from the command line.
 * Returns zero on success and negative values on failure.
 *
 */
int util_getopt(int argc, char *argv[], struct util_options *opts)
{
	int rc = 0;

	if (opts == NULL)
		return -EFAULT;

	memset(opts, 0, sizeof(*opts));
	while (1) {
		int c, option_index = 0;
		const struct option long_options[] = {
			{"bpf", no_argument, &(opts->bpf_flg), 1},
			{"pfc", no_argument, &(opts->bpf_flg), 0},
			{0, 0, 0, 0},
		};

		c = getopt_long(argc, argv, "bp",
				long_options, &option_index);
		if (c == -1)
			break;

		switch (c) {
		case 0:
			break;
		case 'b':
			opts->bpf_flg = 1;
			break;
		case 'p':
			opts->bpf_flg = 0;
			break;
		default:
			rc = -EINVAL;
			break;
		}
	}

	if (rc == -EINVAL || optind < argc) {
		fprintf(stderr, "usage %s: [--bpf,-b] [--pfc,-p]\n", argv[0]);
		rc = -EINVAL;
	}

	return rc;
}

/**
 * Output the filter in either BPF or PFC
 * @param opts the options structure
 * @param ctx the filter context
 *
 * This function outputs the seccomp filter to stdout in either BPF or PFC
 * format depending on the test paramaeters supplied by @opts.
 *
 */
int util_filter_output(const struct util_options *opts,
		       const scmp_filter_ctx ctx)
{
	int rc;

	if (opts == NULL)
		return -EFAULT;

	if (opts->bpf_flg)
		rc = seccomp_export_bpf(ctx, STDOUT_FILENO);
	else
		rc = seccomp_export_pfc(ctx, STDOUT_FILENO);

	return rc;
}

/**
 * Install a TRAP action signal handler
 *
 * This function installs the TRAP action signal handler and is based on
 * examples from Will Drewry and Kees Cook.  Returns zero on success, negative
 * values on failure.
 *
 */
int util_trap_install(void)
{
	struct sigaction signal_handler;
	sigset_t signal_mask;

	memset(&signal_handler, 0, sizeof(signal_handler));
	sigemptyset(&signal_mask);
	sigaddset(&signal_mask, SIGSYS);

	signal_handler.sa_sigaction = &_trap_handler;
	signal_handler.sa_flags = SA_SIGINFO;
	if (sigaction(SIGSYS, &signal_handler, NULL) < 0)
		return -errno;
	if (sigprocmask(SIG_UNBLOCK, &signal_mask, NULL))
		return -errno;

	return 0;
}

/**
 * Parse a filter action string into an action value
 * @param action the action string
 *
 * Parse a seccomp action string into the associated integer value.  Returns
 * the correct value on success, -1 on failure.
 *
 */
int util_action_parse(const char *action)
{
	if (action == NULL)
		return -1;

	if (strcasecmp(action, "KILL") == 0)
		return SCMP_ACT_KILL;
	else if (strcasecmp(action, "TRAP") == 0)
		return SCMP_ACT_TRAP;
	else if (strcasecmp(action, "ERRNO") == 0)
		return SCMP_ACT_ERRNO(163);
	else if (strcasecmp(action, "TRACE") == 0)
		return -1; /* not yet supported */
	else if (strcasecmp(action, "ALLOW") == 0)
		return SCMP_ACT_ALLOW;

	return -1;
}

/**
 * Write a string to a file
 * @param path the file path
 *
 * Open the specified file, write a string to the file, and close the file.
 * Return zero on success, negative values on error.
 *
 */
int util_file_write(const char *path)
{
	int fd;
	const char buf[] = "testing";
	ssize_t buf_len = strlen(buf);

	fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
	if (fd < 0)
		return errno;
	if (write(fd, buf, buf_len) < buf_len) {
		int rc = errno;
		close(fd);
		return rc;
	}
	if (close(fd) < 0)
		return errno;

	return 0;
}
Commit	Line	Data
8befd5cc MG	1	/**
	2	* Seccomp Library utility code for tests
	3	*
	4	* Copyright (c) 2012 Red Hat <eparis@redhat.com>
	5	* Author: Eric Paris <eparis@redhat.com>
	6	*/
	7
	8	/*
	9	* This library is free software; you can redistribute it and/or modify it
	10	* under the terms of version 2.1 of the GNU Lesser General Public License as
	11	* published by the Free Software Foundation.
	12	*
	13	* This library is distributed in the hope that it will be useful, but WITHOUT
	14	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	15	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
	16	* for more details.
	17	*
	18	* You should have received a copy of the GNU Lesser General Public License
	19	* along with this library; if not, see <http://www.gnu.org/licenses>.
	20	*/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <getopt.h>
	25	#include <signal.h>
	26	#include <stdio.h>
	27	#include <string.h>
	28	#include <unistd.h>
	29	#include <sys/types.h>
	30	#include <sys/stat.h>
	31
	32	#include <seccomp.h>
	33
	34	#include "util.h"
	35
	36	/**
	37	* SIGSYS signal handler
	38	* @param nr the signal number
	39	* @param info siginfo_t pointer
	40	* @param void_context handler context
	41	*
	42	* Simple signal handler for SIGSYS which exits with error code 161.
	43	*
	44	*/
	45	static void _trap_handler(int signal, siginfo_t info, void ctx)
	46	{
	47	_exit(161);
	48	}
	49
	50	/**
	51	* Parse the arguments passed to main
	52	* @param argc the argument count
	53	* @param argv the argument pointer
	54	* @param opts the options structure
	55	*
	56	* This function parses the arguments passed to the test from the command line.
	57	* Returns zero on success and negative values on failure.
	58	*
	59	*/
	60	int util_getopt(int argc, char argv[], struct util_options opts)
	61	{
	62	int rc = 0;
	63
	64	if (opts == NULL)
65	return -EFAULT;
66
67	memset(opts, 0, sizeof(*opts));
68	while (1) {
69	int c, option_index = 0;
70	const struct option long_options[] = {
71	{"bpf", no_argument, &(opts->bpf_flg), 1},
72	{"pfc", no_argument, &(opts->bpf_flg), 0},
73	{0, 0, 0, 0},
74	};
75
76	c = getopt_long(argc, argv, "bp",
77	long_options, &option_index);
78	if (c == -1)
79	break;
80
81	switch (c) {
82	case 0:
83	break;
84	case 'b':
85	opts->bpf_flg = 1;
86	break;
87	case 'p':
88	opts->bpf_flg = 0;
89	break;
90	default:
91	rc = -EINVAL;
92	break;
93	}
94	}
95
96	if (rc == -EINVAL \|\| optind < argc) {
97	fprintf(stderr, "usage %s: [--bpf,-b] [--pfc,-p]\n", argv[0]);
98	rc = -EINVAL;
99	}
100
101	return rc;
102	}
103
104	/**
105	* Output the filter in either BPF or PFC
106	* @param opts the options structure
107	* @param ctx the filter context
108	*
109	* This function outputs the seccomp filter to stdout in either BPF or PFC
110	* format depending on the test paramaeters supplied by @opts.
111	*
112	*/
113	int util_filter_output(const struct util_options *opts,
114	const scmp_filter_ctx ctx)
115	{
116	int rc;
117
118	if (opts == NULL)
119	return -EFAULT;
120
121	if (opts->bpf_flg)
122	rc = seccomp_export_bpf(ctx, STDOUT_FILENO);
123	else
124	rc = seccomp_export_pfc(ctx, STDOUT_FILENO);
125
126	return rc;
127	}
128
129	/**
130	* Install a TRAP action signal handler
131	*
132	* This function installs the TRAP action signal handler and is based on
133	* examples from Will Drewry and Kees Cook. Returns zero on success, negative
134	* values on failure.
135	*
136	*/
137	int util_trap_install(void)
138	{
139	struct sigaction signal_handler;
140	sigset_t signal_mask;
141
142	memset(&signal_handler, 0, sizeof(signal_handler));
143	sigemptyset(&signal_mask);
144	sigaddset(&signal_mask, SIGSYS);
145
146	signal_handler.sa_sigaction = &_trap_handler;
147	signal_handler.sa_flags = SA_SIGINFO;
148	if (sigaction(SIGSYS, &signal_handler, NULL) < 0)
149	return -errno;
150	if (sigprocmask(SIG_UNBLOCK, &signal_mask, NULL))
151	return -errno;
152
153	return 0;
154	}
155
156	/**
157	* Parse a filter action string into an action value
158	* @param action the action string
159	*
160	* Parse a seccomp action string into the associated integer value. Returns
161	* the correct value on success, -1 on failure.
162	*
163	*/
164	int util_action_parse(const char *action)
165	{
166	if (action == NULL)
167	return -1;
168
169	if (strcasecmp(action, "KILL") == 0)
170	return SCMP_ACT_KILL;
171	else if (strcasecmp(action, "TRAP") == 0)
172	return SCMP_ACT_TRAP;
173	else if (strcasecmp(action, "ERRNO") == 0)
174	return SCMP_ACT_ERRNO(163);
175	else if (strcasecmp(action, "TRACE") == 0)
176	return -1; /* not yet supported */
177	else if (strcasecmp(action, "ALLOW") == 0)
178	return SCMP_ACT_ALLOW;
179
180	return -1;
181	}
182
183	/**
184	* Write a string to a file
185	* @param path the file path
186	*
187	* Open the specified file, write a string to the file, and close the file.
188	* Return zero on success, negative values on error.
189	*
190	*/
191	int util_file_write(const char *path)
192	{
193	int fd;
194	const char buf[] = "testing";
195	ssize_t buf_len = strlen(buf);
196
197	fd = open(path, O_WRONLY \| O_CREAT, S_IRUSR \| S_IWUSR);
198	if (fd < 0)
199	return errno;
200	if (write(fd, buf, buf_len) < buf_len) {
201	int rc = errno;
202	close(fd);
203	return rc;
204	}
205	if (close(fd) < 0)
206	return errno;
207
208	return 0;
209	}