• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (c) 2019 FUJITSU LIMITED. All rights reserved.
4  * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
5  *
6  * Test PR_GET_SECCOMP and PR_SET_SECCOMP of prctl(2).
7  * 1) If PR_SET_SECCOMP sets the SECCOMP_MODE_STRICT for the calling thread,
8  *    the only system call that the thread is permitted to make are read(2),
9  *    write(2),_exit(2)(but not exit_group(2)), and sigreturn(2).  Other
10  *    system calls result in the delivery of a SIGKILL signal. This operation
11  *    is available only if the kernel is configured with CONFIG_SECCOMP enabled.
12  * 2) If PR_SET_SECCOMP sets the SECCOMP_MODE_FILTER for the calling thread,
13  *    the system calls allowed are defined by a pointer to a Berkeley Packet
14  *    Filter. Other system calls result int the delivery of a SIGSYS signal
15  *    with SECCOMP_RET_KILL. The SECCOMP_SET_MODE_FILTER operation is available
16  *    only if the kernel is configured with CONFIG_SECCOMP_FILTER enabled.
17  * 3) If SECCOMP_MODE_FILTER filters permit fork(2), then the seccomp mode
18  *    is inherited by children created by fork(2).
19  */
20 
21 #include <errno.h>
22 #include <signal.h>
23 #include <sys/prctl.h>
24 #include <sys/wait.h>
25 #include <sys/types.h>
26 #include <linux/filter.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <stddef.h>
30 #include "tst_test.h"
31 #include "lapi/syscalls.h"
32 #include "lapi/prctl.h"
33 #include "config.h"
34 #include "lapi/seccomp.h"
35 
36 #define FNAME "filename"
37 
38 static const struct sock_filter  strict_filter[] = {
39 	BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (offsetof (struct seccomp_data, nr))),
40 
41 	BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_close, 5, 0),
42 	BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_exit,  4, 0),
43 	BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_wait4, 3, 0),
44 	BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_write, 2, 0),
45 	BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_clone, 1, 0),
46 
47 	BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),
48 	BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW)
49 };
50 
51 static const struct sock_fprog  strict = {
52 	.len = (unsigned short)ARRAY_SIZE(strict_filter),
53 	.filter = (struct sock_filter *)strict_filter
54 };
55 
56 static void check_strict_mode(int);
57 static void check_filter_mode(int);
58 
59 static struct tcase {
60 	void (*func_check)();
61 	int pass_flag;
62 	int val;
63 	int exp_signal;
64 	char *message;
65 } tcases[] = {
66 	{check_strict_mode, 1, 1, SIGKILL,
67 	"SECCOMP_MODE_STRICT doesn't permit GET_SECCOMP call"},
68 
69 	{check_strict_mode, 0, 2, SIGKILL,
70 	"SECCOMP_MODE_STRICT doesn't permit read(2) write(2) and _exit(2)"},
71 
72 	{check_strict_mode, 1, 3, SIGKILL,
73 	"SECCOMP_MODE_STRICT doesn't permit close(2)"},
74 
75 	{check_filter_mode, 1, 1, SIGSYS,
76 	"SECCOMP_MODE_FILTER doestn't permit GET_SECCOMP call"},
77 
78 	{check_filter_mode, 0, 2, SIGSYS,
79 	"SECCOMP_MODE_FILTER doesn't permit close(2)"},
80 
81 	{check_filter_mode, 2, 3, SIGSYS,
82 	"SECCOMP_MODE_FILTER doesn't permit exit()"},
83 
84 	{check_filter_mode, 0, 4, SIGSYS,
85 	"SECCOMP_MODE_FILTER doesn't permit exit()"}
86 };
87 
check_filter_mode_inherit(void)88 static void check_filter_mode_inherit(void)
89 {
90 	int childpid;
91 	int childstatus;
92 
93 	childpid = SAFE_FORK();
94 	if (childpid == 0) {
95 		tst_res(TPASS, "SECCOMP_MODE_FILTER permits fork(2)");
96 		exit(0);
97 	}
98 
99 	wait4(childpid, &childstatus, 0, NULL);
100 	if (WIFSIGNALED(childstatus) && WTERMSIG(childstatus) == SIGSYS)
101 		tst_res(TPASS,
102 			"SECCOMP_MODE_FILTER has been inherited by child");
103 	else
104 		tst_res(TFAIL,
105 			"SECCOMP_MODE_FILTER isn't been inherited by child");
106 }
107 
check_strict_mode(int val)108 static void check_strict_mode(int val)
109 {
110 	int fd;
111 	char buf[2];
112 
113 	fd = SAFE_OPEN(FNAME, O_RDWR | O_CREAT, 0666);
114 
115 	TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT));
116 	if (TST_RET == -1) {
117 		tst_res(TFAIL | TTERRNO,
118 			"prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_STRICT failed");
119 		return;
120 	}
121 
122 	switch (val) {
123 	case 1:
124 		tst_res(TPASS,
125 			"prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_STRICT succeed");
126 		prctl(PR_GET_SECCOMP);
127 		tst_res(TFAIL, "prctl(PR_GET_SECCOMP) succeed unexpectedly");
128 	break;
129 	case 2:
130 		SAFE_WRITE(1, fd, "a", 1);
131 		SAFE_READ(0, fd, buf, 1);
132 		tst_res(TPASS,
133 			"SECCOMP_MODE_STRICT permits read(2) write(2) and _exit(2)");
134 	break;
135 	case 3:
136 		close(fd);
137 		tst_res(TFAIL,
138 			"SECCOMP_MODE_STRICT permits close(2) unexpectdly");
139 	break;
140 	}
141 
142 	tst_syscall(__NR_exit, 0);
143 }
144 
check_filter_mode(int val)145 static void check_filter_mode(int val)
146 {
147 	int fd;
148 
149 	fd = SAFE_OPEN(FNAME, O_RDWR | O_CREAT, 0666);
150 
151 	TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict));
152 	if (TST_RET == -1) {
153 		if (TST_ERR == EINVAL)
154 			tst_res(TCONF,
155 				"kernel doesn't support SECCOMP_MODE_FILTER");
156 		else
157 			tst_res(TFAIL | TERRNO,
158 				"prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed");
159 		return;
160 	}
161 
162 	switch (val) {
163 	case 1:
164 		tst_res(TPASS,
165 			"prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER succeed");
166 		prctl(PR_GET_SECCOMP);
167 		tst_res(TFAIL, "prctl(PR_GET_SECCOMP) succeed unexpectedly");
168 	break;
169 	case 2:
170 		close(fd);
171 		tst_res(TPASS, "SECCOMP_MODE_FILTER permits close(2)");
172 	break;
173 	case 3:
174 		exit(0);
175 	break;
176 	case 4:
177 		check_filter_mode_inherit();
178 	break;
179 	}
180 
181 	tst_syscall(__NR_exit, 0);
182 }
183 
verify_prctl(unsigned int n)184 static void verify_prctl(unsigned int n)
185 {
186 	int pid;
187 	int status;
188 	struct tcase *tc = &tcases[n];
189 
190 	pid = SAFE_FORK();
191 	if (pid == 0) {
192 		tc->func_check(tc->val);
193 	} else {
194 		SAFE_WAITPID(pid, &status, 0);
195 		if (WIFSIGNALED(status) && WTERMSIG(status) == tc->exp_signal) {
196 			if (tc->pass_flag)
197 				tst_res(TPASS, "%s", tc->message);
198 			else
199 				tst_res(TFAIL, "%s", tc->message);
200 			return;
201 		}
202 
203 		if (tc->pass_flag == 2)
204 			tst_res(TFAIL,
205 				"SECCOMP_MODE_FILTER permits exit() unexpectedly");
206 	}
207 }
208 
setup(void)209 static void setup(void)
210 {
211 	TEST(prctl(PR_GET_SECCOMP));
212 	if (TST_RET == 0) {
213 		tst_res(TINFO, "kernel support PR_GET/SET_SECCOMP");
214 		return;
215 	}
216 
217 	if (TST_ERR == EINVAL)
218 		tst_brk(TCONF, "kernel doesn't support PR_GET/SET_SECCOMP");
219 
220 	tst_brk(TBROK | TTERRNO,
221 		"current environment doesn't permit PR_GET/SET_SECCOMP");
222 }
223 
224 static struct tst_test test = {
225 	.setup = setup,
226 	.test = verify_prctl,
227 	.tcnt = ARRAY_SIZE(tcases),
228 	.forks_child = 1,
229 	.needs_tmpdir = 1,
230 	.needs_root = 1,
231 };
232