The unix_socket operations for testing getopt and setopt permissions were occurring back to back. This patch breaks them up into "pre-bind" and "post-bind" operations. The setopt operation now occurs pre-bind while the getopt operation happens post-bind. This allows for the test policy to test setopt without an addr= conditional and to test getopt with an addr= conditional.
Additionally, the wrapper functions that call setsockopt()/getsockopt() are moved into a new file that both unix_socket.c and unix_socket_client.c can reuse. Signed-off-by: Tyler Hicks <[email protected]> --- * New patch for v3 tests/regression/apparmor/Makefile | 11 ++++- tests/regression/apparmor/unix_socket.c | 44 +++++-------------- tests/regression/apparmor/unix_socket_client.c | 42 +++++------------- tests/regression/apparmor/unix_socket_common.c | 60 ++++++++++++++++++++++++++ tests/regression/apparmor/unix_socket_common.h | 18 ++++++++ 5 files changed, 109 insertions(+), 66 deletions(-) create mode 100644 tests/regression/apparmor/unix_socket_common.c create mode 100644 tests/regression/apparmor/unix_socket_common.h diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile index 8b8db0e..2ef8aca 100644 --- a/tests/regression/apparmor/Makefile +++ b/tests/regression/apparmor/Makefile @@ -227,6 +227,15 @@ dbus_service: dbus_message dbus_service.c dbus_common.o dbus_unrequested_reply: dbus_service dbus_unrequested_reply.c dbus_common.o ${CC} ${CFLAGS} ${LDFLAGS} $(filter-out dbus_service, $^) -o $@ ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1) +unix_socket_common.o: unix_socket_common.c unix_socket_common.h + ${CC} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS} + +unix_socket_client: unix_socket_client.c unix_socket_common.o + ${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS} + +unix_socket: unix_socket.c unix_socket_common.o unix_socket_client + ${CC} ${CFLAGS} ${LDFLAGS} $(filter-out unix_socket_client, $^) -o $@ ${LDLIBS} + tests: all @if [ `whoami` = "root" ] ;\ then \ @@ -266,6 +275,6 @@ alltests: all fi clean: - rm -f $(EXEC) dbus_common.o uservars.inc + rm -f $(EXEC) dbus_common.o unix_socket_common.o uservars.inc regex.sh: open exec diff --git a/tests/regression/apparmor/unix_socket.c b/tests/regression/apparmor/unix_socket.c index 1b89c45..fe593d3 100644 --- a/tests/regression/apparmor/unix_socket.c +++ b/tests/regression/apparmor/unix_socket.c @@ -22,6 +22,8 @@ #include <sys/un.h> #include <unistd.h> +#include "unix_socket_common.h" + #define MSG_BUF_MAX 1024 static int connection_based_messaging(int sock, char *msg_buf, @@ -80,36 +82,6 @@ static int connectionless_messaging(int sock, char *msg_buf, size_t msg_buf_len) return 0; } -static int get_set_sock_io_timeo(int sock) -{ - struct timeval tv; - socklen_t tv_len = sizeof(tv); - int rc; - - rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len); - if (rc == -1) { - perror("FAIL - getsockopt"); - return 1; - } - - tv.tv_sec = 1; - tv.tv_usec = 0; - - rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len); - if (rc == -1) { - perror("FAIL - setsockopt (SO_RCVTIMEO)"); - return 1; - } - - rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len); - if (rc == -1) { - perror("FAIL - setsockopt (SO_SNDTIMEO)"); - return 1; - } - - return 0; -} - int main (int argc, char *argv[]) { struct sockaddr_un addr; @@ -175,6 +147,10 @@ int main (int argc, char *argv[]) exit(1); } + rc = set_sock_io_timeo(sock); + if (rc) + exit(1); + rc = bind(sock, (struct sockaddr *)&addr, sun_path_len + sizeof(addr.sun_family)); if (rc < 0) { @@ -190,6 +166,10 @@ int main (int argc, char *argv[]) } } + rc = get_sock_io_timeo(sock); + if (rc) + exit(1); + pid = fork(); if (pid < 0) { perror("FAIL - fork"); @@ -200,10 +180,6 @@ int main (int argc, char *argv[]) exit(1); } - rc = get_set_sock_io_timeo(sock); - if (rc) - exit(1); - rc = (type & SOCK_STREAM || type & SOCK_SEQPACKET) ? connection_based_messaging(sock, msg_buf, msg_buf_len) : connectionless_messaging(sock, msg_buf, msg_buf_len); diff --git a/tests/regression/apparmor/unix_socket_client.c b/tests/regression/apparmor/unix_socket_client.c index 015c41d..b9da92b 100644 --- a/tests/regression/apparmor/unix_socket_client.c +++ b/tests/regression/apparmor/unix_socket_client.c @@ -22,6 +22,8 @@ #include <sys/un.h> #include <unistd.h> +#include "unix_socket_common.h" + #define MSG_BUF_MAX 1024 #define SUN_PATH_SUFFIX ".client" @@ -33,6 +35,10 @@ static int connection_based_messaging(int sock, struct sockaddr_un *peer_addr, char msg_buf[MSG_BUF_MAX]; int rc; + rc = get_sock_io_timeo(sock); + if (rc) + return 1; + rc = connect(sock, (struct sockaddr *)peer_addr, peer_addr_len); if (rc < 0) { perror("FAIL CLIENT - connect"); @@ -87,6 +93,10 @@ static int connectionless_messaging(int sock, struct sockaddr_un *peer_addr, return 1; } + rc = get_sock_io_timeo(sock); + if (rc) + return 1; + rc = sendto(sock, NULL, 0, 0, (struct sockaddr *)peer_addr, len); if (rc < 0) { perror("FAIL CLIENT - sendto"); @@ -109,36 +119,6 @@ static int connectionless_messaging(int sock, struct sockaddr_un *peer_addr, return 0; } -static int get_set_sock_io_timeo(int sock) -{ - struct timeval tv; - socklen_t tv_len = sizeof(tv); - int rc; - - rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len); - if (rc == -1) { - perror("FAIL - getsockopt"); - return 1; - } - - tv.tv_sec = 1; - tv.tv_usec = 0; - - rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len); - if (rc == -1) { - perror("FAIL - setsockopt (SO_RCVTIMEO)"); - return 1; - } - - rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len); - if (rc == -1) { - perror("FAIL - setsockopt (SO_SNDTIMEO)"); - return 1; - } - - return 0; -} - static int test_getattr(int sock) { struct sockaddr_un addr; @@ -208,7 +188,7 @@ int main(int argc, char *argv[]) exit(1); } - rc = get_set_sock_io_timeo(sock); + rc = set_sock_io_timeo(sock); if (rc) exit(1); diff --git a/tests/regression/apparmor/unix_socket_common.c b/tests/regression/apparmor/unix_socket_common.c new file mode 100644 index 0000000..5ae2ec6 --- /dev/null +++ b/tests/regression/apparmor/unix_socket_common.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2014 Canonical, Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, contact Canonical Ltd. + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/socket.h> + +#include "unix_socket_common.h" + +int get_sock_io_timeo(int sock) +{ + struct timeval tv; + socklen_t tv_len = sizeof(tv); + int rc; + + rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len); + if (rc == -1) { + perror("FAIL - getsockopt"); + return 1; + } + + return 0; +} + +int set_sock_io_timeo(int sock) +{ + struct timeval tv; + socklen_t tv_len = sizeof(tv); + int rc; + + tv.tv_sec = 1; + tv.tv_usec = 0; + + rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len); + if (rc == -1) { + perror("FAIL - setsockopt (SO_RCVTIMEO)"); + return 1; + } + + rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len); + if (rc == -1) { + perror("FAIL - setsockopt (SO_SNDTIMEO)"); + return 1; + } + + return 0; +} diff --git a/tests/regression/apparmor/unix_socket_common.h b/tests/regression/apparmor/unix_socket_common.h new file mode 100644 index 0000000..94349ed --- /dev/null +++ b/tests/regression/apparmor/unix_socket_common.h @@ -0,0 +1,18 @@ +/* + * Copyright (C) 2014 Canonical, Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, contact Canonical Ltd. + */ + +int get_sock_io_timeo(int sock); +int set_sock_io_timeo(int sock); -- 2.1.0 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
