The unix_socket operations for testing getopt and setopt permissions
were occurring back to back. This patch breaks them up into "pre-bind"
and "post-bind" operations. The setopt operation now occurs pre-bind
while the getopt operation happens post-bind. This allows for the test
policy to test setopt without an addr= conditional and to test getopt
with an addr= conditional.

Additionally, the wrapper functions that call setsockopt()/getsockopt()
are moved into a new file that both unix_socket.c and
unix_socket_client.c can reuse.

Signed-off-by: Tyler Hicks <[email protected]>
---

* New patch for v3

 tests/regression/apparmor/Makefile             | 11 ++++-
 tests/regression/apparmor/unix_socket.c        | 44 +++++--------------
 tests/regression/apparmor/unix_socket_client.c | 42 +++++-------------
 tests/regression/apparmor/unix_socket_common.c | 60 ++++++++++++++++++++++++++
 tests/regression/apparmor/unix_socket_common.h | 18 ++++++++
 5 files changed, 109 insertions(+), 66 deletions(-)
 create mode 100644 tests/regression/apparmor/unix_socket_common.c
 create mode 100644 tests/regression/apparmor/unix_socket_common.h

diff --git a/tests/regression/apparmor/Makefile 
b/tests/regression/apparmor/Makefile
index 8b8db0e..2ef8aca 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -227,6 +227,15 @@ dbus_service: dbus_message dbus_service.c dbus_common.o
 dbus_unrequested_reply: dbus_service dbus_unrequested_reply.c dbus_common.o
        ${CC} ${CFLAGS} ${LDFLAGS} $(filter-out dbus_service, $^) -o $@ 
${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
 
+unix_socket_common.o: unix_socket_common.c unix_socket_common.h
+       ${CC} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+unix_socket_client: unix_socket_client.c unix_socket_common.o
+       ${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+unix_socket: unix_socket.c unix_socket_common.o unix_socket_client
+       ${CC} ${CFLAGS} ${LDFLAGS} $(filter-out unix_socket_client, $^) -o $@ 
${LDLIBS}
+
 tests: all
        @if [ `whoami` = "root" ] ;\
        then \
@@ -266,6 +275,6 @@ alltests: all
        fi
 
 clean:
-       rm -f $(EXEC) dbus_common.o uservars.inc
+       rm -f $(EXEC) dbus_common.o unix_socket_common.o uservars.inc
 
 regex.sh: open exec
diff --git a/tests/regression/apparmor/unix_socket.c 
b/tests/regression/apparmor/unix_socket.c
index 1b89c45..fe593d3 100644
--- a/tests/regression/apparmor/unix_socket.c
+++ b/tests/regression/apparmor/unix_socket.c
@@ -22,6 +22,8 @@
 #include <sys/un.h>
 #include <unistd.h>
 
+#include "unix_socket_common.h"
+
 #define MSG_BUF_MAX 1024
 
 static int connection_based_messaging(int sock, char *msg_buf,
@@ -80,36 +82,6 @@ static int connectionless_messaging(int sock, char *msg_buf, 
size_t msg_buf_len)
        return 0;
 }
 
-static int get_set_sock_io_timeo(int sock)
-{
-       struct timeval tv;
-       socklen_t tv_len = sizeof(tv);
-       int rc;
-
-       rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len);
-       if (rc == -1) {
-               perror("FAIL - getsockopt");
-               return 1;
-       }
-
-       tv.tv_sec = 1;
-       tv.tv_usec = 0;
-
-       rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len);
-       if (rc == -1) {
-               perror("FAIL - setsockopt (SO_RCVTIMEO)");
-               return 1;
-       }
-
-       rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len);
-       if (rc == -1) {
-               perror("FAIL - setsockopt (SO_SNDTIMEO)");
-               return 1;
-       }
-
-       return 0;
-}
-
 int main (int argc, char *argv[])
 {
        struct sockaddr_un addr;
@@ -175,6 +147,10 @@ int main (int argc, char *argv[])
                exit(1);
        }
 
+       rc = set_sock_io_timeo(sock);
+       if (rc)
+               exit(1);
+
        rc = bind(sock, (struct sockaddr *)&addr,
                  sun_path_len + sizeof(addr.sun_family));
        if (rc < 0) {
@@ -190,6 +166,10 @@ int main (int argc, char *argv[])
                }
        }
 
+       rc = get_sock_io_timeo(sock);
+       if (rc)
+               exit(1);
+
        pid = fork();
        if (pid < 0) {
                perror("FAIL - fork");
@@ -200,10 +180,6 @@ int main (int argc, char *argv[])
                exit(1);
        }
 
-       rc = get_set_sock_io_timeo(sock);
-       if (rc)
-               exit(1);
-
        rc = (type & SOCK_STREAM || type & SOCK_SEQPACKET) ?
                connection_based_messaging(sock, msg_buf, msg_buf_len) :
                connectionless_messaging(sock, msg_buf, msg_buf_len);
diff --git a/tests/regression/apparmor/unix_socket_client.c 
b/tests/regression/apparmor/unix_socket_client.c
index 015c41d..b9da92b 100644
--- a/tests/regression/apparmor/unix_socket_client.c
+++ b/tests/regression/apparmor/unix_socket_client.c
@@ -22,6 +22,8 @@
 #include <sys/un.h>
 #include <unistd.h>
 
+#include "unix_socket_common.h"
+
 #define MSG_BUF_MAX    1024
 
 #define SUN_PATH_SUFFIX                ".client"
@@ -33,6 +35,10 @@ static int connection_based_messaging(int sock, struct 
sockaddr_un *peer_addr,
        char msg_buf[MSG_BUF_MAX];
        int rc;
 
+       rc = get_sock_io_timeo(sock);
+       if (rc)
+               return 1;
+
        rc = connect(sock, (struct sockaddr *)peer_addr, peer_addr_len);
        if (rc < 0) {
                perror("FAIL CLIENT - connect");
@@ -87,6 +93,10 @@ static int connectionless_messaging(int sock, struct 
sockaddr_un *peer_addr,
                return 1;
        }
 
+       rc = get_sock_io_timeo(sock);
+       if (rc)
+               return 1;
+
        rc = sendto(sock, NULL, 0, 0, (struct sockaddr *)peer_addr, len);
        if (rc < 0) {
                perror("FAIL CLIENT - sendto");
@@ -109,36 +119,6 @@ static int connectionless_messaging(int sock, struct 
sockaddr_un *peer_addr,
        return 0;
 }
 
-static int get_set_sock_io_timeo(int sock)
-{
-       struct timeval tv;
-       socklen_t tv_len = sizeof(tv);
-       int rc;
-
-       rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len);
-       if (rc == -1) {
-               perror("FAIL - getsockopt");
-               return 1;
-       }
-
-       tv.tv_sec = 1;
-       tv.tv_usec = 0;
-
-       rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len);
-       if (rc == -1) {
-               perror("FAIL - setsockopt (SO_RCVTIMEO)");
-               return 1;
-       }
-
-       rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len);
-       if (rc == -1) {
-               perror("FAIL - setsockopt (SO_SNDTIMEO)");
-               return 1;
-       }
-
-       return 0;
-}
-
 static int test_getattr(int sock)
 {
        struct sockaddr_un addr;
@@ -208,7 +188,7 @@ int main(int argc, char *argv[])
                exit(1);
        }
 
-       rc = get_set_sock_io_timeo(sock);
+       rc = set_sock_io_timeo(sock);
        if (rc)
                exit(1);
 
diff --git a/tests/regression/apparmor/unix_socket_common.c 
b/tests/regression/apparmor/unix_socket_common.c
new file mode 100644
index 0000000..5ae2ec6
--- /dev/null
+++ b/tests/regression/apparmor/unix_socket_common.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2014 Canonical, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "unix_socket_common.h"
+
+int get_sock_io_timeo(int sock)
+{
+       struct timeval tv;
+       socklen_t tv_len = sizeof(tv);
+       int rc;
+
+       rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len);
+       if (rc == -1) {
+               perror("FAIL - getsockopt");
+               return 1;
+       }
+
+       return 0;
+}
+
+int set_sock_io_timeo(int sock)
+{
+       struct timeval tv;
+       socklen_t tv_len = sizeof(tv);
+       int rc;
+
+       tv.tv_sec = 1;
+       tv.tv_usec = 0;
+
+       rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len);
+       if (rc == -1) {
+               perror("FAIL - setsockopt (SO_RCVTIMEO)");
+               return 1;
+       }
+
+       rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len);
+       if (rc == -1) {
+               perror("FAIL - setsockopt (SO_SNDTIMEO)");
+               return 1;
+       }
+
+       return 0;
+}
diff --git a/tests/regression/apparmor/unix_socket_common.h 
b/tests/regression/apparmor/unix_socket_common.h
new file mode 100644
index 0000000..94349ed
--- /dev/null
+++ b/tests/regression/apparmor/unix_socket_common.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2014 Canonical, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+int get_sock_io_timeo(int sock);
+int set_sock_io_timeo(int sock);
-- 
2.1.0


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to