convert tame(2) regress to new API

author: semarie <semarie@openbsd.org> 2015-09-10 11:18:10 +0000
committer: semarie <semarie@openbsd.org> 2015-09-10 11:18:10 +0000
commit: 63dae84787e98009b7078ab2f6c1c57d7d234a88 (patch)
tree: 66e285c762ca59b2fdaa728f985ff0831f87a63a
parent: explain why __explicit_bzero_hook will remain; ok guenther (diff)
download: wireguard-openbsd-63dae84787e98009b7078ab2f6c1c57d7d234a88.tar.xz
wireguard-openbsd-63dae84787e98009b7078ab2f6c1c57d7d234a88.zip
6 files changed, 65 insertions, 158 deletions
diff --git a/regress/sys/kern/tame/generic/Makefile b/regress/sys/kern/tame/generic/Makefile
index dd65596b3f9..0fe1d788497 100644
--- a/regress/sys/kern/tame/generic/Makefile
+++ b/regress/sys/kern/tame/generic/Makefile
@@ -1,6 +1,6 @@
-#	$OpenBSD: Makefile,v 1.1 2015/08/24 09:21:10 semarie Exp $
+#	$OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $
 PROG=	generic
-SRCS+=	main.c manager.c parse_tame.c actions.c
+SRCS+=	main.c manager.c actions.c
 NOMAN=	yes
 
 CFLAGS+=	-Wall
@@ -9,13 +9,13 @@ REGRESS_TARGETS+=	test_normal test_systrace
 REGRESS_SKIP_TARGETS+=	test_systrace
 
 test_normal: ${PROG}
-	env LD_BIND_NOW=1 ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out -
+	./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out -
 
 test_systrace: ${PROG}
-	env LD_BIND_NOW=1 systrace -A ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out -
+	systrace -A ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out -
 
 regenerate: ${PROG}
-	echo '#	$$OpenBSD: Makefile,v 1.1 2015/08/24 09:21:10 semarie Exp $$' > ${.CURDIR}/tests.out
-	env LD_BIND_NOW=1 ./${PROG} | tee -a ${.CURDIR}/tests.out
+	echo '#	$$OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $$' > ${.CURDIR}/tests.out
+	./${PROG} | tee -a ${.CURDIR}/tests.out
 
 .include <bsd.regress.mk>
diff --git a/regress/sys/kern/tame/generic/actions.c b/regress/sys/kern/tame/generic/actions.c
index e4724410e8a..e25e9723528 100644
--- a/regress/sys/kern/tame/generic/actions.c
+++ b/regress/sys/kern/tame/generic/actions.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: actions.c,v 1.2 2015/08/24 09:23:04 semarie Exp $ */
+/*	$OpenBSD: actions.c,v 1.3 2015/09/10 11:18:10 semarie Exp $ */
 /*
  * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
  *
@@ -18,7 +18,6 @@
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <sys/tame.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -55,7 +54,7 @@ execute_action(action_t action, va_list opts)
 		break;
 
 	case AC_TAME:
-		tame(va_arg(opts, int), NULL);
+		tame(va_arg(opts, char *), NULL);
 		break;
 
 	case AC_ALLOWED_SYSCALLS:
diff --git a/regress/sys/kern/tame/generic/main.c b/regress/sys/kern/tame/generic/main.c
index 273494d6226..3582778f2d6 100644
--- a/regress/sys/kern/tame/generic/main.c
+++ b/regress/sys/kern/tame/generic/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.1 2015/08/24 09:21:10 semarie Exp $ */
+/*	$OpenBSD: main.c,v 1.2 2015/09/10 11:18:10 semarie Exp $ */
 /*
  * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
  *
@@ -15,19 +15,17 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include <sys/tame.h>
-
 #include <err.h>
 #include <stdlib.h>
 
 #include "actions.h"
 
-void start_test(int *ret, int ntest, int flags, const char *paths[], ...);
+void start_test(int *ret, int ntest, const char *req, const char *paths[], ...);
 
-#define start_test1(ret,ntest,flags,path,...) \
+#define start_test1(ret,ntest,req,path,...) \
     do { \
 	    const char *_paths[] = {path, NULL}; \
-	    start_test(ret,ntest,flags,_paths,__VA_ARGS__); \
+	    start_test(ret,ntest,req,_paths,__VA_ARGS__); \
     } while (0)
 
 
@@ -41,57 +39,57 @@ main(int argc, char *argv[])
 
 	/* check for env */
 	if (getenv("LD_BIND_NOW") == NULL)
-		errx(1, "should use LD_BIND_NOW=1 in env");
+		warnx("depending of your arch, LD_BIND_NOW=1 in env may be needed");
 
 	/*
 	 * testsuite
 	 */
 
 	/* _exit is always allowed, and nothing else under flags=0 */
-	start_test(&ret, 1, 0, NULL, AC_EXIT);
-	start_test(&ret, 2, 0, NULL, AC_INET, AC_EXIT);
+	start_test(&ret, 1, "", NULL, AC_EXIT);
+	start_test(&ret, 2, "", NULL, AC_INET, AC_EXIT);
 
 	/* test coredump */
-	start_test(&ret, 3, TAME_ABORT, NULL, AC_INET, AC_EXIT);
+	start_test(&ret, 3, "abort", NULL, AC_INET, AC_EXIT);
 
 	/* inet under inet is ok */
-	start_test(&ret, 4, TAME_INET, NULL, AC_INET, AC_EXIT);
+	start_test(&ret, 4, "inet", NULL, AC_INET, AC_EXIT);
 
 	/* kill under inet is forbidden */
-	start_test(&ret, 5, TAME_INET, NULL, AC_KILL, AC_EXIT);
+	start_test(&ret, 5, "inet", NULL, AC_KILL, AC_EXIT);
 
 	/* kill under proc is allowed */
-	start_test(&ret, 6, TAME_PROC, NULL, AC_KILL, AC_EXIT);
+	start_test(&ret, 6, "proc", NULL, AC_KILL, AC_EXIT);
 
 	/* tests several permitted syscalls */
-	start_test(&ret, 7, TAME_DNS,  NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
-	start_test(&ret, 8, TAME_INET, NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
+	start_test(&ret, 7, "dns",  NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
+	start_test(&ret, 8, "inet", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
 
 	/* these TAME_* don't have "permitted syscalls" */
 	// XXX it is a documentation bug
-	start_test(&ret, 9, TAME_PROC, NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
+	start_test(&ret, 9, "proc", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
 
 	/*
 	 * test absolute whitelist path
 	 */
 	/* without wpaths */
-	start_test(&ret, 10, TAME_RPATH, NULL,
+	start_test(&ret, 10, "rpath", NULL,
 	    AC_OPENFILE_RDONLY, "/etc/passwd",
 	    AC_EXIT);
 	/* exact match */
-	start_test1(&ret, 11, TAME_RPATH, "/etc/passwd",
+	start_test1(&ret, 11, "rpath", "/etc/passwd",
 	    AC_OPENFILE_RDONLY, "/etc/passwd",
 	    AC_EXIT);
 	/* subdir match */
-	start_test1(&ret, 12, TAME_RPATH, "/etc/",
+	start_test1(&ret, 12, "rpath", "/etc/",
 	    AC_OPENFILE_RDONLY, "/etc/passwd",
 	    AC_EXIT);
 	/* same without trailing '/' */
-	start_test1(&ret, 13, TAME_RPATH, "/etc",
+	start_test1(&ret, 13, "rpath", "/etc",
 	    AC_OPENFILE_RDONLY, "/etc/passwd",
 	    AC_EXIT);
 	/* failing one */
-	start_test1(&ret, 14, TAME_RPATH, "/bin",
+	start_test1(&ret, 14, "rpath", "/bin",
 	    AC_OPENFILE_RDONLY, "/etc/passwd",
 	    AC_EXIT);
 
@@ -99,39 +97,39 @@ main(int argc, char *argv[])
 	 * test relative whitelist path
 	 */
 	/* without wpaths */
-	start_test(&ret, 15, TAME_RPATH, NULL,
+	start_test(&ret, 15, "rpath", NULL,
 	    AC_OPENFILE_RDONLY, "generic",
 	    AC_EXIT);
 	/* exact match */
-	start_test1(&ret, 16, TAME_RPATH, "generic",
+	start_test1(&ret, 16, "rpath", "generic",
 	    AC_OPENFILE_RDONLY, "generic",
 	    AC_EXIT);
 	/* subdir match */
-	start_test1(&ret, 17, TAME_RPATH, "./",
+	start_test1(&ret, 17, "rpath", "./",
 	    AC_OPENFILE_RDONLY, "generic",
 	    AC_EXIT);
 	/* same without trailing '/' */
-	start_test1(&ret, 18, TAME_RPATH, ".",
+	start_test1(&ret, 18, "rpath", ".",
 	    AC_OPENFILE_RDONLY, "generic",
 	    AC_EXIT);
 	/* failing one */
-	start_test1(&ret, 19, TAME_RPATH, ".",
+	start_test1(&ret, 19, "rpath", ".",
 	    AC_OPENFILE_RDONLY, "../../../../../../../../../../../../../../../etc/passwd",
 	    AC_EXIT);
 
 	/* tame: test reducing flags */
-	start_test1(&ret, 20, TAME_RPATH | TAME_WPATH, NULL,
-	    AC_TAME, TAME_RPATH,
+	start_test1(&ret, 20, "rpath wpath", NULL,
+	    AC_TAME, "rpath",
 	    AC_EXIT);
 
 	/* tame: test adding flags */
-	start_test1(&ret, 21, TAME_RPATH, NULL,
-	    AC_TAME, TAME_RPATH | TAME_WPATH,
+	start_test1(&ret, 21, "rpath", NULL,
+	    AC_TAME, "rpath wpath",
 	    AC_EXIT);
 
 	/* tame: test replacing flags */
-	start_test1(&ret, 22, TAME_RPATH, NULL,
-	    AC_TAME, TAME_WPATH,
+	start_test1(&ret, 22, "rpath", NULL,
+	    AC_TAME, "wpath",
 	    AC_EXIT);
 
 	return (ret);
diff --git a/regress/sys/kern/tame/generic/manager.c b/regress/sys/kern/tame/generic/manager.c
index 235c9a8983e..138d27f5ef3 100644
--- a/regress/sys/kern/tame/generic/manager.c
+++ b/regress/sys/kern/tame/generic/manager.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: manager.c,v 1.1 2015/08/24 09:21:10 semarie Exp $ */
+/*	$OpenBSD: manager.c,v 1.2 2015/09/10 11:18:10 semarie Exp $ */
 /*
  * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
  *
@@ -16,7 +16,6 @@
  */
 
 #include <sys/syslimits.h>
-#include <sys/tame.h>
 #include <sys/wait.h>
 
 #include <err.h>
@@ -33,7 +32,6 @@
 
 extern char *__progname;
 
-int	parse_flags(char *);
 int	execute_action(action_t, va_list);
 
 static const char *
@@ -155,7 +153,7 @@ out:
 
 
 void
-start_test(int *ret, int ntest, int flags, char *paths[], ...)
+start_test(int *ret, int ntest, const char *request, const char *paths[], ...)
 {
 	static int ntest_check = 0;
 	pid_t pid;
@@ -188,7 +186,7 @@ start_test(int *ret, int ntest, int flags, char *paths[], ...)
 		setsid();
 
 		/* XXX redirect output to /dev/null ? */
-		if (tame(flags, paths) != 0)
+		if (tame(request, paths) != 0)
 			err(errno, "tame");
 		
 		va_start(ap, paths);
@@ -213,7 +211,7 @@ start_test(int *ret, int ntest, int flags, char *paths[], ...)
 	}
 
 	/* show status and details */
-	printf("test(%d): tame=(0x%x,{", ntest, flags);
+	printf("test(%d): tame=(\"%s\",{", ntest, request);
 	for (i = 0; paths && paths[i] != NULL; i++)
 		printf("\"%s\",", paths[i]);
 	printf("NULL}) status=%d", status);
diff --git a/regress/sys/kern/tame/generic/parse_tame.c b/regress/sys/kern/tame/generic/parse_tame.c
deleted file mode 100644
index b11113bafc2..00000000000
--- a/regress/sys/kern/tame/generic/parse_tame.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*	$OpenBSD: parse_tame.c,v 1.1 2015/08/24 09:21:10 semarie Exp $ */
-/*
- * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/tame.h>
-
-#include <err.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define tameflag(x) { #x, x }
-
-/* list of defined TAME_ flags */
-struct {
-	char *name;
-	int flag;
-} flags_list[] = {
-	tameflag(TAME_MALLOC),
-	tameflag(TAME_RW),
-	tameflag(TAME_STDIO),
-	tameflag(TAME_RPATH),
-	tameflag(TAME_WPATH),
-	tameflag(TAME_TMPPATH),
-	tameflag(TAME_INET),
-	tameflag(TAME_UNIX),
-	tameflag(TAME_CMSG),
-	tameflag(TAME_DNS),
-	tameflag(TAME_IOCTL),
-	tameflag(TAME_GETPW),
-	tameflag(TAME_PROC),
-	tameflag(TAME_CPATH),
-	tameflag(TAME_ABORT),
-	{ NULL, 0 },
-};
-
-
-int
-parse_flags(char *str)
-{
-	int flags = 0;
-	char *current = str;
-	char *next = str;
-	int i;
-
-	if (str == NULL || *str == '\0')
-		return (0);
-
-	while (next) {
-		/* get only the current word */
-		next = strchr(current, ',');
-		if (next == '\0')
-			next = NULL;
-		else
-			*next = '\0';
-
-		/* search word in flags_list */
-		for (i = 0; (flags_list[i].name != NULL)
-		    && (strcmp(current, flags_list[i].name) != 0); i++);
-
-		if (flags_list[i].name != NULL) {
-			if (flags & flags_list[i].flag) 
-				errx(1, "parse_flags: flag already setted: %s",
-				    flags_list[i].name);
-			else
-				flags |= flags_list[i].flag;
-		} else
-			errx(1, "parse_flags: unknown flag: %s", current);
-
-		/* advance to next word */
-		if (next)
-			current = next + 1;
-	}
-
-	return (flags);
-}
diff --git a/regress/sys/kern/tame/generic/tests.out b/regress/sys/kern/tame/generic/tests.out
index 2e447205287..95b99314c2e 100644
--- a/regress/sys/kern/tame/generic/tests.out
+++ b/regress/sys/kern/tame/generic/tests.out
@@ -1,23 +1,23 @@
-#	$OpenBSD: tests.out,v 1.1 2015/08/24 09:21:10 semarie Exp $
-test(1): tame=(0x0,{NULL}) status=0 exit=0
-test(2): tame=(0x0,{NULL}) status=9 signal=9 tamed_syscall=97
-test(3): tame=(0x8000000,{NULL}) status=134 signal=6 coredump=present tamed_syscall=97
-test(4): tame=(0x83,{NULL}) status=0 exit=0
-test(5): tame=(0x83,{NULL}) status=9 signal=9 tamed_syscall=37
-test(6): tame=(0x1000,{NULL}) status=2 signal=2 tamed_syscall=not_found
-test(7): tame=(0xd,{NULL}) status=0 exit=0
-test(8): tame=(0x83,{NULL}) status=0 exit=0
-test(9): tame=(0x1000,{NULL}) status=9 signal=9 tamed_syscall=89
-test(10): tame=(0x13,{NULL}) status=0 exit=0
-test(11): tame=(0x13,{"/etc/passwd",NULL}) status=0 exit=0
-test(12): tame=(0x13,{"/etc/",NULL}) status=0 exit=0
-test(13): tame=(0x13,{"/etc",NULL}) status=0 exit=0
-test(14): tame=(0x13,{"/bin",NULL}) status=512 exit=2 (errno: "No such file or directory")
-test(15): tame=(0x13,{NULL}) status=0 exit=0
-test(16): tame=(0x13,{"generic",NULL}) status=0 exit=0
-test(17): tame=(0x13,{"./",NULL}) status=0 exit=0
-test(18): tame=(0x13,{".",NULL}) status=0 exit=0
-test(19): tame=(0x13,{".",NULL}) status=512 exit=2 (errno: "No such file or directory")
-test(20): tame=(0x33,{NULL}) status=0 exit=0
-test(21): tame=(0x13,{NULL}) status=256 exit=1 (errno: "Operation not permitted")
-test(22): tame=(0x13,{NULL}) status=256 exit=1 (errno: "Operation not permitted")
+#	$OpenBSD: tests.out,v 1.2 2015/09/10 11:18:10 semarie Exp $
+test(1): tame=("",{NULL}) status=0 exit=0
+test(2): tame=("",{NULL}) status=9 signal=9 tamed_syscall=97
+test(3): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=97
+test(4): tame=("inet",{NULL}) status=0 exit=0
+test(5): tame=("inet",{NULL}) status=9 signal=9 tamed_syscall=37
+test(6): tame=("proc",{NULL}) status=2 signal=2 tamed_syscall=not_found
+test(7): tame=("dns",{NULL}) status=0 exit=0
+test(8): tame=("inet",{NULL}) status=0 exit=0
+test(9): tame=("proc",{NULL}) status=9 signal=9 tamed_syscall=89
+test(10): tame=("rpath",{NULL}) status=0 exit=0
+test(11): tame=("rpath",{"/etc/passwd",NULL}) status=0 exit=0
+test(12): tame=("rpath",{"/etc/",NULL}) status=0 exit=0
+test(13): tame=("rpath",{"/etc",NULL}) status=0 exit=0
+test(14): tame=("rpath",{"/bin",NULL}) status=512 exit=2 (errno: "No such file or directory")
+test(15): tame=("rpath",{NULL}) status=0 exit=0
+test(16): tame=("rpath",{"generic",NULL}) status=0 exit=0
+test(17): tame=("rpath",{"./",NULL}) status=0 exit=0
+test(18): tame=("rpath",{".",NULL}) status=0 exit=0
+test(19): tame=("rpath",{".",NULL}) status=512 exit=2 (errno: "No such file or directory")
+test(20): tame=("rpath wpath",{NULL}) status=0 exit=0
+test(21): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted")
+test(22): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted")
author	semarie <semarie@openbsd.org>	2015-09-10 11:18:10 +0000
committer	semarie <semarie@openbsd.org>	2015-09-10 11:18:10 +0000
commit	63dae84787e98009b7078ab2f6c1c57d7d234a88 (patch)
tree	66e285c762ca59b2fdaa728f985ff0831f87a63a
parent	explain why __explicit_bzero_hook will remain; ok guenther (diff)
download	wireguard-openbsd-63dae84787e98009b7078ab2f6c1c57d7d234a88.tar.xz wireguard-openbsd-63dae84787e98009b7078ab2f6c1c57d7d234a88.zip