Tests/Kernel/TestKernelUnveil.cpp at master

jcs.org / serenity

fork atom

Serenity Operating System

fork atom

serenity / Tests / Kernel / TestKernelUnveil.cpp

at master 87 lines 2.1 kB view raw

wrap content

Brian Gianforcaro Tests: Add test coverage for sys$unveil(..) argument validation 4y ago

fa448456

 1/*
 2 * Copyright (c) 2020, the SerenityOS developers.
 3 *
 4 * SPDX-License-Identifier: BSD-2-Clause
 5 */
 6
 7#include <LibTest/TestCase.h>
 8#include <errno.h>
 9#include <unistd.h>
10
11TEST_CASE(test_argument_validation)
12{
13    auto res = unveil("/etc", "aaaaaaaaaaaa");
14    EXPECT_EQ(res, -1);
15    EXPECT_EQ(errno, EINVAL);
16
17    res = unveil(nullptr, "r");
18    EXPECT_EQ(res, -1);
19    EXPECT_EQ(errno, EINVAL);
20
21    res = unveil("/etc", nullptr);
22    EXPECT_EQ(res, -1);
23    EXPECT_EQ(errno, EINVAL);
24
25    res = unveil("", "r");
26    EXPECT_EQ(res, -1);
27    EXPECT_EQ(errno, EINVAL);
28
29    res = unveil("test", "r");
30    EXPECT_EQ(res, -1);
31    EXPECT_EQ(errno, EINVAL);
32
33    res = unveil("/etc", "f");
34    EXPECT_EQ(res, -1);
35    EXPECT_EQ(errno, EINVAL);
36}
37
38TEST_CASE(test_failures)
39{
40    auto res = unveil("/etc", "r");
41    if (res < 0)
42        FAIL("unveil read only failed");
43
44    res = unveil("/etc", "w");
45    if (res >= 0)
46        FAIL("unveil write permitted after unveil read only");
47
48    res = unveil("/etc", "x");
49    if (res >= 0)
50        FAIL("unveil execute permitted after unveil read only");
51
52    res = unveil("/etc", "c");
53    if (res >= 0)
54        FAIL("unveil create permitted after unveil read only");
55
56    res = unveil("/tmp/doesnotexist", "c");
57    if (res < 0)
58        FAIL("unveil create on non-existent path failed");
59
60    res = unveil("/home", "b");
61    if (res < 0)
62        FAIL("unveil browse failed");
63
64    res = unveil("/home", "w");
65    if (res >= 0)
66        FAIL("unveil write permitted after unveil browse only");
67
68    res = unveil("/home", "x");
69    if (res >= 0)
70        FAIL("unveil execute permitted after unveil browse only");
71
72    res = unveil("/home", "c");
73    if (res >= 0)
74        FAIL("unveil create permitted after unveil browse only");
75
76    res = unveil(nullptr, nullptr);
77    if (res < 0)
78        FAIL("unveil state lock failed");
79
80    res = unveil("/bin", "w");
81    if (res >= 0)
82        FAIL("unveil permitted after unveil state locked");
83
84    res = access("/bin/id", F_OK);
85    if (res == 0)
86        FAIL("access(..., F_OK) permitted after locked veil without relevant unveil");
87}