[apparmor] [PATCH 3/4] tests: Modify unix_socket/unix_socket_client to accept abstract names

Tyler Hicks tyhicks at canonical.com
Tue Aug 12 04:52:38 UTC 2014 

On 2014-08-11 18:08:50, Seth Arnold wrote:
> On Mon, Aug 11, 2014 at 03:08:11PM -0500, Tyler Hicks wrote:
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> 
> Acked-by: Seth Arnold <seth.arnold at canonical.com>

Hey Seth - Thanks for all of the quick reviews.

> 
> .. though the design doesn't allow for giving a unix socket abstract name
> with an embedded 0x00 byte in the middle of the name; having an embedded
> NUL in the middle of the name sounds like a case that's liable to be buggy
> somewhere in the stack, so it'd be nice to have those names be easily
> testable.

Good point! I'll commit this as-is so that we will be closer to having
some tests, but will figure out how best to use arbitrary bytes (it
looks like the kernel will accept any bytes) and add that in later.

> (The aa-encode and aa-decode scripts may be handy for writing the
> shell-script side of things.)

I'll check those scripts out. The first thing that came to my mind using
the coreutils base64 program for encoding from the shell script and
embedding a base64 decoder into unix_socket.c and unix_socket_client.c.

Tyler

> 
> Thanks
> 
> > ---
> >  tests/regression/apparmor/unix_socket.c        | 22 ++++++++++++++++++----
> >  tests/regression/apparmor/unix_socket_client.c | 19 ++++++++++++++++---
> >  2 files changed, 34 insertions(+), 7 deletions(-)
> > 
> > diff --git a/tests/regression/apparmor/unix_socket.c b/tests/regression/apparmor/unix_socket.c
> > index 76a4eb8..b6dc0dd 100644
> > --- a/tests/regression/apparmor/unix_socket.c
> > +++ b/tests/regression/apparmor/unix_socket.c
> > @@ -87,17 +87,33 @@ int main (int argc, char *argv[])
> >  	struct pollfd pfd;
> >  	char msg_buf[MSG_BUF_MAX];
> >  	size_t msg_buf_len;
> > +	const char *sun_path;
> > +	size_t sun_path_len;
> >  	pid_t pid;
> >  	int sock, type, rc;
> >  
> >  	if (argc != 5) {
> >  		fprintf(stderr,
> >  			"Usage: %s <socket> <type> <message> <client>\n\n"
> > +			"  socket\t\ta path for a bound socket or a name prepended with '@' for an abstract socket\n"
> >  			"  type\t\tstream, dgram, or seqpacket\n",
> >  			argv[0]);
> >  		exit(1);
> >  	}
> >  
> > +	addr.sun_family = AF_UNIX;
> > +	memset(addr.sun_path, 0, sizeof(addr.sun_path));
> > +
> > +	sun_path = argv[1];
> > +	sun_path_len = strlen(sun_path);
> > +	if (sun_path[0] == '@') {
> > +		memcpy(addr.sun_path, sun_path, sun_path_len);
> > +		addr.sun_path[0] = '\0';
> > +		sun_path_len = sizeof(addr.sun_path);
> > +	} else {
> > +		memcpy(addr.sun_path, sun_path, sun_path_len + 1);
> > +	}
> > +
> >  	if (!strcmp(argv[2], "stream")) {
> >  		type = SOCK_STREAM;
> >  	} else if (!strcmp(argv[2], "dgram")) {
> > @@ -122,10 +138,8 @@ int main (int argc, char *argv[])
> >  		exit(1);
> >  	}
> >  
> > -	addr.sun_family = AF_UNIX;
> > -	strcpy(addr.sun_path, argv[1]);
> >  	rc = bind(sock, (struct sockaddr *)&addr,
> > -		  strlen(addr.sun_path) + sizeof(addr.sun_family));
> > +		  sun_path_len + sizeof(addr.sun_family));
> >  	if (rc < 0) {
> >  		perror("FAIL - bind");
> >  		exit(1);
> > @@ -144,7 +158,7 @@ int main (int argc, char *argv[])
> >  		perror("FAIL - fork");
> >  		exit(1);
> >  	} else if (!pid) {
> > -		execl(argv[4], argv[4], argv[1], argv[2], NULL);
> > +		execl(argv[4], argv[4], sun_path, argv[2], NULL);
> >  		exit(0);
> >  	}
> >  
> > diff --git a/tests/regression/apparmor/unix_socket_client.c b/tests/regression/apparmor/unix_socket_client.c
> > index 73aa8ba..ac53ecd 100644
> > --- a/tests/regression/apparmor/unix_socket_client.c
> > +++ b/tests/regression/apparmor/unix_socket_client.c
> > @@ -81,6 +81,8 @@ static int connectionless_messaging(int sock)
> >  int main(int argc, char *argv[])
> >  {
> >  	struct sockaddr_un peer_addr;
> > +	const char *sun_path;
> > +	size_t sun_path_len;
> >  	int sock, type, rc;
> >  
> >  	if (argc != 3) {
> > @@ -90,6 +92,19 @@ int main(int argc, char *argv[])
> >  		exit(1);
> >  	}
> >  
> > +	peer_addr.sun_family = AF_UNIX;
> > +	memset(peer_addr.sun_path, 0, sizeof(peer_addr.sun_path));
> > +
> > +	sun_path = argv[1];
> > +	sun_path_len = strlen(sun_path);
> > +	if (sun_path[0] == '@') {
> > +		memcpy(peer_addr.sun_path, sun_path, sun_path_len);
> > +		peer_addr.sun_path[0] = '\0';
> > +		sun_path_len = sizeof(peer_addr.sun_path);
> > +	} else {
> > +		memcpy(peer_addr.sun_path, sun_path, sun_path_len + 1);
> > +	}
> > +
> >  	if (!strcmp(argv[2], "stream")) {
> >  		type = SOCK_STREAM;
> >  	} else if (!strcmp(argv[2], "dgram")) {
> > @@ -107,10 +122,8 @@ int main(int argc, char *argv[])
> >  		exit(1);
> >  	}
> >  
> > -	peer_addr.sun_family = AF_UNIX;
> > -	strcpy(peer_addr.sun_path, argv[1]);
> >  	rc = connect(sock, (struct sockaddr *)&peer_addr,
> > -		     strlen(peer_addr.sun_path) + sizeof(peer_addr.sun_family));
> > +		     sun_path_len + sizeof(peer_addr.sun_family));
> >  	if (rc < 0) {
> >  		perror("FAIL CLIENT - connect");
> >  		exit(1);
> > -- 
> > 2.1.0.rc1
> > 
> > 
> > -- 
> > AppArmor mailing list
> > AppArmor at lists.ubuntu.com
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> > 



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140811/11094cbb/attachment.pgp>

More information about the AppArmor mailing list