From owner-dev-commits-src-all@freebsd.org  Mon Apr 12 15:29:05 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C78F65D43ED
 for <dev-commits-src-all@mailman.nyi.freebsd.org>;
 Mon, 12 Apr 2021 15:29:05 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FJt1s5KCHz4Zy4;
 Mon, 12 Apr 2021 15:29:05 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9F10C198D4;
 Mon, 12 Apr 2021 15:29:05 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13CFT5po076378;
 Mon, 12 Apr 2021 15:29:05 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13CFT5L4076377;
 Mon, 12 Apr 2021 15:29:05 GMT (envelope-from git)
Date: Mon, 12 Apr 2021 15:29:05 GMT
Message-Id: <202104121529.13CFT5L4076377@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: d0e943077d94 - vendor/google/capsicum-test - Update
 capsicum-test to ea66424d921bb393539b298c108a46edee5c3051
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/vendor/google/capsicum-test
X-Git-Reftype: branch
X-Git-Commit: d0e943077d94e6266ece9856789c5d5313676e38
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 15:29:05 -0000

The branch vendor/google/capsicum-test has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=d0e943077d94e6266ece9856789c5d5313676e38

commit d0e943077d94e6266ece9856789c5d5313676e38
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-04-12 15:20:39 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-04-12 15:25:49 +0000

    Update capsicum-test to ea66424d921bb393539b298c108a46edee5c3051
    
    This adds regression tests for a recent FreeBSD commit to restrict
    certain socket operations in capability mode.
---
 README.md        |  2 +-
 capmode.cc       | 37 +++++++++++++++++++++++++++++++++++++
 capsicum-test.cc |  7 +++++--
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 918534557725..a8c8c6686759 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ object-capabilities. The tests exercise the syscall interface to a Capsicum-enab
 currently either [FreeBSD >=10.x](http://www.freebsd.org) or a modified Linux kernel (the
 [capsicum-linux](http://github.com/google/capsicum-linux) project).
 
-The tests are written in C++98, and use the [Google Test](https://code.google.com/p/googletest/)
+The tests are written in C++11 and use the [Google Test](https://code.google.com/p/googletest/)
 framework, with some additions to fork off particular tests (because a process that enters capability
 mode cannot leave it again).
 
diff --git a/capmode.cc b/capmode.cc
index c274f5e1c9f3..ba2de19879a0 100644
--- a/capmode.cc
+++ b/capmode.cc
@@ -3,6 +3,9 @@
 // whether or not they return the expected ECAPMODE.
 #include <sys/types.h>
 #include <sys/socket.h>
+#ifdef __FreeBSD__
+#include <sys/sockio.h>
+#endif
 #include <sys/stat.h>
 #include <sys/mount.h>
 #include <sys/mman.h>
@@ -11,6 +14,7 @@
 #include <sys/resource.h>
 #include <sys/ptrace.h>
 #include <dirent.h>
+#include <net/if.h>
 #include <netinet/in.h>
 #include <fcntl.h>
 #include <sched.h>
@@ -203,6 +207,39 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscalls) {
   if (fd_pair[1] >= 0) close(fd_pair[1]);
 }
 
+FORK_TEST_F(WithFiles, AllowedSocketSyscallsIfRoot) {
+  GTEST_SKIP_IF_NOT_ROOT();
+
+  EXPECT_OK(cap_enter());  // Enter capability mode.
+
+  // Creation of raw sockets is not permitted in capability mode.
+  EXPECT_CAPMODE(socket(AF_INET, SOCK_RAW, 0));
+  EXPECT_CAPMODE(socket(AF_INET, SOCK_RAW, IPPROTO_ICMP));
+  EXPECT_CAPMODE(socket(AF_INET, SOCK_RAW, IPPROTO_TCP));
+  EXPECT_CAPMODE(socket(AF_INET, SOCK_RAW, IPPROTO_UDP));
+
+  EXPECT_CAPMODE(socket(AF_INET6, SOCK_RAW, IPPROTO_ICMP));
+  EXPECT_CAPMODE(socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6));
+  EXPECT_CAPMODE(socket(AF_INET6, SOCK_RAW, IPPROTO_TCP));
+  EXPECT_CAPMODE(socket(AF_INET6, SOCK_RAW, IPPROTO_UDP));
+
+  EXPECT_CAPMODE(socket(AF_ROUTE, SOCK_RAW, 0));
+
+  // Interface configuration ioctls are not permitted in capability
+  // mode.
+#ifdef __FreeBSD__
+  struct if_clonereq req;
+
+  req.ifcr_total = 0;
+  req.ifcr_count = 1;
+  req.ifcr_buffer = static_cast<char *>(malloc(IFNAMSIZ));
+
+  EXPECT_CAPMODE(ioctl(fd_socket_, SIOCIFGCLONERS, &req));
+
+  free(req.ifcr_buffer);
+#endif
+}
+
 #ifdef HAVE_SEND_RECV_MMSG
 FORK_TEST(Capmode, AllowedMmsgSendRecv) {
   int fd_socket = socket(PF_INET, SOCK_DGRAM, 0);
diff --git a/capsicum-test.cc b/capsicum-test.cc
index dedad464a4d9..1e722089761f 100644
--- a/capsicum-test.cc
+++ b/capsicum-test.cc
@@ -72,11 +72,14 @@ char ProcessState(int pid) {
   }
   unsigned int count = 0;
   struct procstat *prstat = procstat_open_sysctl();
-  EXPECT_NE(NULL, prstat) << "procstat_open_sysctl failed.";
+  EXPECT_NE(nullptr, prstat) << "procstat_open_sysctl failed.";
   errno = 0;
   struct kinfo_proc *p = procstat_getprocs(prstat, KERN_PROC_PID, pid, &count);
   if (p == NULL || count == 0) {
-    if (verbose) fprintf(stderr, "procstat_getprocs failed with %p/%d: %s\n", p, count, strerror(errno));
+    if (verbose) {
+      fprintf(stderr, "procstat_getprocs failed with %p/%d: %s\n", (void *)p,
+              count, strerror(errno));
+    }
     procstat_close(prstat);
     return '\0';
   }