Skip to content
Permalink
Browse files

Improvement in tests Makefile.

darwintrace (-t) now also blocks file deletions outside the sandbox.

git-svn-id: https://svn.macports.org/repository/macports/trunk/base@18721 d073be05-634f-4543-b044-5fe20cf6d1d6
  • Loading branch information
pguyot committed Jul 25, 2006
1 parent 4806180 commit 173ab07391d9748bb60022bad40478caa8abddaa
Showing with 79 additions and 36 deletions.
  1. +66 −27 src/darwintracelib1.0/darwintrace.c
  2. +2 −2 src/port1.0/porttrace.tcl
  3. +3 −3 tests/Makefile
  4. +3 −1 tests/trace/Makefile
  5. +3 −2 tests/trace/Portfile
  6. +2 −1 tests/trace/master
@@ -3,7 +3,7 @@
* Copyright (c) 2005-2006 Paul Guyot <pguyot@kallisys.net>,
* All rights reserved.
*
* $Id: darwintrace.c,v 1.15 2006/07/24 05:55:43 pguyot Exp $
* $Id: darwintrace.c,v 1.16 2006/07/25 04:01:33 pguyot Exp $
*
* @APPLE_BSD_LICENSE_HEADER_START@
*
@@ -58,7 +58,7 @@
* Compile time options:
* DARWINTRACE_SHOW_PROCESS: show the process id of every access
* DARWINTRACE_LOG_CREATE: log creation of files as well.
* DARWINTRACE_SANDBOX: control creation and writing to files.
* DARWINTRACE_SANDBOX: control creation, deletion and writing to files.
* DARWINTRACE_LOG_FULL_PATH: use F_GETPATH to log the full path.
* DARWINTRACE_DEBUG_OUTPUT: verbose output of stuff to debug darwintrace.
*
@@ -331,6 +331,37 @@ inline void __darwintrace_cleanup_path(char *path) {
dprintf("darwintrace: cleanup resulted in %s\n", path);
}

#if DARWINTRACE_SANDBOX
/*
* return 1 if path (once normalized) is in sandbox, 0 otherwise.
* return -1 if no sandbox is defined or if the path couldn't be normalized.
*/
inline int __darwintrace_is_in_sandbox(const char* path) {
int result = -1; /* no sandbox is defined */
__darwintrace_setup();
if (__darwintrace_sandbox_bounds != NULL) {
/* check the path */
char** basePathsCrsr = __darwintrace_sandbox_bounds;
char* basepath = *basePathsCrsr++;
/* normalize the path */
char createpath[MAXPATHLEN];
if (realpath(path, createpath) != NULL) {
__darwintrace_cleanup_path(createpath);
/* say it's outside unless it's proved inside */
result = 0;
while (basepath != NULL) {
if (__darwintrace_strbeginswith(createpath, basepath)) {
result = 1;
break;
}
basepath = *basePathsCrsr++;;
}
} /* otherwise, operation will fail anyway */
}
return result;
}
#endif

/* Log calls to open(2) into the file specified by DARWINTRACE_LOG.
Only logs if the DARWINTRACE_LOG environment variable is set.
Only logs files (or rather, do not logs directories)
@@ -353,36 +384,19 @@ int open(const char* path, int flags, ...) {
#if DARWINTRACE_SANDBOX
result = 0;
if (flags & (O_CREAT | O_APPEND | O_RDWR | O_WRONLY | O_TRUNC)) {
__darwintrace_setup();
if (__darwintrace_sandbox_bounds != NULL) {
/* check the path */
char** basePathsCrsr = __darwintrace_sandbox_bounds;
char* basepath = *basePathsCrsr++;
/* normalize the path */
char createpath[MAXPATHLEN];
if (realpath(path, createpath) != NULL) {
__darwintrace_cleanup_path(createpath);
/* forbid unless allowed */
result = -1;
while (basepath != NULL) {
if (__darwintrace_strbeginswith(createpath, basepath)) {
result = 0;
break;
}
basepath = *basePathsCrsr++;;
}
} /* otherwise, open will fail anyway */
}
if (result == 0) {
int isInSandbox = __darwintrace_is_in_sandbox(path);
if (isInSandbox == 1) {
dprintf("darwintrace: creation/writing was allowed at %s\n", path);
} else if (isInSandbox == 0) {
/* outside sandbox, but sandbox is defined: forbid */
dprintf("darwintrace: creation/writing was forbidden at %s\n", path);
__darwintrace_log_op("sandbox_violation", NULL, path, 0);
errno = EACCES;
result = -1;
}
}
if (result == 0) {
result = open(path, flags, mode);
} else {
dprintf("darwintrace: creation/writing was forbidden at %s\n", path);
__darwintrace_log_op("sandbox_violation", NULL, path, result);
errno = EACCES;
}
#else
result = open(path, flags, mode);
@@ -526,3 +540,28 @@ int close(int fd) {
return close(fd);
#undef close
}

#if DARWINTRACE_SANDBOX
/* Trap attempts to unlink a file outside the sandbox.
*/
int unlink(const char* path) {
#define __unlink(x) syscall(SYS_unlink, (x))
int result = 0;
int isInSandbox = __darwintrace_is_in_sandbox(path);
if (isInSandbox == 1) {
dprintf("darwintrace: unlink was allowed at %s\n", path);
} else if (isInSandbox == 0) {
/* outside sandbox, but sandbox is defined: forbid */
dprintf("darwintrace: unlink was forbidden at %s\n", path);
__darwintrace_log_op("sandbox_violation", NULL, path, 0);
errno = EACCES;
result = -1;
}

if (result == 0) {
result = __unlink(path);
}

return result;
}
#endif
@@ -1,7 +1,7 @@
# et:ts=4
# porttrace.tcl
#
# $Id: porttrace.tcl,v 1.17 2006/07/24 05:55:44 pguyot Exp $
# $Id: porttrace.tcl,v 1.18 2006/07/25 04:01:34 pguyot Exp $
#
# Copyright (c) 2005-2006 Paul Guyot <pguyot@kallisys.net>,
# All rights reserved.
@@ -117,7 +117,7 @@ proc trace_check_violations {} {
set violations [slave_send slave_get_sandbox_violations]

foreach violation [lsort $violations] {
ui_warn "A file creation/writing was attempted outside sandbox: $violation"
ui_warn "A file creation/deletion/modification was attempted outside sandbox: $violation"
}
}

@@ -2,7 +2,7 @@ include ../Mk/dports.autoconf.mk

SUBDIR=checksums-1 envvariables site-tags trace xcodeversion

.PHONY: test
.PHONY: test clean

all:

@@ -22,7 +22,7 @@ $(bindir)/port:
@echo "Please install DarwinPorts before running these tests"
@exit 1

test: /tmp/darwinports-tests/opt/local/etc/ports/sources.conf
test: clean /tmp/darwinports-tests/opt/local/etc/ports/sources.conf
@for subdir in $(SUBDIR); do\
echo ===\> test ${DIRPRFX}$$subdir; \
if [ -e ${DIRPRFX}$$subdir/Makefile ]; then \
@@ -38,7 +38,7 @@ test: /tmp/darwinports-tests/opt/local/etc/ports/sources.conf
if [ -s difference ]; then \
exit 1; \
else \
rm -f difference; \
rm -f difference output.sed; \
fi) \
fi || exit 1; \
done
@@ -8,11 +8,13 @@ $(bindir)/port:

test:
@PORTSRC=$(PORTSRC) $(bindir)/port clean > /dev/null
@touch delete-trace
@PORTSRC=$(PORTSRC) $(bindir)/port -t test > output 2>&1 || (cat output; exit 1)
@rm -f delete-trace
@sed -e "s|${PWD}|PWD|g" < output > output.sed
@diff output.sed master 2>&1 | tee difference
@if [ -s difference ]; then \
exit 1; \
else \
rm -f difference; \
rm -f difference output.sed; \
fi
@@ -1,4 +1,4 @@
# $Id: Portfile,v 1.2 2006/07/24 05:55:44 pguyot Exp $
# $Id: Portfile,v 1.3 2006/07/25 04:01:34 pguyot Exp $

PortSystem 1.0
name trace
@@ -19,6 +19,7 @@ build {}
destroot {}

test {
catch {system "rm -f hello-trace && touch hello-trace && rm hello-trace"}
catch {system "rm -f create-trace && touch create-trace && rm create-trace"}
catch {system "rm delete-trace"}
catch {system "rm -f /tmp/hello-trace && /tmp/hello-trace && rm /tmp/hello-trace"}
}
@@ -4,4 +4,5 @@
---> Configuring trace
---> Building trace with target all
---> Testing trace
Warning: A file creation/writing was attempted outside sandbox: PWD/hello-trace
Warning: A file creation/deletion/modification was attempted outside sandbox: PWD/create-trace
Warning: A file creation/deletion/modification was attempted outside sandbox: PWD/delete-trace

0 comments on commit 173ab07

Please sign in to comment.
You can’t perform that action at this time.