Test that isatty is being allowed by AllowTCGETS.

PiperOrigin-RevId: 239370864
Change-Id: Id98f3e5d8dceedb3cfbcd23b980e828f576d3e8d
This commit is contained in:
Sandboxed API Team 2019-03-20 04:10:57 -07:00 committed by Copybara-Service
parent 270491a0e7
commit c8a4131e74
2 changed files with 25 additions and 0 deletions

View File

@ -47,6 +47,7 @@ std::unique_ptr<Policy> PolicyTestcasePolicy() {
.AllowWrite()
.AllowSyscall(__NR_close)
.AllowSyscall(__NR_getppid)
.AllowTCGETS()
.BlockSyscallWithErrno(__NR_open, ENOENT)
.BlockSyscallWithErrno(__NR_openat, ENOENT)
.BlockSyscallWithErrno(__NR_access, ENOENT)
@ -140,6 +141,20 @@ TEST(PolicyTest, BpfDisallowed) {
EXPECT_THAT(result.reason_code(), Eq(__NR_bpf));
}
TEST(PolicyTest, IsattyAllowed) {
SKIP_SANITIZERS_AND_COVERAGE;
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
std::vector<std::string> args = {path, "6"};
auto executor = absl::make_unique<Executor>(path, args);
auto policy = PolicyTestcasePolicy();
Sandbox2 s2(std::move(executor), std::move(policy));
auto result = s2.Run();
ASSERT_THAT(result.final_status(), Eq(Result::OK));
}
std::unique_ptr<Policy> MinimalTestcasePolicy() {
return PolicyBuilder()
.AllowStaticStartup()

View File

@ -77,6 +77,13 @@ void TestBpf() {
exit(EXIT_FAILURE);
}
void TestIsatty() {
isatty(0);
printf("Syscall violation should have been discovered by now\n");
exit(EXIT_FAILURE);
}
int main(int argc, char** argv) {
// Disable buffering.
setbuf(stdin, nullptr);
@ -107,6 +114,9 @@ int main(int argc, char** argv) {
case 5:
TestBpf();
break;
case 6:
TestIsatty();
break;
default:
printf("Unknown test: %d\n", testno);
return EXIT_FAILURE;