From patchwork Thu Aug 11 17:52:13 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Smalley <sds@tycho.nsa.gov>
X-Patchwork-Id: 9275725
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BC88B6022E for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 11 Aug 2016 17:50:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ADB6A2876D
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 11 Aug 2016 17:50:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9CE602876F; Thu, 11 Aug 2016 17:50:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E5A9A2876D
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 11 Aug 2016 17:50:42 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.28,506,1464652800"; d="scan'208";a="18410406"
IronPort-PHdr: =?us-ascii?q?9a23=3AOLREUhy73l8z1AXXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0e0TIJqq85mqBkHD//Il1AaPBtSCraobwLOP6eigATVGusfZ9ihaMdRlbFwssY?=
	=?us-ascii?q?0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk2sfTR8?=
	=?us-ascii?q?Kum9IIPOlcP/j7n0oMyKJV0Xz2PkO/sydEzw9lSJ8JFOwMNLEeUY8lPxuHxGeu?=
	=?us-ascii?q?BblytDBGm4uFLC3Pq254Np6C9KuvgspIZqWKT+eLkkH/QDVGx1e10v4IXXkTWL?=
	=?us-ascii?q?DU7VvjpPGlkRxwFFBwnD8QHSQob6siy8sPF0niadI57YV7cxDA++4r9rRRmgsy?=
	=?us-ascii?q?IOMzo04SmDkcBrpL5KqxKm4RpkysjbZ5/DZ6k2Rb/UYd5PHTkJZc1WTSEUR9nk?=
	=?us-ascii?q?Yg=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2EOBAD2uaxX/wHyM5BeGgEBAQGDJ4FDD7R1hi4gh2hMAQE?=
	=?us-ascii?q?BAQEBAgJaJ4IyBAMRghwCNw0HIAsDAwkCFykICAMBLRUfCwUYBIgQtQmLPyWPC?=
	=?us-ascii?q?REBhXcFmTyPFAKJaoVVAkiPZVSBTUUcgWhShUGBNgEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 11 Aug 2016 17:50:40 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7BHoEPP027114;
	Thu, 11 Aug 2016 13:50:20 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u7BHoDXn122360 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 11 Aug 2016 13:50:13 -0400
Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto
	[192.168.25.131])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u7BHoDRk027107; Thu, 11 Aug 2016 13:50:13 -0400
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH] selinux-testsuite: mmap: test personality(READ_IMPLIES_EXEC)
Date: Thu, 11 Aug 2016 13:52:13 -0400
Message-Id: <1470937933-2194-1-git-send-email-sds@tycho.nsa.gov>
X-Mailer: git-send-email 2.7.4
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

Add a couple of tests to confirm that SELinux exec* checking
is applied when the program calls personality(READ_IMPLIES_EXEC)
and then calls mmap() or mprotect() without explicit PROT_EXEC.

This presumes that /sys/fs/selinux/checkreqprot == 0; otherwise,
these tests will fail.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 tests/mmap/mmap_file_shared.c | 35 +++++++++++++++++++++++++++--------
 tests/mmap/mprotect_stack.c   | 28 +++++++++++++++++++++++++---
 tests/mmap/test               | 14 +++++++++++++-
 3 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/tests/mmap/mmap_file_shared.c b/tests/mmap/mmap_file_shared.c
index e64ec5f..ad349a4 100644
--- a/tests/mmap/mmap_file_shared.c
+++ b/tests/mmap/mmap_file_shared.c
@@ -4,25 +4,44 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/mman.h>
+#include <sys/personality.h>
+
+void usage(const char *progname)
+{
+	fprintf(stderr, "usage: %s [-r] file\n", progname);
+	exit(1);
+}
 
 int main(int argc, char **argv)
 {
 	char *ptr;
-	int fd;
+	int fd, opt, prot = PROT_READ | PROT_WRITE | PROT_EXEC;
 
-	if (argc != 2) {
-		fprintf(stderr, "usage: %s file\n", argv[0]);
-		exit(1);
+	while ((opt = getopt(argc, argv, "r")) != -1) {
+		switch (opt) {
+		case 'r':
+			if (personality(READ_IMPLIES_EXEC) == -1) {
+				perror("personality");
+				exit(1);
+			}
+			prot &= ~PROT_EXEC;
+			break;
+		default:
+			usage(argv[0]);
+			break;
+		}
 	}
 
-	fd = open(argv[1], O_RDWR);
+	if ((argc - optind) != 1)
+		usage(argv[0]);
+
+	fd = open(argv[optind], O_RDWR);
 	if (fd < 0) {
-		perror(argv[1]);
+		perror(argv[optind]);
 		exit(1);
 	}
 
-	ptr = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC,
-		   MAP_SHARED, fd, 0);
+	ptr = mmap(NULL, 4096, prot, MAP_SHARED, fd, 0);
 	if (ptr == MAP_FAILED) {
 		perror("mmap");
 		close(fd);
diff --git a/tests/mmap/mprotect_stack.c b/tests/mmap/mprotect_stack.c
index 0d5a628..002bf58 100644
--- a/tests/mmap/mprotect_stack.c
+++ b/tests/mmap/mprotect_stack.c
@@ -3,17 +3,39 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/mman.h>
+#include <sys/personality.h>
 
-int main(void)
+void usage(const char *progname)
+{
+	fprintf(stderr, "usage: %s [-r]\n", progname);
+	exit(1);
+}
+
+int main(int argc, char **argv)
 {
 	char buf[4096];
-	int rc;
+	int rc, opt, prot = PROT_READ | PROT_WRITE | PROT_EXEC;
 	void *ptr;
 	long pagesize = sysconf(_SC_PAGESIZE);
 
+	while ((opt = getopt(argc, argv, "r")) != -1) {
+		switch (opt) {
+		case 'r':
+			if (personality(READ_IMPLIES_EXEC) == -1) {
+				perror("personality");
+				exit(1);
+			}
+			prot &= ~PROT_EXEC;
+			break;
+		default:
+			usage(argv[0]);
+			break;
+		}
+	}
+
 	ptr = (void *) (((unsigned long) buf) & ~(pagesize - 1));
 
-	rc = mprotect(ptr, pagesize, PROT_READ | PROT_WRITE | PROT_EXEC);
+	rc = mprotect(ptr, pagesize, prot);
 	if (rc < 0) {
 		perror("mprotect");
 		exit(1);
diff --git a/tests/mmap/test b/tests/mmap/test
index 6711ba7..1e16db0 100755
--- a/tests/mmap/test
+++ b/tests/mmap/test
@@ -1,7 +1,7 @@
 #!/usr/bin/perl
 
 use Test;
-BEGIN { plan tests => 40}
+BEGIN { plan tests => 44}
 
 $basedir = $0;  $basedir =~ s|(.*)/[^/]*|$1|;
 
@@ -68,6 +68,12 @@ ok($result, 0);
 $result = system "runcon -t test_execmem_t $basedir/mprotect_stack 2>&1";
 ok($result);
 
+# Repeat tests using personality(READ_IMPLIES_EXEC) instead of explicit PROT_EXEC.
+$result = system "runcon -t test_execstack_t -- $basedir/mprotect_stack -r";
+ok($result, 0);
+$result = system "runcon -t test_execmem_t -- $basedir/mprotect_stack -r 2>&1";
+ok($result);
+
 # Test success and failure for thread execstack, independent of execmem.
 $result = system "runcon -t test_execstack_t $basedir/mprotect_stack_thread pass";
 ok($result, 0);
@@ -80,6 +86,12 @@ ok($result, 0);
 $result = system "runcon -t test_file_rw_t $basedir/mmap_file_shared $basedir/temp_file 2>&1";
 ok($result);
 
+# Repeat tests using personality(READ_IMPLIES_EXEC) instead of explicit PROT_EXEC.
+$result = system "runcon -t test_file_rwx_t -- $basedir/mmap_file_shared -r $basedir/temp_file";
+ok($result, 0);
+$result = system "runcon -t test_file_rw_t -- $basedir/mmap_file_shared -r $basedir/temp_file 2>&1";
+ok($result);
+
 # Test success and failure for file execute on mprotect w/ file shared mapping.
 $result = system "runcon -t test_file_rwx_t $basedir/mprotect_file_shared $basedir/temp_file";
 ok($result, 0);