From patchwork Thu Oct 27 14:22:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9399499 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D680A6059C for ; Thu, 27 Oct 2016 14:25:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC7652A274 for ; Thu, 27 Oct 2016 14:25:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B14942A2F2; Thu, 27 Oct 2016 14:25:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 897B72A2F9 for ; Thu, 27 Oct 2016 14:25:44 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,404,1473120000"; d="scan'208";a="328389" IronPort-PHdr: =?us-ascii?q?9a23=3AvLmirRQq7Wyi38AEx0z3cV1nxdpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64YB2N2/xhgRfzUJnB7Loc0qyN4vqmBjVLv8nJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/mjabtotaNPE1hv3mUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?= =?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FiFf0LRAghZns44MztqAnr?= =?us-ascii?q?URqE5nxaVH4f1BVPHVvr9hb/C6ztvzP6u+w14yyTOcn7XPhgQji5x7t6Qx/vzi?= =?us-ascii?q?EcPng293+B2Z84t75SvB/0/083+IXTeozAcaAmcw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2G6BgChDRJY/wHyM5BcGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?Bgn8BAQEBAR2BRQULrBSOXyaIA1MBAQEBAQEBAQIBAl8oQhIBgV4EAxMFghgCN?= =?us-ascii?q?w0HIAsDAwkCFykICAMBHRAVHwsFGASIGQMXt22EAQ2DeyWNWYFQAhEBaIUTBZl?= =?us-ascii?q?hNYk1g0kBgyQCigeFeQJJiCiIG1RRBgiDGxyBblaFCIEfDxdhgTEBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 27 Oct 2016 14:24:21 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9REKnYr027166; Thu, 27 Oct 2016 10:21:46 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u9REKkvf117681 for ; Thu, 27 Oct 2016 10:20:46 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9REKb0P027121; Thu, 27 Oct 2016 10:20:37 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH] selinux-testsuite: mmap: add shmat SHM_EXEC test Date: Thu, 27 Oct 2016 10:22:21 -0400 Message-Id: <1477578141-13143-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley , toiwoton@gmail.com MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Topi Miettinen asked whether execmem should disable shmat(...,SHM_EXEC) and provided a test program for it. SELinux does check execmem in this case already via the security_mmap_file hook call in do_shmat(), but this test is useful to ensure we do not regress in this area. Modified the test program to test for shmget() failure since that is possible and would render the shmat() test moot, and to remove the arch-specific portion since we are only testing SELinux enforcement during shmat() itself, not the subsequent ability to execute the code and since the selinux-testsuite is run on multiple architectures. The test program is run twice by the test script, once in a domain that is allowed execmem and once in a domain that is not, in order to ensure that it succeeds in the former case and fails in the latter, as we do for all of the tests. Suggested-by: Topi Miettinen Signed-off-by: Stephen Smalley --- tests/mmap/shmat.c | 26 ++++++++++++++++++++++++++ tests/mmap/test | 8 +++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 tests/mmap/shmat.c diff --git a/tests/mmap/shmat.c b/tests/mmap/shmat.c new file mode 100644 index 0000000..4467d64 --- /dev/null +++ b/tests/mmap/shmat.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include +#include + +int main(void) +{ + int shmid, rc = 0; + char *execmem; + + shmid = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777); + if (shmid < 0) { + perror("shmget"); + exit(1); + } + execmem = shmat(shmid, 0, SHM_EXEC); + if (execmem == ((void *) -1)) { + perror("shmat SHM_EXEC"); + rc = 1; + } else { + shmdt(execmem); + } + shmctl(shmid, IPC_RMID, 0); + exit(rc); +} diff --git a/tests/mmap/test b/tests/mmap/test index 1e16db0..831a854 100755 --- a/tests/mmap/test +++ b/tests/mmap/test @@ -1,7 +1,7 @@ #!/usr/bin/perl use Test; -BEGIN { plan tests => 44} +BEGIN { plan tests => 46} $basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|; @@ -150,6 +150,12 @@ ok($result); system "echo 0 > /proc/sys/vm/nr_hugepages"; +# Test success and failure for execmem on shmat SHM_EXEC. +$result = system "runcon -t test_execmem_t $basedir/shmat"; +ok($result, 0); +$result = system "runcon -t test_no_execmem_t $basedir/shmat 2>&1"; +ok($result); + # Clean up from prior runs. system "rm -f $basedir/temp_file";