def test_get_names(self): syscalls = cStringIO.StringIO( textwrap.dedent("""\ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,mips,x86 int fchown:fchown(int, uid_t, gid_t) arm64,mips,mips64,x86_64 """)) whitelist = cStringIO.StringIO( textwrap.dedent("""\ ssize_t read(int, void*, size_t) all """)) syscall_files = [syscalls, whitelist] names = genseccomp.get_names(syscall_files, "arm") for f in syscall_files: f.seek(0) names64 = genseccomp.get_names(syscall_files, "arm64") self.assertIn("fchown", names64) self.assertNotIn("fchown", names) self.assertIn("_llseek", names) self.assertNotIn("_llseek", names64) self.assertIn("read", names) self.assertIn("read", names64)
def test_get_names(self): bionic = cStringIO.StringIO( textwrap.dedent("""\ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86 int fchown:fchown(int, uid_t, gid_t) arm64,x86_64 """)) whitelist = cStringIO.StringIO( textwrap.dedent("""\ ssize_t read(int, void*, size_t) all """)) empty = cStringIO.StringIO(textwrap.dedent("""\ """)) names = genseccomp.get_names([bionic, whitelist, empty], "arm") bionic.seek(0) whitelist.seek(0) empty.seek(0) names64 = genseccomp.get_names([bionic, whitelist, empty], "arm64") bionic.seek(0) whitelist.seek(0) empty.seek(0) self.assertIn("fchown", names64) self.assertNotIn("fchown", names) self.assertIn("_llseek", names) self.assertNotIn("_llseek", names64) self.assertIn("read", names) self.assertIn("read", names64) # Blacklist item must be in bionic blacklist = cStringIO.StringIO( textwrap.dedent("""\ int fchown2:fchown2(int, uid_t, gid_t) arm64,x86_64 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([bionic, whitelist, blacklist], "arm") bionic.seek(0) whitelist.seek(0) blacklist.seek(0) # Test blacklist item is removed blacklist = cStringIO.StringIO( textwrap.dedent("""\ int fchown:fchown(int, uid_t, gid_t) arm64,x86_64 """)) names = genseccomp.get_names([bionic, whitelist, blacklist], "arm64") bionic.seek(0) whitelist.seek(0) blacklist.seek(0) self.assertIn("read", names) self.assertNotIn("fchown", names) # Blacklist item must not be in whitelist whitelist = cStringIO.StringIO( textwrap.dedent("""\ int fchown:fchown(int, uid_t, gid_t) arm64,x86_64 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([empty, whitelist, blacklist], "arm") empty.seek(0) whitelist.seek(0) blacklist.seek(0) # No dups in bionic and whitelist whitelist = cStringIO.StringIO( textwrap.dedent("""\ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([bionic, whitelist, empty], "arm") bionic.seek(0) whitelist.seek(0) empty.seek(0)
def test_get_names(self): bionic = cStringIO.StringIO(textwrap.dedent("""\ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,mips,x86 int fchown:fchown(int, uid_t, gid_t) arm64,mips,mips64,x86_64 """)) whitelist = cStringIO.StringIO(textwrap.dedent("""\ ssize_t read(int, void*, size_t) all """)) empty = cStringIO.StringIO(textwrap.dedent("""\ """)) names = genseccomp.get_names([bionic, whitelist, empty], "arm") bionic.seek(0) whitelist.seek(0) empty.seek(0) names64 = genseccomp.get_names([bionic, whitelist, empty], "arm64") bionic.seek(0) whitelist.seek(0) empty.seek(0) self.assertIn("fchown", names64) self.assertNotIn("fchown", names) self.assertIn("_llseek", names) self.assertNotIn("_llseek", names64) self.assertIn("read", names) self.assertIn("read", names64) # Blacklist item must be in bionic blacklist = cStringIO.StringIO(textwrap.dedent("""\ int fchown2:fchown2(int, uid_t, gid_t) arm64,mips,mips64,x86_64 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([bionic, whitelist, blacklist], "arm") bionic.seek(0) whitelist.seek(0) blacklist.seek(0) # Test blacklist item is removed blacklist = cStringIO.StringIO(textwrap.dedent("""\ int fchown:fchown(int, uid_t, gid_t) arm64,mips,mips64,x86_64 """)) names = genseccomp.get_names([bionic, whitelist, blacklist], "arm64") bionic.seek(0) whitelist.seek(0) blacklist.seek(0) self.assertIn("read", names) self.assertNotIn("fchown", names) # Blacklist item must not be in whitelist whitelist = cStringIO.StringIO(textwrap.dedent("""\ int fchown:fchown(int, uid_t, gid_t) arm64,mips,mips64,x86_64 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([empty, whitelist, blacklist], "arm") empty.seek(0) whitelist.seek(0) blacklist.seek(0) # No dups in bionic and whitelist whitelist = cStringIO.StringIO(textwrap.dedent("""\ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,mips,x86 """)) with self.assertRaises(RuntimeError): genseccomp.get_names([bionic, whitelist, empty], "arm") bionic.seek(0) whitelist.seek(0) empty.seek(0)