syscalls/execveat/execveat03.c

f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later
f08c3bdfSopenharmony_ci/*
f08c3bdfSopenharmony_ci * Copyright (C) 2018 MediaTek Inc.  All Rights Reserved.
f08c3bdfSopenharmony_ci * Author: Eddie Horng <eddie.horng@mediatek.com>
f08c3bdfSopenharmony_ci *
f08c3bdfSopenharmony_ci * Check if an unlinked executable can run in overlayfs mount.
f08c3bdfSopenharmony_ci *
f08c3bdfSopenharmony_ci * The regression is introduced from 8db6c34f1dbc ("Introduce v3
f08c3bdfSopenharmony_ci * namespaced file capabilities"). in security/commoncap.c,
f08c3bdfSopenharmony_ci * cap_inode_getsecurity() use d_find_alias() cause unhashed dentry
f08c3bdfSopenharmony_ci * can't be found. The solution could use d_find_any_alias() instead
f08c3bdfSopenharmony_ci * of d_find_alias().
f08c3bdfSopenharmony_ci *
f08c3bdfSopenharmony_ci * Starting with kernel 4.14, this case fails, execveat shall returns EINVAL.
f08c3bdfSopenharmony_ci *
f08c3bdfSopenharmony_ci * This has been fixed by:
f08c3bdfSopenharmony_ci * 355139a8dba4 ("cap_inode_getsecurity: use d_find_any_alias()
f08c3bdfSopenharmony_ci * instead of d_find_alias()")
f08c3bdfSopenharmony_ci */
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci#define _GNU_SOURCE
f08c3bdfSopenharmony_ci#include "config.h"
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci#include <stdio.h>
f08c3bdfSopenharmony_ci#include <stdlib.h>
f08c3bdfSopenharmony_ci#include <sys/stat.h>
f08c3bdfSopenharmony_ci#include <sys/types.h>
f08c3bdfSopenharmony_ci#include <errno.h>
f08c3bdfSopenharmony_ci#include <string.h>
f08c3bdfSopenharmony_ci#include <sys/syscall.h>
f08c3bdfSopenharmony_ci#include <sys/mount.h>
f08c3bdfSopenharmony_ci#include "tst_test.h"
f08c3bdfSopenharmony_ci#include "lapi/execveat.h"
f08c3bdfSopenharmony_ci#include "lapi/fcntl.h"
f08c3bdfSopenharmony_ci#include "execveat.h"
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci#define TEST_APP "execveat_child"
f08c3bdfSopenharmony_ci#define TEST_FILE_PATH OVL_MNT"/"TEST_APP
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_cistatic const char mntpoint[] = OVL_BASE_MNTPOINT;
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_cistatic void do_child(void)
f08c3bdfSopenharmony_ci{
f08c3bdfSopenharmony_ci	char *argv[2] = {TEST_FILE_PATH, NULL};
f08c3bdfSopenharmony_ci	int fd;
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci	SAFE_CP(TEST_APP, TEST_FILE_PATH);
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci	fd = SAFE_OPEN(TEST_FILE_PATH, O_PATH);
f08c3bdfSopenharmony_ci	SAFE_UNLINK(TEST_FILE_PATH);
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci	TEST(execveat(fd, "", argv, environ, AT_EMPTY_PATH));
f08c3bdfSopenharmony_ci	tst_res(TFAIL | TTERRNO, "execveat() returned unexpected errno");
f08c3bdfSopenharmony_ci}
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_cistatic void verify_execveat(void)
f08c3bdfSopenharmony_ci{
f08c3bdfSopenharmony_ci	pid_t pid;
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_ci	pid = SAFE_FORK();
f08c3bdfSopenharmony_ci	if (pid == 0)
f08c3bdfSopenharmony_ci		do_child();
f08c3bdfSopenharmony_ci}
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_cistatic void setup(void)
f08c3bdfSopenharmony_ci{
f08c3bdfSopenharmony_ci	check_execveat();
f08c3bdfSopenharmony_ci}
f08c3bdfSopenharmony_ci
f08c3bdfSopenharmony_cistatic struct tst_test test = {
f08c3bdfSopenharmony_ci	.needs_root = 1,
f08c3bdfSopenharmony_ci	.mount_device = 1,
f08c3bdfSopenharmony_ci	.needs_overlay = 1,
f08c3bdfSopenharmony_ci	.mntpoint = mntpoint,
f08c3bdfSopenharmony_ci	.forks_child = 1,
f08c3bdfSopenharmony_ci	.child_needs_reinit = 1,
f08c3bdfSopenharmony_ci	.setup = setup,
f08c3bdfSopenharmony_ci	.test_all = verify_execveat,
f08c3bdfSopenharmony_ci	.resource_files = (const char *const []) {
f08c3bdfSopenharmony_ci		TEST_APP,
f08c3bdfSopenharmony_ci		NULL
f08c3bdfSopenharmony_ci	},
f08c3bdfSopenharmony_ci	.tags = (const struct tst_tag[]) {
f08c3bdfSopenharmony_ci		{"linux-git", "8db6c34f1dbc"},
f08c3bdfSopenharmony_ci		{"linux-git", "355139a8dba4"},
f08c3bdfSopenharmony_ci		{}
f08c3bdfSopenharmony_ci	}
f08c3bdfSopenharmony_ci};