Google Git
Sign in
android / platform / cts / 7e18a83ced36e13e0c67bc49b0a439ecef0fd28c / . / hostsidetests / seccomp / app / jni / android_seccomp_cts_app_SeccompDeviceTest.cpp
blob: 094beb2ba8a327ce3485bc43c70bc77931709eb8 [file] [log] [blame]
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <jni.h>
#define LOG_TAG "SeccompTest"
#include <cutils/log.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <err.h>
#include <sys/ptrace.h>
#include <stdlib.h>
#include <linux/elf.h>
#define EXIT_VULNERABLE 113
/*
* Function: testSyscallBlocked
* Purpose: test that the syscall listed is blocked by seccomp
* Parameters:
* nr: syscall number
* Returns:
* 1 if blocked, else 0
* Exceptions: None
*/
static jboolean testSyscallBlocked(JNIEnv *, jobject, int nr) {
int pid = fork();
if (pid == 0) {
ALOGI("Calling syscall %d", nr);
syscall(nr);
return false;
} else {
int status;
int ret = waitpid(pid, &status, 0);
if (ret != pid) {
ALOGE("Unexpected return result from waitpid");
return false;
}
if (WIFEXITED(status)) {
ALOGE("syscall was not blocked");
return false;
}
if (WIFSIGNALED(status)) {
int signal = WTERMSIG(status);
if (signal == 31) {
ALOGI("syscall caused process termination");
return true;
}
ALOGE("Unexpected signal");
return false;
}
ALOGE("Unexpected status from syscall_exists");
return false;
}
}
jboolean testPtrace_CVE_2019_2054(JNIEnv* env, jobject thiz) {
(void) env;
(void) thiz;
pid_t my_pid = -1;
pid_t child = fork();
switch (child) {
case -1:
return true;
case 0:
ALOGE("child");
my_pid = getpid();
while (true) {
errno = 0;
int res = syscall(__NR_gettid, 0, 0);
if (res != my_pid) {
exit(EXIT_VULNERABLE);
}
}
return true;
default:
sleep(1);
if (ptrace(PTRACE_ATTACH, child, NULL, NULL)) {
err(1, "main() : ptrace attach");
return true;
}
int status;
if (waitpid(child, &status, 0) != child) {
err(1, "main() : wait for child");
return true;
}
if (ptrace(PTRACE_SYSCALL, child, NULL, NULL)) {
err(1, "main() : ptrace syscall entry");
return true;
}
if (waitpid(child, &status, 0) != child) {
err(1, "main() : wait for child");
return true;
}
int syscallno;
struct iovec iov = {.iov_base = &syscallno, .iov_len = sizeof(syscallno)};
if (ptrace(PTRACE_GETREGSET, child, NT_ARM_SYSTEM_CALL, &iov)) {
err(1, "main() : ptrace getregs");
return true;
}
if (syscallno != __NR_gettid) {
err(1, "main() : not gettid");
return true;
}
syscallno = __NR_swapon;
if (ptrace(PTRACE_SETREGSET, child, NT_ARM_SYSTEM_CALL, &iov)) {
err(1, "main() : ptrace setregs");
return true;
}
if (ptrace(PTRACE_DETACH, child, NULL, NULL)) {
err(1, "main() : ptrace syscall");
return true;
}
// kill child process
int killRet = kill(child, SIGCONT);
if (killRet == -1) {
printf(
"main() : killing child process(%d) with SIGCONT on error (%s)\n",
child, strerror(errno));
}
// wait for child process stop
int waitPid = waitpid(child, &status, 0);
if (waitPid == -1) {
perror("main() waitpid: waitpid = -1 and continue wait");
return true;
}
if (WIFEXITED(status)) {
// detected vulnarable exit status of child process
return WEXITSTATUS(status) != EXIT_VULNERABLE;
}
break;
}
return true;
}
static JNINativeMethod gMethods[] = {
{ "testSyscallBlocked", "(I)Z",
(void*) testSyscallBlocked },
{ "testPtrace_CVE_2019_2054", "()Z",
(void *) testPtrace_CVE_2019_2054 },
};
int register_android_seccomp_cts_app_SeccompTest(JNIEnv* env)
{
jclass clazz = env->FindClass("android/seccomp/cts/app/SeccompDeviceTest");
return env->RegisterNatives(clazz, gMethods,
sizeof(gMethods) / sizeof(JNINativeMethod));
}