On Mon, Sep 15, 2014 at 02:55:58PM -0500, Tyler Hicks wrote: > Update unix_socket and unix_socket_client to use setsockopt() in order > to set send and receive timeouts for socket IO operations. This takes > the place of poll(). Poll() was not being used for all potentially > blocking socket operations which could have resulted in test cases > blocking infinitely. > > This also has the nice side effect of using getsockopt() and > setsockopt(). These are AppArmor mediation points in kernel ABI v7 so it > is worthwhile to test the calls while under confinement. > > This patch updates the existing v7 policy generation to allow the getopt > and setopt accesses. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> > Acked-by: Seth Arnold <seth.arn...@canonical.com>
Acked-by: Steve Beattie <st...@nxnw.org> Not necessary before committing, but can you shove get_set_sock_io_timeo() into a socket_common.h header or somesuch, to reduce code duplication? > --- > tests/regression/apparmor/unix_socket.c | 43 > +++++++++++++++++------ > tests/regression/apparmor/unix_socket_client.c | 34 ++++++++++++++++++ > tests/regression/apparmor/unix_socket_pathname.sh | 4 ++- > 3 files changed, 69 insertions(+), 12 deletions(-) > > diff --git a/tests/regression/apparmor/unix_socket.c > b/tests/regression/apparmor/unix_socket.c > index cd492e3..34d1b9e 100644 > --- a/tests/regression/apparmor/unix_socket.c > +++ b/tests/regression/apparmor/unix_socket.c > @@ -14,7 +14,6 @@ > * along with this program; if not, contact Canonical Ltd. > */ > > -#include <poll.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > @@ -81,10 +80,39 @@ static int connectionless_messaging(int sock, char > *msg_buf, size_t msg_buf_len) > return 0; > } > > +static int get_set_sock_io_timeo(int sock) > +{ > + struct timeval tv; > + socklen_t tv_len = sizeof(tv); > + int rc; > + > + rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len); > + if (rc == -1) { > + perror("FAIL - getsockopt"); > + return 1; > + } > + > + tv.tv_sec = 1; > + tv.tv_usec = 0; > + > + rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len); > + if (rc == -1) { > + perror("FAIL - setsockopt (SO_RCVTIMEO)"); > + return 1; > + } > + > + rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len); > + if (rc == -1) { > + perror("FAIL - setsockopt (SO_SNDTIMEO)"); > + return 1; > + } > + > + return 0; > +} > + > int main (int argc, char *argv[]) > { > struct sockaddr_un addr; > - struct pollfd pfd; > char msg_buf[MSG_BUF_MAX]; > size_t msg_buf_len; > const char *sun_path; > @@ -172,16 +200,9 @@ int main (int argc, char *argv[]) > exit(1); > } > > - pfd.fd = sock; > - pfd.events = POLLIN; > - rc = poll(&pfd, 1, 500); > - if (rc < 0) { > - perror("FAIL - poll"); > - exit(1); > - } else if (!rc) { > - fprintf(stderr, "FAIL - poll timed out\n"); > + rc = get_set_sock_io_timeo(sock); > + if (rc) > exit(1); > - } > > rc = (type & SOCK_STREAM || type & SOCK_SEQPACKET) ? > connection_based_messaging(sock, msg_buf, msg_buf_len) : > diff --git a/tests/regression/apparmor/unix_socket_client.c > b/tests/regression/apparmor/unix_socket_client.c > index d7d5510..bda7db6 100644 > --- a/tests/regression/apparmor/unix_socket_client.c > +++ b/tests/regression/apparmor/unix_socket_client.c > @@ -78,6 +78,36 @@ static int connectionless_messaging(int sock) > return 0; > } > > +static int get_set_sock_io_timeo(int sock) > +{ > + struct timeval tv; > + socklen_t tv_len = sizeof(tv); > + int rc; > + > + rc = getsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, &tv_len); > + if (rc == -1) { > + perror("FAIL - getsockopt"); > + return 1; > + } > + > + tv.tv_sec = 1; > + tv.tv_usec = 0; > + > + rc = setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, tv_len); > + if (rc == -1) { > + perror("FAIL - setsockopt (SO_RCVTIMEO)"); > + return 1; > + } > + > + rc = setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, tv_len); > + if (rc == -1) { > + perror("FAIL - setsockopt (SO_SNDTIMEO)"); > + return 1; > + } > + > + return 0; > +} > + > int main(int argc, char *argv[]) > { > struct sockaddr_un peer_addr; > @@ -131,6 +161,10 @@ int main(int argc, char *argv[]) > exit(1); > } > > + rc = get_set_sock_io_timeo(sock); > + if (rc) > + exit(1); > + > rc = connect(sock, (struct sockaddr *)&peer_addr, > sun_path_len + sizeof(peer_addr.sun_family)); > if (rc < 0) { > diff --git a/tests/regression/apparmor/unix_socket_pathname.sh > b/tests/regression/apparmor/unix_socket_pathname.sh > index 45d74b9..17ed855 100755 > --- a/tests/regression/apparmor/unix_socket_pathname.sh > +++ b/tests/regression/apparmor/unix_socket_pathname.sh > @@ -46,9 +46,11 @@ if [ "$(have_features policy/versions/v7)" == "true" ] ; > then > fi > > # af_unix support requires 'unix create' to call socket() > +# af_unix support requires 'unix getopt' to call getsockopt() > +# af_unix support requires 'unix setopt' to call setsockopt() > af_unix= > if [ "$(have_features network/af_unix)" == "true" ] ; then > - af_unix="unix:create" > + af_unix="unix:(create,getopt,setopt)" > fi > > okclient=rw -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor