mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2024-05-18 03:22:40 +00:00
Code Issues Projects Releases Wiki Activity
cosmopolitan/test/tool/build/pledge_test.sh
Justine Tunney a6baba1b07
Stop using .com extension in monorepo 
The WIN32 CreateProcess() function does not require an .exe or .com
suffix in order to spawn an executable. Now that we have Cosmo bash
we're no longer so dependent on the cmd.exe prompt.
2024-03-03 03:12:19 -08:00

178 lines
5 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
m=tinylinux
t=/tmp/pledge-test
if [ $# = 0 ]; then
if ! [ $(id -u) = 0 ]; then
make -j16 MODE=fastbuild \
o/fastbuild/examples/ls \
o/fastbuild/tool/curl/curl \
o/fastbuild/examples/life \
o/fastbuild/examples/hello \
o/fastbuild/examples/printargs \
o/fastbuild/tool/build/assimilate \
o/fastbuild/tool/build/pledge || exit
make -j16 MODE=$m \
o/$m/examples/ls \
o/$m/tool/curl/curl \
o/$m/examples/life \
o/$m/examples/hello \
o/$m/examples/printargs \
o/$m/tool/build/assimilate \
o/$m/tool/build/pledge || exit
test/tool/build/pledge_test.sh ape_binfmt_test_suite || exit
test/tool/build/pledge_test.sh ape_loader_test_suite || exit
test/tool/build/pledge_test.sh ape_assimilated_test_suite || exit
test/tool/build/pledge_test.sh ape_native_test_suite || exit
sudo test/tool/build/pledge_test.sh setuid_setup || exit
test/tool/build/pledge_test.sh setuid_test_suite || exit
else
echo need to run as an unprivileged user with sudo access >&2
exit 1
fi
fi
check() {
if [ $? = 0 ]; then
printf '\e[32mok\e[0m\n'
else
echo failed >&2
exit 1
fi
}
startit() {
printf 'testing %-30s ' "$*" >&2
}
checkem() {
if [ $? = 0 ]; then
printf '\e[1;32mOK\e[0m\n'
else
printf '\e[1;31mFAILED\e[0m\n'
exit 1
fi
}
if [ "$1" = setuid_setup ]; then
rm -rf $t || exit
mkdir -p $t || exit
chmod 01777 $t || exit
cp o/$m/tool/build/pledge $t || exit
chmod 06755 $t/pledge || exit
elif [ "$1" = ape_binfmt_test_suite ]; then
ape/apeinstall.sh >/dev/null 2>&1
startit ape binfmt life
o/fastbuild/tool/build/pledge -p 'stdio rpath prot_exec' o/fastbuild/examples/life
[ $? = 42 ]
checkem
startit ape binfmt hello
[ "$(o/fastbuild/tool/build/pledge -p 'stdio rpath prot_exec' o/fastbuild/examples/hello)" = "hello world" ]
checkem
startit ape binfmt curl
[ "$(o/fastbuild/tool/build/pledge -p 'stdio inet dns rpath prot_exec' o/fastbuild/tool/curl/curl https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = ape_loader_test_suite ]; then
ape/apeuninstall.sh >/dev/null 2>&1
startit ape loader life
o/fastbuild/tool/build/pledge -p 'stdio rpath prot_exec' o/fastbuild/examples/life
[ $? = 42 ]
checkem
startit ape loader hello
[ "$(o/fastbuild/tool/build/pledge -p 'stdio rpath prot_exec' o/fastbuild/examples/hello)" = "hello world" ]
checkem
startit ape loader curl
[ "$(o/fastbuild/tool/build/pledge -p 'stdio inet dns rpath prot_exec' o/fastbuild/tool/curl/curl https://justine.lol/hello.txt)" = "hello world" ]
checkem
ape/apeinstall.sh >/dev/null 2>&1
elif [ "$1" = ape_assimilated_test_suite ]; then
mkdir -p $t/assimilated
startit ape assimilated life
cp o/fastbuild/examples/life $t/assimilated
o/fastbuild/tool/build/assimilate $t/assimilated/life
o/$m/tool/build/pledge -p 'stdio' $t/assimilated/life
[ $? = 42 ]
checkem
startit ape assimilated hello
cp o/fastbuild/examples/hello $t/assimilated
o/fastbuild/tool/build/assimilate $t/assimilated/hello
[ "$(o/$m/tool/build/pledge -p 'stdio' $t/assimilated/hello)" = "hello world" ]
checkem
startit ape assimilated curl
cp o/fastbuild/tool/curl/curl $t/assimilated
o/fastbuild/tool/build/assimilate $t/assimilated/curl
[ "$(o/$m/tool/build/pledge -p 'stdio rpath inet dns' $t/assimilated/curl https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = ape_native_test_suite ]; then
startit ape native life
o/$m/tool/build/pledge -p 'stdio' o/$m/examples/life
[ $? = 42 ]
checkem
startit ape native hello
[ "$(o/$m/tool/build/pledge -p 'stdio' o/$m/examples/hello)" = "hello world" ]
checkem
startit ape native curl
[ "$(o/$m/tool/build/pledge -p 'stdio rpath inet dns' o/$m/tool/curl/curl https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = setuid_test_suite ]; then
startit setuid life
$t/pledge -p 'stdio' o/$m/examples/life
[ $? = 42 ]
checkem
startit setuid hello
[ "$($t/pledge -p 'stdio' o/$m/examples/hello)" = "hello world" ]
checkem
startit setuid curl
[ "$($t/pledge -p 'stdio rpath inet dns' o/$m/tool/curl/curl https://justine.lol/hello.txt)" = "hello world" ]
checkem
startit setuid getuid
[ "$($t/pledge -p 'stdio rpath proc tty' o/$m/examples/printargs 2>&1 | grep getuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
checkem
startit setuid geteuid
[ "$($t/pledge -p 'stdio rpath proc tty' o/$m/examples/printargs 2>&1 | grep geteuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
checkem
startit setuid no capabilities
[ "$($t/pledge -p 'stdio rpath proc tty' o/$m/examples/printargs 2>&1 | grep CAP_ | wc -l)" = 0 ]
checkem
startit setuid maximum nice
$t/pledge -np 'stdio rpath proc tty' o/$m/examples/printargs 2>&1 | grep SCHED_IDLE >/dev/null
checkem
startit setuid chroot
mkdir $t/jail &&
touch $t/jail/hi &&
cp o/$m/examples/ls $t/jail &&
$t/pledge -v / -c $t/jail -p 'stdio rpath' /ls / | grep 'DT_REG /hi' >/dev/null
checkem
fi
Reference in a new issue View git blame Copy permalink