Improve pledge() and unveil() further

- Fix getpriority()
- Add AT_MINSIGSTKSZ
- Fix bugs in BPF code
- Show more stuff in printargs.com
- Write manual test for pledge.com
- pledge() now generates tinier BPF code
- Have pledge("exec") only enable execve()
- Fix pledge.com chroot setuid functionality
- Improve pledge.com unveiling of ape loader

test/libc/calls/printargs_test.c

@@ -23,7 +23,7 @@
 #include "libc/x/x.h"
 
 __attribute__((__constructor__)) static void init(void) {
-  pledge("stdio rpath tty", 0);
+  pledge("stdio rpath tty proc", 0);
   errno = 0;
 }
 

test/libc/calls/sched_setscheduler_test.c

@@ -22,6 +22,7 @@
 #include "libc/dce.h"
 #include "libc/errno.h"
 #include "libc/intrin/kprintf.h"
+#include "libc/limits.h"
 #include "libc/runtime/runtime.h"
 #include "libc/sysv/consts/sched.h"
 #include "libc/testlib/testlib.h"
@@ -53,6 +54,10 @@ bool CanTuneRealtimeSchedulers(void) {
   }
 }
 
+TEST(sched_getscheduler, einval) {
+  ASSERT_SYS(IsLinux() ? EINVAL : ESRCH, -1, sched_getscheduler(INT_MIN));
+}
+
 TEST(sched_setscheduler, test) {
   struct sched_param p = {sched_get_priority_min(SCHED_OTHER)};
   EXPECT_SYS(0, DEFAULT_POLICY, sched_setscheduler(0, SCHED_OTHER, &p));

test/libc/mem/pledge_test.c

@@ -372,7 +372,6 @@ TEST(pledge, chmod_ignoresDangerBits) {
 TEST(pledge, open_rpath) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_SYS(0, 0, touch("foo", 0644));
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
@@ -389,7 +388,6 @@ TEST(pledge, open_rpath) {
 TEST(pledge, open_wpath) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_SYS(0, 0, touch("foo", 0644));
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
@@ -426,7 +424,6 @@ TEST(pledge, open_cpath) {
 TEST(pledge, sigaction_isFineButForbidsSigsys) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio", 0));
@@ -442,7 +439,6 @@ TEST(pledge, sigaction_isFineButForbidsSigsys) {
 TEST(pledge, execpromises_ok) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio"));
@@ -457,7 +453,6 @@ TEST(pledge, execpromises_ok) {
 TEST(pledge, execpromises_notok) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio"));
@@ -472,7 +467,6 @@ TEST(pledge, execpromises_notok) {
 TEST(pledge, execpromises_reducesAtExecOnLinux) {
   if (IsOpenbsd()) return;  // b/c testing linux bpf
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio inet tty exec", "stdio tty"));
@@ -487,7 +481,6 @@ TEST(pledge, execpromises_reducesAtExecOnLinux) {
 TEST(pledge_openbsd, execpromisesIsNull_letsItDoAnything) {
   if (!IsOpenbsd()) return;
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio exec", 0));
@@ -502,7 +495,6 @@ TEST(pledge_openbsd, execpromisesIsNull_letsItDoAnything) {
 TEST(pledge_openbsd, execpromisesIsSuperset_letsItDoAnything) {
   if (!IsOpenbsd()) return;
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio rpath exec", "stdio rpath tty inet"));
@@ -522,7 +514,6 @@ TEST(pledge_linux, execpromisesIsSuperset_notPossible) {
 TEST(pledge_openbsd, execpromises_notok) {
   if (!IsOpenbsd()) return;
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio"));
@@ -537,7 +528,6 @@ TEST(pledge_openbsd, execpromises_notok) {
 TEST(pledge_openbsd, bigSyscalls) {
   if (IsOpenbsd()) return;  // testing lunix
   int ws, pid;
-  struct stat st;
   ASSERT_NE(-1, (pid = fork()));
   if (!pid) {
     ASSERT_SYS(0, 0, pledge("stdio", 0));
@@ -572,6 +562,25 @@ TEST(pledge, threadWithLocks_canCodeMorph) {
   EXPECT_EQ(0, WEXITSTATUS(ws));
 }
 
+TEST(pledge, execWithoutRpath) {
+  int ws, pid;
+  ASSERT_SYS(0, 0, touch("foo", 0644));
+  ASSERT_NE(-1, (pid = fork()));
+  if (!pid) {
+    ASSERT_SYS(0, 0, pledge("stdio prot_exec exec", "stdio prot_exec exec"));
+    ASSERT_SYS(EPERM, -1, open("foo", O_RDONLY));
+    _Exit(0);
+  }
+  EXPECT_NE(-1, wait(&ws));
+  if (IsOpenbsd()) {
+    EXPECT_TRUE(WIFSIGNALED(ws));
+    EXPECT_EQ(SIGABRT, WTERMSIG(ws));
+  } else {
+    EXPECT_TRUE(WIFEXITED(ws));
+    EXPECT_EQ(0, WEXITSTATUS(ws));
+  }
+}
+
 BENCH(pledge, bench) {
   int pid;
   if (!fork()) {

test/tool/build/pledge_test.sh

@@ -0,0 +1,175 @@
+#!/bin/sh
+m=tinylinux
+t=/tmp/pledge-test
+
+if [ $# = 0 ]; then
+  if ! [ $(id -u) = 0 ]; then
+    make -j16 MODE= \
+         o//examples/ls.com \
+         o//examples/curl.com \
+         o//examples/life.com \
+         o//examples/hello.com \
+         o//examples/printargs.com \
+         o//tool/build/pledge.com || exit
+    make -j16 MODE=$m \
+         o/$m/examples/ls.com \
+         o/$m/examples/curl.com \
+         o/$m/examples/life.com \
+         o/$m/examples/hello.com \
+         o/$m/examples/printargs.com \
+         o/$m/tool/build/pledge.com || exit
+    test/tool/build/pledge_test.sh ape_binfmt_test_suite || exit
+    test/tool/build/pledge_test.sh ape_loader_test_suite || exit
+    test/tool/build/pledge_test.sh ape_assimilated_test_suite || exit
+    test/tool/build/pledge_test.sh ape_native_test_suite || exit
+    sudo test/tool/build/pledge_test.sh setuid_setup || exit
+    test/tool/build/pledge_test.sh setuid_test_suite || exit
+  else
+    echo need to run as an unprivileged user with sudo access >&2
+    exit 1
+  fi
+fi
+
+check() {
+  if [ $? = 0 ]; then
+    printf '\e[32mok\e[0m\n'
+  else
+    echo failed >&2
+    exit 1
+  fi
+}
+
+startit() {
+  printf 'testing %-30s ' "$*" >&2
+}
+
+checkem() {
+  if [ $? = 0 ]; then
+    printf '\e[1;32mOK\e[0m\n'
+  else
+    printf '\e[1;31mFAILED\e[0m\n'
+    exit 1
+  fi
+}
+
+if [ "$1" = setuid_setup ]; then
+
+  rm -rf $t || exit
+  mkdir -p $t || exit
+  chmod 01777 $t || exit
+  cp o/$m/tool/build/pledge.com $t || exit
+  chmod 06755 $t/pledge.com || exit
+
+elif [ "$1" = ape_binfmt_test_suite ]; then
+
+  ape/apeinstall.sh >/dev/null 2>&1
+
+  startit ape binfmt life.com
+  o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com
+  [ $? = 42 ]
+  checkem
+
+  startit ape binfmt hello.com
+  [ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ]
+  checkem
+
+  startit ape binfmt curl.com
+  [ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
+  checkem
+
+elif [ "$1" = ape_loader_test_suite ]; then
+
+  ape/apeuninstall.sh >/dev/null 2>&1
+
+  startit ape loader life.com
+  o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com
+  [ $? = 42 ]
+  checkem
+
+  startit ape loader hello.com
+  [ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ]
+  checkem
+
+  startit ape loader curl.com
+  [ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
+  checkem
+
+  ape/apeinstall.sh >/dev/null 2>&1
+
+elif [ "$1" = ape_assimilated_test_suite ]; then
+
+  mkdir -p $t/assimilated
+
+  startit ape assimilated life.com
+  cp o//examples/life.com $t/assimilated
+  o//tool/build/assimilate.com $t/assimilated/life.com
+  o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/life.com
+  [ $? = 42 ]
+  checkem
+
+  startit ape assimilated hello.com
+  cp o//examples/hello.com $t/assimilated
+  o//tool/build/assimilate.com $t/assimilated/hello.com
+  [ "$(o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/hello.com)" = "hello world" ]
+  checkem
+
+  startit ape assimilated curl.com
+  cp o//examples/curl.com $t/assimilated
+  o//tool/build/assimilate.com $t/assimilated/curl.com
+  [ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' $t/assimilated/curl.com https://justine.lol/hello.txt)" = "hello world" ]
+  checkem
+
+elif [ "$1" = ape_native_test_suite ]; then
+
+  startit ape native life.com
+  o/$m/tool/build/pledge.com -p 'stdio' o/$m/examples/life.com
+  [ $? = 42 ]
+  checkem
+
+  startit ape native hello.com
+  [ "$(o/$m/tool/build/pledge.com -p 'stdio' o/$m/examples/hello.com)" = "hello world" ]
+  checkem
+
+  startit ape native curl.com
+  [ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
+  checkem
+
+elif [ "$1" = setuid_test_suite ]; then
+
+  startit setuid life.com
+  $t/pledge.com -p 'stdio' o/$m/examples/life.com
+  [ $? = 42 ]
+  checkem
+
+  startit setuid hello.com
+  [ "$($t/pledge.com -p 'stdio' o/$m/examples/hello.com)" = "hello world" ]
+  checkem
+
+  startit setuid curl.com
+  [ "$($t/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
+  checkem
+
+  startit setuid getuid
+  [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep getuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
+  checkem
+
+  startit setuid geteuid
+  [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep geteuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
+  checkem
+
+  startit setuid no capabilities
+  [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep CAP_ | wc -l)" = 0 ]
+  checkem
+
+  startit setuid maximum nice
+  $t/pledge.com -np 'stdio proc' o/$m/examples/printargs.com 2>&1 | grep SCHED_IDLE >/dev/null
+  checkem
+
+  startit setuid chroot
+  mkdir $t/jail &&
+  touch $t/jail/hi &&
+  cp o/$m/examples/ls.com $t/jail &&
+  $t/pledge.com -v / -c $t/jail -p 'stdio rpath' /ls.com / | grep 'DT_REG     /hi' >/dev/null
+  checkem
+
+fi