tests: Add tests for Rust bindings

Add the regression tests for the libseccomp crate that is Rust language bindings for the libseccomp library. You can run the tests as follows. ```sh $ cd tests $ make check-build $ ./regression -m rust ``` If you do not want to build Rust test programs, set `RUST_BINDINGS_TEST=no` as follows. ```sh $ make check-build RUST_BINDINGS_TEST=no ``` Signed-off-by: Manabu Sugimoto <[email protected]>
ManaSugi · Jan 3, 2022 · 90d23a8 · drakenclimber · Jan 3, 2022 · ManaSugi
1 parent a792221
commit 90d23a8
Show file tree

Hide file tree

Showing 18 changed files with 761 additions and 1 deletion.
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -1,6 +1,8 @@
 *.bpf
 *.bpfd
 *.pfc
+*.log
+*.stats
 __pycache__/
 miniseq
 util.pyc
@@ -64,3 +66,5 @@ util.pyc
 56-basic-iterate_syscalls
 57-basic-rawsysrc
 58-live-tsync_notify
+!/rust/*
+/rust/target
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -34,6 +34,19 @@ miniseq_LDADD =
 
 TESTS = regression
 
+RUST_BINDINGS_TEST = yes
+rust_TESTS_DIR = ./rust
+rust_LINK_TYPE = dylib
+rust_LIBSECCOMP_LIBRARY_DIR = ../src/.libs
+rust_cargo = $(shell command -v cargo 2>/dev/null)
+
+define build_rust_bindings
+	echo "Build test programs for rust bindings"; \
+	export LIBSECCOMP_LINK_TYPE=$(rust_LINK_TYPE); \
+	export LIBSECCOMP_LIB_PATH=$(rust_LIBSECCOMP_LIBRARY_DIR); \
+	$(MAKE) -C $(rust_TESTS_DIR) && $(MAKE) -C $(rust_TESTS_DIR) install;
+endef
+
 check_PROGRAMS = \
 	miniseq \
 	01-sim-allow \
@@ -234,6 +247,13 @@ EXTRA_PROGRAMS = 00-test
 
 check-build:
 	${MAKE} ${AM_MAKEFLAGS} ${check_PROGRAMS}
+	@if [ "$(RUST_BINDINGS_TEST)" = "yes" ]; then \
+		if [  -z "$(rust_cargo)" ]; then \
+			echo "ERROR: command cargo not found. Please install it." >&2; exit 1; \
+		fi; \
+		$(call build_rust_bindings) \
+	fi
 
 clean-local:
 	${RM} -f 00-test *.pyc
+	$(MAKE) -C $(rust_TESTS_DIR) clean
diff --git a/tests/regression b/tests/regression
@@ -58,6 +58,8 @@ GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
 GLBL_SYS_SIM="../tools/scmp_bpf_sim"
 GLBL_SYS_API="../tools/scmp_api_level"
 
+RUST_TESTS_BIN="./rust/bin"
+
 ####
 # functions
 
@@ -100,7 +102,7 @@ optional arguments:
   -h             show this help message and exit
   -j JOBS        run up to JOBS test jobs in parallel
                   can also be set via LIBSECCOMP_TSTCFG_JOBS env variable
-  -m MODE        specified the test mode [c (default), python]
+  -m MODE        specified the test mode [c (default), python, rust]
                   can also be set via LIBSECCOMP_TSTCFG_MODE_LIST env variable
   -a             specifies all tests are to be run
   -b BATCH_NAME  specifies batch of tests to be run
@@ -262,6 +264,8 @@ function run_test_command() {
 		else
 			cmd="$cmd /usr/bin/env python ${srcdir}/$2.py $3"
 		fi
+	elif [[ $mode == "rust" ]]; then
+		cmd="${RUST_TESTS_BIN}/$2 $3"
 	else
 		cmd="$2 $3"
 	fi
@@ -1111,6 +1115,9 @@ while getopts "ab:gj:l:m:s:t:T:vh" opt; do
 			verify_deps python
 			mode_list="$mode_list python"
 			;;
+		rust)
+			mode_list="$mode_list rust"
+			;;
 		*)
 			usage
 			exit 1

diff --git a/tests/rust/01-sim-allow/Cargo.toml b/tests/rust/01-sim-allow/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "sim-allow"
+version = "0.1.0"
+authors = ["Manabu Sugimoto <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+libseccomp = { git = "https://github.com/libseccomp-rs/libseccomp-rs.git" }
+utils = { path = "../utils" }
+anyhow = "1.0.51"
+
+[[bin]]
+name = "01-sim-allow"
+path = "src/main.rs"
diff --git a/tests/rust/01-sim-allow/src/main.rs b/tests/rust/01-sim-allow/src/main.rs
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0 or MIT
+//
+// Copyright 2021 Sony Group Corporation
+//
+// Seccomp Library test program
+//
+
+use anyhow::Result;
+use libseccomp::*;
+use utils::*;
+
+fn main() -> Result<()> {
+    let opts = util_getopt();
+    let ctx = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
+
+    util_filter_output(&opts, &ctx)
+}
diff --git a/tests/rust/02-sim-basic/Cargo.toml b/tests/rust/02-sim-basic/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "sim-basic"
+version = "0.1.0"
+authors = ["Manabu Sugimoto <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+libseccomp = { git = "https://github.com/libseccomp-rs/libseccomp-rs.git" }
+utils = { path = "../utils"}
+anyhow = "1.0.51"
+
+[[bin]]
+name = "02-sim-basic"
+path = "src/main.rs"
diff --git a/tests/rust/02-sim-basic/src/main.rs b/tests/rust/02-sim-basic/src/main.rs
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0 or MIT
+//
+// Copyright 2021 Sony Group Corporation
+//
+// Seccomp Library test program
+//
+
+use anyhow::Result;
+use libseccomp::*;
+use utils::*;
+
+fn main() -> Result<()> {
+    let opts = util_getopt();
+    let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?;
+
+    ctx.add_rule_exact(ScmpAction::Allow, get_syscall_from_name("read", None)?)?;
+
+    ctx.add_rule_exact(ScmpAction::Allow, get_syscall_from_name("write", None)?)?;
+
+    ctx.add_rule_exact(ScmpAction::Allow, get_syscall_from_name("close", None)?)?;
+
+    ctx.add_rule_exact(
+        ScmpAction::Allow,
+        get_syscall_from_name("rt_sigreturn", None)?,
+    )?;
+
+    util_filter_output(&opts, &ctx)
+}
diff --git a/tests/rust/03-sim-basic_chains/Cargo.toml b/tests/rust/03-sim-basic_chains/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "sim-basic_chains"
+version = "0.1.0"
+authors = ["Manabu Sugimoto <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+libseccomp = { git = "https://github.com/libseccomp-rs/libseccomp-rs.git" }
+utils = { path = "../utils"}
+anyhow = "1.0.51"
+
+[[bin]]
+name = "03-sim-basic_chains"
+path = "src/main.rs"
diff --git a/tests/rust/03-sim-basic_chains/src/main.rs b/tests/rust/03-sim-basic_chains/src/main.rs
@@ -0,0 +1,55 @@
+// SPDX-License-Identifier: Apache-2.0 or MIT
+//
+// Copyright 2021 Sony Group Corporation
+//
+// Seccomp Library test program
+//
+
+use anyhow::Result;
+use libseccomp::*;
+use std::os::unix::io::AsRawFd;
+use utils::*;
+
+fn main() -> Result<()> {
+    let opts = util_getopt();
+    let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?;
+
+    ctx.add_rule_conditional_exact(
+        ScmpAction::Allow,
+        get_syscall_from_name("read", None)?,
+        &[ScmpArgCompare::new(
+            0,
+            ScmpCompareOp::Equal,
+            std::io::stdin().as_raw_fd() as u64,
+        )],
+    )?;
+
+    ctx.add_rule_conditional_exact(
+        ScmpAction::Allow,
+        get_syscall_from_name("write", None)?,
+        &[ScmpArgCompare::new(
+            0,
+            ScmpCompareOp::Equal,
+            std::io::stdout().as_raw_fd() as u64,
+        )],
+    )?;
+
+    ctx.add_rule_conditional_exact(
+        ScmpAction::Allow,
+        get_syscall_from_name("write", None)?,
+        &[ScmpArgCompare::new(
+            0,
+            ScmpCompareOp::Equal,
+            std::io::stderr().as_raw_fd() as u64,
+        )],
+    )?;
+
+    ctx.add_rule_exact(ScmpAction::Allow, get_syscall_from_name("close", None)?)?;
+
+    ctx.add_rule_exact(
+        ScmpAction::Allow,
+        get_syscall_from_name("rt_sigreturn", None)?,
+    )?;
+
+    util_filter_output(&opts, &ctx)
+}
diff --git a/tests/rust/04-sim-multilevel_chains/Cargo.toml b/tests/rust/04-sim-multilevel_chains/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "sim-multilevel_chains"
+version = "0.1.0"
+authors = ["Manabu Sugimoto <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+libseccomp = { git = "https://github.com/libseccomp-rs/libseccomp-rs.git" }
+utils = { path = "../utils" }
+anyhow = "1.0.51"
+libc = "0.2.109"
+
+[[bin]]
+name = "04-sim-multilevel_chains"
+path = "src/main.rs"
diff --git a/tests/rust/04-sim-multilevel_chains/src/main.rs b/tests/rust/04-sim-multilevel_chains/src/main.rs
@@ -0,0 +1,67 @@
+// SPDX-License-Identifier: Apache-2.0 or MIT
+//
+// Copyright 2021 Sony Group Corporation
+//
+// Seccomp Library test program
+//
+
+use anyhow::Result;
+use libseccomp::*;
+use std::os::unix::io::AsRawFd;
+use utils::*;
+
+fn main() -> Result<()> {
+    let opts = util_getopt();
+    let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?;
+
+    ctx.add_rule(ScmpAction::Allow, get_syscall_from_name("openat", None)?)?;
+
+    ctx.add_rule(ScmpAction::Allow, get_syscall_from_name("close", None)?)?;
+
+    ctx.add_rule_conditional(
+        ScmpAction::Allow,
+        get_syscall_from_name("read", None)?,
+        &[
+            ScmpArgCompare::new(0, ScmpCompareOp::Equal, std::io::stdin().as_raw_fd() as u64),
+            ScmpArgCompare::new(1, ScmpCompareOp::NotEqual, 0),
+            ScmpArgCompare::new(2, ScmpCompareOp::Less, libc::ssize_t::MAX as u64),
+        ],
+    )?;
+
+    ctx.add_rule_conditional(
+        ScmpAction::Allow,
+        get_syscall_from_name("write", None)?,
+        &[
+            ScmpArgCompare::new(
+                0,
+                ScmpCompareOp::Equal,
+                std::io::stdout().as_raw_fd() as u64,
+            ),
+            ScmpArgCompare::new(1, ScmpCompareOp::NotEqual, 0),
+            ScmpArgCompare::new(2, ScmpCompareOp::Less, libc::ssize_t::MAX as u64),
+        ],
+    )?;
+
+    ctx.add_rule_conditional(
+        ScmpAction::Allow,
+        get_syscall_from_name("write", None)?,
+        &[
+            ScmpArgCompare::new(
+                0,
+                ScmpCompareOp::Equal,
+                std::io::stderr().as_raw_fd() as u64,
+            ),
+            ScmpArgCompare::new(1, ScmpCompareOp::NotEqual, 0),
+            ScmpArgCompare::new(2, ScmpCompareOp::Less, libc::ssize_t::MAX as u64),
+        ],
+    )?;
+
+    ctx.add_rule(ScmpAction::Allow, get_syscall_from_name("close", None)?)?;
+
+    ctx.add_rule(
+        ScmpAction::Allow,
+        get_syscall_from_name("rt_sigreturn", None)?,
+    )?;
+
+    util_filter_output(&opts, &ctx)
+}
diff --git a/tests/rust/05-sim-long_jumps/Cargo.toml b/tests/rust/05-sim-long_jumps/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "sim-long_jumps"
+version = "0.1.0"
+authors = ["Manabu Sugimoto <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+libseccomp = { git = "https://github.com/libseccomp-rs/libseccomp-rs.git" }
+utils = { path = "../utils" }
+anyhow = "1.0.51"
+libc = "0.2.109"
+
+[[bin]]
+name = "05-sim-long_jumps"
+path = "src/main.rs"
diff --git a/tests/rust/05-sim-long_jumps/src/main.rs b/tests/rust/05-sim-long_jumps/src/main.rs
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0 or MIT
+//
+// Copyright 2021 Sony Group Corporation
+//
+// Seccomp Library test program
+//
+
+use anyhow::Result;
+use libseccomp::*;
+use utils::*;
+
+fn main() -> Result<()> {
+    let opts = util_getopt();
+    let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?;
+
+    ctx.add_rule(ScmpAction::Allow, get_syscall_from_name("brk", None)?)?;
+
+    // same syscall, many chains
+    for iter in 0..100 {
+        ctx.add_rule_conditional(
+            ScmpAction::Allow,
+            get_syscall_from_name("chdir", None)?,
+            &[
+                ScmpArgCompare::new(0, ScmpCompareOp::Equal, iter),
+                ScmpArgCompare::new(1, ScmpCompareOp::NotEqual, 0),
+                ScmpArgCompare::new(2, ScmpCompareOp::Less, libc::ssize_t::MAX as u64),
+            ],
+        )?;
+    }
+
+    // many syscalls, same chain
+    let mut ctr = 0;
+    for iter in 0..10000 {
+        if ctr >= 100 {
+            break;
+        }
+
+        if iter == get_syscall_from_name("chdir", None)? {
+            continue;
+        }
+
+        if get_syscall_name_from_arch(ScmpArch::Native, iter).is_ok() {
+            ctx.add_rule_conditional(
+                ScmpAction::Allow,
+                iter,
+                &[ScmpArgCompare::new(0, ScmpCompareOp::NotEqual, 0)],
+            )?;
+
+            ctr += 1;
+        }
+    }
+
+    ctx.add_rule(ScmpAction::Allow, get_syscall_from_name("close", None)?)?;
+
+    util_filter_output(&opts, &ctx)
+}