From 5be7a9d0186a02ec6fc9a48ff315b55a37af3b8a Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@FreeBSD.org>
Date: Wed, 14 Feb 2024 14:53:57 -0700
Subject: [PATCH] Add a regression test for PR 277057

Contrary to the documentation in rights(4), not all rights may be
combined in a rights mask.

PR:		277057
Sponsored by:	Axcient
---
 tests/sys/capsicum/Makefile |   1 +
 tests/sys/capsicum/rights.c | 165 ++++++++++++++++++++++++++++++++++++
 2 files changed, 166 insertions(+)
 create mode 100644 tests/sys/capsicum/rights.c

diff --git a/tests/sys/capsicum/Makefile b/tests/sys/capsicum/Makefile
index 81cb4fa1ceee..bd7d47c0a984 100644
--- a/tests/sys/capsicum/Makefile
+++ b/tests/sys/capsicum/Makefile
@@ -5,6 +5,7 @@ TESTSDIR=	${TESTSBASE}/sys/capsicum
 
 ATF_TESTS_C+=	bindat_connectat
 ATF_TESTS_C+=	ioctls_test
+ATF_TESTS_C+=	rights
 
 CFLAGS+=	-I${SRCTOP}/tests
 
diff --git a/tests/sys/capsicum/rights.c b/tests/sys/capsicum/rights.c
new file mode 100644
index 000000000000..b0dedac718dd
--- /dev/null
+++ b/tests/sys/capsicum/rights.c
@@ -0,0 +1,165 @@
+#include <sys/capsicum.h>
+#include <sys/filio.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <atf-c.h>
+
+#include "freebsd_test_suite/macros.h"
+
+const static uint64_t idx0_rights[] = {
+	CAP_READ,
+	CAP_WRITE,
+	CAP_SEEK_TELL,
+	CAP_MMAP,
+	CAP_CREATE,
+	CAP_FEXECVE,
+	CAP_FSYNC,
+	CAP_FTRUNCATE,
+	CAP_LOOKUP,
+	CAP_FCHDIR,
+	CAP_FCHFLAGS,
+	CAP_FCHMOD,
+	CAP_FCHOWN,
+	CAP_FCNTL,
+	CAP_FLOCK,
+	CAP_FPATHCONF,
+	CAP_FSCK,
+	CAP_FSTAT,
+	CAP_FSTATFS,
+	CAP_FUTIMES,
+	CAP_ACCEPT,
+	CAP_BIND,
+	CAP_CONNECT,
+	CAP_GETPEERNAME,
+	CAP_GETSOCKNAME,
+	CAP_GETSOCKOPT,
+	CAP_LISTEN,
+	CAP_PEELOFF,
+	CAP_SETSOCKOPT,
+	CAP_SHUTDOWN,
+	CAP_ALL0,
+	// The "unused" rights will fail cap_rights_is_valid
+	//CAP_UNUSED0_44,
+	//CAP_UNUSED0_57,
+};
+
+const static uint64_t idx1_rights[] = {
+	CAP_MAC_GET,
+	CAP_MAC_SET,
+	CAP_SEM_GETVALUE,
+	CAP_SEM_POST,
+	CAP_SEM_WAIT,
+	CAP_EVENT,
+	CAP_KQUEUE_EVENT,
+	CAP_IOCTL,
+	CAP_TTYHOOK,
+	CAP_PDGETPID,
+	CAP_PDWAIT,
+	CAP_PDKILL,
+	CAP_EXTATTR_DELETE,
+	CAP_EXTATTR_GET,
+	CAP_EXTATTR_LIST,
+	CAP_EXTATTR_SET,
+	CAP_ACL_CHECK,
+	CAP_ACL_DELETE,
+	CAP_ACL_GET,
+	CAP_ACL_SET,
+	CAP_KQUEUE_CHANGE,
+	CAP_ALL1,
+	// The "unused" rights will fail cap_rights_is_valid
+	//CAP_UNUSED1_22,
+	//CAP_UNUSED1_57,
+};
+
+// Verify that rights with index 0 can be ORed
+ATF_TC_WITHOUT_HEAD(orable_0);
+ATF_TC_BODY(orable_0, tc)
+{
+	cap_rights_t r1, r2;
+	unsigned long i, j;
+
+	for (i = 0; i < nitems(idx0_rights) - 1; i++) {
+		for (j = i + 1; j < nitems(idx0_rights); j++) {
+			fprintf(stderr, "%lu | %lu\n", i, j);
+			bzero(&r1, sizeof(r1));
+			bzero(&r2, sizeof(r2));
+
+			cap_rights_init(&r1, idx0_rights[i] | idx0_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r1));
+
+			cap_rights_init(&r2, idx0_rights[i]);
+			cap_rights_set(&r2, idx0_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r2));
+
+			ATF_CHECK_EQ(r1.cr_rights[0], r2.cr_rights[0]);
+			ATF_CHECK_EQ(r1.cr_rights[1], r2.cr_rights[1]);
+		}
+	}
+}
+
+// Verify that rights with index 1 can be ORed
+ATF_TC_WITHOUT_HEAD(orable_1);
+ATF_TC_BODY(orable_1, tc)
+{
+	cap_rights_t r1, r2;
+	unsigned long i, j;
+
+	for (i = 0; i < nitems(idx1_rights) - 1; i++) {
+		for (j = i + 1; j < nitems(idx1_rights); j++) {
+			fprintf(stderr, "%lu | %lu\n", i, j);
+			bzero(&r1, sizeof(r1));
+			bzero(&r2, sizeof(r2));
+
+			cap_rights_init(&r1, idx1_rights[i] | idx1_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r1));
+
+			cap_rights_init(&r2, idx1_rights[i]);
+			cap_rights_set(&r2, idx1_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r2));
+
+			ATF_CHECK_EQ(r1.cr_rights[0], r2.cr_rights[0]);
+			ATF_CHECK_EQ(r1.cr_rights[1], r2.cr_rights[1]);
+		}
+	}
+}
+
+// Verify that rights with index 0 can be ORed with rights with index 1
+ATF_TC_WITHOUT_HEAD(orable_01);
+ATF_TC_BODY(orable_01, tc)
+{
+	cap_rights_t r1, r2;
+	unsigned long i, j;
+
+	for (i = 0; i < nitems(idx0_rights); i++) {
+		for (j = 0; j < nitems(idx1_rights); j++) {
+			fprintf(stderr, "%lu | %lu\n", i, j);
+			bzero(&r1, sizeof(r1));
+			bzero(&r2, sizeof(r2));
+
+			cap_rights_init(&r1, idx0_rights[i] | idx1_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r1));
+
+			cap_rights_init(&r2, idx0_rights[i]);
+			cap_rights_set(&r2, idx1_rights[j]);
+			ATF_CHECK(cap_rights_is_valid(&r2));
+
+			ATF_CHECK_EQ(r1.cr_rights[0], r2.cr_rights[0]);
+			ATF_CHECK_EQ(r1.cr_rights[1], r2.cr_rights[1]);
+		}
+	}
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+	ATF_TP_ADD_TC(tp, orable_0);
+	ATF_TP_ADD_TC(tp, orable_1);
+	ATF_TP_ADD_TC(tp, orable_01);
+
+	return (atf_no_error());
+}
-- 
2.42.0