From a3050539af43f6d233044e1f6ead3c13ebc64c98 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sat, 30 May 2020 21:36:14 +0200
Subject: [PATCH] add test for sandbox

---
 tests/meson.build         |  9 +++++++++
 tests/test_sandbox.c      | 33 +++++++++++++++++++++++++++++++++
 zathura/seccomp-filters.c |  8 +++++++-
 zathura/seccomp-filters.h |  4 +++-
 zathura/zathura.c         | 19 ++++++++++++++++---
 zathura/zathura.h         |  3 ++-
 6 files changed, 70 insertions(+), 6 deletions(-)
 create mode 100644 tests/test_sandbox.c

diff --git a/tests/meson.build b/tests/meson.build
index c99a5ab..4000bf6 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -24,6 +24,15 @@ if check.found()
   test('session', session,
     timeout: 60*60
   )
+  
+  sandbox = executable('test_sandbox', ['test_sandbox.c', 'tests.c'],
+    dependencies: build_dependencies + test_dependencies,
+    include_directories: include_directories,
+    c_args: defines + flags
+  )
+  test('sandbox', sandbox,
+    timeout: 60*60
+  )
 
   utils = executable('test_utils', ['test_utils.c', 'tests.c'],
     dependencies: build_dependencies + test_dependencies,
diff --git a/tests/test_sandbox.c b/tests/test_sandbox.c
new file mode 100644
index 0000000..0dc458f
--- /dev/null
+++ b/tests/test_sandbox.c
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: Zlib */
+
+#include <check.h>
+
+#include "zathura.h"
+#include "tests.h"
+
+START_TEST(test_create) {
+  zathura_t* zathura = zathura_create();
+  zathura->global.sandbox = ZATHURA_SANDBOX_TEST;
+  fail_unless(zathura != NULL, "Could not create strictly sandboxed session", NULL);
+  fail_unless(zathura_init(zathura) == true, "Could not initialize strictly sandboxed session", NULL);
+  zathura_free(zathura);
+} END_TEST
+
+static Suite* suite_sandbox(void)
+{
+  TCase* tcase = NULL;
+  Suite* suite = suite_create("Sandbox");
+
+  /* basic */
+  tcase = tcase_create("basic");
+  tcase_add_checked_fixture(tcase, setup, NULL);
+  tcase_add_test(tcase, test_create);
+  suite_add_tcase(suite, tcase);
+
+  return suite;
+}
+
+int main()
+{
+  return run_suite(suite_sandbox());
+}
diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c
index 909ec7d..044ac1c 100644
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@@ -117,7 +117,7 @@ out:
 }
 
 int
-seccomp_enable_strict_filter(void)
+seccomp_enable_strict_filter(bool test)
 {
   /* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
   if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@@ -224,6 +224,12 @@ seccomp_enable_strict_filter(void)
   ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_setattr, 0);
   ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_getattr, 0);
 
+/* check test flag, allow additional syscalls for test mode */
+  if (test){
+    ALLOW_RULE(timer_create);
+    ALLOW_RULE(timer_delete);
+  }
+
   /* Special requirements for ioctl, allowed on stdout/stderr */
   ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 1));
   ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 2));
diff --git a/zathura/seccomp-filters.h b/zathura/seccomp-filters.h
index 57bfbb1..2e0b3a4 100644
--- a/zathura/seccomp-filters.h
+++ b/zathura/seccomp-filters.h
@@ -3,6 +3,8 @@
 #ifndef ZATHURA_SECCOMP_FILTERS_H
 #define ZATHURA_SECCOMP_FILTERS_H
 
+#include <stdbool.h>
+
 /* basic filter */
 /* this mode allows normal use */
 /* only dangerous syscalls are blacklisted */
@@ -10,6 +12,6 @@ int seccomp_enable_basic_filter(void);
 
 /* strict filter before document parsing */
 /* this filter is to be enabled after most of the initialisation of zathura has finished */
-int seccomp_enable_strict_filter(void);
+int seccomp_enable_strict_filter(bool test);
 
 #endif
diff --git a/zathura/zathura.c b/zathura/zathura.c
index 44aabc7..0df1d69 100644
--- a/zathura/zathura.c
+++ b/zathura/zathura.c
@@ -448,13 +448,22 @@ zathura_init(zathura_t* zathura)
       break;
     case ZATHURA_SANDBOX_STRICT:
       girara_debug("Strict sandbox preventing write and network access.");
-      if (seccomp_enable_strict_filter() != 0) {
+      if (seccomp_enable_strict_filter(0) != 0) {
         girara_error("Failed to initialize strict seccomp filter.");
         goto error_free;
       }
       /* unset the input method to avoid communication with external services */
       unsetenv("GTK_IM_MODULE");
       break;
+    case ZATHURA_SANDBOX_TEST:
+      girara_debug("Strict sandbox preventing write and network access, testmode.");
+      if (seccomp_enable_strict_filter(1) != 0) {
+        girara_error("Failed to initialize test seccomp filter.");
+        goto error_free;
+      }
+      /* unset the input method to avoid communication with external services */
+      unsetenv("GTK_IM_MODULE");
+      break;
   }
 #endif
 
@@ -464,8 +473,12 @@ zathura_init(zathura_t* zathura)
     goto error_free;
   }
 
-  /* database */
-  init_database(zathura);
+  /* disable unsupported features in strict sandbox mode */
+  if (zathura->global.sandbox != ZATHURA_SANDBOX_STRICT){
+  
+    /* database */
+    init_database(zathura);
+  }
 
   /* bookmarks */
   zathura->bookmarks.bookmarks = girara_sorted_list_new2(
diff --git a/zathura/zathura.h b/zathura/zathura.h
index 77fa751..9ddb2b9 100644
--- a/zathura/zathura.h
+++ b/zathura/zathura.h
@@ -85,7 +85,8 @@ enum {
 typedef enum {
   ZATHURA_SANDBOX_NONE,
   ZATHURA_SANDBOX_NORMAL,
-  ZATHURA_SANDBOX_STRICT
+  ZATHURA_SANDBOX_STRICT,
+  ZATHURA_SANDBOX_TEST
 } zathura_sandbox_t;
 
 /* forward declaration for types from database.h */