# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 package require tcltest 2 namespace import tcltest::* source "testlib.tcl" test stat_denies_dirs "Test that stat(2)/lstat(2) deny access to directories" \ -setup [setup [list deny /]] \ -cleanup [expect {}] \ -body { join [list \ [exec -ignorestderr -- ./stat /usr 2>@1] \ [exec -ignorestderr -- ./lstat /usr 2>@1] \ ] "\n" } \ -result "\n" test stat_denies_outside_sandbox "Test that stat(2)/lstat(2) hide files outside of the sandbox" \ -setup [setup {}] \ -cleanup [expect [list "$cwd/stat"]] \ -body { join [list \ [exec -ignorestderr -- ./stat ./stat 2>@1] \ [exec -ignorestderr -- ./lstat ./stat 2>@1] \ ] "\n" } \ -result [join [list "stat: No such file or directory" "lstat: No such file or directory"] "\n"] test stat_allowed_inside_sandbox "Test that stat(2)/lstat(2) do not hide files inside the sandbox" \ -setup [setup [list allow "$cwd/stat"]] \ -cleanup [expect] \ -body { join [list \ [exec -ignorestderr -- ./stat ./stat 2>@1] \ [exec -ignorestderr -- ./lstat ./stat 2>@1] \ ] "\n" } \ -result "\n" test stat_allow_all_wildcard "Test the allow-all wildcard shortcut" \ -setup [setup [list allow "/"]] \ -cleanup [expect] \ -body { join [list \ [exec -ignorestderr -- ./stat ./stat 2>@1] \ [exec -ignorestderr -- ./lstat ./stat 2>@1] \ ] "\n" } \ -result "\n" test stat_uninitialized "Test that stat(2)/lstat(2) do not hide files outside of the sandbox if darwintrace is uninitialized" \ -setup [setup {}] \ -cleanup [expect {}] \ -body { set ::env(DARWINTRACE_UNINITIALIZE) 1 set result [join [list \ [exec -ignorestderr -- ./stat ./stat 2>@1] \ [exec -ignorestderr -- ./lstat ./stat 2>@1] \ ] "\n"] unset ::env(DARWINTRACE_UNINITIALIZE) return $result } \ -result "\n" cleanupTests