From 5866384102b608efbe880d814e5a7a62e80c57cc Mon Sep 17 00:00:00 2001
From: Kunhoon Baik <knhoon.baik@samsung.com>
Date: Thu, 15 Jul 2021 18:19:35 +0900
Subject: [PATCH] Add Simple test program for Tizen nsjail

 - memory limit test
 - syscall(getuid) violation test

The more test programs should be created
---
 packaging/nsjail.spec       | 18 ++++++++++
 test/Makefile               | 68 +++++++++++++++++++++++++++++++++++++
 test/memory_syscall_test.cc | 25 ++++++++++++++
 3 files changed, 111 insertions(+)
 create mode 100644 test/Makefile
 create mode 100644 test/memory_syscall_test.cc

diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec
index 157df4b..8b84cb3 100644
--- a/packaging/nsjail.spec
+++ b/packaging/nsjail.spec
@@ -26,6 +26,14 @@ BuildRequires:  protobuf-devel
 A light-weight process isolation tool, making use of Linux namespaces and
 seccomp-bpf syscall filters (with help of the kafel bpf language)
 
+%package test
+Summary:  Tizen nsjail test programs
+Group:    System/Other
+Requires: %{name} = %{version}-%{release}
+
+%description test
+Tizen simple test programs to check nsjail execution validation in Tizen platform
+
 %prep
 %setup -q
 
@@ -34,14 +42,24 @@ export CFLAGS="$CFLAGS -DTIZEN"
 export CXXFLAGS="$CXXFLAGS -DTIZEN"
 make %{?_smp_mflags}
 
+pushd test
+make %{?_smp_mflags}
+popd test
+
 %install
 mkdir -p %{buildroot}/%{_bindir}/
+mkdir -p %{buildroot}/%{_bindir}/nsjail_test/
+
 cp nsjail %{buildroot}/%{_bindir}/
+cp -a test/*_test %{buildroot}/%{_bindir}/nsjail_test/
 
 %files
 %license LICENSE
 %{_bindir}/nsjail
 
+%files test
+%{_bindir}/nsjail_test/*
+
 %changelog
 * Mon Jul 7 2021 Baik 
  - Initial import of version latest version of nsjail - 2021-07-07 version 
diff --git a/test/Makefile b/test/Makefile
new file mode 100644
index 0000000..40ee221
--- /dev/null
+++ b/test/Makefile
@@ -0,0 +1,68 @@
+#
+#   nsjail - Makefile
+#   -----------------------------------------
+#
+#   Copyright 2014 Google Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+PKG_CONFIG=$(shell command -v pkg-config 2> /dev/null)
+ifeq ($(PKG_CONFIG),)
+$(error "Install pkg-config to make it work")
+endif
+
+CC ?= gcc
+CXX ?= g++
+
+COMMON_FLAGS += -O2 -c \
+	-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 \
+	-fPIE \
+	-Wformat -Wformat-security -Wno-format-nonliteral \
+	-Wall -Wextra -Werror 
+
+CXXFLAGS += $(USER_DEFINES) $(COMMON_FLAGS) \
+	-std=c++11 -fno-exceptions -Wno-unused -Wno-unused-parameter
+LDFLAGS += -pie -Wl,-z,noexecstack -lpthread 
+
+BIN1 = jail_mem_syscall_test
+SRCS1_CXX = memory_syscall_test.cc
+OBJS1 = $(SRCS1_CXX:.cc=.o) 
+
+ifdef DEBUG
+	CXXFLAGS += -g -ggdb -gdwarf-4
+endif
+
+.PHONY: all clean indent
+
+.cc.o: %.cc
+	$(CXX) $(CXXFLAGS) $< -o $@
+
+all: $(BIN1)
+
+$(BIN1): $(OBJS1)
+	$(CXX) -o $(BIN1) $(OBJS1) $(LDFLAGS)
+
+
+.PHONY: clean
+clean:
+	$(RM) core Makefile.bak $(OBJS1) $(BIN1)
+
+
+.PHONY: indent
+indent:
+	clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false, AllowShortFunctionsOnASingleLine: false}" -i -sort-includes *.h $(SRCS_CXX)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+jail_mem_syscall_test.o: 
+
diff --git a/test/memory_syscall_test.cc b/test/memory_syscall_test.cc
new file mode 100644
index 0000000..91e2a21
--- /dev/null
+++ b/test/memory_syscall_test.cc
@@ -0,0 +1,25 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int main()
+{
+	char *a;
+	int i;
+	int k=0;
+	int pid;
+	while(1){
+		a = (char*)calloc(1000*1000,sizeof(char));
+		if (a == NULL)
+			printf("not enough memory\n");
+		for(i=0; i<1000*1000;i++)
+			a[i]=(char)i;
+		usleep(100*1000);
+		k++;
+		if (k==3)
+			pid =getuid();
+
+		printf("%dM used ---------\n",k);
+	}
+	return 0;
+}
-- 
2.34.1