| Message ID | 20240524093015.2402952-8-ivanov.mikhail1@huawei-partners.com |
|---|---|
| State | RFC |
| Headers | show |
| Series | Socket type control for Landlock | expand |
On Fri, May 24, 2024 at 05:30:10PM +0800, Mikhail Ivanov wrote: > Add test that validates behavior of landlock with fully > access restriction. > > Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com> > --- > > Changes since v1: > * Refactors commit message. > --- > .../testing/selftests/landlock/socket_test.c | 34 +++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c > index 31af47de1937..751596c381fe 100644 > --- a/tools/testing/selftests/landlock/socket_test.c > +++ b/tools/testing/selftests/landlock/socket_test.c > @@ -265,4 +265,38 @@ TEST_F(protocol, rule_with_unhandled_access) > EXPECT_EQ(0, close(ruleset_fd)); > } > > +TEST_F(protocol, inval) > +{ > + const struct landlock_ruleset_attr ruleset_attr = { > + .handled_access_socket = LANDLOCK_ACCESS_SOCKET_CREATE > + }; > + > + struct landlock_socket_attr protocol = { > + .allowed_access = LANDLOCK_ACCESS_SOCKET_CREATE, > + .family = self->srv0.protocol.family, > + .type = self->srv0.protocol.type, > + }; > + > + struct landlock_socket_attr protocol_denied = { > + .allowed_access = 0, > + .family = self->srv0.protocol.family, > + .type = self->srv0.protocol.type, > + }; > + > + int ruleset_fd; > + > + ruleset_fd = > + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); > + ASSERT_LE(0, ruleset_fd); > + > + /* Checks zero access value. */ > + EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, > + &protocol_denied, 0)); > + EXPECT_EQ(ENOMSG, errno); > + > + /* Adds with legitimate values. */ > + ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, > + &protocol, 0)); > +} > + > TEST_HARNESS_MAIN > -- > 2.34.1 > Code is based on TEST_F(mini, inval) from net_test.c. I see that you removed the check for unhandled allowed_access, because there is already a separate TEST_F(mini, rule_with_unhandled_access) for that. That is true for the "legitimate value" case as well, though...? We already have a test for that too. Should that also get removed? Should we then rename the "inval" test to "rule_with_zero_access", so that the naming is consistent with the "rule_with_unhandled_access" test? —Günther
5/28/2024 12:27 AM, Günther Noack wrote: > On Fri, May 24, 2024 at 05:30:10PM +0800, Mikhail Ivanov wrote: >> Add test that validates behavior of landlock with fully >> access restriction. >> >> Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com> >> --- >> >> Changes since v1: >> * Refactors commit message. >> --- >> .../testing/selftests/landlock/socket_test.c | 34 +++++++++++++++++++ >> 1 file changed, 34 insertions(+) >> >> diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c >> index 31af47de1937..751596c381fe 100644 >> --- a/tools/testing/selftests/landlock/socket_test.c >> +++ b/tools/testing/selftests/landlock/socket_test.c >> @@ -265,4 +265,38 @@ TEST_F(protocol, rule_with_unhandled_access) >> EXPECT_EQ(0, close(ruleset_fd)); >> } >> >> +TEST_F(protocol, inval) >> +{ >> + const struct landlock_ruleset_attr ruleset_attr = { >> + .handled_access_socket = LANDLOCK_ACCESS_SOCKET_CREATE >> + }; >> + >> + struct landlock_socket_attr protocol = { >> + .allowed_access = LANDLOCK_ACCESS_SOCKET_CREATE, >> + .family = self->srv0.protocol.family, >> + .type = self->srv0.protocol.type, >> + }; >> + >> + struct landlock_socket_attr protocol_denied = { >> + .allowed_access = 0, >> + .family = self->srv0.protocol.family, >> + .type = self->srv0.protocol.type, >> + }; >> + >> + int ruleset_fd; >> + >> + ruleset_fd = >> + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); >> + ASSERT_LE(0, ruleset_fd); >> + >> + /* Checks zero access value. */ >> + EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, >> + &protocol_denied, 0)); >> + EXPECT_EQ(ENOMSG, errno); >> + >> + /* Adds with legitimate values. */ >> + ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, >> + &protocol, 0)); >> +} >> + >> TEST_HARNESS_MAIN >> -- >> 2.34.1 >> > > Code is based on TEST_F(mini, inval) from net_test.c. I see that you removed > the check for unhandled allowed_access, because there is already a separate > TEST_F(mini, rule_with_unhandled_access) for that. > > That is true for the "legitimate value" case as well, though...? We already > have a test for that too. Should that also get removed? I thought that "legitimate value" case is needed to check that adding a zero-access rule doesn't affect landlock behavior when adding correct rules. Do you think it's not worth it? > > Should we then rename the "inval" test to "rule_with_zero_access", so that the > naming is consistent with the "rule_with_unhandled_access" test? Definitely, thanks! > > —Günther
diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c index 31af47de1937..751596c381fe 100644 --- a/tools/testing/selftests/landlock/socket_test.c +++ b/tools/testing/selftests/landlock/socket_test.c @@ -265,4 +265,38 @@ TEST_F(protocol, rule_with_unhandled_access) EXPECT_EQ(0, close(ruleset_fd)); } +TEST_F(protocol, inval) +{ + const struct landlock_ruleset_attr ruleset_attr = { + .handled_access_socket = LANDLOCK_ACCESS_SOCKET_CREATE + }; + + struct landlock_socket_attr protocol = { + .allowed_access = LANDLOCK_ACCESS_SOCKET_CREATE, + .family = self->srv0.protocol.family, + .type = self->srv0.protocol.type, + }; + + struct landlock_socket_attr protocol_denied = { + .allowed_access = 0, + .family = self->srv0.protocol.family, + .type = self->srv0.protocol.type, + }; + + int ruleset_fd; + + ruleset_fd = + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); + ASSERT_LE(0, ruleset_fd); + + /* Checks zero access value. */ + EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, + &protocol_denied, 0)); + EXPECT_EQ(ENOMSG, errno); + + /* Adds with legitimate values. */ + ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, + &protocol, 0)); +} + TEST_HARNESS_MAIN
Add test that validates behavior of landlock with fully access restriction. Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com> --- Changes since v1: * Refactors commit message. --- .../testing/selftests/landlock/socket_test.c | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+)