From patchwork Tue Apr 29 07:18:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078780 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=HOHEWOkJ; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=9fo6gbe8; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=HOHEWOkJ; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=9fo6gbe8; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsHc741Cz1yMg for ; Tue, 29 Apr 2025 17:23:40 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 955DC3CBBE8 for ; Tue, 29 Apr 2025 09:23:55 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 25CDC3C53B4 for ; Tue, 29 Apr 2025 09:23:33 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-2.smtp.seeweb.it (Postfix) with ESMTPS id A00E96008C3 for ; Tue, 29 Apr 2025 09:23:31 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 7DD0F1F7C3; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iu8b9F+Hhdc2Spnc9XhYamgigUr0FzbAUCYiwgO7hC8=; b=HOHEWOkJG1PrIgQk63qmU6LNeKmin95eUAXOVSZ5jQ08SspN4h1a+jE1qfrb5kbTIaPZh9 a4tM/e+ey0AJ2Wzs7lE+9nd8NmKEims59tzsMPsEr9Px6Wa8zyOkEgpGk5Vu4U1XB3xrN1 2BgQ8X5a9ZMEM5DBzojmDZ9ZkZTcMII= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iu8b9F+Hhdc2Spnc9XhYamgigUr0FzbAUCYiwgO7hC8=; b=9fo6gbe8kQ7x8bITsvXil1gKxsNsJDGwXRtEy9A6nD/aP8LXlcJOUA52sIFloa9rUbhiU1 JVlDesA3IMlK5bDw== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=HOHEWOkJ; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=9fo6gbe8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iu8b9F+Hhdc2Spnc9XhYamgigUr0FzbAUCYiwgO7hC8=; b=HOHEWOkJG1PrIgQk63qmU6LNeKmin95eUAXOVSZ5jQ08SspN4h1a+jE1qfrb5kbTIaPZh9 a4tM/e+ey0AJ2Wzs7lE+9nd8NmKEims59tzsMPsEr9Px6Wa8zyOkEgpGk5Vu4U1XB3xrN1 2BgQ8X5a9ZMEM5DBzojmDZ9ZkZTcMII= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iu8b9F+Hhdc2Spnc9XhYamgigUr0FzbAUCYiwgO7hC8=; b=9fo6gbe8kQ7x8bITsvXil1gKxsNsJDGwXRtEy9A6nD/aP8LXlcJOUA52sIFloa9rUbhiU1 JVlDesA3IMlK5bDw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 58E8013A8B; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 2KAOFHJ+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:30 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:30 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-1-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=5521; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=D3F8y9GQrdEHEBZUdOSkPlkmP3P+H4s6PSOM4D5iXjg=; b=/4J9cQT7toXhH7VyapBR6vfPxKvjbfE3y4nbiAbxD2SEmXjnBeUwYjx27uNKDI8gNyaCEe0ql NIlSHMRSsSODADjaz7wfLGpLfdKw2Eb4W0brXyUxftpRC18/rDv5oYM X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Rspamd-Queue-Id: 7DD0F1F7C3 X-Spam-Score: -4.51 X-Rspamd-Action: no action X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; TO_DN_SOME(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; MIME_TRACE(0.00)[0:+]; FUZZY_BLOCKED(0.00)[rspamd.com]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DKIM_TRACE(0.00)[suse.de:+]; RCPT_COUNT_THREE(0.00)[3]; RCVD_TLS_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid, suse.com:email, suse.de:dkim, imap1.dmz-prg2.suse.org:rdns, imap1.dmz-prg2.suse.org:helo, suse.cz:email] X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-2.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-2.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 1/7] Add fallback definitions of LSM syscalls X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Fallback definition for the following syscalls: - lsm_get_self_attr - lsm_set_self_attr - lsm_list_modules Reviewed-by: Petr Vorel Signed-off-by: Andrea Cervesato Reviewed-by: Cyril Hrubis --- configure.ac | 3 +- include/lapi/lsm.h | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7f475f6b6419ee14125dada3ddd7d9ea06eb6b48..9ff098b273b9298b4d0ddcd43fb6aefdddf44f0c 100644 --- a/configure.ac +++ b/configure.ac @@ -69,6 +69,7 @@ AC_CHECK_HEADERS_ONCE([ \ linux/ioprio.h \ linux/keyctl.h \ linux/landlock.h \ + linux/lsm.h \ linux/mempolicy.h \ linux/module.h \ linux/mount.h \ @@ -204,7 +205,7 @@ AC_CHECK_TYPES([struct ipc64_perm],,,[#include ]) AC_CHECK_TYPES([struct loop_config],,,[#include ]) AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include ]) AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include ]) - +AC_CHECK_TYPES([struct lsm_ctx],,,[#include ]) AC_CHECK_TYPES([struct mmsghdr],,,[ #define _GNU_SOURCE #include diff --git a/include/lapi/lsm.h b/include/lapi/lsm.h new file mode 100644 index 0000000000000000000000000000000000000000..72ca85f784282190b1db9fac3da79a562f93f43a --- /dev/null +++ b/include/lapi/lsm.h @@ -0,0 +1,177 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +#ifndef LAPI_LSM_H__ +#define LAPI_LSM_H__ + +#include "config.h" + +#ifdef HAVE_LINUX_LSM_H +#include +#endif + +#include +#include "lapi/syscalls.h" + +#define CTX_DATA_SIZE 4096 + +#define LSM_CTX_SIZE(x) (sizeof(struct lsm_ctx) + x) +#define LSM_CTX_SIZE_DEFAULT LSM_CTX_SIZE(CTX_DATA_SIZE) + +#ifndef HAVE_STRUCT_LSM_CTX + +/** + * struct lsm_ctx - LSM context information + * @id: the LSM id number, see LSM_ID_XXX + * @flags: LSM specific flags + * @len: length of the lsm_ctx struct, @ctx and any other data or padding + * @ctx_len: the size of @ctx + * @ctx: the LSM context value + * + * The @len field MUST be equal to the size of the lsm_ctx struct + * plus any additional padding and/or data placed after @ctx. + * + * In all cases @ctx_len MUST be equal to the length of @ctx. + * If @ctx is a string value it should be nul terminated with + * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are + * supported. + * + * The @flags and @ctx fields SHOULD only be interpreted by the + * LSM specified by @id; they MUST be set to zero/0 when not used. + */ +struct lsm_ctx { + uint64_t id; + uint64_t flags; + uint64_t len; + uint64_t ctx_len; + uint8_t ctx[]; +}; +#endif + +/* + * ID tokens to identify Linux Security Modules (LSMs) + * + * These token values are used to uniquely identify specific LSMs + * in the kernel as well as in the kernel's LSM userspace API. + */ +#ifndef LSM_ID_UNDEF +# define LSM_ID_UNDEF 0 +#endif + +#ifndef LSM_ID_CAPABILITY +# define LSM_ID_CAPABILITY 100 +#endif + +#ifndef LSM_ID_SELINUX +# define LSM_ID_SELINUX 101 +#endif + +#ifndef LSM_ID_SMACK +# define LSM_ID_SMACK 102 +#endif + +#ifndef LSM_ID_TOMOYO +# define LSM_ID_TOMOYO 103 +#endif + +#ifndef LSM_ID_APPARMOR +# define LSM_ID_APPARMOR 104 +#endif + +#ifndef LSM_ID_YAMA +# define LSM_ID_YAMA 105 +#endif + +#ifndef LSM_ID_LOADPIN +# define LSM_ID_LOADPIN 106 +#endif + +#ifndef LSM_ID_SAFESETID +# define LSM_ID_SAFESETID 107 +#endif + +#ifndef LSM_ID_LOCKDOWN +# define LSM_ID_LOCKDOWN 108 +#endif + +#ifndef LSM_ID_BPF +# define LSM_ID_BPF 109 +#endif + +#ifndef LSM_ID_LANDLOCK +# define LSM_ID_LANDLOCK 110 +#endif + +#ifndef LSM_ID_IMA +# define LSM_ID_IMA 111 +#endif + +#ifndef LSM_ID_EVM +# define LSM_ID_EVM 112 +#endif + +#ifndef LSM_ID_IPE +# define LSM_ID_IPE 113 +#endif + +/* + * LSM_ATTR_XXX definitions identify different LSM attributes + * which are used in the kernel's LSM userspace API. Support + * for these attributes vary across the different LSMs. None + * are required. + */ +#ifndef LSM_ATTR_UNDEF +# define LSM_ATTR_UNDEF 0 +#endif + +#ifndef LSM_ATTR_CURRENT +# define LSM_ATTR_CURRENT 100 +#endif + +#ifndef LSM_ATTR_EXEC +# define LSM_ATTR_EXEC 101 +#endif + +#ifndef LSM_ATTR_FSCREATE +# define LSM_ATTR_FSCREATE 102 +#endif + +#ifndef LSM_ATTR_KEYCREATE +# define LSM_ATTR_KEYCREATE 103 +#endif + +#ifndef LSM_ATTR_PREV +# define LSM_ATTR_PREV 104 +#endif + +#ifndef LSM_ATTR_SOCKCREATE +# define LSM_ATTR_SOCKCREATE 105 +#endif + +/* + * LSM_FLAG_XXX definitions identify special handling instructions + * for the API. + */ +#ifndef LSM_FLAG_SINGLE +# define LSM_FLAG_SINGLE 0x0001 +#endif + +static inline int lsm_get_self_attr(uint32_t attr, struct lsm_ctx *ctx, + uint32_t *size, uint32_t flags) +{ + return tst_syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags); +} + +static inline int lsm_set_self_attr(uint32_t attr, struct lsm_ctx *ctx, + uint32_t size, uint32_t flags) +{ + return tst_syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags); +} + +static inline int lsm_list_modules(uint64_t *ids, uint32_t *size, uint32_t flags) +{ + return tst_syscall(__NR_lsm_list_modules, ids, size, flags); +} +#endif From patchwork Tue Apr 29 07:18:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078782 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=BfFuHcj8; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=OYBDRq0Y; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=BfFuHcj8; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=OYBDRq0Y; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsJP0108z1yMg for ; Tue, 29 Apr 2025 17:24:20 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id CCD003CBBF3 for ; Tue, 29 Apr 2025 09:24:35 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 267113CBBF1 for ; Tue, 29 Apr 2025 09:23:38 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 5C1876002FA for ; Tue, 29 Apr 2025 09:23:36 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id AC87821B6B; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ulMb6zkFpor0fG6EgCnnevqTj3qbn4Ty+6xlKayjh4c=; b=BfFuHcj86hcnvkNAZkOuNG8CL6dGvmSyYfX0wIxF91sRHoYFnBG9xNlhjlgM8Rmao7cyip pupyXZyGOTvLQLwmspMdkybq7mKQ3wfr8BfTugtzybN7/YQxJVmhfvwbZxwMgnn/jz4qQs FrwTRe6resfosRyP/70kTP272Qjqc6M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ulMb6zkFpor0fG6EgCnnevqTj3qbn4Ty+6xlKayjh4c=; b=OYBDRq0YzRyHOi7iZZD+6GUuidkGKIHDIdnTYXX4l1yxbIaQRdxer7caWUozpsdJQ/ThXc Tzu56h6/UR9Gs/DA== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=BfFuHcj8; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=OYBDRq0Y DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ulMb6zkFpor0fG6EgCnnevqTj3qbn4Ty+6xlKayjh4c=; b=BfFuHcj86hcnvkNAZkOuNG8CL6dGvmSyYfX0wIxF91sRHoYFnBG9xNlhjlgM8Rmao7cyip pupyXZyGOTvLQLwmspMdkybq7mKQ3wfr8BfTugtzybN7/YQxJVmhfvwbZxwMgnn/jz4qQs FrwTRe6resfosRyP/70kTP272Qjqc6M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ulMb6zkFpor0fG6EgCnnevqTj3qbn4Ty+6xlKayjh4c=; b=OYBDRq0YzRyHOi7iZZD+6GUuidkGKIHDIdnTYXX4l1yxbIaQRdxer7caWUozpsdJQ/ThXc Tzu56h6/UR9Gs/DA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 83ED113AB9; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id MFqJHnJ+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:30 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:31 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-2-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=6265; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=HJ2JcE0WMFSS4jl7RnUIBN2ASDVcV1UCzrx/8GoSeBQ=; b=3Xtbvu18Utg7adzHUyy7bL03V2R+Ck4zgDzbg9RamDgRho1AazDC7a3eXKjAa6L0K9kRau6Wb 0gbNQ4LmqrZD8V1p1w7H1OTSmGr7w2DDoqaTHhWB4HK7+3wlYsR3MdE X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Rspamd-Queue-Id: AC87821B6B X-Spam-Level: X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.cz:email,suse.com:email,suse.com:mid,imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -4.51 X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-5.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-5.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 2/7] Add lsm_get_self_attr01 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that lsm_get_self_attr syscall is raising errors when invalid data is provided. Reviewed-by: Petr Vorel Reviewed-by: Cyril Hrubis Signed-off-by: Andrea Cervesato --- runtest/syscalls | 2 + testcases/kernel/syscalls/lsm/.gitignore | 1 + testcases/kernel/syscalls/lsm/Makefile | 7 ++ testcases/kernel/syscalls/lsm/lsm_common.h | 91 +++++++++++++++++++++ .../kernel/syscalls/lsm/lsm_get_self_attr01.c | 92 ++++++++++++++++++++++ 5 files changed, 193 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index 57338297a33b47075a3f801871753cc76b073bfa..ba45c1945fb77b093ba578fdda3596a8d38c54b0 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -759,6 +759,8 @@ lseek02 lseek02 lseek07 lseek07 lseek11 lseek11 +lsm_get_self_attr01 lsm_get_self_attr01 + lstat01 lstat01 lstat01_64 lstat01_64 lstat02 lstat02 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..49f4a9263349ce633b8decb8fff1dd1d2111cf49 --- /dev/null +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -0,0 +1 @@ +lsm_get_self_attr01 diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b --- /dev/null +++ b/testcases/kernel/syscalls/lsm/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2024 SUSE LLC Andrea Cervesato + +top_srcdir ?= ../../../.. + +include $(top_srcdir)/include/mk/testcases.mk +include $(top_srcdir)/include/mk/generic_leaf_target.mk diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h new file mode 100644 index 0000000000000000000000000000000000000000..dcc2d7a4206a3610ed39bbc4a118394611f73bab --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_common.h @@ -0,0 +1,91 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +#ifndef LSM_GET_SELF_ATTR_H +#define LSM_GET_SELF_ATTR_H + +#include "tst_test.h" +#include "lapi/lsm.h" + +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx) +{ + return (struct lsm_ctx *)((char *)tctx + sizeof(*tctx) + tctx->ctx_len); +} + +static inline void read_proc_attr(const char *attr, char *val, const size_t size) +{ + int fd; + char *ptr; + char path[BUFSIZ]; + + memset(val, 0, size); + memset(path, 0, BUFSIZ); + + snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr); + + tst_res(TINFO, "Reading %s", path); + + fd = SAFE_OPEN(path, O_RDONLY); + + if (read(fd, val, size) > 0) { + ptr = strchr(val, '\n'); + if (ptr) + *ptr = '\0'; + } + + SAFE_CLOSE(fd); +} + +static inline int verify_enabled_lsm(const char *name) +{ + int fd; + char *ptr; + char data[BUFSIZ]; + + fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY); + SAFE_READ(0, fd, data, BUFSIZ); + SAFE_CLOSE(fd); + + ptr = strtok(data, ","); + while (ptr != NULL) { + if (!strcmp(ptr, name)) { + tst_res(TINFO, "%s is enabled", name); + return 1; + } + + ptr = strtok(NULL, ","); + } + + return 0; +} + +static inline uint32_t count_supported_attr_current(void) +{ + uint32_t lsm_count = 0; + + if (verify_enabled_lsm("selinux")) + lsm_count++; + + if (verify_enabled_lsm("apparmor")) + lsm_count++; + + if (verify_enabled_lsm("smack")) + lsm_count++; + + return lsm_count; +} + +static inline uint32_t verify_supported_attr_current(void) +{ + uint32_t lsm_count; + + lsm_count = count_supported_attr_current(); + + if (!lsm_count) + tst_brk(TCONF, "LSM_ATTR_CURRENT is not supported by any LSM"); + + return lsm_count; +} +#endif diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c new file mode 100644 index 0000000000000000000000000000000000000000..ec272b9374e4240b6d0a0cb5b06aba112e8ea2d2 --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c @@ -0,0 +1,92 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is + * provided. + */ + +#include "lsm_common.h" + +static struct lsm_ctx *ctx; +static uint32_t ctx_size; +static uint32_t ctx_size_small; + +static struct tcase { + int attr; + struct lsm_ctx **ctx; + uint32_t *size; + uint32_t flags; + int exp_err; + char *msg; +} tcases[] = { + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .exp_err = EINVAL, + .msg = "size is NULL", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size, + .flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1), + .exp_err = EINVAL, + .msg = "flags is invalid", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size_small, + .exp_err = E2BIG, + .msg = "size is too smal", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size, + .flags = LSM_FLAG_SINGLE, + .exp_err = EINVAL, + .msg = "flags force to use ctx attributes", + }, + { + .attr = LSM_ATTR_CURRENT | LSM_ATTR_PREV, + .ctx = &ctx, + .size = &ctx_size, + .flags = 0, + .exp_err = EOPNOTSUPP, + .msg = "flags overset", + } +}; + +static void run(unsigned int n) +{ + struct tcase *tc = &tcases[n]; + + memset(ctx, 0, LSM_CTX_SIZE_DEFAULT); + ctx_size = LSM_CTX_SIZE_DEFAULT; + ctx_size_small = 1; + + TST_EXP_FAIL(lsm_get_self_attr( + tc->attr, *tc->ctx, tc->size, tc->flags), + tc->exp_err, + "%s", tc->msg); +} + +static void setup(void) +{ + verify_supported_attr_current(); +} + +static struct tst_test test = { + .setup = setup, + .test = run, + .tcnt = ARRAY_SIZE(tcases), + .min_kver = "6.8", + .bufs = (struct tst_buffers[]) { + {&ctx, .size = LSM_CTX_SIZE_DEFAULT}, + {} + }, +}; From patchwork Tue Apr 29 07:18:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078781 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=H5Ie20tG; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=BWGuQS3C; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=H5Ie20tG; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=BWGuQS3C; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsJ62Ymfz1yMg for ; Tue, 29 Apr 2025 17:24:06 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 8BBFA3CBBEC for ; Tue, 29 Apr 2025 09:24:18 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [IPv6:2001:4b78:1:20::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 9460D3CBBFC for ; Tue, 29 Apr 2025 09:23:36 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-2.smtp.seeweb.it (Postfix) with ESMTPS id 141966008C3 for ; Tue, 29 Apr 2025 09:23:35 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id CF0AF1F7FE; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TGat+6zXm+2VZH7I++36Dbo1bxYKefbDOWmksIITS3Y=; b=H5Ie20tGE8+exO/XAQDBUp70AJ2ekPUuZIrBn/NLIZbKZPgycYugjleYauLs6t/prSbPoH fk1OkcywnuAFK2911r/+BIPIwDaZRHaNl3eaU4gT1Molvg0/H0D0IgDLmNYiz0kY/gG9qZ jlV4YiaDmi72k/V+7ukS06rvGW16QNg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TGat+6zXm+2VZH7I++36Dbo1bxYKefbDOWmksIITS3Y=; b=BWGuQS3CZBU8BhhYClL8JvwuzJahO4QEcRmK0KUIhYnvnY7OcKAn9HhIDwnmMc7lMAlf6l Ue++WXUmy/l5K2Bw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TGat+6zXm+2VZH7I++36Dbo1bxYKefbDOWmksIITS3Y=; b=H5Ie20tGE8+exO/XAQDBUp70AJ2ekPUuZIrBn/NLIZbKZPgycYugjleYauLs6t/prSbPoH fk1OkcywnuAFK2911r/+BIPIwDaZRHaNl3eaU4gT1Molvg0/H0D0IgDLmNYiz0kY/gG9qZ jlV4YiaDmi72k/V+7ukS06rvGW16QNg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911410; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TGat+6zXm+2VZH7I++36Dbo1bxYKefbDOWmksIITS3Y=; b=BWGuQS3CZBU8BhhYClL8JvwuzJahO4QEcRmK0KUIhYnvnY7OcKAn9HhIDwnmMc7lMAlf6l Ue++WXUmy/l5K2Bw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id B4E901340C; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 4AqBKnJ+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:30 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:32 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-3-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=2965; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=SqaNpk8bpQX5S+yupz4f9YOAy3fjgAkzpL9qXA2zG0I=; b=n6+3FdmFIMYhma3zOosEzjPJOHb+XEaRRhYQ+iVFqAT0n1PY4BPJ1w7WtREosQOjlwGKV22k7 XupbSwqZfP4DDyhfeWBaDAqKCOArc+ly1BniLUPKTHMd282Bp8RwwnE X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Spam-Score: -4.30 X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid, suse.com:email, imap1.dmz-prg2.suse.org:helo] X-Spam-Level: X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-2.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-2.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 3/7] Add lsm_get_self_attr02 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL. The syscall can behave in different ways according to the current system status: - if any LSM is running inside the system, the syscall will pass and it will provide a size as big as the attribute - if no LSM(s) are running inside the system, the syscall will fail with -1 return code and it will provide EOPNOTSUPP errno Signed-off-by: Andrea Cervesato Reviewed-by: Cyril Hrubis --- runtest/syscalls | 1 + testcases/kernel/syscalls/lsm/.gitignore | 1 + .../kernel/syscalls/lsm/lsm_get_self_attr02.c | 45 ++++++++++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index ba45c1945fb77b093ba578fdda3596a8d38c54b0..73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -760,6 +760,7 @@ lseek07 lseek07 lseek11 lseek11 lsm_get_self_attr01 lsm_get_self_attr01 +lsm_get_self_attr02 lsm_get_self_attr02 lstat01 lstat01 lstat01_64 lstat01_64 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore index 49f4a9263349ce633b8decb8fff1dd1d2111cf49..9f7c9b00b026a377f1b36f483ac2c1a0adba6249 100644 --- a/testcases/kernel/syscalls/lsm/.gitignore +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -1 +1,2 @@ lsm_get_self_attr01 +lsm_get_self_attr02 diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c new file mode 100644 index 0000000000000000000000000000000000000000..889f3830fde8a5817936e67d9ee191a7513ff454 --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL. + * The syscall can behave in different ways according to the current system + * status: + * + * - if any LSM is running inside the system, the syscall will pass and it will + * provide a size as big as the attribute + * - if no LSM(s) are running inside the system, the syscall will fail with -1 + * return code + */ +#include "lsm_common.h" + +static uint32_t page_size; +static uint32_t lsm_count; + +static void run(void) +{ + uint32_t size = page_size; + + if (lsm_count) { + TST_EXP_POSITIVE(lsm_get_self_attr( + LSM_ATTR_CURRENT, NULL, &size, 0)); + TST_EXP_EXPR(size > 1); + } else { + TST_EXP_FAIL(lsm_get_self_attr( + LSM_ATTR_CURRENT, NULL, &size, 0), EOPNOTSUPP); + } +} + +static void setup(void) +{ + page_size = SAFE_SYSCONF(_SC_PAGESIZE); + lsm_count = count_supported_attr_current(); +} + +static struct tst_test test = { + .test_all = run, + .setup = setup, + .min_kver = "6.8", +}; From patchwork Tue Apr 29 07:18:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078784 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=K4prGlN/; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=AdG/COfO; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=K4prGlN/; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=AdG/COfO; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsK41TPXz1yJ5 for ; Tue, 29 Apr 2025 17:24:56 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 6800D3CBBC5 for ; Tue, 29 Apr 2025 09:25:11 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [IPv6:2001:4b78:1:20::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id A06D73CBBF8 for ; Tue, 29 Apr 2025 09:23:42 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2a07:de40:b251:101:10:150:64:2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id A2EF21A00143 for ; Tue, 29 Apr 2025 09:23:41 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id F34431F800; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zVeKwBC7/0+E5lh6A8Ac0uJm1OglI9CA8rzECfKokwc=; b=K4prGlN/cg35Z1HCqYQ5w3Qk0M6a7mprTtwkbpOL0vDHj+KzkZEZQYPunGD0BNQ9s02OYs 9zm0Z1k4J+UORtcoyq+WSgvd4QVeHQoSaXZeuQvT/B26ihcJTO0XXa8FFTqKpuaXk7ucdM e1W1zSMVluMNW4cFwvXr9BXgm5oXRuE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zVeKwBC7/0+E5lh6A8Ac0uJm1OglI9CA8rzECfKokwc=; b=AdG/COfOs2CUdYQGrJeax8Hld5OoWntJRxvLqOFwX+Z45gQ2vZ1IlxmjRaewepA41pMH0W X6FuaahbNVD/0SBQ== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="K4prGlN/"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b="AdG/COfO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zVeKwBC7/0+E5lh6A8Ac0uJm1OglI9CA8rzECfKokwc=; b=K4prGlN/cg35Z1HCqYQ5w3Qk0M6a7mprTtwkbpOL0vDHj+KzkZEZQYPunGD0BNQ9s02OYs 9zm0Z1k4J+UORtcoyq+WSgvd4QVeHQoSaXZeuQvT/B26ihcJTO0XXa8FFTqKpuaXk7ucdM e1W1zSMVluMNW4cFwvXr9BXgm5oXRuE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zVeKwBC7/0+E5lh6A8Ac0uJm1OglI9CA8rzECfKokwc=; b=AdG/COfOs2CUdYQGrJeax8Hld5OoWntJRxvLqOFwX+Z45gQ2vZ1IlxmjRaewepA41pMH0W X6FuaahbNVD/0SBQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id D8F1813A8B; Tue, 29 Apr 2025 07:23:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id eI8VM3J+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:30 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:33 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-4-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=3179; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=IlQsR38Iaz+C7E63V1bPIKJQ+FxvHPAOT76xJdJHZN0=; b=xuPZvFaAqBswEU6lnUbjuCBxf2sAjvnVVgu/sUUe2fBWtVFbbsnThEmUGG+fbNpirRVwjH7On wXVcjnfonGDA16ePttBjm7dvL8hipIwkJzY4p49DkhFzyBwF5CakfTZ X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Rspamd-Queue-Id: F34431F800 X-Spam-Level: X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.com:email,suse.com:mid,imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -4.51 X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-3.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-3.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that LSM_ATTR_CURRENT attribute is correctly recognizing the current, active security context of the process. This is done by checking that /proc/self/attr/current matches with the obtained value. Signed-off-by: Andrea Cervesato --- runtest/syscalls | 1 + testcases/kernel/syscalls/lsm/.gitignore | 1 + .../kernel/syscalls/lsm/lsm_get_self_attr03.c | 68 ++++++++++++++++++++++ 3 files changed, 70 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index 73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e..d45cda4082ed87bf674ca34d315af9c162a41fe9 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -761,6 +761,7 @@ lseek11 lseek11 lsm_get_self_attr01 lsm_get_self_attr01 lsm_get_self_attr02 lsm_get_self_attr02 +lsm_get_self_attr03 lsm_get_self_attr03 lstat01 lstat01 lstat01_64 lstat01_64 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore index 9f7c9b00b026a377f1b36f483ac2c1a0adba6249..19956fdf8b9952b4850c3a20826e29ec67ea3560 100644 --- a/testcases/kernel/syscalls/lsm/.gitignore +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -1,2 +1,3 @@ lsm_get_self_attr01 lsm_get_self_attr02 +lsm_get_self_attr03 diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c new file mode 100644 index 0000000000000000000000000000000000000000..3b767b94c025e350b9cc83d9bf2dc3061b3c6a1c --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that LSM_ATTR_CURRENT attribute is correctly recognizing + * the current, active security context of the process. This is done by + * checking that /proc/self/attr/current matches with the obtained value. + */ + +#include "lsm_common.h" + +static struct lsm_ctx *ctx; +static uint32_t page_size; + +static void run(void) +{ + tst_res(TINFO, "Verifying 'LSM_ATTR_CURRENT' attribute"); + + uint32_t count; + uint32_t size = page_size; + char attr[size]; + + memset(attr, 0, size); + memset(ctx, 0, LSM_CTX_SIZE_DEFAULT); + + count = TST_EXP_POSITIVE( + lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0)); + + if (TST_RET == -1) + return; + + if (!count) { + tst_res(TFAIL, "Can't read any attribute"); + return; + } + + read_proc_attr("current", attr, page_size); + + TST_EXP_EQ_STR(attr, (char *)ctx->ctx); + + struct lsm_ctx *next = ctx; + + for (uint32_t i = 1; i < count; i++) { + TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0, + "Attribute and next LSM context must be different"); + + next = next_ctx(next); + } +} + +static void setup(void) +{ + verify_supported_attr_current(); + + page_size = SAFE_SYSCONF(_SC_PAGESIZE); +} + +static struct tst_test test = { + .test_all = run, + .setup = setup, + .min_kver = "6.8", + .bufs = (struct tst_buffers[]) { + {&ctx, .size = LSM_CTX_SIZE_DEFAULT}, + {} + }, +}; From patchwork Tue Apr 29 07:18:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078785 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=BhsTc3JZ; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=iitmbQzD; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=BhsTc3JZ; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=iitmbQzD; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsKV4xXSz1yJ5 for ; Tue, 29 Apr 2025 17:25:18 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id D69733CBC07 for ; Tue, 29 Apr 2025 09:25:33 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [IPv6:2001:4b78:1:20::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id C17853CBC08 for ; Tue, 29 Apr 2025 09:23:46 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 5E9CF2000D4 for ; Tue, 29 Apr 2025 09:23:46 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 295171F806; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hg4kXGvQ5FTPrBuGt0y2fX+3X0hdlH6iIQxBrkdUXWY=; b=BhsTc3JZjKslwi4xUSGMfYEv9Mr40C5N+/SyFy1XL8rAWcW3Pd+ilg7XU1/SXjaFTtvz0G z9zTpzDaEYzTHd2E4cPvJORf6YXqa7LuwRwb2cBG+JeQFLmxLj6h3jBloO4DHOuKM6e76Q l1XtFDwOC11R5MtVN+CgU6+Nytd7zd4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hg4kXGvQ5FTPrBuGt0y2fX+3X0hdlH6iIQxBrkdUXWY=; b=iitmbQzDAACYPRlNpjK23SFlIxF0nl0uPgY01SL3DU7Y4vRtO4MVU9ov1nrvEYJAJjZ2s3 9kXbCp9Hm+voIJDQ== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=BhsTc3JZ; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=iitmbQzD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hg4kXGvQ5FTPrBuGt0y2fX+3X0hdlH6iIQxBrkdUXWY=; b=BhsTc3JZjKslwi4xUSGMfYEv9Mr40C5N+/SyFy1XL8rAWcW3Pd+ilg7XU1/SXjaFTtvz0G z9zTpzDaEYzTHd2E4cPvJORf6YXqa7LuwRwb2cBG+JeQFLmxLj6h3jBloO4DHOuKM6e76Q l1XtFDwOC11R5MtVN+CgU6+Nytd7zd4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hg4kXGvQ5FTPrBuGt0y2fX+3X0hdlH6iIQxBrkdUXWY=; b=iitmbQzDAACYPRlNpjK23SFlIxF0nl0uPgY01SL3DU7Y4vRtO4MVU9ov1nrvEYJAJjZ2s3 9kXbCp9Hm+voIJDQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 076531340C; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id cPEvAHN+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:31 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:34 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-5-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=3097; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=4UHgKnxWhbTqy2Bk+7MqdzrFgTA+QRRywVAzAHXylsg=; b=LL/GTNSx7XGsI0AfNZolzFdlVnulIcUmzHmm4SI6QkwJGxuqDsmtGjuf1oP3WiZDi48Cn4r6Q 96Cn0F5JnzvBQYx0lledZP/oAAbj90IO0DMydVXQhlpmMEdI12PveRn X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Rspamd-Queue-Id: 295171F806 X-Spam-Score: -4.51 X-Rspamd-Action: no action X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo,suse.cz:email,suse.de:dkim,suse.com:mid,suse.com:email]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-7.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-7.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 5/7] Add lsm_list_modules01 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that lsm_list_modules syscall is raising errors when invalid data is provided. Reviewed-by: Cyril Hrubis Signed-off-by: Andrea Cervesato --- runtest/syscalls | 1 + testcases/kernel/syscalls/lsm/.gitignore | 1 + testcases/kernel/syscalls/lsm/lsm_list_modules01.c | 75 ++++++++++++++++++++++ 3 files changed, 77 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index d45cda4082ed87bf674ca34d315af9c162a41fe9..c8a9dbeacbae7a6badc705b7e648dbc7a020742f 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -762,6 +762,7 @@ lseek11 lseek11 lsm_get_self_attr01 lsm_get_self_attr01 lsm_get_self_attr02 lsm_get_self_attr02 lsm_get_self_attr03 lsm_get_self_attr03 +lsm_list_modules01 lsm_list_modules01 lstat01 lstat01 lstat01_64 lstat01_64 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore index 19956fdf8b9952b4850c3a20826e29ec67ea3560..501d332549a84cceb9741346bdb8b83eb02467c5 100644 --- a/testcases/kernel/syscalls/lsm/.gitignore +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -1,3 +1,4 @@ lsm_get_self_attr01 lsm_get_self_attr02 lsm_get_self_attr03 +lsm_list_modules01 diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules01.c b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c new file mode 100644 index 0000000000000000000000000000000000000000..51ff5abe151f06d2aa6e3d19c722eb40e77c822c --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that lsm_list_modules syscall is raising errors when invalid data is + * provided. + */ + +#include "lsm_common.h" + +#define MAX_LSM_NUM 32 + +static uint64_t lsm_ids[MAX_LSM_NUM]; +static uint32_t page_size; +static uint32_t ids_size; +static uint32_t ids_size_small; + +static struct tcase { + uint64_t *ids; + uint32_t *size; + uint32_t flags; + int exp_errno; + char *msg; +} tcases[] = { + { + .size = &ids_size, + .exp_errno = EFAULT, + .msg = "ids is NULL", + }, + { + .ids = lsm_ids, + .exp_errno = EFAULT, + .msg = "size is NULL", + }, + { + .ids = lsm_ids, + .size = &ids_size_small, + .exp_errno = E2BIG, + .msg = "size is too small", + }, + { + .ids = lsm_ids, + .size = &ids_size, + .flags = 1, + .exp_errno = EINVAL, + .msg = "flags must be zero", + }, +}; + +static void run(unsigned int n) +{ + struct tcase *tc = &tcases[n]; + + memset(lsm_ids, 0, sizeof(lsm_ids)); + ids_size = page_size; + ids_size_small = 0; + + TST_EXP_FAIL(lsm_list_modules(tc->ids, tc->size, tc->flags), + tc->exp_errno, + "%s", tc->msg); +} + +static void setup(void) +{ + page_size = SAFE_SYSCONF(_SC_PAGESIZE); +} + +static struct tst_test test = { + .test = run, + .setup = setup, + .tcnt = ARRAY_SIZE(tcases), + .min_kver = "6.8", +}; From patchwork Tue Apr 29 07:18:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078783 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=HxBfGg0t; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=DRKFuQFq; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=HxBfGg0t; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=DRKFuQFq; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsJk209hz1yMg for ; Tue, 29 Apr 2025 17:24:38 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 725453C53B4 for ; Tue, 29 Apr 2025 09:24:53 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [IPv6:2001:4b78:1:20::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 730363CBC0A for ; Tue, 29 Apr 2025 09:23:42 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2a07:de40:b251:101:10:150:64:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id A118A200055 for ; Tue, 29 Apr 2025 09:23:41 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 4C00421A84; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jYElsPQ7SJqX6NXbmIUxp3Z+nP9zKTAcJzx7Aokxp8M=; b=HxBfGg0tQqgiq+Hyvpyqs8eQx0UtRBnO/H7/ZJOOgt671cov7xQo0v0+76gigfMKCKSh5Y rq0cUlx9fLV0kBsqBipe2kWWtP8PoOx+LIRBqJs/Aqts+QeeZlXXE1gNSKD7Ih+Ne9oRBZ sgownVHYvBhRTaJ26sCLPa3KgZw86cs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jYElsPQ7SJqX6NXbmIUxp3Z+nP9zKTAcJzx7Aokxp8M=; b=DRKFuQFq/lOcaOdVZT67Cm8MOqEtb4LFY7SzkHd+mQxt7s5KwebKYmh9Jj9KgVwH8XLCNI 2nvlpnY4J/lSNeDA== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jYElsPQ7SJqX6NXbmIUxp3Z+nP9zKTAcJzx7Aokxp8M=; b=HxBfGg0tQqgiq+Hyvpyqs8eQx0UtRBnO/H7/ZJOOgt671cov7xQo0v0+76gigfMKCKSh5Y rq0cUlx9fLV0kBsqBipe2kWWtP8PoOx+LIRBqJs/Aqts+QeeZlXXE1gNSKD7Ih+Ne9oRBZ sgownVHYvBhRTaJ26sCLPa3KgZw86cs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jYElsPQ7SJqX6NXbmIUxp3Z+nP9zKTAcJzx7Aokxp8M=; b=DRKFuQFq/lOcaOdVZT67Cm8MOqEtb4LFY7SzkHd+mQxt7s5KwebKYmh9Jj9KgVwH8XLCNI 2nvlpnY4J/lSNeDA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3108D13A8B; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id yAFeCnN+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:31 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:35 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-6-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=4983; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=b/+6Ea6kJtEVzEI4PyJ21EMbVtW6gbLEjzcQLERINGQ=; b=6CFo9fFzFdbEAnPtxddFTUvg8aBH7Vl8te8PZEXzHtzWHAJV0zx3llzGttk+Zj8Yb87CP1gj8 aE1YK7myhN/BgMkiAKqdNG2NJAznQC+rDo8Dg+VxRfpI2lfVpQ/0ZVh X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo, suse.com:email, suse.com:mid] X-Spam-Score: -4.30 X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-7.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-7.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 6/7] Add lsm_list_modules02 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that lsm_list_modules syscall is correctly recognizing LSM(s) enabled inside the system. Signed-off-by: Andrea Cervesato Reviewed-by: Cyril Hrubis --- runtest/syscalls | 1 + testcases/kernel/syscalls/lsm/.gitignore | 1 + testcases/kernel/syscalls/lsm/lsm_list_modules02.c | 153 +++++++++++++++++++++ 3 files changed, 155 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index c8a9dbeacbae7a6badc705b7e648dbc7a020742f..91709634b70686e7e7e1e2233d8205ae99c14f19 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -763,6 +763,7 @@ lsm_get_self_attr01 lsm_get_self_attr01 lsm_get_self_attr02 lsm_get_self_attr02 lsm_get_self_attr03 lsm_get_self_attr03 lsm_list_modules01 lsm_list_modules01 +lsm_list_modules02 lsm_list_modules02 lstat01 lstat01 lstat01_64 lstat01_64 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore index 501d332549a84cceb9741346bdb8b83eb02467c5..766f81fd1c74a10001862f142c02ba251e666ef2 100644 --- a/testcases/kernel/syscalls/lsm/.gitignore +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -2,3 +2,4 @@ lsm_get_self_attr01 lsm_get_self_attr02 lsm_get_self_attr03 lsm_list_modules01 +lsm_list_modules02 diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules02.c b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c new file mode 100644 index 0000000000000000000000000000000000000000..40fe789cd5fc1cbebbc2281404001c1d976a0937 --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c @@ -0,0 +1,153 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that lsm_list_modules syscall is correctly recognizing LSM(s) enabled + * inside the system. + * + * [Algorithm] + * + * - read enabled LSM(s) inside /sys/kernel/security/lsm file + * - collect LSM IDs using lsm_list_modules syscall + * - compare the results, verifying that LSM(s) IDs are correct + */ + +#include "lsm_common.h" + +#define MAX_LSM_NUM 32 + +struct lsm_name { + char name[BUFSIZ]; + int num; +}; + +static struct lsm_name lsm_names[MAX_LSM_NUM]; +static size_t lsm_names_count; +static uint32_t page_size; +static uint64_t *ids; +static uint32_t *size; + +static void run(void) +{ + uint32_t lsm_num; + size_t counter; + + memset(ids, 0, sizeof(uint64_t) * MAX_LSM_NUM); + *size = page_size; + + lsm_num = TST_EXP_POSITIVE(lsm_list_modules(ids, size, 0)); + + TST_EXP_EQ_LI(lsm_num, lsm_names_count); + TST_EXP_EQ_LI(*size, lsm_num * sizeof(uint64_t)); + + for (size_t i = 0; i < lsm_names_count; i++) + lsm_names[i].num = 0; + + for (uint32_t i = 0; i < lsm_num; i++) { + char *name = NULL; + + switch (ids[i]) { + case LSM_ID_CAPABILITY: + name = "capability"; + break; + case LSM_ID_SELINUX: + name = "selinux"; + break; + case LSM_ID_SMACK: + name = "smack"; + break; + case LSM_ID_TOMOYO: + name = "tomoyo"; + break; + case LSM_ID_APPARMOR: + name = "apparmor"; + break; + case LSM_ID_YAMA: + name = "yama"; + break; + case LSM_ID_LOADPIN: + name = "loadpin"; + break; + case LSM_ID_SAFESETID: + name = "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name = "lockdown"; + break; + case LSM_ID_BPF: + name = "bpf"; + break; + case LSM_ID_LANDLOCK: + name = "landlock"; + break; + case LSM_ID_IMA: + name = "ima"; + break; + case LSM_ID_EVM: + name = "evm"; + break; + case LSM_ID_IPE: + name = "ipe"; + break; + default: + break; + } + + if (!name) + tst_brk(TBROK, "Unsupported LSM: %lu", ids[i]); + + for (counter = 0; counter < lsm_names_count; counter++) { + if (!strcmp(name, lsm_names[counter].name)) { + lsm_names[counter].num++; + tst_res(TPASS, "'%s' is enabled", name); + break; + } + } + + if (counter >= lsm_names_count) + tst_res(TFAIL, "'%s' has not been found", name); + } + + for (size_t i = 0; i < lsm_names_count; i++) { + if (lsm_names[i].num > 1) { + tst_res(TFAIL, "'%s' LSM has been counted %d times", + lsm_names[i].name, + lsm_names[i].num); + } + } +} + +static void setup(void) +{ + int fd; + char *ptr; + char data[BUFSIZ]; + + memset(data, 0, BUFSIZ); + + page_size = SAFE_SYSCONF(_SC_PAGESIZE); + fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY); + SAFE_READ(0, fd, data, BUFSIZ); + SAFE_CLOSE(fd); + + ptr = strtok(data, ","); + + while (ptr != NULL) { + strcpy(lsm_names[lsm_names_count].name, ptr); + ptr = strtok(NULL, ","); + lsm_names_count++; + } +} + +static struct tst_test test = { + .test_all = run, + .setup = setup, + .min_kver = "6.8", + .bufs = (struct tst_buffers []) { + {&ids, .size = sizeof(uint64_t) * MAX_LSM_NUM}, + {&size, .size = sizeof(uint32_t)}, + {}, + }, +}; From patchwork Tue Apr 29 07:18:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Cervesato X-Patchwork-Id: 2078786 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=JinFmiAK; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=BRmWsR9/; dkim=fail reason="signature verification failed" (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=JinFmiAK; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=BRmWsR9/; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZmsKs0ykfz1yJ5 for ; Tue, 29 Apr 2025 17:25:36 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id DD9FB3CBBC5 for ; Tue, 29 Apr 2025 09:25:51 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 9ED713CBC06 for ; Tue, 29 Apr 2025 09:23:51 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2a07:de40:b251:101:10:150:64:2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id BAF8410005E9 for ; Tue, 29 Apr 2025 09:23:50 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6D9381F808; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCe0ZEfqdWBnRsaW2f/Spd423KiCb7JzutEfhUwaqhI=; b=JinFmiAKp22JwrPIu/JuTtS9NZguuEeTMySdr7pRBvAov1wlaKv4WTTU/YsPx2YyWGvgAy R92ziEHrhGxfnZW5mUIFqq5TP79Uu/yZCn87+DUU0IdOJnsy3WlB51EeZ4JcINC8rHmxSX 3E8YPHjIzlk8w0ju7MsLgsb0U0CtNng= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCe0ZEfqdWBnRsaW2f/Spd423KiCb7JzutEfhUwaqhI=; b=BRmWsR9/xl07JrS4RS2QRlNkLELSQ/Fbawgad/+pGCvCv26kQj64Z9reCNs85qDCM3N6Rc dW6NEGtbq6XL71Bg== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=JinFmiAK; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b="BRmWsR9/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCe0ZEfqdWBnRsaW2f/Spd423KiCb7JzutEfhUwaqhI=; b=JinFmiAKp22JwrPIu/JuTtS9NZguuEeTMySdr7pRBvAov1wlaKv4WTTU/YsPx2YyWGvgAy R92ziEHrhGxfnZW5mUIFqq5TP79Uu/yZCn87+DUU0IdOJnsy3WlB51EeZ4JcINC8rHmxSX 3E8YPHjIzlk8w0ju7MsLgsb0U0CtNng= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1745911411; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCe0ZEfqdWBnRsaW2f/Spd423KiCb7JzutEfhUwaqhI=; b=BRmWsR9/xl07JrS4RS2QRlNkLELSQ/Fbawgad/+pGCvCv26kQj64Z9reCNs85qDCM3N6Rc dW6NEGtbq6XL71Bg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 547741340C; Tue, 29 Apr 2025 07:23:31 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id KLPzEnN+EGgbcAAAD6G6ig (envelope-from ); Tue, 29 Apr 2025 07:23:31 +0000 From: Andrea Cervesato Date: Tue, 29 Apr 2025 09:18:36 +0200 MIME-Version: 1.0 Message-Id: <20250429-lsm-v4-7-602b7097e722@suse.com> References: <20250429-lsm-v4-0-602b7097e722@suse.com> In-Reply-To: <20250429-lsm-v4-0-602b7097e722@suse.com> To: ltp@lists.linux.it X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1745911410; l=4052; i=andrea.cervesato@suse.com; s=20240812; h=from:subject:message-id; bh=FkYoUEqGGh3HOmfEuzKwze64odw7DA8++rg+rp4anOU=; b=kJSSjedsrkRDJ8XhBzu1uenpqnCzznOhVCmyRlaE/D2AWgfwFG/+cwx046fHlUE+SHzqYGwPd tMz3oDV2mEYBmWFBqGtYFfKjRqHtP9UNunnpPyKie6MfyNqSZHy3MXI X-Developer-Key: i=andrea.cervesato@suse.com; a=ed25519; pk=RG/nLJ5snb1tLKGwSORQXBJ5XA4juT0WF2Pc/lq9meo= X-Rspamd-Queue-Id: 6D9381F808 X-Spam-Score: -4.51 X-Rspamd-Action: no action X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo,suse.com:mid,suse.com:email]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-4.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-4.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Andrea Cervesato Verify that lsm_set_self_attr syscall is raising errors when invalid data is provided. Signed-off-by: Andrea Cervesato Reviewed-by: Cyril Hrubis --- runtest/syscalls | 1 + testcases/kernel/syscalls/lsm/.gitignore | 1 + .../kernel/syscalls/lsm/lsm_set_self_attr01.c | 110 +++++++++++++++++++++ 3 files changed, 112 insertions(+) diff --git a/runtest/syscalls b/runtest/syscalls index 91709634b70686e7e7e1e2233d8205ae99c14f19..b082a79f3e833b3e4868a34885d17fec7385f86f 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -764,6 +764,7 @@ lsm_get_self_attr02 lsm_get_self_attr02 lsm_get_self_attr03 lsm_get_self_attr03 lsm_list_modules01 lsm_list_modules01 lsm_list_modules02 lsm_list_modules02 +lsm_set_self_attr01 lsm_set_self_attr01 lstat01 lstat01 lstat01_64 lstat01_64 diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore index 766f81fd1c74a10001862f142c02ba251e666ef2..467f07cec5443393d231bbb98880b7183635dd9d 100644 --- a/testcases/kernel/syscalls/lsm/.gitignore +++ b/testcases/kernel/syscalls/lsm/.gitignore @@ -3,3 +3,4 @@ lsm_get_self_attr02 lsm_get_self_attr03 lsm_list_modules01 lsm_list_modules02 +lsm_set_self_attr01 diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c new file mode 100644 index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804 --- /dev/null +++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c @@ -0,0 +1,110 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2024 SUSE LLC Andrea Cervesato + */ + +/*\ + * Verify that lsm_set_self_attr syscall is raising errors when invalid data is + * provided. + */ + +#include "lsm_common.h" + +static struct lsm_ctx *ctx; +static struct lsm_ctx *ctx_orig; +static struct lsm_ctx *ctx_null; +static uint32_t ctx_size; +static uint32_t ctx_size_small; +static uint32_t ctx_size_big; +static uint32_t page_size; + +static struct tcase { + uint32_t attr; + struct lsm_ctx **ctx; + uint32_t *size; + uint32_t flags; + int exp_errno; + char *msg; +} tcases[] = { + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx_null, + .size = &ctx_size, + .exp_errno = EFAULT, + .msg = "ctx is NULL", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size_small, + .exp_errno = EINVAL, + .msg = "size is too small", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size_big, + .exp_errno = E2BIG, + .msg = "size is too big", + }, + { + .attr = LSM_ATTR_CURRENT, + .ctx = &ctx, + .size = &ctx_size, + .flags = 1, + .exp_errno = EINVAL, + .msg = "flags must be zero", + }, + { + .attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC, + .ctx = &ctx, + .size = &ctx_size, + .exp_errno = EINVAL, + .msg = "attr is overset", + } +}; + +static void run(unsigned int n) +{ + struct tcase *tc = &tcases[n]; + + /* just in case lsm_set_self_attr() pass , we won't change + * LSM configuration for the following process + */ + memcpy(ctx, ctx_orig, LSM_CTX_SIZE_DEFAULT); + + ctx_size = page_size; + ctx_size_small = 1; + ctx_size_big = ctx_size + 1; + + TST_EXP_FAIL(lsm_set_self_attr(tc->attr, *tc->ctx, *tc->size, tc->flags), + tc->exp_errno, + "%s", tc->msg); +} + +static void setup(void) +{ + int ret; + uint32_t size; + + verify_supported_attr_current(); + + page_size = SAFE_SYSCONF(_SC_PAGESIZE); + size = page_size; + + ret = lsm_get_self_attr(LSM_ATTR_CURRENT, ctx_orig, &size, 0); + if (ret < 0) + tst_brk(TBROK, "Can't read LSM current attribute"); +} + +static struct tst_test test = { + .test = run, + .setup = setup, + .tcnt = ARRAY_SIZE(tcases), + .min_kver = "6.8", + .bufs = (struct tst_buffers[]) { + {&ctx, .size = LSM_CTX_SIZE_DEFAULT}, + {&ctx_orig, .size = LSM_CTX_SIZE_DEFAULT}, + {} + }, +};