Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
selftests/landlock: Use scoped_base_variants.h for ptrace_test
ptrace_test.c currently contains a duplicated version of the
scoped_domains fixture variants. This patch removes that and make it use
the shared scoped_base_variants.h instead, like in
scoped_abstract_unix_test and scoped_signal_test.
This required renaming the hierarchy fixture to scoped_domains, but the
test is otherwise the same.
Cc: Tahera Fahimi <fahimitahera@gmail.com>
Signed-off-by: Tingmao Wang <m@maowtm.org>
Link: https://lore.kernel.org/r/48148f0134f95f819a25277486a875a6fd88ecf9.1766885035.git.m@maowtm.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
authored by
Tingmao Wang
and committed by
Mickaël Salaün
55dc93a7
7aa593d8
+12
-151
+5
-149
tools/testing/selftests/landlock/ptrace_test.c
+5
-149
tools/testing/selftests/landlock/ptrace_test.c
···
86
86
}
87
87
88
88
/* clang-format off */
89
-
FIXTURE(hierarchy) {};
89
+
FIXTURE(scoped_domains) {};
90
90
/* clang-format on */
91
-
92
-
FIXTURE_VARIANT(hierarchy)
93
-
{
94
-
const bool domain_both;
95
-
const bool domain_parent;
96
-
const bool domain_child;
97
-
};
98
91
99
92
/*
100
93
* Test multiple tracing combinations between a parent process P1 and a child
···
97
104
* restriction is enforced in addition to any Landlock check, which means that
98
105
* all P2 requests to trace P1 would be denied.
99
106
*/
107
+
#include "scoped_base_variants.h"
100
108
101
-
/*
102
-
* No domain
103
-
*
104
-
* P1-. P1 -> P2 : allow
105
-
* \ P2 -> P1 : allow
106
-
* 'P2
107
-
*/
108
-
/* clang-format off */
109
-
FIXTURE_VARIANT_ADD(hierarchy, allow_without_domain) {
110
-
/* clang-format on */
111
-
.domain_both = false,
112
-
.domain_parent = false,
113
-
.domain_child = false,
114
-
};
115
-
116
-
/*
117
-
* Child domain
118
-
*
119
-
* P1--. P1 -> P2 : allow
120
-
* \ P2 -> P1 : deny
121
-
* .'-----.
122
-
* | P2 |
123
-
* '------'
124
-
*/
125
-
/* clang-format off */
126
-
FIXTURE_VARIANT_ADD(hierarchy, allow_with_one_domain) {
127
-
/* clang-format on */
128
-
.domain_both = false,
129
-
.domain_parent = false,
130
-
.domain_child = true,
131
-
};
132
-
133
-
/*
134
-
* Parent domain
135
-
* .------.
136
-
* | P1 --. P1 -> P2 : deny
137
-
* '------' \ P2 -> P1 : allow
138
-
* '
139
-
* P2
140
-
*/
141
-
/* clang-format off */
142
-
FIXTURE_VARIANT_ADD(hierarchy, deny_with_parent_domain) {
143
-
/* clang-format on */
144
-
.domain_both = false,
145
-
.domain_parent = true,
146
-
.domain_child = false,
147
-
};
148
-
149
-
/*
150
-
* Parent + child domain (siblings)
151
-
* .------.
152
-
* | P1 ---. P1 -> P2 : deny
153
-
* '------' \ P2 -> P1 : deny
154
-
* .---'--.
155
-
* | P2 |
156
-
* '------'
157
-
*/
158
-
/* clang-format off */
159
-
FIXTURE_VARIANT_ADD(hierarchy, deny_with_sibling_domain) {
160
-
/* clang-format on */
161
-
.domain_both = false,
162
-
.domain_parent = true,
163
-
.domain_child = true,
164
-
};
165
-
166
-
/*
167
-
* Same domain (inherited)
168
-
* .-------------.
169
-
* | P1----. | P1 -> P2 : allow
170
-
* | \ | P2 -> P1 : allow
171
-
* | ' |
172
-
* | P2 |
173
-
* '-------------'
174
-
*/
175
-
/* clang-format off */
176
-
FIXTURE_VARIANT_ADD(hierarchy, allow_sibling_domain) {
177
-
/* clang-format on */
178
-
.domain_both = true,
179
-
.domain_parent = false,
180
-
.domain_child = false,
181
-
};
182
-
183
-
/*
184
-
* Inherited + child domain
185
-
* .-----------------.
186
-
* | P1----. | P1 -> P2 : allow
187
-
* | \ | P2 -> P1 : deny
188
-
* | .-'----. |
189
-
* | | P2 | |
190
-
* | '------' |
191
-
* '-----------------'
192
-
*/
193
-
/* clang-format off */
194
-
FIXTURE_VARIANT_ADD(hierarchy, allow_with_nested_domain) {
195
-
/* clang-format on */
196
-
.domain_both = true,
197
-
.domain_parent = false,
198
-
.domain_child = true,
199
-
};
200
-
201
-
/*
202
-
* Inherited + parent domain
203
-
* .-----------------.
204
-
* |.------. | P1 -> P2 : deny
205
-
* || P1 ----. | P2 -> P1 : allow
206
-
* |'------' \ |
207
-
* | ' |
208
-
* | P2 |
209
-
* '-----------------'
210
-
*/
211
-
/* clang-format off */
212
-
FIXTURE_VARIANT_ADD(hierarchy, deny_with_nested_and_parent_domain) {
213
-
/* clang-format on */
214
-
.domain_both = true,
215
-
.domain_parent = true,
216
-
.domain_child = false,
217
-
};
218
-
219
-
/*
220
-
* Inherited + parent and child domain (siblings)
221
-
* .-----------------.
222
-
* | .------. | P1 -> P2 : deny
223
-
* | | P1 . | P2 -> P1 : deny
224
-
* | '------'\ |
225
-
* | \ |
226
-
* | .--'---. |
227
-
* | | P2 | |
228
-
* | '------' |
229
-
* '-----------------'
230
-
*/
231
-
/* clang-format off */
232
-
FIXTURE_VARIANT_ADD(hierarchy, deny_with_forked_domain) {
233
-
/* clang-format on */
234
-
.domain_both = true,
235
-
.domain_parent = true,
236
-
.domain_child = true,
237
-
};
238
-
239
-
FIXTURE_SETUP(hierarchy)
109
+
FIXTURE_SETUP(scoped_domains)
240
110
{
241
111
}
242
112
243
-
FIXTURE_TEARDOWN(hierarchy)
113
+
FIXTURE_TEARDOWN(scoped_domains)
244
114
{
245
115
}
246
116
247
117
/* Test PTRACE_TRACEME and PTRACE_ATTACH for parent and child. */
248
-
TEST_F(hierarchy, trace)
118
+
TEST_F(scoped_domains, trace)
249
119
{
250
120
pid_t child, parent;
251
121
int status, err_proc_read;
+7
-2
tools/testing/selftests/landlock/scoped_base_variants.h
+7
-2
tools/testing/selftests/landlock/scoped_base_variants.h
···
1
1
/* SPDX-License-Identifier: GPL-2.0 */
2
2
/*
3
-
* Landlock scoped_domains variants
3
+
* Landlock scoped_domains test variant definition.
4
4
*
5
-
* See the hierarchy variants from ptrace_test.c
5
+
* This file defines a fixture variant "scoped_domains" that has all
6
+
* permutations of parent/child process being in separate or shared
7
+
* Landlock domain, or not being in a Landlock domain at all.
8
+
*
9
+
* Scoped access tests can include this file to avoid repeating these
10
+
* combinations.
6
11
*
7
12
* Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
8
13
* Copyright © 2019-2020 ANSSI