Message ID | 20240524093015.2402952-7-ivanov.mikhail1@huawei-partners.com (mailing list archive) |
---|---|
State | RFC |
Headers | show |
Series | Socket type control for Landlock | expand |
Context | Check | Description |
---|---|---|
netdev/tree_selection | success | Not a local patch, async |
On Fri, May 24, 2024 at 05:30:09PM +0800, Mikhail Ivanov wrote: > Add test that validates behavior of landlock after rule with > unhandled access is added. > > Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com> > --- > > Changes since v1: > * Refactors commit message. > --- > .../testing/selftests/landlock/socket_test.c | 33 +++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c > index 57d5927906b8..31af47de1937 100644 > --- a/tools/testing/selftests/landlock/socket_test.c > +++ b/tools/testing/selftests/landlock/socket_test.c > @@ -232,4 +232,37 @@ TEST_F(protocol, rule_with_unknown_access) > EXPECT_EQ(0, close(ruleset_fd)); > } > > +TEST_F(protocol, rule_with_unhandled_access) > +{ > + struct landlock_ruleset_attr ruleset_attr = { > + .handled_access_socket = LANDLOCK_ACCESS_SOCKET_CREATE, > + }; > + struct landlock_socket_attr protocol = { > + .family = self->srv0.protocol.family, > + .type = self->srv0.protocol.type, > + }; > + int ruleset_fd; > + __u64 access; > + > + ruleset_fd = > + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); > + ASSERT_LE(0, ruleset_fd); > + > + for (access = 1; access > 0; access <<= 1) { > + int err; > + > + protocol.allowed_access = access; > + err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, > + &protocol, 0); > + if (access == ruleset_attr.handled_access_socket) { > + EXPECT_EQ(0, err); > + } else { > + EXPECT_EQ(-1, err); > + EXPECT_EQ(EINVAL, errno); > + } > + } > + > + EXPECT_EQ(0, close(ruleset_fd)); > +} > + > TEST_HARNESS_MAIN > -- > 2.34.1 > Reviewed-by: Günther Noack <gnoack@google.com> Like the commit before, this is copied from net_test.c and I don't want to bikeshed around on code style which was discussed before. Trying to factor out commonalities might also introduce additional layers of indirection that would obscure what is happening. I think it should be fine like that despite it having some duplication. —Günther
diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c index 57d5927906b8..31af47de1937 100644 --- a/tools/testing/selftests/landlock/socket_test.c +++ b/tools/testing/selftests/landlock/socket_test.c @@ -232,4 +232,37 @@ TEST_F(protocol, rule_with_unknown_access) EXPECT_EQ(0, close(ruleset_fd)); } +TEST_F(protocol, rule_with_unhandled_access) +{ + struct landlock_ruleset_attr ruleset_attr = { + .handled_access_socket = LANDLOCK_ACCESS_SOCKET_CREATE, + }; + struct landlock_socket_attr protocol = { + .family = self->srv0.protocol.family, + .type = self->srv0.protocol.type, + }; + int ruleset_fd; + __u64 access; + + ruleset_fd = + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); + ASSERT_LE(0, ruleset_fd); + + for (access = 1; access > 0; access <<= 1) { + int err; + + protocol.allowed_access = access; + err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_SOCKET, + &protocol, 0); + if (access == ruleset_attr.handled_access_socket) { + EXPECT_EQ(0, err); + } else { + EXPECT_EQ(-1, err); + EXPECT_EQ(EINVAL, errno); + } + } + + EXPECT_EQ(0, close(ruleset_fd)); +} + TEST_HARNESS_MAIN
Add test that validates behavior of landlock after rule with unhandled access is added. Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com> --- Changes since v1: * Refactors commit message. --- .../testing/selftests/landlock/socket_test.c | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+)