Re: [LTP] [PATCH 3/7] Add lsm_get_self_attr02 test

[Cyril Hrubis <chrubis@suse.cz>]

On Tue, Nov 12, 2024 at 08:15:34AM +0100, Andrea Cervesato wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
> 
> Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
> The syscall can behave in different ways according to the current system
> status:
> 
> - if any LSM is running inside the system, the syscall will pass and it will
>   provide a size as big as the attribute
> - if no LSM(s) are running inside the system, the syscall will fail with -1
>   return code
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |  1 +
>  testcases/kernel/syscalls/lsm/.gitignore           |  2 +
>  .../kernel/syscalls/lsm/lsm_get_self_attr02.c      | 55 ++++++++++++++++++++++
>  3 files changed, 58 insertions(+)
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index d59faf08a3f36b5f64d56952f69641191c70bf33..b3350af4db6d00cf86f621b5efee5d603af920f0 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -757,6 +757,7 @@ lseek07 lseek07
>  lseek11 lseek11
>  
>  lsm_get_self_attr01 lsm_get_self_attr01
> +lsm_get_self_attr02 lsm_get_self_attr02
>  
>  lstat01 lstat01
>  lstat01_64 lstat01_64
> diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
> new file mode 100644
> index 0000000000000000000000000000000000000000..9f7c9b00b026a377f1b36f483ac2c1a0adba6249
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/.gitignore
> @@ -0,0 +1,2 @@
> +lsm_get_self_attr01
> +lsm_get_self_attr02
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..ce10bc2881fa8ac56a1e1da01631cfed8857eb08
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
> @@ -0,0 +1,55 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
> + * The syscall can behave in different ways according to the current system
> + * status:
> + *
> + * - if any LSM is running inside the system, the syscall will pass and it will
> + *   provide a size as big as the attribute
> + * - if no LSM(s) are running inside the system, the syscall will fail with -1
> + *   return code
> + */
> +#include "lsm_common.h"
> +
> +static uint32_t page_size;
> +static uint32_t lsm_count;
> +
> +static void run(void)
> +{
> +	uint32_t size = page_size;
> +
> +	if (lsm_count) {
> +		TST_EXP_EXPR(lsm_get_self_attr(
> +			LSM_ATTR_CURRENT, NULL, &size, 0) >= 1);

TST_EXP_POSSITIVE()?

Also I'm a bit confused here, where is the size returned as the return
value from the syscall() or is the size argument modified?

> +		TST_EXP_EXPR(size > 1);
> +	} else {
> +		TST_EXP_EQ_LI(lsm_get_self_attr(
> +			LSM_ATTR_CURRENT, NULL, &size, 0), -1);

TST_EXP_FAIL()?

> +	}
> +}
> +
> +static void setup(void)
> +{
> +	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> +
> +	if (verify_enabled_lsm("selinux"))
> +		lsm_count++;
> +
> +	if (verify_enabled_lsm("apparmor"))
> +		lsm_count++;
> +
> +	if (verify_enabled_lsm("smack"))
> +		lsm_count++;

Shouldn't we just look at the /sys/kernel/security/lsm file and if it
exists and it's not empty there is a lsm on the system and the syscall
will not fail in that case?

> +}
> +
> +static struct tst_test test = {
> +	.test_all = run,
> +	.setup = setup,
> +	.min_kver = "6.8",
> +};
> 
> -- 
> 2.43.0
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp