From: Cyril Hrubis <chrubis@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 2/7] Add lsm_get_self_attr01 test
Date: Tue, 4 Mar 2025 13:21:48 +0100 [thread overview]
Message-ID: <Z8bwXIlfvr4gm88i@yuki.lan> (raw)
In-Reply-To: <20250110-lsm-v2-2-bd38035f86bc@suse.com>
Hi!
> Reviewed-by: Petr Vorel <pvorel@suse.cz>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> runtest/syscalls | 2 +
> testcases/kernel/syscalls/lsm/.gitignore | 1 +
> testcases/kernel/syscalls/lsm/Makefile | 7 ++
> testcases/kernel/syscalls/lsm/lsm_common.h | 82 +++++++++++++++++++
> .../kernel/syscalls/lsm/lsm_get_self_attr01.c | 94 ++++++++++++++++++++++
> 5 files changed, 186 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index ded035ee82d0e97c67cc1e7c487b010634b2d1a0..77ed36b2d6877bce15f29e263582e7d81f804f92 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -756,6 +756,8 @@ lseek02 lseek02
> lseek07 lseek07
> lseek11 lseek11
>
> +lsm_get_self_attr01 lsm_get_self_attr01
> +
> lstat01 lstat01
> lstat01_64 lstat01_64
> lstat02 lstat02
> diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
> new file mode 100644
> index 0000000000000000000000000000000000000000..49f4a9263349ce633b8decb8fff1dd1d2111cf49
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/.gitignore
> @@ -0,0 +1 @@
> +lsm_get_self_attr01
> diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile
> new file mode 100644
> index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/Makefile
> @@ -0,0 +1,7 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> +
> +top_srcdir ?= ../../../..
> +
> +include $(top_srcdir)/include/mk/testcases.mk
> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
> diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h
> new file mode 100644
> index 0000000000000000000000000000000000000000..ba4762bd8132b585b832ec171c2646ce20312351
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_common.h
> @@ -0,0 +1,82 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LSM_GET_SELF_ATTR_H
> +#define LSM_GET_SELF_ATTR_H
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
> +{
> + return (void *)tctx + sizeof(*tctx) + tctx->ctx_len;
^
Technically this should be char * as pointer arithmetics
on void * is a GNU extension.
> +}
> +
> +static inline void read_proc_attr(const char *attr, char *val, const size_t size)
> +{
> + int fd;
> + char *ptr;
> + char path[BUFSIZ];
> +
> + memset(val, 0, size);
> + memset(path, 0, BUFSIZ);
> +
> + snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
> +
> + tst_res(TINFO, "Reading %s", path);
> +
> + fd = SAFE_OPEN(path, O_RDONLY);
> +
> + if (read(fd, val, size) > 0) {
> + ptr = strchr(val, '\n');
> + if (ptr)
> + *ptr = '\0';
> + }
> +
> + SAFE_CLOSE(fd);
> +}
> +
> +static inline int verify_enabled_lsm(const char *name)
> +{
> + int fd;
> + char *ptr;
> + char data[BUFSIZ];
> +
> + fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> + SAFE_READ(0, fd, data, BUFSIZ);
> + SAFE_CLOSE(fd);
> +
> + ptr = strtok(data, ",");
> + while (ptr != NULL) {
> + if (!strcmp(ptr, name)) {
> + tst_res(TINFO, "%s is running", name);
^
enabled?
> + return 1;
> + }
> +
> + ptr = strtok(NULL, ",");
> + }
> +
> + return 0;
> +}
> +
> +static inline uint32_t verify_supported_attr_current(void)
> +{
> + uint32_t lsm_count = 0;
> +
> + if (verify_enabled_lsm("selinux"))
> + lsm_count++;
> +
> + if (verify_enabled_lsm("apparmor"))
> + lsm_count++;
> +
> + if (verify_enabled_lsm("smack"))
> + lsm_count++;
> +
> + if (!lsm_count)
> + tst_brk(TCONF, "LSM_ATTR_CURRENT is not supported by any LSM");
> +
> + return lsm_count;
> +}
> +#endif
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..5f601f8b3245e81931c0b8f1475d375962eb53ff
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> @@ -0,0 +1,94 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "lsm_common.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +
> +static struct tcase {
> + int attr;
> + struct lsm_ctx **ctx;
> + uint32_t *size;
> + uint32_t flags;
> + int exp_err;
> + char *msg;
> +} tcases[] = {
> + {
> + .attr = LSM_ATTR_CURRENT,
> + .ctx = &ctx,
> + .exp_err = EINVAL,
> + .msg = "size is NULL",
> + },
> + {
> + .attr = LSM_ATTR_CURRENT,
> + .ctx = &ctx,
> + .size = &ctx_size,
> + .flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
> + .exp_err = EINVAL,
> + .msg = "flags is invalid",
> + },
> + {
> + .attr = LSM_ATTR_CURRENT,
> + .ctx = &ctx,
> + .size = &ctx_size_small,
> + .exp_err = E2BIG,
> + .msg = "size is too smal",
> + },
> + {
> + .attr = LSM_ATTR_CURRENT,
> + .ctx = &ctx,
> + .size = &ctx_size,
> + .flags = LSM_FLAG_SINGLE,
> + .exp_err = EINVAL,
> + .msg = "flags force to use ctx attributes",
> + },
> + {
> + .attr = LSM_ATTR_CURRENT | LSM_ATTR_PREV,
> + .ctx = &ctx,
> + .size = &ctx_size,
> + .flags = 0,
> + .exp_err = EOPNOTSUPP,
> + .msg = "flags overset",
> + }
> +};
> +
> +static void run(unsigned int n)
> +{
> + struct tcase *tc = &tcases[n];
> +
> + memset(ctx, 0, sizeof(struct lsm_ctx));
> + ctx_size = sizeof(struct lsm_ctx);
> + ctx_size_small = 1;
> +
> + TST_EXP_FAIL(lsm_get_self_attr(
> + tc->attr, *tc->ctx, tc->size, tc->flags),
> + tc->exp_err,
> + "%s", tc->msg);
> +}
> +
> +static void setup(void)
> +{
> + verify_supported_attr_current();
> +}
> +
> +static struct tst_test test = {
> + .setup = setup,
> + .test = run,
> + .tcnt = ARRAY_SIZE(tcases),
> + .min_kver = "6.8",
> + .bufs = (struct tst_buffers[]) {
> + {&ctx, .size = sizeof(struct lsm_ctx)},
> + {}
> + },
> +};
The rest looks good:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-03-04 12:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-10 12:55 [LTP] [PATCH v2 0/7] LSM testing suite Andrea Cervesato
2025-01-10 12:55 ` [LTP] [PATCH v2 1/7] Add fallback definitions of LSM syscalls Andrea Cervesato
2025-03-04 12:00 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 2/7] Add lsm_get_self_attr01 test Andrea Cervesato
2025-03-04 12:21 ` Cyril Hrubis [this message]
2025-01-10 12:55 ` [LTP] [PATCH v2 3/7] Add lsm_get_self_attr02 test Andrea Cervesato
2025-03-04 12:29 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 4/7] Add lsm_get_self_attr03 test Andrea Cervesato
2025-03-04 13:11 ` Cyril Hrubis
2025-03-21 12:23 ` Andrea Cervesato via ltp
2025-04-28 14:50 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 5/7] Add lsm_list_modules01 test Andrea Cervesato
2025-01-10 12:55 ` [LTP] [PATCH v2 6/7] Add lsm_list_modules02 test Andrea Cervesato
2025-03-04 13:24 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 7/7] Add lsm_set_self_attr01 test Andrea Cervesato
2025-03-04 13:26 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8bwXIlfvr4gm88i@yuki.lan \
--to=chrubis@suse.cz \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.