[LTP] [PATCH v4 0/7] LSM testing suite

[LTP] [PATCH v4 0/7] LSM testing suite

[Andrea Cervesato]

Testing the following syscalls which are providing support for the LSM
communication added in kernel 6.8:

- lsm_get_self_attr
- lsm_set_self_attr
- lsm_list_modules

Please consider the following documentation as reference:
https://docs.kernel.org/userspace-api/lsm.html

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Changes in v4:
- fix integer index loop that should be size_t
- correctly cast lsm_ctx pointer to char*
- Link to v3: https://lore.kernel.org/r/20250428-lsm-v3-0-33a4caa9aaf2@suse.com

Changes in v3:
- lsm_common.h cleanup
- better overall check for supported LSM(s) when using LSM_ATTR_CURRENT
- simplify tests using more common functions
- use the right size for lsm_ctx
- Link to v2: https://lore.kernel.org/r/20250110-lsm-v2-0-bd38035f86bc@suse.com

Changes in v2:
- correctly fallback <linux/lsm.h> include
- Link to v1: https://lore.kernel.org/r/20241112-lsm-v1-0-e293a8d99cf6@suse.com

---
Andrea Cervesato (7):
      Add fallback definitions of LSM syscalls
      Add lsm_get_self_attr01 test
      Add lsm_get_self_attr02 test
      Add lsm_get_self_attr03 test
      Add lsm_list_modules01 test
      Add lsm_list_modules02 test
      Add lsm_set_self_attr01 test

 configure.ac                                       |   3 +-
 include/lapi/lsm.h                                 | 177 +++++++++++++++++++++
 runtest/syscalls                                   |   7 +
 testcases/kernel/syscalls/lsm/.gitignore           |   6 +
 testcases/kernel/syscalls/lsm/Makefile             |   7 +
 testcases/kernel/syscalls/lsm/lsm_common.h         |  91 +++++++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr01.c      |  92 +++++++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr02.c      |  45 ++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr03.c      |  68 ++++++++
 testcases/kernel/syscalls/lsm/lsm_list_modules01.c |  75 +++++++++
 testcases/kernel/syscalls/lsm/lsm_list_modules02.c | 153 ++++++++++++++++++
 .../kernel/syscalls/lsm/lsm_set_self_attr01.c      | 110 +++++++++++++
 12 files changed, 833 insertions(+), 1 deletion(-)
---
base-commit: 746286c5ccf4fe3176ad636383a7235c5f1d4131
change-id: 20241105-lsm-5da2f6c2a1e9

Best regards,
-- 
Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 1/7] Add fallback definitions of LSM syscalls

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Fallback definition for the following syscalls:

- lsm_get_self_attr
- lsm_set_self_attr
- lsm_list_modules

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 configure.ac       |   3 +-
 include/lapi/lsm.h | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 179 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 7f475f6b6419ee14125dada3ddd7d9ea06eb6b48..9ff098b273b9298b4d0ddcd43fb6aefdddf44f0c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,6 +69,7 @@ AC_CHECK_HEADERS_ONCE([ \
     linux/ioprio.h \
     linux/keyctl.h \
     linux/landlock.h \
+    linux/lsm.h \
     linux/mempolicy.h \
     linux/module.h \
     linux/mount.h \
@@ -204,7 +205,7 @@ AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
 AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
 AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include <linux/landlock.h>])
 AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include <linux/landlock.h>])
-
+AC_CHECK_TYPES([struct lsm_ctx],,,[#include <linux/lsm.h>])
 AC_CHECK_TYPES([struct mmsghdr],,,[
 #define _GNU_SOURCE
 #include <sys/types.h>
diff --git a/include/lapi/lsm.h b/include/lapi/lsm.h
new file mode 100644
index 0000000000000000000000000000000000000000..72ca85f784282190b1db9fac3da79a562f93f43a
--- /dev/null
+++ b/include/lapi/lsm.h
@@ -0,0 +1,177 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LAPI_LSM_H__
+#define LAPI_LSM_H__
+
+#include "config.h"
+
+#ifdef HAVE_LINUX_LSM_H
+#include <linux/lsm.h>
+#endif
+
+#include <stdint.h>
+#include "lapi/syscalls.h"
+
+#define CTX_DATA_SIZE 4096
+
+#define LSM_CTX_SIZE(x) (sizeof(struct lsm_ctx) + x)
+#define LSM_CTX_SIZE_DEFAULT LSM_CTX_SIZE(CTX_DATA_SIZE)
+
+#ifndef HAVE_STRUCT_LSM_CTX
+
+/**
+ * struct lsm_ctx - LSM context information
+ * @id: the LSM id number, see LSM_ID_XXX
+ * @flags: LSM specific flags
+ * @len: length of the lsm_ctx struct, @ctx and any other data or padding
+ * @ctx_len: the size of @ctx
+ * @ctx: the LSM context value
+ *
+ * The @len field MUST be equal to the size of the lsm_ctx struct
+ * plus any additional padding and/or data placed after @ctx.
+ *
+ * In all cases @ctx_len MUST be equal to the length of @ctx.
+ * If @ctx is a string value it should be nul terminated with
+ * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
+ * supported.
+ *
+ * The @flags and @ctx fields SHOULD only be interpreted by the
+ * LSM specified by @id; they MUST be set to zero/0 when not used.
+ */
+struct lsm_ctx {
+	uint64_t id;
+	uint64_t flags;
+	uint64_t len;
+	uint64_t ctx_len;
+	uint8_t ctx[];
+};
+#endif
+
+/*
+ * ID tokens to identify Linux Security Modules (LSMs)
+ *
+ * These token values are used to uniquely identify specific LSMs
+ * in the kernel as well as in the kernel's LSM userspace API.
+ */
+#ifndef LSM_ID_UNDEF
+# define LSM_ID_UNDEF		0
+#endif
+
+#ifndef LSM_ID_CAPABILITY
+# define LSM_ID_CAPABILITY	100
+#endif
+
+#ifndef LSM_ID_SELINUX
+# define LSM_ID_SELINUX		101
+#endif
+
+#ifndef LSM_ID_SMACK
+# define LSM_ID_SMACK		102
+#endif
+
+#ifndef LSM_ID_TOMOYO
+# define LSM_ID_TOMOYO		103
+#endif
+
+#ifndef LSM_ID_APPARMOR
+# define LSM_ID_APPARMOR	104
+#endif
+
+#ifndef LSM_ID_YAMA
+# define LSM_ID_YAMA		105
+#endif
+
+#ifndef LSM_ID_LOADPIN
+# define LSM_ID_LOADPIN		106
+#endif
+
+#ifndef LSM_ID_SAFESETID
+# define LSM_ID_SAFESETID	107
+#endif
+
+#ifndef LSM_ID_LOCKDOWN
+# define LSM_ID_LOCKDOWN	108
+#endif
+
+#ifndef LSM_ID_BPF
+# define LSM_ID_BPF		109
+#endif
+
+#ifndef LSM_ID_LANDLOCK
+# define LSM_ID_LANDLOCK	110
+#endif
+
+#ifndef LSM_ID_IMA
+# define LSM_ID_IMA		111
+#endif
+
+#ifndef LSM_ID_EVM
+# define LSM_ID_EVM		112
+#endif
+
+#ifndef LSM_ID_IPE
+# define LSM_ID_IPE		113
+#endif
+
+/*
+ * LSM_ATTR_XXX definitions identify different LSM attributes
+ * which are used in the kernel's LSM userspace API. Support
+ * for these attributes vary across the different LSMs. None
+ * are required.
+ */
+#ifndef LSM_ATTR_UNDEF
+# define LSM_ATTR_UNDEF		0
+#endif
+
+#ifndef LSM_ATTR_CURRENT
+# define LSM_ATTR_CURRENT	100
+#endif
+
+#ifndef LSM_ATTR_EXEC
+# define LSM_ATTR_EXEC		101
+#endif
+
+#ifndef LSM_ATTR_FSCREATE
+# define LSM_ATTR_FSCREATE	102
+#endif
+
+#ifndef LSM_ATTR_KEYCREATE
+# define LSM_ATTR_KEYCREATE	103
+#endif
+
+#ifndef LSM_ATTR_PREV
+# define LSM_ATTR_PREV		104
+#endif
+
+#ifndef LSM_ATTR_SOCKCREATE
+# define LSM_ATTR_SOCKCREATE	105
+#endif
+
+/*
+ * LSM_FLAG_XXX definitions identify special handling instructions
+ * for the API.
+ */
+#ifndef LSM_FLAG_SINGLE
+# define LSM_FLAG_SINGLE	0x0001
+#endif
+
+static inline int lsm_get_self_attr(uint32_t attr, struct lsm_ctx *ctx,
+				    uint32_t *size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags);
+}
+
+static inline int lsm_set_self_attr(uint32_t attr, struct lsm_ctx *ctx,
+				    uint32_t size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags);
+}
+
+static inline int lsm_list_modules(uint64_t *ids, uint32_t *size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_list_modules, ids, size, flags);
+}
+#endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 2/7] Add lsm_get_self_attr01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_get_self_attr syscall is raising errors when invalid
data is provided.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  2 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 testcases/kernel/syscalls/lsm/Makefile             |  7 ++
 testcases/kernel/syscalls/lsm/lsm_common.h         | 91 +++++++++++++++++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr01.c      | 92 ++++++++++++++++++++++
 5 files changed, 193 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 57338297a33b47075a3f801871753cc76b073bfa..ba45c1945fb77b093ba578fdda3596a8d38c54b0 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -759,6 +759,8 @@ lseek02 lseek02
 lseek07 lseek07
 lseek11 lseek11
 
+lsm_get_self_attr01 lsm_get_self_attr01
+
 lstat01 lstat01
 lstat01_64 lstat01_64
 lstat02 lstat02
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..49f4a9263349ce633b8decb8fff1dd1d2111cf49
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -0,0 +1 @@
+lsm_get_self_attr01
diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..dcc2d7a4206a3610ed39bbc4a118394611f73bab
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_common.h
@@ -0,0 +1,91 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LSM_GET_SELF_ATTR_H
+#define LSM_GET_SELF_ATTR_H
+
+#include "tst_test.h"
+#include "lapi/lsm.h"
+
+static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
+{
+	return (struct lsm_ctx *)((char *)tctx + sizeof(*tctx) + tctx->ctx_len);
+}
+
+static inline void read_proc_attr(const char *attr, char *val, const size_t size)
+{
+	int fd;
+	char *ptr;
+	char path[BUFSIZ];
+
+	memset(val, 0, size);
+	memset(path, 0, BUFSIZ);
+
+	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
+
+	tst_res(TINFO, "Reading %s", path);
+
+	fd = SAFE_OPEN(path, O_RDONLY);
+
+	if (read(fd, val, size) > 0) {
+		ptr = strchr(val, '\n');
+		if (ptr)
+			*ptr = '\0';
+	}
+
+	SAFE_CLOSE(fd);
+}
+
+static inline int verify_enabled_lsm(const char *name)
+{
+	int fd;
+	char *ptr;
+	char data[BUFSIZ];
+
+	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
+	SAFE_READ(0, fd, data, BUFSIZ);
+	SAFE_CLOSE(fd);
+
+	ptr = strtok(data, ",");
+	while (ptr != NULL) {
+		if (!strcmp(ptr, name)) {
+			tst_res(TINFO, "%s is enabled", name);
+			return 1;
+		}
+
+		ptr = strtok(NULL, ",");
+	}
+
+	return 0;
+}
+
+static inline uint32_t count_supported_attr_current(void)
+{
+	uint32_t lsm_count = 0;
+
+	if (verify_enabled_lsm("selinux"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("apparmor"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("smack"))
+		lsm_count++;
+
+	return lsm_count;
+}
+
+static inline uint32_t verify_supported_attr_current(void)
+{
+	uint32_t lsm_count;
+
+	lsm_count = count_supported_attr_current();
+
+	if (!lsm_count)
+		tst_brk(TCONF, "LSM_ATTR_CURRENT is not supported by any LSM");
+
+	return lsm_count;
+}
+#endif
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
new file mode 100644
index 0000000000000000000000000000000000000000..ec272b9374e4240b6d0a0cb5b06aba112e8ea2d2
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "lsm_common.h"
+
+static struct lsm_ctx *ctx;
+static uint32_t ctx_size;
+static uint32_t ctx_size_small;
+
+static struct tcase {
+	int attr;
+	struct lsm_ctx **ctx;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_err;
+	char *msg;
+} tcases[] = {
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.exp_err = EINVAL,
+		.msg = "size is NULL",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
+		.exp_err = EINVAL,
+		.msg = "flags is invalid",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_small,
+		.exp_err = E2BIG,
+		.msg = "size is too smal",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = LSM_FLAG_SINGLE,
+		.exp_err = EINVAL,
+		.msg = "flags force to use ctx attributes",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT | LSM_ATTR_PREV,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = 0,
+		.exp_err = EOPNOTSUPP,
+		.msg = "flags overset",
+	}
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	memset(ctx, 0, LSM_CTX_SIZE_DEFAULT);
+	ctx_size = LSM_CTX_SIZE_DEFAULT;
+	ctx_size_small = 1;
+
+	TST_EXP_FAIL(lsm_get_self_attr(
+		tc->attr, *tc->ctx, tc->size, tc->flags),
+		tc->exp_err,
+		"%s", tc->msg);
+}
+
+static void setup(void)
+{
+	verify_supported_attr_current();
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = LSM_CTX_SIZE_DEFAULT},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 3/7] Add lsm_get_self_attr02 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_get_self_attr syscall is acting correctly when ctx
is NULL. The syscall can behave in different ways according to the
current system status:

- if any LSM is running inside the system, the syscall will pass
  and it will provide a size as big as the attribute
- if no LSM(s) are running inside the system, the syscall will fail
  with -1 return code and it will provide EOPNOTSUPP errno

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 .../kernel/syscalls/lsm/lsm_get_self_attr02.c      | 45 ++++++++++++++++++++++
 3 files changed, 47 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index ba45c1945fb77b093ba578fdda3596a8d38c54b0..73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -760,6 +760,7 @@ lseek07 lseek07
 lseek11 lseek11
 
 lsm_get_self_attr01 lsm_get_self_attr01
+lsm_get_self_attr02 lsm_get_self_attr02
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 49f4a9263349ce633b8decb8fff1dd1d2111cf49..9f7c9b00b026a377f1b36f483ac2c1a0adba6249 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -1 +1,2 @@
 lsm_get_self_attr01
+lsm_get_self_attr02
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
new file mode 100644
index 0000000000000000000000000000000000000000..889f3830fde8a5817936e67d9ee191a7513ff454
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
+ * The syscall can behave in different ways according to the current system
+ * status:
+ *
+ * - if any LSM is running inside the system, the syscall will pass and it will
+ *   provide a size as big as the attribute
+ * - if no LSM(s) are running inside the system, the syscall will fail with -1
+ *   return code
+ */
+#include "lsm_common.h"
+
+static uint32_t page_size;
+static uint32_t lsm_count;
+
+static void run(void)
+{
+	uint32_t size = page_size;
+
+	if (lsm_count) {
+		TST_EXP_POSITIVE(lsm_get_self_attr(
+			LSM_ATTR_CURRENT, NULL, &size, 0));
+		TST_EXP_EXPR(size > 1);
+	} else {
+		TST_EXP_FAIL(lsm_get_self_attr(
+			LSM_ATTR_CURRENT, NULL, &size, 0), EOPNOTSUPP);
+	}
+}
+
+static void setup(void)
+{
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+	lsm_count = count_supported_attr_current();
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
the current, active security context of the process. This is done by
checking that /proc/self/attr/current matches with the obtained value.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 .../kernel/syscalls/lsm/lsm_get_self_attr03.c      | 68 ++++++++++++++++++++++
 3 files changed, 70 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e..d45cda4082ed87bf674ca34d315af9c162a41fe9 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -761,6 +761,7 @@ lseek11 lseek11
 
 lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
+lsm_get_self_attr03 lsm_get_self_attr03
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 9f7c9b00b026a377f1b36f483ac2c1a0adba6249..19956fdf8b9952b4850c3a20826e29ec67ea3560 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -1,2 +1,3 @@
 lsm_get_self_attr01
 lsm_get_self_attr02
+lsm_get_self_attr03
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
new file mode 100644
index 0000000000000000000000000000000000000000..3b767b94c025e350b9cc83d9bf2dc3061b3c6a1c
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
+ * the current, active security context of the process. This is done by
+ * checking that /proc/self/attr/current matches with the obtained value.
+ */
+
+#include "lsm_common.h"
+
+static struct lsm_ctx *ctx;
+static uint32_t page_size;
+
+static void run(void)
+{
+	tst_res(TINFO, "Verifying 'LSM_ATTR_CURRENT' attribute");
+
+	uint32_t count;
+	uint32_t size = page_size;
+	char attr[size];
+
+	memset(attr, 0, size);
+	memset(ctx, 0, LSM_CTX_SIZE_DEFAULT);
+
+	count = TST_EXP_POSITIVE(
+		lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0));
+
+	if (TST_RET == -1)
+		return;
+
+	if (!count) {
+		tst_res(TFAIL, "Can't read any attribute");
+		return;
+	}
+
+	read_proc_attr("current", attr, page_size);
+
+	TST_EXP_EQ_STR(attr, (char *)ctx->ctx);
+
+	struct lsm_ctx *next = ctx;
+
+	for (uint32_t i = 1; i < count; i++) {
+		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
+			"Attribute and next LSM context must be different");
+
+		next = next_ctx(next);
+	}
+}
+
+static void setup(void)
+{
+	verify_supported_attr_current();
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = LSM_CTX_SIZE_DEFAULT},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 5/7] Add lsm_list_modules01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_list_modules syscall is raising errors when invalid
data is provided.

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 testcases/kernel/syscalls/lsm/lsm_list_modules01.c | 75 ++++++++++++++++++++++
 3 files changed, 77 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index d45cda4082ed87bf674ca34d315af9c162a41fe9..c8a9dbeacbae7a6badc705b7e648dbc7a020742f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -762,6 +762,7 @@ lseek11 lseek11
 lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
+lsm_list_modules01 lsm_list_modules01
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 19956fdf8b9952b4850c3a20826e29ec67ea3560..501d332549a84cceb9741346bdb8b83eb02467c5 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -1,3 +1,4 @@
 lsm_get_self_attr01
 lsm_get_self_attr02
 lsm_get_self_attr03
+lsm_list_modules01
diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules01.c b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c
new file mode 100644
index 0000000000000000000000000000000000000000..51ff5abe151f06d2aa6e3d19c722eb40e77c822c
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c
@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that lsm_list_modules syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "lsm_common.h"
+
+#define MAX_LSM_NUM 32
+
+static uint64_t lsm_ids[MAX_LSM_NUM];
+static uint32_t page_size;
+static uint32_t ids_size;
+static uint32_t ids_size_small;
+
+static struct tcase {
+	uint64_t *ids;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{
+		.size = &ids_size,
+		.exp_errno = EFAULT,
+		.msg = "ids is NULL",
+	},
+	{
+		.ids = lsm_ids,
+		.exp_errno = EFAULT,
+		.msg = "size is NULL",
+	},
+	{
+		.ids = lsm_ids,
+		.size = &ids_size_small,
+		.exp_errno = E2BIG,
+		.msg = "size is too small",
+	},
+	{
+		.ids = lsm_ids,
+		.size = &ids_size,
+		.flags = 1,
+		.exp_errno = EINVAL,
+		.msg = "flags must be zero",
+	},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	memset(lsm_ids, 0, sizeof(lsm_ids));
+	ids_size = page_size;
+	ids_size_small = 0;
+
+	TST_EXP_FAIL(lsm_list_modules(tc->ids, tc->size, tc->flags),
+	      tc->exp_errno,
+	      "%s", tc->msg);
+}
+
+static void setup(void)
+{
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+}
+
+static struct tst_test test = {
+	.test = run,
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 6/7] Add lsm_list_modules02 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_list_modules syscall is correctly recognizing LSM(s)
enabled inside the system.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |   1 +
 testcases/kernel/syscalls/lsm/.gitignore           |   1 +
 testcases/kernel/syscalls/lsm/lsm_list_modules02.c | 153 +++++++++++++++++++++
 3 files changed, 155 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index c8a9dbeacbae7a6badc705b7e648dbc7a020742f..91709634b70686e7e7e1e2233d8205ae99c14f19 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -763,6 +763,7 @@ lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
 lsm_list_modules01 lsm_list_modules01
+lsm_list_modules02 lsm_list_modules02
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 501d332549a84cceb9741346bdb8b83eb02467c5..766f81fd1c74a10001862f142c02ba251e666ef2 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -2,3 +2,4 @@ lsm_get_self_attr01
 lsm_get_self_attr02
 lsm_get_self_attr03
 lsm_list_modules01
+lsm_list_modules02
diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules02.c b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c
new file mode 100644
index 0000000000000000000000000000000000000000..40fe789cd5fc1cbebbc2281404001c1d976a0937
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c
@@ -0,0 +1,153 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that lsm_list_modules syscall is correctly recognizing LSM(s) enabled
+ * inside the system.
+ *
+ * [Algorithm]
+ *
+ * - read enabled LSM(s) inside /sys/kernel/security/lsm file
+ * - collect LSM IDs using lsm_list_modules syscall
+ * - compare the results, verifying that LSM(s) IDs are correct
+ */
+
+#include "lsm_common.h"
+
+#define MAX_LSM_NUM 32
+
+struct lsm_name {
+	char name[BUFSIZ];
+	int num;
+};
+
+static struct lsm_name lsm_names[MAX_LSM_NUM];
+static size_t lsm_names_count;
+static uint32_t page_size;
+static uint64_t *ids;
+static uint32_t *size;
+
+static void run(void)
+{
+	uint32_t lsm_num;
+	size_t counter;
+
+	memset(ids, 0, sizeof(uint64_t) * MAX_LSM_NUM);
+	*size = page_size;
+
+	lsm_num = TST_EXP_POSITIVE(lsm_list_modules(ids, size, 0));
+
+	TST_EXP_EQ_LI(lsm_num, lsm_names_count);
+	TST_EXP_EQ_LI(*size, lsm_num * sizeof(uint64_t));
+
+	for (size_t i = 0; i < lsm_names_count; i++)
+		lsm_names[i].num = 0;
+
+	for (uint32_t i = 0; i < lsm_num; i++) {
+		char *name = NULL;
+
+		switch (ids[i]) {
+		case LSM_ID_CAPABILITY:
+			name = "capability";
+			break;
+		case LSM_ID_SELINUX:
+			name = "selinux";
+			break;
+		case LSM_ID_SMACK:
+			name = "smack";
+			break;
+		case LSM_ID_TOMOYO:
+			name = "tomoyo";
+			break;
+		case LSM_ID_APPARMOR:
+			name = "apparmor";
+			break;
+		case LSM_ID_YAMA:
+			name = "yama";
+			break;
+		case LSM_ID_LOADPIN:
+			name = "loadpin";
+			break;
+		case LSM_ID_SAFESETID:
+			name = "safesetid";
+			break;
+		case LSM_ID_LOCKDOWN:
+			name = "lockdown";
+			break;
+		case LSM_ID_BPF:
+			name = "bpf";
+			break;
+		case LSM_ID_LANDLOCK:
+			name = "landlock";
+			break;
+		case LSM_ID_IMA:
+			name = "ima";
+			break;
+		case LSM_ID_EVM:
+			name = "evm";
+			break;
+		case LSM_ID_IPE:
+			name = "ipe";
+			break;
+		default:
+			break;
+		}
+
+		if (!name)
+			tst_brk(TBROK, "Unsupported LSM: %lu", ids[i]);
+
+		for (counter = 0; counter < lsm_names_count; counter++) {
+			if (!strcmp(name, lsm_names[counter].name)) {
+				lsm_names[counter].num++;
+				tst_res(TPASS, "'%s' is enabled", name);
+				break;
+			}
+		}
+
+		if (counter >= lsm_names_count)
+			tst_res(TFAIL, "'%s' has not been found", name);
+	}
+
+	for (size_t i = 0; i < lsm_names_count; i++) {
+		if (lsm_names[i].num > 1) {
+			tst_res(TFAIL, "'%s' LSM has been counted %d times",
+				lsm_names[i].name,
+				lsm_names[i].num);
+		}
+	}
+}
+
+static void setup(void)
+{
+	int fd;
+	char *ptr;
+	char data[BUFSIZ];
+
+	memset(data, 0, BUFSIZ);
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
+	SAFE_READ(0, fd, data, BUFSIZ);
+	SAFE_CLOSE(fd);
+
+	ptr = strtok(data, ",");
+
+	while (ptr != NULL) {
+		strcpy(lsm_names[lsm_names_count].name, ptr);
+		ptr = strtok(NULL, ",");
+		lsm_names_count++;
+	}
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers []) {
+		{&ids, .size = sizeof(uint64_t) * MAX_LSM_NUM},
+		{&size, .size = sizeof(uint32_t)},
+		{},
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_set_self_attr syscall is raising errors when invalid
data is provided.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |   1 +
 testcases/kernel/syscalls/lsm/.gitignore           |   1 +
 .../kernel/syscalls/lsm/lsm_set_self_attr01.c      | 110 +++++++++++++++++++++
 3 files changed, 112 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 91709634b70686e7e7e1e2233d8205ae99c14f19..b082a79f3e833b3e4868a34885d17fec7385f86f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -764,6 +764,7 @@ lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
 lsm_list_modules01 lsm_list_modules01
 lsm_list_modules02 lsm_list_modules02
+lsm_set_self_attr01 lsm_set_self_attr01
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 766f81fd1c74a10001862f142c02ba251e666ef2..467f07cec5443393d231bbb98880b7183635dd9d 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -3,3 +3,4 @@ lsm_get_self_attr02
 lsm_get_self_attr03
 lsm_list_modules01
 lsm_list_modules02
+lsm_set_self_attr01
diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
new file mode 100644
index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "lsm_common.h"
+
+static struct lsm_ctx *ctx;
+static struct lsm_ctx *ctx_orig;
+static struct lsm_ctx *ctx_null;
+static uint32_t ctx_size;
+static uint32_t ctx_size_small;
+static uint32_t ctx_size_big;
+static uint32_t page_size;
+
+static struct tcase {
+	uint32_t attr;
+	struct lsm_ctx **ctx;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx_null,
+		.size = &ctx_size,
+		.exp_errno = EFAULT,
+		.msg = "ctx is NULL",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_small,
+		.exp_errno = EINVAL,
+		.msg = "size is too small",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_big,
+		.exp_errno = E2BIG,
+		.msg = "size is too big",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = 1,
+		.exp_errno = EINVAL,
+		.msg = "flags must be zero",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.exp_errno = EINVAL,
+		.msg = "attr is overset",
+	}
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	/* just in case lsm_set_self_attr() pass , we won't change
+	 * LSM configuration for the following process
+	 */
+	memcpy(ctx, ctx_orig, LSM_CTX_SIZE_DEFAULT);
+
+	ctx_size = page_size;
+	ctx_size_small = 1;
+	ctx_size_big = ctx_size + 1;
+
+	TST_EXP_FAIL(lsm_set_self_attr(tc->attr, *tc->ctx, *tc->size, tc->flags),
+	      tc->exp_errno,
+	      "%s", tc->msg);
+}
+
+static void setup(void)
+{
+	int ret;
+	uint32_t size;
+
+	verify_supported_attr_current();
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+	size = page_size;
+
+	ret = lsm_get_self_attr(LSM_ATTR_CURRENT, ctx_orig, &size, 0);
+	if (ret < 0)
+		tst_brk(TBROK, "Can't read LSM current attribute");
+}
+
+static struct tst_test test = {
+	.test = run,
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = LSM_CTX_SIZE_DEFAULT},
+		{&ctx_orig, .size = LSM_CTX_SIZE_DEFAULT},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 1/7] Add fallback definitions of LSM syscalls

[Cyril Hrubis]

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 3/7] Add lsm_get_self_attr02 test

[Cyril Hrubis]

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test

[Cyril Hrubis]

Hi!
> Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
> the current, active security context of the process. This is done by
> checking that /proc/self/attr/current matches with the obtained value.
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |  1 +
>  testcases/kernel/syscalls/lsm/.gitignore           |  1 +
>  .../kernel/syscalls/lsm/lsm_get_self_attr03.c      | 68 ++++++++++++++++++++++
>  3 files changed, 70 insertions(+)
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e..d45cda4082ed87bf674ca34d315af9c162a41fe9 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -761,6 +761,7 @@ lseek11 lseek11
>  
>  lsm_get_self_attr01 lsm_get_self_attr01
>  lsm_get_self_attr02 lsm_get_self_attr02
> +lsm_get_self_attr03 lsm_get_self_attr03
>  
>  lstat01 lstat01
>  lstat01_64 lstat01_64
> diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
> index 9f7c9b00b026a377f1b36f483ac2c1a0adba6249..19956fdf8b9952b4850c3a20826e29ec67ea3560 100644
> --- a/testcases/kernel/syscalls/lsm/.gitignore
> +++ b/testcases/kernel/syscalls/lsm/.gitignore
> @@ -1,2 +1,3 @@
>  lsm_get_self_attr01
>  lsm_get_self_attr02
> +lsm_get_self_attr03
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..3b767b94c025e350b9cc83d9bf2dc3061b3c6a1c
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
> @@ -0,0 +1,68 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
> + * the current, active security context of the process. This is done by
> + * checking that /proc/self/attr/current matches with the obtained value.
> + */
> +
> +#include "lsm_common.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t page_size;
> +
> +static void run(void)
> +{
> +	tst_res(TINFO, "Verifying 'LSM_ATTR_CURRENT' attribute");
> +
> +	uint32_t count;
> +	uint32_t size = page_size;
> +	char attr[size];
> +
> +	memset(attr, 0, size);
> +	memset(ctx, 0, LSM_CTX_SIZE_DEFAULT);
> +
> +	count = TST_EXP_POSITIVE(
> +		lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0));
> +
> +	if (TST_RET == -1)
> +		return;
> +
> +	if (!count) {
> +		tst_res(TFAIL, "Can't read any attribute");
> +		return;
> +	}
> +
> +	read_proc_attr("current", attr, page_size);
> +
> +	TST_EXP_EQ_STR(attr, (char *)ctx->ctx);
> +
> +	struct lsm_ctx *next = ctx;
                                ^
				next_ctx(next)

Otherwise we will fail the check below.

> +	for (uint32_t i = 1; i < count; i++) {
> +		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
> +			"Attribute and next LSM context must be different");
> +
> +		next = next_ctx(next);
> +	}

Have you actually tried this on a machine with more than one LSM active?


-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test

[Andrea Cervesato via ltp]

On 6/2/25 14:46, Cyril Hrubis wrote:
> 				next_ctx(next)
>
> Otherwise we will fail the check below.
Right.
>
>> +	for (uint32_t i = 1; i < count; i++) {
>> +		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
>> +			"Attribute and next LSM context must be different");
>> +
>> +		next = next_ctx(next);
>> +	}
> Have you actually tried this on a machine with more than one LSM active?
Fixed, also I think I we to check if "/sys/kernel/security/lsm" exists. 
I guess it doesn't exist if no LSM are present.

- Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test

[Cyril Hrubis]

Hi!
> > 				next_ctx(next)
> >
> > Otherwise we will fail the check below.
> Right.

Feel free to add my Reviewed-by: with that fixed.

> >> +	for (uint32_t i = 1; i < count; i++) {
> >> +		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
> >> +			"Attribute and next LSM context must be different");
> >> +
> >> +		next = next_ctx(next);
> >> +	}
> > Have you actually tried this on a machine with more than one LSM active?
> Fixed, also I think I we to check if "/sys/kernel/security/lsm" exists. 
> I guess it doesn't exist if no LSM are present.

We do call verify_supported_attr_current(); in the setup, that should be
enough. What I was asking for was if you ever tested this code on a
mach9ine where the count > 1 so that the loop actually triggered.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 6/7] Add lsm_list_modules02 test

[Cyril Hrubis]

Hi!
> +	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> +	SAFE_READ(0, fd, data, BUFSIZ);
> +	SAFE_CLOSE(fd);
> +
> +	ptr = strtok(data, ",");
> +
> +	while (ptr != NULL) {

This is usually just while (ptr) {

Anyways:

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Cyril Hrubis]

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test

[Andrea Cervesato via ltp]

On 6/2/25 16:38, Cyril Hrubis wrote:
> Hi!
>>> 				next_ctx(next)
>>>
>>> Otherwise we will fail the check below.
>> Right.
> Feel free to add my Reviewed-by: with that fixed.
Ok
>
>>>> +	for (uint32_t i = 1; i < count; i++) {
>>>> +		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
>>>> +			"Attribute and next LSM context must be different");
>>>> +
>>>> +		next = next_ctx(next);
>>>> +	}
>>> Have you actually tried this on a machine with more than one LSM active?
>> Fixed, also I think I we to check if "/sys/kernel/security/lsm" exists.
>> I guess it doesn't exist if no LSM are present.
> We do call verify_supported_attr_current(); in the setup, that should be
> enough. What I was asking for was if you ever tested this code on a
> mach9ine where the count > 1 so that the loop actually triggered.
>
I modify verify_supported_attr_current() in order to check if 
/sys/kernel/security/lsm exists.
And yes, I tested the code on a VM with 7 LSM(s).

Gonna send the next patch and then merge.

Thanks,
Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Petr Vorel]

Hi Andrea, all,

> Verify that lsm_set_self_attr syscall is raising errors when invalid
> data is provided.

...
> diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> @@ -0,0 +1,110 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "lsm_common.h"
> +
> +static struct lsm_ctx *ctx;
> +static struct lsm_ctx *ctx_orig;
> +static struct lsm_ctx *ctx_null;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +static uint32_t ctx_size_big;
> +static uint32_t page_size;
> +
> +static struct tcase {
> +	uint32_t attr;
> +	struct lsm_ctx **ctx;
> +	uint32_t *size;
> +	uint32_t flags;
> +	int exp_errno;
> +	char *msg;
> +} tcases[] = {
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx_null,
> +		.size = &ctx_size,
> +		.exp_errno = EFAULT,
> +		.msg = "ctx is NULL",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_small,
> +		.exp_errno = EINVAL,
> +		.msg = "size is too small",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_big,
> +		.exp_errno = E2BIG,
> +		.msg = "size is too big",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = 1,
> +		.exp_errno = EINVAL,
> +		.msg = "flags must be zero",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.exp_errno = EINVAL,
> +		.msg = "attr is overset",

FYI The test fails on this check on current Tumbleweed with new
6.15.0-1-default. It worked on 6.14.

Looking at 6.15 landlock related changes (added Landlock audit support and
Landlock signal scope fixes) test might needs to be updated.
https://kernelnewbies.org/Linux_6.15#Security

@Andrea could you please have a look?

Kind regards,
Petr

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Petr Vorel]

Hi Andrea, all,

> Verify that lsm_set_self_attr syscall is raising errors when invalid
> data is provided.

...
> diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> @@ -0,0 +1,110 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "lsm_common.h"
> +
> +static struct lsm_ctx *ctx;
> +static struct lsm_ctx *ctx_orig;
> +static struct lsm_ctx *ctx_null;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +static uint32_t ctx_size_big;
> +static uint32_t page_size;
> +
> +static struct tcase {
> +	uint32_t attr;
> +	struct lsm_ctx **ctx;
> +	uint32_t *size;
> +	uint32_t flags;
> +	int exp_errno;
> +	char *msg;
> +} tcases[] = {
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx_null,
> +		.size = &ctx_size,
> +		.exp_errno = EFAULT,
> +		.msg = "ctx is NULL",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_small,
> +		.exp_errno = EINVAL,
> +		.msg = "size is too small",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_big,
> +		.exp_errno = E2BIG,
> +		.msg = "size is too big",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = 1,
> +		.exp_errno = EINVAL,
> +		.msg = "flags must be zero",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.exp_errno = EINVAL,
> +		.msg = "attr is overset",

FYI The test fails on this check on current Tumbleweed with new
6.15.0-1-default. It worked on 6.14.

Looking at 6.15 landlock related changes (added Landlock audit support and
Landlock signal scope fixes) test might needs to be updated.
https://kernelnewbies.org/Linux_6.15#Security

@Andrea could you please have a look?

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Petr Vorel]

> Hi Andrea, all,

> > Verify that lsm_set_self_attr syscall is raising errors when invalid
> > data is provided.

> ...
> > diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> > new file mode 100644
> > index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804
> > --- /dev/null
> > +++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> > @@ -0,0 +1,110 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> > + */
> > +
> > +/*\
> > + * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
> > + * provided.
> > + */
> > +
> > +#include "lsm_common.h"
> > +
> > +static struct lsm_ctx *ctx;
> > +static struct lsm_ctx *ctx_orig;
> > +static struct lsm_ctx *ctx_null;
> > +static uint32_t ctx_size;
> > +static uint32_t ctx_size_small;
> > +static uint32_t ctx_size_big;
> > +static uint32_t page_size;
> > +
> > +static struct tcase {
> > +	uint32_t attr;
> > +	struct lsm_ctx **ctx;
> > +	uint32_t *size;
> > +	uint32_t flags;
> > +	int exp_errno;
> > +	char *msg;
> > +} tcases[] = {
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx_null,
> > +		.size = &ctx_size,
> > +		.exp_errno = EFAULT,
> > +		.msg = "ctx is NULL",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size_small,
> > +		.exp_errno = EINVAL,
> > +		.msg = "size is too small",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size_big,
> > +		.exp_errno = E2BIG,
> > +		.msg = "size is too big",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size,
> > +		.flags = 1,
> > +		.exp_errno = EINVAL,
> > +		.msg = "flags must be zero",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size,
> > +		.exp_errno = EINVAL,
> > +		.msg = "attr is overset",

> FYI The test fails on this check on current Tumbleweed with new
> 6.15.0-1-default. It worked on 6.14.

> Looking at 6.15 landlock related changes (added Landlock audit support and
> Landlock signal scope fixes) test might needs to be updated.
> https://kernelnewbies.org/Linux_6.15#Security

@Mickaël @Günther I'm sorry, replying to wrong people. This is not a landlock
related, the syscall is lsm_set_self_attr().

Kind regards,
Petr

> @Andrea could you please have a look?

> Kind regards,
> Petr

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Petr Vorel]

> Hi Andrea, all,

> > Verify that lsm_set_self_attr syscall is raising errors when invalid
> > data is provided.

> ...
> > diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> > new file mode 100644
> > index 0000000000000000000000000000000000000000..caccdda7ecf2edaac1fa8e2dc2ccdd0aff020804
> > --- /dev/null
> > +++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
> > @@ -0,0 +1,110 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> > + */
> > +
> > +/*\
> > + * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
> > + * provided.
> > + */
> > +
> > +#include "lsm_common.h"
> > +
> > +static struct lsm_ctx *ctx;
> > +static struct lsm_ctx *ctx_orig;
> > +static struct lsm_ctx *ctx_null;
> > +static uint32_t ctx_size;
> > +static uint32_t ctx_size_small;
> > +static uint32_t ctx_size_big;
> > +static uint32_t page_size;
> > +
> > +static struct tcase {
> > +	uint32_t attr;
> > +	struct lsm_ctx **ctx;
> > +	uint32_t *size;
> > +	uint32_t flags;
> > +	int exp_errno;
> > +	char *msg;
> > +} tcases[] = {
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx_null,
> > +		.size = &ctx_size,
> > +		.exp_errno = EFAULT,
> > +		.msg = "ctx is NULL",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size_small,
> > +		.exp_errno = EINVAL,
> > +		.msg = "size is too small",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size_big,
> > +		.exp_errno = E2BIG,
> > +		.msg = "size is too big",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size,
> > +		.flags = 1,
> > +		.exp_errno = EINVAL,
> > +		.msg = "flags must be zero",
> > +	},
> > +	{
> > +		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
> > +		.ctx = &ctx,
> > +		.size = &ctx_size,
> > +		.exp_errno = EINVAL,
> > +		.msg = "attr is overset",

> FYI The test fails on this check on current Tumbleweed with new
> 6.15.0-1-default. It worked on 6.14.

> Looking at 6.15 landlock related changes (added Landlock audit support and
> Landlock signal scope fixes) test might needs to be updated.
> https://kernelnewbies.org/Linux_6.15#Security

@Mickaël @Günther I'm sorry, replying to wrong people. This is not a landlock
related, the syscall is lsm_set_self_attr().

Kind regards,
Petr

> @Andrea could you please have a look?

> Kind regards,
> Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Andrea Cervesato]

> FYI The test fails on this check on current Tumbleweed with new
> 6.15.0-1-default. It worked on 6.14.
>
> Looking at 6.15 landlock related changes (added Landlock audit support and
> Landlock signal scope fixes) test might needs to be updated.
> https://kernelnewbies.org/Linux_6.15#Security
>
> @Andrea could you please have a look?
>
> Kind regards,
> Petr
There's already a patch in queue fixing the way we are checking errors.

About Tumbleweed: I'm already working on it.

- Andrea

Re: [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test

[Andrea Cervesato via ltp]

> FYI The test fails on this check on current Tumbleweed with new
> 6.15.0-1-default. It worked on 6.14.
>
> Looking at 6.15 landlock related changes (added Landlock audit support and
> Landlock signal scope fixes) test might needs to be updated.
> https://kernelnewbies.org/Linux_6.15#Security
>
> @Andrea could you please have a look?
>
> Kind regards,
> Petr
There's already a patch in queue fixing the way we are checking errors.

About Tumbleweed: I'm already working on it.

- Andrea



-- 
Mailing list info: https://lists.linux.it/listinfo/ltp