[LTP] [PATCH 0/7] LSM testing suite

[LTP] [PATCH 0/7] LSM testing suite

[Andrea Cervesato]

Testing the following syscalls which are providing support for the LSM
communication added in kernel 6.8:

- lsm_get_self_attr
- lsm_set_self_attr
- lsm_list_modules

Please consider the following documentation as reference:
https://docs.kernel.org/userspace-api/lsm.html

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Andrea Cervesato (7):
      Add fallback definitions of LSM syscalls
      Add lsm_get_self_attr01 test
      Add lsm_get_self_attr02 test
      Add lsm_get_self_attr03 test
      Add lsm_list_modules01 test
      Add lsm_list_modules02 test
      Add lsm_set_self_attr01 test

 configure.ac                                       |   3 +-
 include/lapi/lsm.h                                 | 172 +++++++++++++++++++++
 runtest/syscalls                                   |   7 +
 testcases/kernel/syscalls/lsm/.gitignore           |   6 +
 testcases/kernel/syscalls/lsm/Makefile             |   7 +
 testcases/kernel/syscalls/lsm/lsm_common.h         |  57 +++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr01.c      |  81 ++++++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr02.c      |  55 +++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr03.c      |  82 ++++++++++
 testcases/kernel/syscalls/lsm/lsm_list_modules01.c |  77 +++++++++
 testcases/kernel/syscalls/lsm/lsm_list_modules02.c | 134 ++++++++++++++++
 .../kernel/syscalls/lsm/lsm_set_self_attr01.c      | 123 +++++++++++++++
 12 files changed, 803 insertions(+), 1 deletion(-)
---
base-commit: c998b285e4d3c75e072be833b4fb9e1b4263f7bf
change-id: 20241105-lsm-5da2f6c2a1e9

Best regards,
-- 
Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Fallback definition for the following syscalls:

- lsm_get_self_attr
- lsm_set_self_attr
- lsm_list_modules

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 configure.ac       |   3 +-
 include/lapi/lsm.h | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 6992d75ca300ccc4cc21a45a916f6b3be1a3b8fe..99c00d1b9b4cda48cb0ce07af03b97855dcdfd36 100644
--- a/configure.ac
+++ b/configure.ac
@@ -62,6 +62,7 @@ AC_CHECK_HEADERS_ONCE([ \
     linux/ioprio.h \
     linux/keyctl.h \
     linux/landlock.h \
+    linux/lsm.h \
     linux/mempolicy.h \
     linux/module.h \
     linux/mount.h \
@@ -196,7 +197,7 @@ AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
 AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
 AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include <linux/landlock.h>])
 AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include <linux/landlock.h>])
-
+AC_CHECK_TYPES([struct lsm_ctx],,,[#include <linux/lsm.h>])
 AC_CHECK_TYPES([struct mmsghdr],,,[
 #define _GNU_SOURCE
 #include <sys/types.h>
diff --git a/include/lapi/lsm.h b/include/lapi/lsm.h
new file mode 100644
index 0000000000000000000000000000000000000000..a37ed0175289c420040ea744e4eaa524d17cbe7d
--- /dev/null
+++ b/include/lapi/lsm.h
@@ -0,0 +1,172 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LAPI_LSM_H__
+#define LAPI_LSM_H__
+
+#include "config.h"
+
+#ifdef HAVE_LINUX_LSM_H
+#include <linux/lsm.h>
+#endif
+
+#include <stdint.h>
+#include "lapi/syscalls.h"
+
+#ifndef HAVE_STRUCT_LSM_CTX
+
+/**
+ * struct lsm_ctx - LSM context information
+ * @id: the LSM id number, see LSM_ID_XXX
+ * @flags: LSM specific flags
+ * @len: length of the lsm_ctx struct, @ctx and any other data or padding
+ * @ctx_len: the size of @ctx
+ * @ctx: the LSM context value
+ *
+ * The @len field MUST be equal to the size of the lsm_ctx struct
+ * plus any additional padding and/or data placed after @ctx.
+ *
+ * In all cases @ctx_len MUST be equal to the length of @ctx.
+ * If @ctx is a string value it should be nul terminated with
+ * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
+ * supported.
+ *
+ * The @flags and @ctx fields SHOULD only be interpreted by the
+ * LSM specified by @id; they MUST be set to zero/0 when not used.
+ */
+struct lsm_ctx {
+	uint64_t id;
+	uint64_t flags;
+	uint64_t len;
+	uint64_t ctx_len;
+	uint8_t ctx[4096];
+};
+#endif
+
+/*
+ * ID tokens to identify Linux Security Modules (LSMs)
+ *
+ * These token values are used to uniquely identify specific LSMs
+ * in the kernel as well as in the kernel's LSM userspace API.
+ */
+#ifndef LSM_ID_UNDEF
+# define LSM_ID_UNDEF		0
+#endif
+
+#ifndef LSM_ID_CAPABILITY
+# define LSM_ID_CAPABILITY	100
+#endif
+
+#ifndef LSM_ID_SELINUX
+# define LSM_ID_SELINUX		101
+#endif
+
+#ifndef LSM_ID_SMACK
+# define LSM_ID_SMACK		102
+#endif
+
+#ifndef LSM_ID_TOMOYO
+# define LSM_ID_TOMOYO		103
+#endif
+
+#ifndef LSM_ID_APPARMOR
+# define LSM_ID_APPARMOR	104
+#endif
+
+#ifndef LSM_ID_YAMA
+# define LSM_ID_YAMA		105
+#endif
+
+#ifndef LSM_ID_LOADPIN
+# define LSM_ID_LOADPIN		106
+#endif
+
+#ifndef LSM_ID_SAFESETID
+# define LSM_ID_SAFESETID	107
+#endif
+
+#ifndef LSM_ID_LOCKDOWN
+# define LSM_ID_LOCKDOWN	108
+#endif
+
+#ifndef LSM_ID_BPF
+# define LSM_ID_BPF		109
+#endif
+
+#ifndef LSM_ID_LANDLOCK
+# define LSM_ID_LANDLOCK	110
+#endif
+
+#ifndef LSM_ID_IMA
+# define LSM_ID_IMA		111
+#endif
+
+#ifndef LSM_ID_EVM
+# define LSM_ID_EVM		112
+#endif
+
+#ifndef LSM_ID_IPE
+# define LSM_ID_IPE		113
+#endif
+
+/*
+ * LSM_ATTR_XXX definitions identify different LSM attributes
+ * which are used in the kernel's LSM userspace API. Support
+ * for these attributes vary across the different LSMs. None
+ * are required.
+ */
+#ifndef LSM_ATTR_UNDEF
+# define LSM_ATTR_UNDEF		0
+#endif
+
+#ifndef LSM_ATTR_CURRENT
+# define LSM_ATTR_CURRENT	100
+#endif
+
+#ifndef LSM_ATTR_EXEC
+# define LSM_ATTR_EXEC		101
+#endif
+
+#ifndef LSM_ATTR_FSCREATE
+# define LSM_ATTR_FSCREATE	102
+#endif
+
+#ifndef LSM_ATTR_KEYCREATE
+# define LSM_ATTR_KEYCREATE	103
+#endif
+
+#ifndef LSM_ATTR_PREV
+# define LSM_ATTR_PREV		104
+#endif
+
+#ifndef LSM_ATTR_SOCKCREATE
+# define LSM_ATTR_SOCKCREATE	105
+#endif
+
+/*
+ * LSM_FLAG_XXX definitions identify special handling instructions
+ * for the API.
+ */
+#ifndef LSM_FLAG_SINGLE
+# define LSM_FLAG_SINGLE	0x0001
+#endif
+
+static inline int lsm_get_self_attr(uint32_t attr, struct lsm_ctx *ctx,
+				    uint32_t *size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags);
+}
+
+static inline int lsm_set_self_attr(uint32_t attr, struct lsm_ctx *ctx,
+				    uint32_t size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags);
+}
+
+static inline int lsm_list_modules(uint64_t *ids, uint32_t *size, uint32_t flags)
+{
+	return tst_syscall(__NR_lsm_list_modules, ids, size, flags);
+}
+#endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_get_self_attr syscall is raising errors when invalid
data is provided.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  2 +
 testcases/kernel/syscalls/lsm/Makefile             |  7 ++
 testcases/kernel/syscalls/lsm/lsm_common.h         | 57 +++++++++++++++
 .../kernel/syscalls/lsm/lsm_get_self_attr01.c      | 81 ++++++++++++++++++++++
 4 files changed, 147 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 5fd62617df1a116b1d94c57ff30f74693320a2ab..d59faf08a3f36b5f64d56952f69641191c70bf33 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -756,6 +756,8 @@ lseek02 lseek02
 lseek07 lseek07
 lseek11 lseek11
 
+lsm_get_self_attr01 lsm_get_self_attr01
+
 lstat01 lstat01
 lstat01_64 lstat01_64
 lstat02 lstat02
diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..33ddda13720d843907404662e6c6dc72ffac3233
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_common.h
@@ -0,0 +1,57 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LSM_GET_SELF_ATTR_H
+#define LSM_GET_SELF_ATTR_H
+
+#include "tst_test.h"
+#include "lapi/lsm.h"
+
+static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
+{
+	return (struct lsm_ctx *)((void *)tctx + sizeof(*tctx) + tctx->ctx_len);
+}
+
+static inline void read_proc_attr(const char *attr, char *val, const size_t size)
+{
+	int fd;
+	char *ptr;
+	char path[BUFSIZ];
+
+	memset(val, 0, size);
+	memset(path, 0, BUFSIZ);
+
+	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
+
+	tst_res(TINFO, "Reading %s", path);
+
+	fd = SAFE_OPEN(path, O_RDONLY);
+
+	if (read(fd, val, size) > 0) {
+		ptr = strchr(val, '\n');
+		if (ptr)
+			*ptr = '\0';
+	}
+
+	SAFE_CLOSE(fd);
+}
+
+static inline int verify_enabled_lsm(const char *name)
+{
+	int fd;
+	char data[BUFSIZ];
+
+	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
+	SAFE_READ(0, fd, data, BUFSIZ);
+	SAFE_CLOSE(fd);
+
+	if (!strstr(data, name)) {
+		tst_res(TINFO, "%s is running", name);
+		return 1;
+	}
+
+	return 0;
+}
+#endif
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
new file mode 100644
index 0000000000000000000000000000000000000000..2317941af1b73240368820e6a51591e7c18cc140
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
@@ -0,0 +1,81 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "tst_test.h"
+#include "lapi/lsm.h"
+
+static struct lsm_ctx *ctx;
+static uint32_t ctx_size;
+static uint32_t ctx_size_small;
+
+static struct tcase {
+	uint32_t attr;
+	struct lsm_ctx **ctx;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_err;
+	char *msg;
+} tcases[] = {
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.exp_err = EINVAL,
+		.msg = "size is NULL",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
+		.exp_err = EINVAL,
+		.msg = "flags is invalid",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_small,
+		.exp_err = E2BIG,
+		.msg = "size is too smal",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = LSM_FLAG_SINGLE,
+		.exp_err = EINVAL,
+		.msg = "flags force to use ctx attributes",
+	},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	memset(ctx, 0, sizeof(struct lsm_ctx));
+	ctx_size = sizeof(struct lsm_ctx);
+	ctx_size_small = 1;
+
+	TST_EXP_FAIL(lsm_get_self_attr(
+		LSM_ATTR_CURRENT, *tc->ctx, tc->size, tc->flags),
+		tc->exp_err,
+		"%s", tc->msg);
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = sizeof(struct lsm_ctx)},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 3/7] Add lsm_get_self_attr02 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
The syscall can behave in different ways according to the current system
status:

- if any LSM is running inside the system, the syscall will pass and it will
  provide a size as big as the attribute
- if no LSM(s) are running inside the system, the syscall will fail with -1
  return code

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  2 +
 .../kernel/syscalls/lsm/lsm_get_self_attr02.c      | 55 ++++++++++++++++++++++
 3 files changed, 58 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index d59faf08a3f36b5f64d56952f69641191c70bf33..b3350af4db6d00cf86f621b5efee5d603af920f0 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -757,6 +757,7 @@ lseek07 lseek07
 lseek11 lseek11
 
 lsm_get_self_attr01 lsm_get_self_attr01
+lsm_get_self_attr02 lsm_get_self_attr02
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..9f7c9b00b026a377f1b36f483ac2c1a0adba6249
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -0,0 +1,2 @@
+lsm_get_self_attr01
+lsm_get_self_attr02
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
new file mode 100644
index 0000000000000000000000000000000000000000..ce10bc2881fa8ac56a1e1da01631cfed8857eb08
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
@@ -0,0 +1,55 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
+ * The syscall can behave in different ways according to the current system
+ * status:
+ *
+ * - if any LSM is running inside the system, the syscall will pass and it will
+ *   provide a size as big as the attribute
+ * - if no LSM(s) are running inside the system, the syscall will fail with -1
+ *   return code
+ */
+#include "lsm_common.h"
+
+static uint32_t page_size;
+static uint32_t lsm_count;
+
+static void run(void)
+{
+	uint32_t size = page_size;
+
+	if (lsm_count) {
+		TST_EXP_EXPR(lsm_get_self_attr(
+			LSM_ATTR_CURRENT, NULL, &size, 0) >= 1);
+		TST_EXP_EXPR(size > 1);
+	} else {
+		TST_EXP_EQ_LI(lsm_get_self_attr(
+			LSM_ATTR_CURRENT, NULL, &size, 0), -1);
+	}
+}
+
+static void setup(void)
+{
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+
+	if (verify_enabled_lsm("selinux"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("apparmor"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("smack"))
+		lsm_count++;
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 4/7] Add lsm_get_self_attr03 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
the current, active security context of the process. This is done by
checking that /proc/self/attr/current matches with the obtained value.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 .../kernel/syscalls/lsm/lsm_get_self_attr03.c      | 82 ++++++++++++++++++++++
 3 files changed, 84 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index b3350af4db6d00cf86f621b5efee5d603af920f0..e6cff7763649d8b5c7eb9945473052c63b7a48aa 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -758,6 +758,7 @@ lseek11 lseek11
 
 lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
+lsm_get_self_attr03 lsm_get_self_attr03
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 9f7c9b00b026a377f1b36f483ac2c1a0adba6249..19956fdf8b9952b4850c3a20826e29ec67ea3560 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -1,2 +1,3 @@
 lsm_get_self_attr01
 lsm_get_self_attr02
+lsm_get_self_attr03
diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
new file mode 100644
index 0000000000000000000000000000000000000000..8d20289569d074648f4432aad2b0bcf1356bf2c3
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
+ * the current, active security context of the process. This is done by
+ * checking that /proc/self/attr/current matches with the obtained value.
+ */
+
+#include "lsm_common.h"
+
+static struct lsm_ctx *ctx;
+static uint32_t page_size;
+
+static void run(void)
+{
+	tst_res(TINFO, "Verifying 'LSM_ATTR_CURRENT' attribute");
+
+	uint32_t count;
+	uint32_t size = page_size;
+	char attr[size];
+
+	memset(attr, 0, size);
+	memset(ctx, 0, sizeof(struct lsm_ctx));
+
+	count = TST_EXP_POSITIVE(
+		lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0));
+
+	if (TST_RET == -1)
+		return;
+
+	if (!count) {
+		tst_res(TFAIL, "Can't read any attribute");
+		return;
+	}
+
+	read_proc_attr("current", attr, page_size);
+
+	TST_EXP_EQ_STR(attr, (char *)ctx->ctx);
+
+	struct lsm_ctx *next = ctx;
+
+	for (uint32_t i = 1; i < count; i++) {
+		TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
+			"Attribute and next LSM context must be different");
+
+		next = next_ctx(next);
+	}
+}
+
+static void setup(void)
+{
+	uint32_t lsm_count = 0;
+
+	if (verify_enabled_lsm("selinux"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("apparmor"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("smack"))
+		lsm_count++;
+
+	if (!lsm_count)
+		tst_brk(TCONF, "LSM_ATTR_CURRENT is not supported by any LSM");
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = sizeof(struct lsm_ctx)},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 5/7] Add lsm_list_modules01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_list_modules syscall is raising errors when invalid
data is provided.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  1 +
 testcases/kernel/syscalls/lsm/.gitignore           |  1 +
 testcases/kernel/syscalls/lsm/lsm_list_modules01.c | 77 ++++++++++++++++++++++
 3 files changed, 79 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index e6cff7763649d8b5c7eb9945473052c63b7a48aa..78b70e12b87bbbec88d641b9c11cac2989812ff7 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -759,6 +759,7 @@ lseek11 lseek11
 lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
+lsm_list_modules01 lsm_list_modules01
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 19956fdf8b9952b4850c3a20826e29ec67ea3560..501d332549a84cceb9741346bdb8b83eb02467c5 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -1,3 +1,4 @@
 lsm_get_self_attr01
 lsm_get_self_attr02
 lsm_get_self_attr03
+lsm_list_modules01
diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules01.c b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c
new file mode 100644
index 0000000000000000000000000000000000000000..6aa401ab19bd3fb303fe28df878c3238bacdd4fb
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_list_modules01.c
@@ -0,0 +1,77 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that lsm_list_modules syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "lsm_common.h"
+
+#define MAX_LSM_NUM 32
+
+static uint64_t lsm_ids[MAX_LSM_NUM];
+static uint32_t page_size;
+static uint32_t ids_size;
+static uint32_t ids_size_small;
+
+static struct tcase {
+	uint64_t *ids;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{
+		.size = &ids_size,
+		.exp_errno = EFAULT,
+		.msg = "ids is NULL",
+	},
+	{
+		.ids = lsm_ids,
+		.exp_errno = EFAULT,
+		.msg = "size is NULL",
+	},
+	{
+		.ids = lsm_ids,
+		.size = &ids_size_small,
+		.exp_errno = E2BIG,
+		.msg = "size is too small",
+	},
+	{
+		.ids = lsm_ids,
+		.size = &ids_size,
+		.flags = 1,
+		.exp_errno = EINVAL,
+		.msg = "flags must be zero",
+	},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	memset(lsm_ids, 0, sizeof(lsm_ids));
+	ids_size = page_size;
+	ids_size_small = 0;
+
+	TST_EXP_FAIL(lsm_list_modules(tc->ids, tc->size, tc->flags),
+	      tc->exp_errno,
+	      "%s", tc->msg);
+}
+
+static void setup(void)
+{
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+}
+
+static struct tst_test test = {
+	.test = run,
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 6/7] Add lsm_list_modules02 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_list_modules syscall is correctly recognizing LSM(s)
enabled inside the system.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |   1 +
 testcases/kernel/syscalls/lsm/.gitignore           |   1 +
 testcases/kernel/syscalls/lsm/lsm_list_modules02.c | 134 +++++++++++++++++++++
 3 files changed, 136 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 78b70e12b87bbbec88d641b9c11cac2989812ff7..ee46f500859d08fba8d2553a01f8bc9e2cc8e3ea 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -760,6 +760,7 @@ lsm_get_self_attr01 lsm_get_self_attr01
 lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
 lsm_list_modules01 lsm_list_modules01
+lsm_list_modules02 lsm_list_modules02
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 501d332549a84cceb9741346bdb8b83eb02467c5..766f81fd1c74a10001862f142c02ba251e666ef2 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -2,3 +2,4 @@ lsm_get_self_attr01
 lsm_get_self_attr02
 lsm_get_self_attr03
 lsm_list_modules01
+lsm_list_modules02
diff --git a/testcases/kernel/syscalls/lsm/lsm_list_modules02.c b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c
new file mode 100644
index 0000000000000000000000000000000000000000..7ce541932bf8aaf90c88a2bcb2b9f23793e9a7fc
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_list_modules02.c
@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that lsm_list_modules syscall is correctly recognizing LSM(s) enabled
+ * inside the system.
+ *
+ * [Algorithm]
+ *
+ * - read enabled LSM(s) inside /sys/kernel/security/lsm file
+ * - collect LSM IDs using lsm_list_modules syscall
+ * - compare the results, verifying that LSM(s) IDs are correct
+ */
+
+#include "lsm_common.h"
+
+#define MAX_LSM_NUM 32
+
+static char lsm_list[BUFSIZ];
+static uint32_t page_size;
+static uint64_t *ids;
+static uint32_t *size;
+
+static void run(void)
+{
+	uint32_t lsm_num;
+	uint32_t counter = 0;
+
+	memset(ids, 0, sizeof(uint64_t) * MAX_LSM_NUM);
+	*size = page_size;
+
+	lsm_num = TST_EXP_POSITIVE(lsm_list_modules(ids, size, 0));
+
+	for (uint32_t i = 0; i < lsm_num; i++) {
+		char *name = NULL;
+
+		switch (ids[i]) {
+		case LSM_ID_CAPABILITY:
+			name = "capability";
+			counter++;
+			break;
+		case LSM_ID_SELINUX:
+			name = "selinux";
+			counter++;
+			break;
+		case LSM_ID_SMACK:
+			name = "smack";
+			counter++;
+			break;
+		case LSM_ID_TOMOYO:
+			name = "tomoyo";
+			counter++;
+			break;
+		case LSM_ID_APPARMOR:
+			name = "apparmor";
+			counter++;
+			break;
+		case LSM_ID_YAMA:
+			name = "yama";
+			counter++;
+			break;
+		case LSM_ID_LOADPIN:
+			name = "loadpin";
+			counter++;
+			break;
+		case LSM_ID_SAFESETID:
+			name = "safesetid";
+			counter++;
+			break;
+		case LSM_ID_LOCKDOWN:
+			name = "lockdown";
+			counter++;
+			break;
+		case LSM_ID_BPF:
+			name = "bpf";
+			counter++;
+			break;
+		case LSM_ID_LANDLOCK:
+			name = "landlock";
+			counter++;
+			break;
+		case LSM_ID_IMA:
+			name = "ima";
+			counter++;
+			break;
+		case LSM_ID_EVM:
+			name = "evm";
+			counter++;
+			break;
+		case LSM_ID_IPE:
+			name = "ipe";
+			counter++;
+			break;
+		default:
+			break;
+		}
+
+		if (!name)
+			tst_brk(TBROK, "Unsupported LSM: %lu", ids[i]);
+
+		if (strstr(name, lsm_list))
+			tst_res(TFAIL, "'%s' has not been found", name);
+		else
+			tst_res(TPASS, "'%s' is enabled", name);
+	}
+
+	TST_EXP_EQ_LI(*size, counter * sizeof(uint64_t));
+	TST_EXP_EQ_LI(lsm_num, counter);
+}
+
+static void setup(void)
+{
+	int fd;
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
+	SAFE_READ(0, fd, lsm_list, BUFSIZ);
+	SAFE_CLOSE(fd);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers []) {
+		{&ids, .size = sizeof(uint64_t) * MAX_LSM_NUM},
+		{&size, .size = sizeof(uint32_t)},
+		{},
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 7/7] Add lsm_set_self_attr01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Verify that lsm_set_self_attr syscall is raising errors when invalid
data is provided.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |   1 +
 testcases/kernel/syscalls/lsm/.gitignore           |   1 +
 .../kernel/syscalls/lsm/lsm_set_self_attr01.c      | 123 +++++++++++++++++++++
 3 files changed, 125 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index ee46f500859d08fba8d2553a01f8bc9e2cc8e3ea..1d017726782cce40feff964c3cf3260b98e4b24d 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -761,6 +761,7 @@ lsm_get_self_attr02 lsm_get_self_attr02
 lsm_get_self_attr03 lsm_get_self_attr03
 lsm_list_modules01 lsm_list_modules01
 lsm_list_modules02 lsm_list_modules02
+lsm_set_self_attr01 lsm_set_self_attr01
 
 lstat01 lstat01
 lstat01_64 lstat01_64
diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
index 766f81fd1c74a10001862f142c02ba251e666ef2..467f07cec5443393d231bbb98880b7183635dd9d 100644
--- a/testcases/kernel/syscalls/lsm/.gitignore
+++ b/testcases/kernel/syscalls/lsm/.gitignore
@@ -3,3 +3,4 @@ lsm_get_self_attr02
 lsm_get_self_attr03
 lsm_list_modules01
 lsm_list_modules02
+lsm_set_self_attr01
diff --git a/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
new file mode 100644
index 0000000000000000000000000000000000000000..2d9d96bd7a42a99e8597d71bf05501ba18171af0
--- /dev/null
+++ b/testcases/kernel/syscalls/lsm/lsm_set_self_attr01.c
@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * Verify that lsm_set_self_attr syscall is raising errors when invalid data is
+ * provided.
+ */
+
+#include "lsm_common.h"
+
+static struct lsm_ctx *ctx;
+static struct lsm_ctx *ctx_orig;
+static struct lsm_ctx *ctx_null;
+static uint32_t ctx_size;
+static uint32_t ctx_size_small;
+static uint32_t ctx_size_big;
+static uint32_t page_size;
+
+static struct tcase {
+	uint32_t attr;
+	struct lsm_ctx **ctx;
+	uint32_t *size;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx_null,
+		.size = &ctx_size,
+		.exp_errno = EFAULT,
+		.msg = "ctx is NULL",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_small,
+		.exp_errno = EINVAL,
+		.msg = "size is too small",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size_big,
+		.exp_errno = E2BIG,
+		.msg = "size is too big",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.flags = 1,
+		.exp_errno = EINVAL,
+		.msg = "flags must be zero",
+	},
+	{
+		.attr = LSM_ATTR_CURRENT | LSM_ATTR_EXEC,
+		.ctx = &ctx,
+		.size = &ctx_size,
+		.exp_errno = EINVAL,
+		.msg = "attr is overset",
+	}
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	/* just in case lsm_set_self_attr() pass , we won't change
+	 * LSM configuration for the following process
+	 */
+	memcpy(ctx, ctx_orig, sizeof(struct lsm_ctx));
+
+	ctx_size = page_size;
+	ctx_size_small = 1;
+	ctx_size_big = ctx_size + 1;
+
+	TST_EXP_FAIL(lsm_set_self_attr(tc->attr, *tc->ctx, *tc->size, tc->flags),
+	      tc->exp_errno,
+	      "%s", tc->msg);
+}
+
+static void setup(void)
+{
+	int ret;
+	uint32_t size;
+	int lsm_count = 0;
+
+	if (verify_enabled_lsm("selinux"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("apparmor"))
+		lsm_count++;
+
+	if (verify_enabled_lsm("smack"))
+		lsm_count++;
+
+	if (!lsm_count)
+		tst_brk(TCONF, "LSM_ATTR_CURRENT is not supported by any LSM");
+
+	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
+	size = page_size;
+
+	ret = lsm_get_self_attr(LSM_ATTR_CURRENT, ctx_orig, &size, 0);
+	if (ret < 0)
+		tst_brk(TBROK, "Can't read LSM current attribute");
+}
+
+static struct tst_test test = {
+	.test = run,
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.min_kver = "6.8",
+	.bufs = (struct tst_buffers[]) {
+		{&ctx, .size = sizeof(struct lsm_ctx)},
+		{&ctx_orig, .size = sizeof(struct lsm_ctx)},
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

[Wei Gao via ltp]

On Tue, Nov 12, 2024 at 08:15:32AM +0100, Andrea Cervesato wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
> 
> Fallback definition for the following syscalls:
> 
> - lsm_get_self_attr
> - lsm_set_self_attr
> - lsm_list_modules
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  configure.ac       |   3 +-
>  include/lapi/lsm.h | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 174 insertions(+), 1 deletion(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 6992d75ca300ccc4cc21a45a916f6b3be1a3b8fe..99c00d1b9b4cda48cb0ce07af03b97855dcdfd36 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -62,6 +62,7 @@ AC_CHECK_HEADERS_ONCE([ \
>      linux/ioprio.h \
>      linux/keyctl.h \
>      linux/landlock.h \
> +    linux/lsm.h \
>      linux/mempolicy.h \
>      linux/module.h \
>      linux/mount.h \
> @@ -196,7 +197,7 @@ AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
>  AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
>  AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include <linux/landlock.h>])
>  AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include <linux/landlock.h>])
> -
> +AC_CHECK_TYPES([struct lsm_ctx],,,[#include <linux/lsm.h>])
>  AC_CHECK_TYPES([struct mmsghdr],,,[
>  #define _GNU_SOURCE
>  #include <sys/types.h>
> diff --git a/include/lapi/lsm.h b/include/lapi/lsm.h
> new file mode 100644
> index 0000000000000000000000000000000000000000..a37ed0175289c420040ea744e4eaa524d17cbe7d
> --- /dev/null
> +++ b/include/lapi/lsm.h
> @@ -0,0 +1,172 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LAPI_LSM_H__
> +#define LAPI_LSM_H__
> +
> +#include "config.h"
> +
> +#ifdef HAVE_LINUX_LSM_H
> +#include <linux/lsm.h>
> +#endif
I guess s/#endif/#else ?
> +
> +#include <stdint.h>
> +#include "lapi/syscalls.h"
> +
> +#ifndef HAVE_STRUCT_LSM_CTX
> +
> +/**
> + * struct lsm_ctx - LSM context information
> + * @id: the LSM id number, see LSM_ID_XXX
> + * @flags: LSM specific flags
> + * @len: length of the lsm_ctx struct, @ctx and any other data or padding
> + * @ctx_len: the size of @ctx
> + * @ctx: the LSM context value
> + *
> + * The @len field MUST be equal to the size of the lsm_ctx struct
> + * plus any additional padding and/or data placed after @ctx.
> + *
> + * In all cases @ctx_len MUST be equal to the length of @ctx.
> + * If @ctx is a string value it should be nul terminated with
> + * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
> + * supported.
> + *
> + * The @flags and @ctx fields SHOULD only be interpreted by the
> + * LSM specified by @id; they MUST be set to zero/0 when not used.
> + */
> +struct lsm_ctx {
> +	uint64_t id;
> +	uint64_t flags;
> +	uint64_t len;
> +	uint64_t ctx_len;
> +	uint8_t ctx[4096];
> +};
> +#endif
> +
> +/*
> + * ID tokens to identify Linux Security Modules (LSMs)
> + *
> + * These token values are used to uniquely identify specific LSMs
> + * in the kernel as well as in the kernel's LSM userspace API.
> + */
> +#ifndef LSM_ID_UNDEF
> +# define LSM_ID_UNDEF		0
> +#endif
> +
> +#ifndef LSM_ID_CAPABILITY
> +# define LSM_ID_CAPABILITY	100
> +#endif
> +
> +#ifndef LSM_ID_SELINUX
> +# define LSM_ID_SELINUX		101
> +#endif
> +
> +#ifndef LSM_ID_SMACK
> +# define LSM_ID_SMACK		102
> +#endif
> +
> +#ifndef LSM_ID_TOMOYO
> +# define LSM_ID_TOMOYO		103
> +#endif
> +
> +#ifndef LSM_ID_APPARMOR
> +# define LSM_ID_APPARMOR	104
> +#endif
> +
> +#ifndef LSM_ID_YAMA
> +# define LSM_ID_YAMA		105
> +#endif
> +
> +#ifndef LSM_ID_LOADPIN
> +# define LSM_ID_LOADPIN		106
> +#endif
> +
> +#ifndef LSM_ID_SAFESETID
> +# define LSM_ID_SAFESETID	107
> +#endif
> +
> +#ifndef LSM_ID_LOCKDOWN
> +# define LSM_ID_LOCKDOWN	108
> +#endif
> +
> +#ifndef LSM_ID_BPF
> +# define LSM_ID_BPF		109
> +#endif
> +
> +#ifndef LSM_ID_LANDLOCK
> +# define LSM_ID_LANDLOCK	110
> +#endif
> +
> +#ifndef LSM_ID_IMA
> +# define LSM_ID_IMA		111
> +#endif
> +
> +#ifndef LSM_ID_EVM
> +# define LSM_ID_EVM		112
> +#endif
> +
> +#ifndef LSM_ID_IPE
> +# define LSM_ID_IPE		113
> +#endif
> +
> +/*
> + * LSM_ATTR_XXX definitions identify different LSM attributes
> + * which are used in the kernel's LSM userspace API. Support
> + * for these attributes vary across the different LSMs. None
> + * are required.
> + */
> +#ifndef LSM_ATTR_UNDEF
> +# define LSM_ATTR_UNDEF		0
> +#endif
> +
> +#ifndef LSM_ATTR_CURRENT
> +# define LSM_ATTR_CURRENT	100
> +#endif
> +
> +#ifndef LSM_ATTR_EXEC
> +# define LSM_ATTR_EXEC		101
> +#endif
> +
> +#ifndef LSM_ATTR_FSCREATE
> +# define LSM_ATTR_FSCREATE	102
> +#endif
> +
> +#ifndef LSM_ATTR_KEYCREATE
> +# define LSM_ATTR_KEYCREATE	103
> +#endif
> +
> +#ifndef LSM_ATTR_PREV
> +# define LSM_ATTR_PREV		104
> +#endif
> +
> +#ifndef LSM_ATTR_SOCKCREATE
> +# define LSM_ATTR_SOCKCREATE	105
> +#endif
> +
> +/*
> + * LSM_FLAG_XXX definitions identify special handling instructions
> + * for the API.
> + */
> +#ifndef LSM_FLAG_SINGLE
> +# define LSM_FLAG_SINGLE	0x0001
> +#endif
> +
> +static inline int lsm_get_self_attr(uint32_t attr, struct lsm_ctx *ctx,
> +				    uint32_t *size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_get_self_attr, attr, ctx, size, flags);
> +}
> +
> +static inline int lsm_set_self_attr(uint32_t attr, struct lsm_ctx *ctx,
> +				    uint32_t size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_set_self_attr, attr, ctx, size, flags);
> +}
> +
> +static inline int lsm_list_modules(uint64_t *ids, uint32_t *size, uint32_t flags)
> +{
> +	return tst_syscall(__NR_lsm_list_modules, ids, size, flags);
> +}
> +#endif
> 
> -- 
> 2.43.0
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

[Petr Vorel]

Hi all,

...
> > +#ifdef HAVE_LINUX_LSM_H
> > +#include <linux/lsm.h>
> > +#endif
> I guess s/#endif/#else ?

IMHO this is correct. This guards just <linux/lsm.h> (added in 6.7).
All other fallback definitions are guarded by other checks, because UAPI headers
evolve over time, thus it would not help to guard all fallback definitions just
by HAVE_LINUX_LSM_H. Check other lapi headers, vast majority of those who
include header add fallback definitions will do it this way.

Kind regards,
Petr


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

[Wei Gao via ltp]

On Thu, Nov 14, 2024 at 12:11:56AM +0100, Petr Vorel wrote:
> Hi all,
> 
> ...
> > > +#ifdef HAVE_LINUX_LSM_H
> > > +#include <linux/lsm.h>
> > > +#endif
> > I guess s/#endif/#else ?
> 
> IMHO this is correct. This guards just <linux/lsm.h> (added in 6.7).
> All other fallback definitions are guarded by other checks, because UAPI headers
> evolve over time, thus it would not help to guard all fallback definitions just
> by HAVE_LINUX_LSM_H. Check other lapi headers, vast majority of those who
> include header add fallback definitions will do it this way.
Thanks for clarification!
> 
> Kind regards,
> Petr
> 

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/7] Add fallback definitions of LSM syscalls

[Petr Vorel]

Hi Andrea,

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Thanks!

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Petr Vorel]

Hi Andrea,

[ Cc Casey, the author of the syscalls and kselftest tests ]

> Verify that lsm_get_self_attr syscall is raising errors when invalid
> data is provided.

> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |  2 +
>  testcases/kernel/syscalls/lsm/Makefile             |  7 ++
>  testcases/kernel/syscalls/lsm/lsm_common.h         | 57 +++++++++++++++
>  .../kernel/syscalls/lsm/lsm_get_self_attr01.c      | 81 ++++++++++++++++++++++

You miss the change in .gitignore. You added it in the next commit. Could you
please before merge rebase, so that it's added for lsm_get_self_attr01 in this
commit? (in case of some revert).

>  4 files changed, 147 insertions(+)

> diff --git a/runtest/syscalls b/runtest/syscalls
> index 5fd62617df1a116b1d94c57ff30f74693320a2ab..d59faf08a3f36b5f64d56952f69641191c70bf33 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -756,6 +756,8 @@ lseek02 lseek02
>  lseek07 lseek07
>  lseek11 lseek11

> +lsm_get_self_attr01 lsm_get_self_attr01
> +
>  lstat01 lstat01
>  lstat01_64 lstat01_64
>  lstat02 lstat02
> diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile
> new file mode 100644
> index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/Makefile
> @@ -0,0 +1,7 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> +
> +top_srcdir		?= ../../../..
> +
> +include $(top_srcdir)/include/mk/testcases.mk
> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
> diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h
> new file mode 100644
> index 0000000000000000000000000000000000000000..33ddda13720d843907404662e6c6dc72ffac3233
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_common.h
> @@ -0,0 +1,57 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LSM_GET_SELF_ATTR_H
> +#define LSM_GET_SELF_ATTR_H
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
> +{
> +	return (struct lsm_ctx *)((void *)tctx + sizeof(*tctx) + tctx->ctx_len);
> +}
> +
> +static inline void read_proc_attr(const char *attr, char *val, const size_t size)
> +{
> +	int fd;
> +	char *ptr;
> +	char path[BUFSIZ];
> +
> +	memset(val, 0, size);
> +	memset(path, 0, BUFSIZ);
> +
> +	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
> +
> +	tst_res(TINFO, "Reading %s", path);
> +
> +	fd = SAFE_OPEN(path, O_RDONLY);
> +
> +	if (read(fd, val, size) > 0) {
> +		ptr = strchr(val, '\n');
> +		if (ptr)
> +			*ptr = '\0';
> +	}
> +
> +	SAFE_CLOSE(fd);
> +}
> +
> +static inline int verify_enabled_lsm(const char *name)
> +{
> +	int fd;
> +	char data[BUFSIZ];
> +
> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> +	SAFE_READ(0, fd, data, BUFSIZ);
> +	SAFE_CLOSE(fd);
> +
> +	if (!strstr(data, name)) {
> +		tst_res(TINFO, "%s is running", name);
> +		return 1;
> +	}
> +
> +	return 0;
> +}
> +#endif
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..2317941af1b73240368820e6a51591e7c18cc140
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> @@ -0,0 +1,81 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +
> +static struct tcase {
> +	uint32_t attr;
.attr = LSM_ATTR_CURRENT is the same for all 4 testcases.
Can you please remove it from the test struct and use it directly?

> +	struct lsm_ctx **ctx;
The same applies to ctx.

Also, kselftest test tools/testing/selftests/lsm/lsm_get_self_attr_test.c is
testing also for ctx being NULL. Then it would make sense to use it.
You would then need to use verify_enabled_lsm(), which you added in this commit
but not use it (e.g. lsm_get_self_attr_test.c in kselftest checks for values
when no lsm is set). Obviously you would have to store also errno for the case
when lsm is not stored.

On some Tumbleweed VM (6.10.0-rc7) I have the default:

$ cat /sys/kernel/security/lsm
lockdown,capability,landlock,yama,apparmor,bpf,ima,evm

When I boot with lsm= kernel parameter, I get:

$ cat /sys/kernel/security/lsm
lockdown,capability,ima,evm

And with that test fails:

# ./lsm_get_self_attr01
tst_buffers.c:57: TINFO: Test is using guarded buffers
tst_test.c:1893: TINFO: LTP version: 20240930-146-gccd20cd77
tst_test.c:1897: TINFO: Tested kernel: 6.10.0-rc7-3.g92abc10-default #1 SMP PREEMPT_DYNAMIC Wed Jul 10 14:15:11 UTC 2024 (92abc10) x86_64
tst_test.c:1728: TINFO: Timeout per run is 0h 00m 30s
lsm_get_self_attr01.c:67: TPASS: size is NULL : EINVAL (22)
lsm_get_self_attr01.c:67: TPASS: flags is invalid : EINVAL (22)
lsm_get_self_attr01.c:67: TFAIL: size is too smal expected E2BIG: EOPNOTSUPP (95)
lsm_get_self_attr01.c:67: TPASS: flags force to use ctx attributes : EINVAL (22)

=> I would vote for having 2 variants to use EOPNOTSUPP or at least check with
verify_enabled_lsm() and TCONF. Otherwise sooner or later somebody report a bug
in the test.

Reviewed-by: Petr Vorel <pvorel@suse.cz>

Kind regards,
Petr

> +	uint32_t *size;
> +	uint32_t flags;
> +	int exp_err;
> +	char *msg;
> +} tcases[] = {
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.exp_err = EINVAL,
> +		.msg = "size is NULL",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
> +		.exp_err = EINVAL,
> +		.msg = "flags is invalid",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_small,
> +		.exp_err = E2BIG,
> +		.msg = "size is too smal",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE,
> +		.exp_err = EINVAL,
> +		.msg = "flags force to use ctx attributes",
> +	},
> +};
> +
> +static void run(unsigned int n)
> +{
> +	struct tcase *tc = &tcases[n];
> +
> +	memset(ctx, 0, sizeof(struct lsm_ctx));
> +	ctx_size = sizeof(struct lsm_ctx);
> +	ctx_size_small = 1;
> +
> +	TST_EXP_FAIL(lsm_get_self_attr(
> +		LSM_ATTR_CURRENT, *tc->ctx, tc->size, tc->flags),
> +		tc->exp_err,
> +		"%s", tc->msg);
> +}
> +
> +static struct tst_test test = {
> +	.test = run,
> +	.tcnt = ARRAY_SIZE(tcases),
> +	.min_kver = "6.8",
> +	.bufs = (struct tst_buffers[]) {
> +		{&ctx, .size = sizeof(struct lsm_ctx)},
> +		{}
> +	},
> +};

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 7/7] Add lsm_set_self_attr01 test

[Petr Vorel]

Hi Andrea,

> Verify that lsm_set_self_attr syscall is raising errors when invalid
> data is provided.

As I wrote at 2nd patch [1], booting with lsm= breaks all but
lsm_list_modules0[12].c. E.g. in this patch:

# ./lsm_set_self_attr01
tst_buffers.c:57: TINFO: Test is using guarded buffers
tst_test.c:1893: TINFO: LTP version: 20240930-146-gccd20cd77
tst_test.c:1897: TINFO: Tested kernel: 6.10.0-rc7-3.g92abc10-default #1 SMP PREEMPT_DYNAMIC Wed Jul 10 14:15:11 UTC 2024 (92abc10) x86_64
tst_test.c:1728: TINFO: Timeout per run is 0h 00m 30s
lsm_common.h:51: TINFO: selinux is running
lsm_common.h:51: TINFO: apparmor is running
lsm_common.h:51: TINFO: smack is running
lsm_set_self_attr01.c:110: TBROK: Can't read LSM current attribute

FYI lsm= bot parameter causes setup (at least on Tumbleweed kernel config):
$ cat /sys/kernel/security/lsm
lockdown,capability,ima,evm

Kind regards,
Petr

[2] https://lore.kernel.org/ltp/20241218185508.GA77804@pevik/

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Andrea Cervesato via ltp]

Hi Petr,

On 12/18/24 19:55, Petr Vorel wrote:
> Also, kselftest test tools/testing/selftests/lsm/lsm_get_self_attr_test.c is
> testing also for ctx being NULL. Then it would make sense to use it.

Now I remember why I skipped this part. The kselftest is checking in 
this way (that's how library works apparently):

TEST(ctx_null_lsm_get_self_attr)
{
     const long page_size = sysconf(_SC_PAGESIZE);
     __u32 size = page_size;
     int rc;

     rc = lsm_get_self_attr(LSM_ATTR_CURRENT, NULL, &size, 0);

     if (attr_lsm_count()) {
         ASSERT_NE(-1, rc);
         ASSERT_NE(1, size);
     } else {
         ASSERT_EQ(-1, rc);
     }
}

If there are LSM implementations in the system, "lsm_get_self_attr" 
won't return any error code but 0.
If there are NOT implementations, the syscall will return -1.

Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 7/7] Add lsm_set_self_attr01 test

[Andrea Cervesato via ltp]

Hi Petr,

On 12/18/24 20:03, Petr Vorel wrote:
> Hi Andrea,
>
>> Verify that lsm_set_self_attr syscall is raising errors when invalid
>> data is provided.
> As I wrote at 2nd patch [1], booting with lsm= breaks all but
> lsm_list_modules0[12].c. E.g. in this patch:
>
> # ./lsm_set_self_attr01
> tst_buffers.c:57: TINFO: Test is using guarded buffers
> tst_test.c:1893: TINFO: LTP version: 20240930-146-gccd20cd77
> tst_test.c:1897: TINFO: Tested kernel: 6.10.0-rc7-3.g92abc10-default #1 SMP PREEMPT_DYNAMIC Wed Jul 10 14:15:11 UTC 2024 (92abc10) x86_64
> tst_test.c:1728: TINFO: Timeout per run is 0h 00m 30s
> lsm_common.h:51: TINFO: selinux is running
> lsm_common.h:51: TINFO: apparmor is running
> lsm_common.h:51: TINFO: smack is running
> lsm_set_self_attr01.c:110: TBROK: Can't read LSM current attribute
>
> FYI lsm= bot parameter causes setup (at least on Tumbleweed kernel config):
> $ cat /sys/kernel/security/lsm
> lockdown,capability,ima,evm
Are you sure about it? In the logs I clearly see that selinux, apparmor 
and smack are running. The way this is checked is exactly by looking at 
the string coming from /sys/kernel/security/lsm
>
> Kind regards,
> Petr
>
> [2] https://lore.kernel.org/ltp/20241218185508.GA77804@pevik/
Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Andrea Cervesato via ltp]

Hi Petr,

On 12/18/24 19:55, Petr Vorel wrote:
> Hi Andrea,
>
> [ Cc Casey, the author of the syscalls and kselftest tests ]
>
>> Verify that lsm_get_self_attr syscall is raising errors when invalid
>> data is provided.
>> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>> ---
>>   runtest/syscalls                                   |  2 +
>>   testcases/kernel/syscalls/lsm/Makefile             |  7 ++
>>   testcases/kernel/syscalls/lsm/lsm_common.h         | 57 +++++++++++++++
>>   .../kernel/syscalls/lsm/lsm_get_self_attr01.c      | 81 ++++++++++++++++++++++
> You miss the change in .gitignore. You added it in the next commit. Could you
> please before merge rebase, so that it's added for lsm_get_self_attr01 in this
> commit? (in case of some revert).
+1
>>   4 files changed, 147 insertions(+)
>> diff --git a/runtest/syscalls b/runtest/syscalls
>> index 5fd62617df1a116b1d94c57ff30f74693320a2ab..d59faf08a3f36b5f64d56952f69641191c70bf33 100644
>> --- a/runtest/syscalls
>> +++ b/runtest/syscalls
>> @@ -756,6 +756,8 @@ lseek02 lseek02
>>   lseek07 lseek07
>>   lseek11 lseek11
>> +lsm_get_self_attr01 lsm_get_self_attr01
>> +
>>   lstat01 lstat01
>>   lstat01_64 lstat01_64
>>   lstat02 lstat02
>> diff --git a/testcases/kernel/syscalls/lsm/Makefile b/testcases/kernel/syscalls/lsm/Makefile
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..8cf1b9024d8bdebe72408c90fef4b8b84ce9dc4b
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/lsm/Makefile
>> @@ -0,0 +1,7 @@
>> +# SPDX-License-Identifier: GPL-2.0-or-later
>> +# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
>> +
>> +top_srcdir		?= ../../../..
>> +
>> +include $(top_srcdir)/include/mk/testcases.mk
>> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> diff --git a/testcases/kernel/syscalls/lsm/lsm_common.h b/testcases/kernel/syscalls/lsm/lsm_common.h
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..33ddda13720d843907404662e6c6dc72ffac3233
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/lsm/lsm_common.h
>> @@ -0,0 +1,57 @@
>> +/* SPDX-License-Identifier: GPL-2.0-or-later */
>> +/*
>> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
>> + */
>> +
>> +#ifndef LSM_GET_SELF_ATTR_H
>> +#define LSM_GET_SELF_ATTR_H
>> +
>> +#include "tst_test.h"
>> +#include "lapi/lsm.h"
>> +
>> +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
>> +{
>> +	return (struct lsm_ctx *)((void *)tctx + sizeof(*tctx) + tctx->ctx_len);
>> +}
>> +
>> +static inline void read_proc_attr(const char *attr, char *val, const size_t size)
>> +{
>> +	int fd;
>> +	char *ptr;
>> +	char path[BUFSIZ];
>> +
>> +	memset(val, 0, size);
>> +	memset(path, 0, BUFSIZ);
>> +
>> +	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
>> +
>> +	tst_res(TINFO, "Reading %s", path);
>> +
>> +	fd = SAFE_OPEN(path, O_RDONLY);
>> +
>> +	if (read(fd, val, size) > 0) {
>> +		ptr = strchr(val, '\n');
>> +		if (ptr)
>> +			*ptr = '\0';
>> +	}
>> +
>> +	SAFE_CLOSE(fd);
>> +}
>> +
>> +static inline int verify_enabled_lsm(const char *name)
>> +{
>> +	int fd;
>> +	char data[BUFSIZ];
>> +
>> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
>> +	SAFE_READ(0, fd, data, BUFSIZ);
>> +	SAFE_CLOSE(fd);
>> +
>> +	if (!strstr(data, name)) {
>> +		tst_res(TINFO, "%s is running", name);
>> +		return 1;
>> +	}
>> +
>> +	return 0;
>> +}
>> +#endif
>> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..2317941af1b73240368820e6a51591e7c18cc140
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
>> @@ -0,0 +1,81 @@
>> +// SPDX-License-Identifier: GPL-2.0-or-later
>> +/*
>> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
>> + */
>> +
>> +/*\
>> + * [Description]
>> + *
>> + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
>> + * provided.
>> + */
>> +
>> +#include "tst_test.h"
>> +#include "lapi/lsm.h"
>> +
>> +static struct lsm_ctx *ctx;
>> +static uint32_t ctx_size;
>> +static uint32_t ctx_size_small;
>> +
>> +static struct tcase {
>> +	uint32_t attr;
> .attr = LSM_ATTR_CURRENT is the same for all 4 testcases.
> Can you please remove it from the test struct and use it directly?
I will keep it in order to test EOPNOTSUPP for overset attr flag, I will 
add this test case in the next version of the patchset.
>
>> +	struct lsm_ctx **ctx;
> The same applies to ctx.
>
> Also, kselftest test tools/testing/selftests/lsm/lsm_get_self_attr_test.c is
This is tested by lsm_get_self_attr02.
> testing also for ctx being NULL. Then it would make sense to use it.
> You would then need to use verify_enabled_lsm(), which you added in this commit
> but not use it (e.g. lsm_get_self_attr_test.c in kselftest checks for values
> when no lsm is set). Obviously you would have to store also errno for the case
> when lsm is not stored.
>
> On some Tumbleweed VM (6.10.0-rc7) I have the default:
>
> $ cat /sys/kernel/security/lsm
> lockdown,capability,landlock,yama,apparmor,bpf,ima,evm
>
> When I boot with lsm= kernel parameter, I get:
>
> $ cat /sys/kernel/security/lsm
> lockdown,capability,ima,evm
>
> And with that test fails:
>
> # ./lsm_get_self_attr01
> tst_buffers.c:57: TINFO: Test is using guarded buffers
> tst_test.c:1893: TINFO: LTP version: 20240930-146-gccd20cd77
> tst_test.c:1897: TINFO: Tested kernel: 6.10.0-rc7-3.g92abc10-default #1 SMP PREEMPT_DYNAMIC Wed Jul 10 14:15:11 UTC 2024 (92abc10) x86_64
> tst_test.c:1728: TINFO: Timeout per run is 0h 00m 30s
> lsm_get_self_attr01.c:67: TPASS: size is NULL : EINVAL (22)
> lsm_get_self_attr01.c:67: TPASS: flags is invalid : EINVAL (22)
> lsm_get_self_attr01.c:67: TFAIL: size is too smal expected E2BIG: EOPNOTSUPP (95)
> lsm_get_self_attr01.c:67: TPASS: flags force to use ctx attributes : EINVAL (22)
>
> => I would vote for having 2 variants to use EOPNOTSUPP or at least check with
> verify_enabled_lsm() and TCONF. Otherwise sooner or later somebody report a bug
> in the test.

Yeah, probably this is the best approach. I will add a helper checking 
for current LSM and eventually TCONF if they are not present in 
combination with LSM_ATTR_CURRENT.

Andrea



-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Cyril Hrubis]

Hi!
> @@ -0,0 +1,57 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LSM_GET_SELF_ATTR_H
> +#define LSM_GET_SELF_ATTR_H
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
> +{
> +	return (struct lsm_ctx *)((void *)tctx + sizeof(*tctx) + tctx->ctx_len);

The cast to (struct lsm_ctx *) here is useless, C will cast it
automatically upon returning the value from the function.

> +}
> +
> +static inline void read_proc_attr(const char *attr, char *val, const size_t size)
> +{
> +	int fd;
> +	char *ptr;
> +	char path[BUFSIZ];
> +
> +	memset(val, 0, size);
> +	memset(path, 0, BUFSIZ);
> +
> +	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
> +
> +	tst_res(TINFO, "Reading %s", path);
> +
> +	fd = SAFE_OPEN(path, O_RDONLY);
> +
> +	if (read(fd, val, size) > 0) {
> +		ptr = strchr(val, '\n');
> +		if (ptr)
> +			*ptr = '\0';
> +	}
> +
> +	SAFE_CLOSE(fd);
> +}
> +
> +static inline int verify_enabled_lsm(const char *name)
> +{
> +	int fd;
> +	char data[BUFSIZ];
> +
> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> +	SAFE_READ(0, fd, data, BUFSIZ);
> +	SAFE_CLOSE(fd);
> +
> +	if (!strstr(data, name)) {
> +		tst_res(TINFO, "%s is running", name);
> +		return 1;
> +	}

The strstr() is not future proof here. If somebody adds a lsm with a
name that is substring of current lsm name, the strstr() will produce
false possitive.

It's better to iterate over the data with strtok() and compare exact
names with strcmp().

> +	return 0;
> +}
> +#endif
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..2317941af1b73240368820e6a51591e7c18cc140
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> @@ -0,0 +1,81 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +
> +static struct tcase {
> +	uint32_t attr;
> +	struct lsm_ctx **ctx;
> +	uint32_t *size;
> +	uint32_t flags;
> +	int exp_err;
> +	char *msg;
> +} tcases[] = {
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.exp_err = EINVAL,
> +		.msg = "size is NULL",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
> +		.exp_err = EINVAL,
> +		.msg = "flags is invalid",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_small,
> +		.exp_err = E2BIG,
> +		.msg = "size is too smal",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE,
> +		.exp_err = EINVAL,
> +		.msg = "flags force to use ctx attributes",
> +	},
> +};
> +
> +static void run(unsigned int n)
> +{
> +	struct tcase *tc = &tcases[n];
> +
> +	memset(ctx, 0, sizeof(struct lsm_ctx));
> +	ctx_size = sizeof(struct lsm_ctx);
> +	ctx_size_small = 1;
> +
> +	TST_EXP_FAIL(lsm_get_self_attr(
> +		LSM_ATTR_CURRENT, *tc->ctx, tc->size, tc->flags),
> +		tc->exp_err,
> +		"%s", tc->msg);
> +}
> +
> +static struct tst_test test = {
> +	.test = run,
> +	.tcnt = ARRAY_SIZE(tcases),
> +	.min_kver = "6.8",
> +	.bufs = (struct tst_buffers[]) {
> +		{&ctx, .size = sizeof(struct lsm_ctx)},
> +		{}
> +	},
> +};

The test itself looks good.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 3/7] Add lsm_get_self_attr02 test

[Cyril Hrubis]

On Tue, Nov 12, 2024 at 08:15:34AM +0100, Andrea Cervesato wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
> 
> Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
> The syscall can behave in different ways according to the current system
> status:
> 
> - if any LSM is running inside the system, the syscall will pass and it will
>   provide a size as big as the attribute
> - if no LSM(s) are running inside the system, the syscall will fail with -1
>   return code
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |  1 +
>  testcases/kernel/syscalls/lsm/.gitignore           |  2 +
>  .../kernel/syscalls/lsm/lsm_get_self_attr02.c      | 55 ++++++++++++++++++++++
>  3 files changed, 58 insertions(+)
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index d59faf08a3f36b5f64d56952f69641191c70bf33..b3350af4db6d00cf86f621b5efee5d603af920f0 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -757,6 +757,7 @@ lseek07 lseek07
>  lseek11 lseek11
>  
>  lsm_get_self_attr01 lsm_get_self_attr01
> +lsm_get_self_attr02 lsm_get_self_attr02
>  
>  lstat01 lstat01
>  lstat01_64 lstat01_64
> diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
> new file mode 100644
> index 0000000000000000000000000000000000000000..9f7c9b00b026a377f1b36f483ac2c1a0adba6249
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/.gitignore
> @@ -0,0 +1,2 @@
> +lsm_get_self_attr01
> +lsm_get_self_attr02
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..ce10bc2881fa8ac56a1e1da01631cfed8857eb08
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr02.c
> @@ -0,0 +1,55 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is acting correctly when ctx is NULL.
> + * The syscall can behave in different ways according to the current system
> + * status:
> + *
> + * - if any LSM is running inside the system, the syscall will pass and it will
> + *   provide a size as big as the attribute
> + * - if no LSM(s) are running inside the system, the syscall will fail with -1
> + *   return code
> + */
> +#include "lsm_common.h"
> +
> +static uint32_t page_size;
> +static uint32_t lsm_count;
> +
> +static void run(void)
> +{
> +	uint32_t size = page_size;
> +
> +	if (lsm_count) {
> +		TST_EXP_EXPR(lsm_get_self_attr(
> +			LSM_ATTR_CURRENT, NULL, &size, 0) >= 1);

TST_EXP_POSSITIVE()?

Also I'm a bit confused here, where is the size returned as the return
value from the syscall() or is the size argument modified?

> +		TST_EXP_EXPR(size > 1);
> +	} else {
> +		TST_EXP_EQ_LI(lsm_get_self_attr(
> +			LSM_ATTR_CURRENT, NULL, &size, 0), -1);

TST_EXP_FAIL()?

> +	}
> +}
> +
> +static void setup(void)
> +{
> +	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> +
> +	if (verify_enabled_lsm("selinux"))
> +		lsm_count++;
> +
> +	if (verify_enabled_lsm("apparmor"))
> +		lsm_count++;
> +
> +	if (verify_enabled_lsm("smack"))
> +		lsm_count++;

Shouldn't we just look at the /sys/kernel/security/lsm file and if it
exists and it's not empty there is a lsm on the system and the syscall
will not fail in that case?

> +}
> +
> +static struct tst_test test = {
> +	.test_all = run,
> +	.setup = setup,
> +	.min_kver = "6.8",
> +};
> 
> -- 
> 2.43.0
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 3/7] Add lsm_get_self_attr02 test

[Andrea Cervesato via ltp]

Hi Cyril,

On 1/8/25 13:58, Cyril Hrubis wrote:
> Shouldn't we just look at the /sys/kernel/security/lsm file and if it
> exists and it's not empty there is a lsm on the system and the syscall
> will not fail in that case?

Unfortunately not, selinux, apparmor and smack are the only ones which 
are supported by LSM_ATTR_CURRENT.
https://docs.kernel.org/userspace-api/lsm.html

Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 3/7] Add lsm_get_self_attr02 test

[Cyril Hrubis]

Hi!
> > +static void setup(void)
> > +{
> > +	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> > +
> > +	if (verify_enabled_lsm("selinux"))
> > +		lsm_count++;
> > +
> > +	if (verify_enabled_lsm("apparmor"))
> > +		lsm_count++;
> > +
> > +	if (verify_enabled_lsm("smack"))
> > +		lsm_count++;
> 
> Shouldn't we just look at the /sys/kernel/security/lsm file and if it
> exists and it's not empty there is a lsm on the system and the syscall
> will not fail in that case?

And looking into the documentation these attributes are currently
supported only by these three lsms. So this is correct, however the
pattern is repeated in other tests, so maybe put it into a inline
function into a common header?

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 5/7] Add lsm_list_modules01 test

[Cyril Hrubis]

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 6/7] Add lsm_list_modules02 test

[Cyril Hrubis]

Hi!
> +		if (!name)
> +			tst_brk(TBROK, "Unsupported LSM: %lu", ids[i]);
> +
> +		if (strstr(name, lsm_list))

Again here the strstr() is not future proof. There is no lsm with the
name as a substring of a different lsm, but it's not entirely unlikely
that a lsm with name that contains one of the three letter names as a
substring in the future.

So I guess that we may as well break the lsm list into an array of
strings with strtok() in the setup and add a function that loops on the
array and does strcmp() for each entry in that array.

> +			tst_res(TFAIL, "'%s' has not been found", name);
> +		else
> +			tst_res(TPASS, "'%s' is enabled", name);
> +	}
> +
> +	TST_EXP_EQ_LI(*size, counter * sizeof(uint64_t));

So we get literal size in the size and number of elements as the return
value. Sounds good.

> +	TST_EXP_EQ_LI(lsm_num, counter);

Isn't this true by definition? We do tst_brk(TBROK, "") on unknown lsm
so if the counter is not increased on each lsm_num iteration we exit the
test with tst_brk() and never reach this line.

And hat is actually missing here is to compare the number of lsm names
in the /sys/kernel/security/lsm file with the lsm_num. But for that we
have to break the file content into tokens and count them, which we need
to do anyways.

> +}
> +
> +static void setup(void)
> +{
> +	int fd;
> +
> +	page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> +	SAFE_READ(0, fd, lsm_list, BUFSIZ);
> +	SAFE_CLOSE(fd);
> +}
> +
> +static struct tst_test test = {
> +	.test_all = run,
> +	.setup = setup,
> +	.min_kver = "6.8",
> +	.bufs = (struct tst_buffers []) {
> +		{&ids, .size = sizeof(uint64_t) * MAX_LSM_NUM},
> +		{&size, .size = sizeof(uint32_t)},
> +		{},
> +	},
> +};
> 
> -- 
> 2.43.0
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp