From nobody Tue Dec 16 17:00:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C71CBC77B76 for ; Fri, 21 Apr 2023 17:48:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233462AbjDURs5 (ORCPT ); Fri, 21 Apr 2023 13:48:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233461AbjDURsm (ORCPT ); Fri, 21 Apr 2023 13:48:42 -0400 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6DB355A6 for ; Fri, 21 Apr 2023 10:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099289; bh=59Ysfxs4aXqKQAkG0s/boUKeF7qHy6COlwo4gu6+UZg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=Yd1VdXK7c9o8xbZRzKtctK0++fBa9x6guTdAutVBqWKFRpBR4Y8yeZhXDL5ZdAElfXQKrAPGAb4UDoUXFGaDresOENJKLQuObdo8Osrlckh+IIiImeM0J6XvdsQLwqw5nyEOGgsS7+x+pGt+ZHSgPqE+seQlwso53xBKjG3SCNcgDDpRBT+zs+jstPRPhl/b3xZilRsKwi7vMGeCYG2Yc65GRiOuO8oK/QbU2UlnXsBVpMwhAOHzUq8zrPIzAVKB4bv/FxOL6i84PXolBR3+M8pn6SghxCTe6rjRfZD6ruhtWtX80pu5G+dMRaDBlxzAXEAIHgFkbtpkAxscGiYpRw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682099289; bh=5fAhcZeqJoTU8T5WHi9UCxmw2noumwSxItkMt/JcN8p=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rJz0+efgomTaP9iv2iHahJ/vYzpJngsLICfJPO8KMJsKm70PnAVD7fIiHY0Cf99iVoyAZXOZVTWSNJ+R8KsqIgkOn2XFN3k4omqaYdNw9Kc+C6/E695SJkYHyZEqAPl2J9Ey8LeTzMxyYRGMWNHiGubtSpp++lBFs/NG96HH1ZLh41pMjAeo9f9uaCxGIbKa1pC/gf9pePp9dQ68pMlZ2sF4l8iTqf/j5wCUEsBdbBHWX5OxoC8/coWbAg1SGEpHqFTKcKzuAAMjkBXKj3nIInohIOQ7NfqSK+bDA7TuExY1u+pl2ZVHq5zhF/SjAB/mvoLtMAWh+RTKrkYjfDj15A== X-YMail-OSG: sQFJQCYVM1m_Byu806ScoLyEa_tZT4l5813gK2RntjfF2yCJsWvw8jH4wz9Zrfn Wl1Ta7QVrXmfQWIUdAOLme2fzrFAMOXsASCSjaGmxaSweMf8jLUdyxe9W7un1pzRSFNvxGcVp3LK R9YpfVUsSAannzRFgbRxhwqkz410Fv4xhgzr3OHyA9.F6CdiqPwRYfj1RrhRHqnVRsHeBJoD9DuI MOFjhqq2dsuODZ4R_9NVFuiCbOeNedUIVF7b25g_UuOcq9NDyvxHu48ypIaj5wbnWuORc3vA4Of9 FerRoZAi5CwMJnhM0Izrxz1f24TvagXZRxGMnp62ZZ69bPeF4z1PFsJywOZPeb9bKNS_wVLsx6B2 nMOjDSdRgF039DDpOX9SKHIMqu6QfBPpuGUaoPoG3pI_zHoo54l2iGCPZItb64KfpjjDcUMe7UET 5Bfmsf5OgDrEotoAX7oI3aQjCpII5QrfViIaROZ_OqTcRGqzmrdQpvolDgIG.fUsN.MMwgDI3b.F rtxm4RIjee1uXNtTWaT5JufA9dq6t5c7rRvBGCXEFyOTQqAhW81KpHU5O1Uzy8tVKTsHnUN57WKu H4RJPhew6EXv8YIB4xf7DeCeNtsfckczv9E6pAQB4hVEXHpdCsqofX2VA7yvPmT5iFZ62Z7cz4tt lJ0OR_AnBE8brli7UeUo.TjfGMiK3Xkh44Bf17aCggzOJd748iUcofTCCufX0t9vPE41t8u.hxQu LyH5PawIfzjviiXjTk6ButtQWqccTCzW52CR8ORuten3SfJJ664pmxQQGlk1m5n4p3S5YIbXDxKI WCeMsLlt97jU2AQ.xOq_dUuzJYCA4n3AXq.Lcj_L5Mt.lk0kcLSRo7aowjpLfgw_bHoKxVAOat5t 8zmYu7J3NXMt.jWziYpoPb9_LCsxh5UDZ4wDDQWWplCKL33iPCdT6l4OZGd6w97EomSxaOoarEbi 6.W2dYGMt7l0J.Lqky.f.WcvGzI0tzVt4az7OkLEoHAiOn5TuSR5rZHsoCHW9hZ2qFBBafNkw7yk eLEOH6D.JRUEQHKZMUQdwRw0ulgFtAVbnKkKXtjm.aty4yxdfKC8JMWiIDt8fEQtQ31RAocjCkFh LsIjfhVnoaomdiCSRMe2JCyvdOSt32d_TGMjwBlykwRO8Jj2TTdP1EwrbGXOm2xebLYJ9OHBIxLN q_RPEQc1rNg9AzXXdmbcm0ne0im6Yv9QyRzKh.Ly8YnnMTq.Uwg7JBfroAHpGqsEoI3B5lXZ_jGn 9EVUpT4rVcRa15T6U82XI9mRDaNhp_O2Gt0fUQkYTxH4pJVlZ56g9UpFF4h6WpVPryzgcArd6Hl7 f074tJy3JzMQbGRyN2wwWuSo9do8BgEHqm4k.87wCK0W2CFH8lXzFhUup8ihG.envd4XiDf0tSWd BFI9AEx8jpRqzXxA0Cq_ojLTsRxuQVHGizya8qsi81QkwIFKZWOYJ4q_pivTQ62j6LtThs9xjjF6 Ggu0Ywnq.eG9wxEZ8zYZM1VgHAwbhm7pKSfBgE63JA.L7IpzwbFRvjrbtSpzpaJWn_OyKHO6e19R 8z1sMu3mIfjIOLmmWh75ar5AELHxKIv4ucRmLjP5f1FnJU8qJmvYk_ODPZPeUE6miTEMWmL1SRVT 2Rt8.zC5c0a1AmevzGJdUBBnStkxYAjG1cJ8J_5GBg6IFnZ3lE_kqUfvaPJjEugI8mXuF7986Hv5 kemrZw5Z6q4eVd3Eyq64psPZUHpVywnfgU_tT0ME574TrbLhrhEzQG2jBPpQjmvDPY71NYxn5gyM EhTgbqdojw8M1aLnIQYO1y_c3oIp4Olbu1oBkH5bO_Fp2F50_fCzj3jfDQQbEt5vik.p0oWNaSgS OIpn.tNrZYlTGXhYrnYdiQX6lgVNjSNCJ4Zmx5lIlbAxk2u7w61a9old1lxEFqFW6II5XMEv7DbJ 8cUbdftkLMEIZw4yd8hXZxZyjZn1wUm09qP5XOwa7GYATmuJmFJybTxZuDezQnOiUc2vrzl052Kg c7VqUnsRawtqK65.h5r.uUsM8mXLoXOt9.x3RRaEtF5zSGF8CZyjtxJH3lbawejICetXZsCsXmE4 w1FFTMU_Ax6u0rgi.udSi8HVvqhMINagpUtwdVapyIa.gUKjpE6V0vVrWJVzzPw5ke90NFnVZ1BW Bly_zoS1qaKlVEwNCAAlOh.x3dqn25KSMFvsX_mH1D1zyebRjF1o89SHdscPrPyJH17bfcMGUiLp 8elghpscIJ52AhE2ooW6oQcN1rUjTS37lucys4fEKXUVM4KYN5fpjFb380E78y5PkxZjf5Pdi4IJ RaarxXDtEOx0W5rfWK.YIHFy5meRKtHY- X-Sonic-MF: X-Sonic-ID: 0a165257-c7cf-4c1f-8faf-3897bfc6af60 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Fri, 21 Apr 2023 17:48:09 +0000 Received: by hermes--production-bf1-5f9df5c5c4-qlh82 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 091c2dfb80bceefc0923e7e11c81b629; Fri, 21 Apr 2023 17:48:04 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: [PATCH v9 11/11] LSM: selftests for Linux Security Module syscalls Date: Fri, 21 Apr 2023 10:42:59 -0700 Message-Id: <20230421174259.2458-12-casey@schaufler-ca.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230421174259.2458-1-casey@schaufler-ca.com> References: <20230421174259.2458-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add selftests for the three system calls supporting the LSM infrastructure. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/lsm/Makefile | 12 + tools/testing/selftests/lsm/config | 2 + .../selftests/lsm/lsm_get_self_attr_test.c | 267 ++++++++++++++++++ .../selftests/lsm/lsm_list_modules_test.c | 149 ++++++++++ .../selftests/lsm/lsm_set_self_attr_test.c | 70 +++++ 6 files changed, 501 insertions(+) create mode 100644 tools/testing/selftests/lsm/Makefile create mode 100644 tools/testing/selftests/lsm/config create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c create mode 100644 tools/testing/selftests/lsm/lsm_list_modules_test.c create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Mak= efile index 13a6837a0c6b..b18d133a1141 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -38,6 +38,7 @@ TARGETS +=3D landlock TARGETS +=3D lib TARGETS +=3D livepatch TARGETS +=3D lkdtm +TARGETS +=3D lsm TARGETS +=3D membarrier TARGETS +=3D memfd TARGETS +=3D memory-hotplug diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests= /lsm/Makefile new file mode 100644 index 000000000000..f39a75212b78 --- /dev/null +++ b/tools/testing/selftests/lsm/Makefile @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# First run: make -C ../../../.. headers_install + +CFLAGS +=3D -Wall -O2 $(KHDR_INCLUDES) + +TEST_GEN_PROGS :=3D lsm_get_self_attr_test lsm_list_modules_test \ + lsm_set_self_attr_test + +include ../lib.mk + +$(TEST_GEN_PROGS): diff --git a/tools/testing/selftests/lsm/config b/tools/testing/selftests/l= sm/config new file mode 100644 index 000000000000..afb887715f64 --- /dev/null +++ b/tools/testing/selftests/lsm/config @@ -0,0 +1,2 @@ +CONFIG_SYSFS=3Dy +CONFIG_SECURITY=3Dy diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/t= esting/selftests/lsm/lsm_get_self_attr_test.c new file mode 100644 index 000000000000..71c2b1a8a44e --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c @@ -0,0 +1,267 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_get_self_attr system call + * + * Copyright =C2=A9 2022 Casey Schaufler + * Copyright =C2=A9 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +#define PROCATTR "/proc/self/attr/" + +static int read_proc_attr(const char *attr, char *value, __kernel_size_t s= ize) +{ + int fd; + int len; + char *path; + + len =3D strlen(PROCATTR) + strlen(attr) + 1; + path =3D calloc(len, 1); + if (path =3D=3D NULL) + return -1; + sprintf(path, "%s%s", PROCATTR, attr); + + fd =3D open(path, O_RDONLY); + free(path); + + if (fd < 0) + return -1; + len =3D read(fd, value, size); + if (len <=3D 0) + return -1; +fprintf(stderr, "len=3D%d\n", len); + close(fd); + + path =3D strchr(value, '\n'); + if (path) + *path =3D '\0'; + + return 0; +} + +static struct lsm_ctx *next_ctx(struct lsm_ctx *ctxp) +{ + void *vp; + + vp =3D (void *)ctxp + sizeof(*ctxp) + ctxp->ctx_len; + return (struct lsm_ctx *)vp; +} + +TEST(size_null_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + NULL, 0)); + ASSERT_EQ(EINVAL, errno); + + free(ctx); +} + +TEST(ctx_null_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + __kernel_size_t size =3D page_size; + + ASSERT_NE(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, NULL, + &size, 0)); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D 1; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(ctx); +} + +TEST(flags_zero_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 1)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(ctx); +} + +TEST(flags_overset_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_EQ(-1, syscall(__NR_lsm_get_self_attr, + LSM_ATTR_CURRENT | LSM_ATTR_PREV, ctx, &size, 0)); + ASSERT_EQ(EOPNOTSUPP, errno); + + free(ctx); +} + +TEST(basic_lsm_get_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + __kernel_size_t size =3D page_size; + struct lsm_ctx *ctx =3D calloc(page_size, 1); + struct lsm_ctx *tctx =3D NULL; + __u64 *syscall_lsms =3D calloc(page_size, 1); + char *attr =3D calloc(page_size, 1); + int cnt_current =3D 0; + int cnt_exec =3D 0; + int cnt_fscreate =3D 0; + int cnt_keycreate =3D 0; + int cnt_prev =3D 0; + int cnt_sockcreate =3D 0; + int lsmcount; + int count; + int i; + + ASSERT_NE(NULL, ctx); + ASSERT_NE(NULL, syscall_lsms); + + lsmcount =3D syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, lsmcount); + + for (i =3D 0; i < lsmcount; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_SELINUX: + cnt_current++; + cnt_exec++; + cnt_fscreate++; + cnt_keycreate++; + cnt_prev++; + cnt_sockcreate++; + break; + case LSM_ID_SMACK: + cnt_current++; + break; + case LSM_ID_APPARMOR: + cnt_current++; + cnt_exec++; + cnt_prev++; + break; + default: + break; + } + } + + if (cnt_current) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0); + ASSERT_EQ(cnt_current, count); + tctx =3D ctx; + ASSERT_EQ(0, read_proc_attr("current", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_exec) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_EXEC, ctx, + &size, 0); + ASSERT_GE(cnt_exec, count); + if (count > 0) { + tctx =3D ctx; + if (read_proc_attr("exec", attr, page_size) =3D=3D 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_fscreate) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_FSCREATE, ctx, + &size, 0); + ASSERT_GE(cnt_fscreate, count); + if (count > 0) { + tctx =3D ctx; + if (read_proc_attr("fscreate", attr, page_size) =3D=3D 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_keycreate) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_KEYCREATE, ctx, + &size, 0); + ASSERT_GE(cnt_keycreate, count); + if (count > 0) { + tctx =3D ctx; + if (read_proc_attr("keycreate", attr, page_size) =3D=3D 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + if (cnt_prev) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_PREV, ctx, + &size, 0); + ASSERT_GE(cnt_prev, count); + if (count > 0) { + tctx =3D ctx; + ASSERT_EQ(0, read_proc_attr("prev", attr, page_size)); + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + } + if (cnt_sockcreate) { + size =3D page_size; + count =3D syscall(__NR_lsm_get_self_attr, LSM_ATTR_SOCKCREATE, + ctx, &size, 0); + ASSERT_GE(cnt_sockcreate, count); + if (count > 0) { + tctx =3D ctx; + if (read_proc_attr("sockcreate", attr, page_size) =3D=3D 0) + ASSERT_EQ(0, strcmp((char *)tctx->ctx, attr)); + } + for (i =3D 1; i < count; i++) { + tctx =3D next_ctx(tctx); + ASSERT_NE(0, strcmp((char *)tctx->ctx, attr)); + } + } + + free(ctx); + free(attr); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_list_modules_test.c b/tools/te= sting/selftests/lsm/lsm_list_modules_test.c new file mode 100644 index 000000000000..3ec814002710 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_list_modules_test.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_list_modules system call + * + * Copyright =C2=A9 2022 Casey Schaufler + * Copyright =C2=A9 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +static int read_sysfs_lsms(char *lsms, __kernel_size_t size) +{ + FILE *fp; + + fp =3D fopen("/sys/kernel/security/lsm", "r"); + if (fp =3D=3D NULL) + return -1; + if (fread(lsms, 1, size, fp) <=3D 0) + return -1; + fclose(fp); + return 0; +} + +TEST(size_null_lsm_list_modules) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *syscall_lsms =3D calloc(page_size, 1); + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, NULL, 0)); + ASSERT_EQ(EFAULT, errno); + + free(syscall_lsms); +} + +TEST(ids_null_lsm_list_modules) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + __kernel_size_t size =3D page_size; + + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, NULL, &size, 0)); + ASSERT_EQ(EFAULT, errno); + ASSERT_NE(1, size); +} + +TEST(size_too_small_lsm_list_modules) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *syscall_lsms =3D calloc(page_size, 1); + __kernel_size_t size =3D 1; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0)); + ASSERT_EQ(E2BIG, errno); + ASSERT_NE(1, size); + + free(syscall_lsms); +} + +TEST(flags_set_lsm_list_modules) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *syscall_lsms =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(-1, syscall(__NR_lsm_list_modules, syscall_lsms, &size, 7)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(page_size, size); + + free(syscall_lsms); +} + +TEST(correct_lsm_list_modules) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + __kernel_size_t size =3D page_size; + __u64 *syscall_lsms =3D calloc(page_size, 1); + char *sysfs_lsms =3D calloc(page_size, 1); + char *name; + char *cp; + int count; + int i; + + ASSERT_NE(NULL, sysfs_lsms); + ASSERT_NE(NULL, syscall_lsms); + ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size)); + + count =3D syscall(__NR_lsm_list_modules, syscall_lsms, &size, 0); + ASSERT_LE(1, count); + cp =3D sysfs_lsms; + for (i =3D 0; i < count; i++) { + switch (syscall_lsms[i]) { + case LSM_ID_CAPABILITY: + name =3D "capability"; + break; + case LSM_ID_SELINUX: + name =3D "selinux"; + break; + case LSM_ID_SMACK: + name =3D "smack"; + break; + case LSM_ID_TOMOYO: + name =3D "tomoyo"; + break; + case LSM_ID_IMA: + name =3D "ima"; + break; + case LSM_ID_APPARMOR: + name =3D "apparmor"; + break; + case LSM_ID_YAMA: + name =3D "yama"; + break; + case LSM_ID_LOADPIN: + name =3D "loadpin"; + break; + case LSM_ID_SAFESETID: + name =3D "safesetid"; + break; + case LSM_ID_LOCKDOWN: + name =3D "lockdown"; + break; + case LSM_ID_BPF: + name =3D "bpf"; + break; + case LSM_ID_LANDLOCK: + name =3D "landlock"; + break; + default: + name =3D "INVALID"; + break; + } + ASSERT_EQ(0, strncmp(cp, name, strlen(name))); + cp +=3D strlen(name) + 1; + } + + free(sysfs_lsms); + free(syscall_lsms); +} + +TEST_HARNESS_MAIN diff --git a/tools/testing/selftests/lsm/lsm_set_self_attr_test.c b/tools/t= esting/selftests/lsm/lsm_set_self_attr_test.c new file mode 100644 index 000000000000..ca538a703168 --- /dev/null +++ b/tools/testing/selftests/lsm/lsm_set_self_attr_test.c @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Linux Security Module infrastructure tests + * Tests for the lsm_set_self_attr system call + * + * Copyright =C2=A9 2022 Casey Schaufler + * Copyright =C2=A9 2022 Intel Corporation + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "../kselftest_harness.h" + +TEST(ctx_null_lsm_set_self_attr) +{ + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, NULL, + sizeof(struct lsm_ctx), 0)); +} + +TEST(size_too_small_lsm_set_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + struct lsm_ctx *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, ctx, 1, + 0)); + + free(ctx); +} + +TEST(flags_zero_lsm_set_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, ctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, LSM_ATTR_CURRENT, ctx, + size, 1)); + + free(ctx); +} + +TEST(flags_overset_lsm_set_self_attr) +{ + const long page_size =3D sysconf(_SC_PAGESIZE); + char *ctx =3D calloc(page_size, 1); + __kernel_size_t size =3D page_size; + struct lsm_ctx *tctx =3D (struct lsm_ctx *)ctx; + + ASSERT_NE(NULL, ctx); + ASSERT_GE(1, syscall(__NR_lsm_get_self_attr, LSM_ATTR_CURRENT, tctx, + &size, 0)); + ASSERT_EQ(-1, syscall(__NR_lsm_set_self_attr, + LSM_ATTR_CURRENT | LSM_ATTR_PREV, tctx, size, 0)); + + free(ctx); +} + +TEST_HARNESS_MAIN --=20 2.39.2