1 // SPDX-License-Identifier: GPL-2.0
3 * Linux Security Module infrastructure tests
4 * Tests for the lsm_get_self_attr system call
6 * Copyright © 2022 Casey Schaufler <casey@schaufler-ca.com>
10 #include <linux/lsm.h>
15 #include <sys/types.h>
16 #include "../kselftest_harness.h"
19 static struct lsm_ctx
*next_ctx(struct lsm_ctx
*ctxp
)
23 vp
= (void *)ctxp
+ sizeof(*ctxp
) + ctxp
->ctx_len
;
24 return (struct lsm_ctx
*)vp
;
27 TEST(size_null_lsm_get_self_attr
)
29 const long page_size
= sysconf(_SC_PAGESIZE
);
30 struct lsm_ctx
*ctx
= calloc(page_size
, 1);
34 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
, NULL
, 0));
35 ASSERT_EQ(EINVAL
, errno
);
40 TEST(ctx_null_lsm_get_self_attr
)
42 const long page_size
= sysconf(_SC_PAGESIZE
);
43 __u32 size
= page_size
;
46 rc
= lsm_get_self_attr(LSM_ATTR_CURRENT
, NULL
, &size
, 0);
48 if (attr_lsm_count()) {
56 TEST(size_too_small_lsm_get_self_attr
)
58 const long page_size
= sysconf(_SC_PAGESIZE
);
59 struct lsm_ctx
*ctx
= calloc(page_size
, 1);
64 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
, &size
, 0));
65 if (attr_lsm_count()) {
66 ASSERT_EQ(E2BIG
, errno
);
68 ASSERT_EQ(EOPNOTSUPP
, errno
);
75 TEST(flags_zero_lsm_get_self_attr
)
77 const long page_size
= sysconf(_SC_PAGESIZE
);
78 struct lsm_ctx
*ctx
= calloc(page_size
, 1);
79 __u64
*syscall_lsms
= calloc(page_size
, 1);
87 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
, &size
,
89 ASSERT_EQ(EINVAL
, errno
);
90 ASSERT_EQ(page_size
, size
);
92 lsmcount
= syscall(__NR_lsm_list_modules
, syscall_lsms
, &size
, 0);
93 ASSERT_LE(1, lsmcount
);
94 ASSERT_NE(NULL
, syscall_lsms
);
96 for (i
= 0; i
< lsmcount
; i
++) {
99 ctx
->id
= syscall_lsms
[i
];
101 if (syscall_lsms
[i
] == LSM_ID_SELINUX
||
102 syscall_lsms
[i
] == LSM_ID_SMACK
||
103 syscall_lsms
[i
] == LSM_ID_APPARMOR
) {
104 ASSERT_EQ(1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
,
105 &size
, LSM_FLAG_SINGLE
));
107 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
,
116 TEST(flags_overset_lsm_get_self_attr
)
118 const long page_size
= sysconf(_SC_PAGESIZE
);
119 struct lsm_ctx
*ctx
= calloc(page_size
, 1);
122 ASSERT_NE(NULL
, ctx
);
126 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
| LSM_ATTR_PREV
, ctx
,
128 ASSERT_EQ(EOPNOTSUPP
, errno
);
132 ASSERT_EQ(-1, lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
, &size
,
134 (LSM_FLAG_SINGLE
<< 1)));
135 ASSERT_EQ(EINVAL
, errno
);
140 TEST(basic_lsm_get_self_attr
)
142 const long page_size
= sysconf(_SC_PAGESIZE
);
143 __u32 size
= page_size
;
144 struct lsm_ctx
*ctx
= calloc(page_size
, 1);
145 struct lsm_ctx
*tctx
= NULL
;
146 __u64
*syscall_lsms
= calloc(page_size
, 1);
147 char *attr
= calloc(page_size
, 1);
150 int cnt_fscreate
= 0;
151 int cnt_keycreate
= 0;
153 int cnt_sockcreate
= 0;
158 ASSERT_NE(NULL
, ctx
);
159 ASSERT_NE(NULL
, syscall_lsms
);
161 lsmcount
= syscall(__NR_lsm_list_modules
, syscall_lsms
, &size
, 0);
162 ASSERT_LE(1, lsmcount
);
164 for (i
= 0; i
< lsmcount
; i
++) {
165 switch (syscall_lsms
[i
]) {
177 case LSM_ID_APPARMOR
:
189 count
= lsm_get_self_attr(LSM_ATTR_CURRENT
, ctx
, &size
, 0);
190 ASSERT_EQ(cnt_current
, count
);
192 ASSERT_EQ(0, read_proc_attr("current", attr
, page_size
));
193 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
194 for (i
= 1; i
< count
; i
++) {
195 tctx
= next_ctx(tctx
);
196 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
201 count
= lsm_get_self_attr(LSM_ATTR_EXEC
, ctx
, &size
, 0);
202 ASSERT_GE(cnt_exec
, count
);
205 if (read_proc_attr("exec", attr
, page_size
) == 0)
206 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
208 for (i
= 1; i
< count
; i
++) {
209 tctx
= next_ctx(tctx
);
210 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
215 count
= lsm_get_self_attr(LSM_ATTR_FSCREATE
, ctx
, &size
, 0);
216 ASSERT_GE(cnt_fscreate
, count
);
219 if (read_proc_attr("fscreate", attr
, page_size
) == 0)
220 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
222 for (i
= 1; i
< count
; i
++) {
223 tctx
= next_ctx(tctx
);
224 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
229 count
= lsm_get_self_attr(LSM_ATTR_KEYCREATE
, ctx
, &size
, 0);
230 ASSERT_GE(cnt_keycreate
, count
);
233 if (read_proc_attr("keycreate", attr
, page_size
) == 0)
234 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
236 for (i
= 1; i
< count
; i
++) {
237 tctx
= next_ctx(tctx
);
238 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
243 count
= lsm_get_self_attr(LSM_ATTR_PREV
, ctx
, &size
, 0);
244 ASSERT_GE(cnt_prev
, count
);
247 ASSERT_EQ(0, read_proc_attr("prev", attr
, page_size
));
248 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
249 for (i
= 1; i
< count
; i
++) {
250 tctx
= next_ctx(tctx
);
251 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
255 if (cnt_sockcreate
) {
257 count
= lsm_get_self_attr(LSM_ATTR_SOCKCREATE
, ctx
, &size
, 0);
258 ASSERT_GE(cnt_sockcreate
, count
);
261 if (read_proc_attr("sockcreate", attr
, page_size
) == 0)
262 ASSERT_EQ(0, strcmp((char *)tctx
->ctx
, attr
));
264 for (i
= 1; i
< count
; i
++) {
265 tctx
= next_ctx(tctx
);
266 ASSERT_NE(0, strcmp((char *)tctx
->ctx
, attr
));
