Unverified Commit 55dc93a7 authored by Tingmao Wang's avatar Tingmao Wang Committed by Mickaël Salaün
Browse files

selftests/landlock: Use scoped_base_variants.h for ptrace_test 



ptrace_test.c currently contains a duplicated version of the
scoped_domains fixture variants.  This patch removes that and make it use
the shared scoped_base_variants.h instead, like in
scoped_abstract_unix_test and scoped_signal_test.

This required renaming the hierarchy fixture to scoped_domains, but the
test is otherwise the same.

Cc: Tahera Fahimi <fahimitahera@gmail.com>
Signed-off-by: default avatarTingmao Wang <m@maowtm.org>
Link: https://lore.kernel.org/r/48148f0134f95f819a25277486a875a6fd88ecf9.1766885035.git.m@maowtm.org


Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent 7aa593d8

tools/testing/selftests/landlock/ptrace_test.c

+5 −149
Original line number Diff line number Diff line
@@ -86,16 +86,9 @@ static int get_yama_ptrace_scope(void) 
}



/* clang-format off */

FIXTURE(hierarchy) {};

FIXTURE(scoped_domains) {};

/* clang-format on */



FIXTURE_VARIANT(hierarchy)

{

	const bool domain_both;

	const bool domain_parent;

	const bool domain_child;

};



/*

 * Test multiple tracing combinations between a parent process P1 and a child

 * process P2.
@@ -104,155 +97,18 @@ FIXTURE_VARIANT(hierarchy) 
 * restriction is enforced in addition to any Landlock check, which means that

 * all P2 requests to trace P1 would be denied.

 */

#include "scoped_base_variants.h"



/*

 *        No domain

 *

 *   P1-.               P1 -> P2 : allow

 *       \              P2 -> P1 : allow

 *        'P2

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, allow_without_domain) {

	/* clang-format on */

	.domain_both = false,

	.domain_parent = false,

	.domain_child = false,

};



/*

 *        Child domain

 *

 *   P1--.              P1 -> P2 : allow

 *        \             P2 -> P1 : deny

 *        .'-----.

 *        |  P2  |

 *        '------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, allow_with_one_domain) {

	/* clang-format on */

	.domain_both = false,

	.domain_parent = false,

	.domain_child = true,

};



/*

 *        Parent domain

 * .------.

 * |  P1  --.           P1 -> P2 : deny

 * '------'  \          P2 -> P1 : allow

 *            '

 *            P2

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, deny_with_parent_domain) {

	/* clang-format on */

	.domain_both = false,

	.domain_parent = true,

	.domain_child = false,

};



/*

 *        Parent + child domain (siblings)

 * .------.

 * |  P1  ---.          P1 -> P2 : deny

 * '------'   \         P2 -> P1 : deny

 *         .---'--.

 *         |  P2  |

 *         '------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, deny_with_sibling_domain) {

	/* clang-format on */

	.domain_both = false,

	.domain_parent = true,

	.domain_child = true,

};



/*

 *         Same domain (inherited)

 * .-------------.

 * | P1----.     |      P1 -> P2 : allow

 * |        \    |      P2 -> P1 : allow

 * |         '   |

 * |         P2  |

 * '-------------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, allow_sibling_domain) {

	/* clang-format on */

	.domain_both = true,

	.domain_parent = false,

	.domain_child = false,

};



/*

 *         Inherited + child domain

 * .-----------------.

 * |  P1----.        |  P1 -> P2 : allow

 * |         \       |  P2 -> P1 : deny

 * |        .-'----. |

 * |        |  P2  | |

 * |        '------' |

 * '-----------------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, allow_with_nested_domain) {

	/* clang-format on */

	.domain_both = true,

	.domain_parent = false,

	.domain_child = true,

};



/*

 *         Inherited + parent domain

 * .-----------------.

 * |.------.         |  P1 -> P2 : deny

 * ||  P1  ----.     |  P2 -> P1 : allow

 * |'------'    \    |

 * |             '   |

 * |             P2  |

 * '-----------------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, deny_with_nested_and_parent_domain) {

	/* clang-format on */

	.domain_both = true,

	.domain_parent = true,

	.domain_child = false,

};



/*

 *         Inherited + parent and child domain (siblings)

 * .-----------------.

 * | .------.        |  P1 -> P2 : deny

 * | |  P1  .        |  P2 -> P1 : deny

 * | '------'\       |

 * |          \      |

 * |        .--'---. |

 * |        |  P2  | |

 * |        '------' |

 * '-----------------'

 */

/* clang-format off */

FIXTURE_VARIANT_ADD(hierarchy, deny_with_forked_domain) {

	/* clang-format on */

	.domain_both = true,

	.domain_parent = true,

	.domain_child = true,

};



FIXTURE_SETUP(hierarchy)

FIXTURE_SETUP(scoped_domains)

{

}



FIXTURE_TEARDOWN(hierarchy)

FIXTURE_TEARDOWN(scoped_domains)

{

}



/* Test PTRACE_TRACEME and PTRACE_ATTACH for parent and child. */

TEST_F(hierarchy, trace)

TEST_F(scoped_domains, trace)

{

	pid_t child, parent;

	int status, err_proc_read;

tools/testing/selftests/landlock/scoped_base_variants.h

+7 −2
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Landlock scoped_domains variants

 * Landlock scoped_domains test variant definition.

 *

 * See the hierarchy variants from ptrace_test.c

 * This file defines a fixture variant "scoped_domains" that has all

 * permutations of parent/child process being in separate or shared

 * Landlock domain, or not being in a Landlock domain at all.

 *

 * Scoped access tests can include this file to avoid repeating these

 * combinations.

 *

 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>

 * Copyright © 2019-2020 ANSSI