Commit 371183fa authored by Mickaël Salaün's avatar Mickaël Salaün

selftests/landlock: Format with clang-format

Let's follow a consistent and documented coding style.  Everything may
not be to our liking but it is better than tacit knowledge.  Moreover,
this will help maintain style consistency between different developers.

This contains only whitespace changes.

Automatically formatted with:
clang-format-14 -i tools/testing/selftests/landlock/*.[ch]

Link: https://lore.kernel.org/r/20220506160513.523257-6-mic@digikod.net
Cc: stable@vger.kernel.org
[mic: Update style according to
https://lore.kernel.org/r/02494cb8-2aa5-1769-f28d-d7206f284e5a@digikod.net]
Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent 135464f9
...@@ -18,10 +18,11 @@ ...@@ -18,10 +18,11 @@
#include "common.h" #include "common.h"
#ifndef O_PATH #ifndef O_PATH
#define O_PATH 010000000 #define O_PATH 010000000
#endif #endif
TEST(inconsistent_attr) { TEST(inconsistent_attr)
{
const long page_size = sysconf(_SC_PAGESIZE); const long page_size = sysconf(_SC_PAGESIZE);
char *const buf = malloc(page_size + 1); char *const buf = malloc(page_size + 1);
struct landlock_ruleset_attr *const ruleset_attr = (void *)buf; struct landlock_ruleset_attr *const ruleset_attr = (void *)buf;
...@@ -39,15 +40,16 @@ TEST(inconsistent_attr) { ...@@ -39,15 +40,16 @@ TEST(inconsistent_attr) {
/* The size if less than sizeof(struct landlock_attr_enforce). */ /* The size if less than sizeof(struct landlock_attr_enforce). */
ASSERT_EQ(EFAULT, errno); ASSERT_EQ(EFAULT, errno);
ASSERT_EQ(-1, landlock_create_ruleset(NULL, ASSERT_EQ(-1, landlock_create_ruleset(
sizeof(struct landlock_ruleset_attr), 0)); NULL, sizeof(struct landlock_ruleset_attr), 0));
ASSERT_EQ(EFAULT, errno); ASSERT_EQ(EFAULT, errno);
ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, page_size + 1, 0)); ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, page_size + 1, 0));
ASSERT_EQ(E2BIG, errno); ASSERT_EQ(E2BIG, errno);
ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, ASSERT_EQ(-1, landlock_create_ruleset(
sizeof(struct landlock_ruleset_attr), 0)); ruleset_attr,
sizeof(struct landlock_ruleset_attr), 0));
ASSERT_EQ(ENOMSG, errno); ASSERT_EQ(ENOMSG, errno);
ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, page_size, 0)); ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, page_size, 0));
ASSERT_EQ(ENOMSG, errno); ASSERT_EQ(ENOMSG, errno);
...@@ -63,32 +65,35 @@ TEST(inconsistent_attr) { ...@@ -63,32 +65,35 @@ TEST(inconsistent_attr) {
free(buf); free(buf);
} }
TEST(abi_version) { TEST(abi_version)
{
const struct landlock_ruleset_attr ruleset_attr = { const struct landlock_ruleset_attr ruleset_attr = {
.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE, .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
}; };
ASSERT_EQ(1, landlock_create_ruleset(NULL, 0, ASSERT_EQ(1, landlock_create_ruleset(NULL, 0,
LANDLOCK_CREATE_RULESET_VERSION)); LANDLOCK_CREATE_RULESET_VERSION));
ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0, ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0,
LANDLOCK_CREATE_RULESET_VERSION)); LANDLOCK_CREATE_RULESET_VERSION));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, landlock_create_ruleset(NULL, sizeof(ruleset_attr), ASSERT_EQ(-1, landlock_create_ruleset(NULL, sizeof(ruleset_attr),
LANDLOCK_CREATE_RULESET_VERSION)); LANDLOCK_CREATE_RULESET_VERSION));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, ASSERT_EQ(-1,
sizeof(ruleset_attr), landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr),
LANDLOCK_CREATE_RULESET_VERSION)); LANDLOCK_CREATE_RULESET_VERSION));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0, ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0,
LANDLOCK_CREATE_RULESET_VERSION | 1 << 31)); LANDLOCK_CREATE_RULESET_VERSION |
1 << 31));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
} }
TEST(inval_create_ruleset_flags) { TEST(inval_create_ruleset_flags)
{
const int last_flag = LANDLOCK_CREATE_RULESET_VERSION; const int last_flag = LANDLOCK_CREATE_RULESET_VERSION;
const int invalid_flag = last_flag << 1; const int invalid_flag = last_flag << 1;
const struct landlock_ruleset_attr ruleset_attr = { const struct landlock_ruleset_attr ruleset_attr = {
...@@ -102,38 +107,42 @@ TEST(inval_create_ruleset_flags) { ...@@ -102,38 +107,42 @@ TEST(inval_create_ruleset_flags) {
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, landlock_create_ruleset(NULL, sizeof(ruleset_attr), ASSERT_EQ(-1, landlock_create_ruleset(NULL, sizeof(ruleset_attr),
invalid_flag)); invalid_flag));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, ASSERT_EQ(-1,
sizeof(ruleset_attr), invalid_flag)); landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr),
invalid_flag));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
} }
TEST(empty_path_beneath_attr) { TEST(empty_path_beneath_attr)
{
const struct landlock_ruleset_attr ruleset_attr = { const struct landlock_ruleset_attr ruleset_attr = {
.handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE, .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE,
}; };
const int ruleset_fd = landlock_create_ruleset(&ruleset_attr, const int ruleset_fd =
sizeof(ruleset_attr), 0); landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
ASSERT_LE(0, ruleset_fd); ASSERT_LE(0, ruleset_fd);
/* Similar to struct landlock_path_beneath_attr.parent_fd = 0 */ /* Similar to struct landlock_path_beneath_attr.parent_fd = 0 */
ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
NULL, 0)); NULL, 0));
ASSERT_EQ(EFAULT, errno); ASSERT_EQ(EFAULT, errno);
ASSERT_EQ(0, close(ruleset_fd)); ASSERT_EQ(0, close(ruleset_fd));
} }
TEST(inval_fd_enforce) { TEST(inval_fd_enforce)
{
ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)); ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
ASSERT_EQ(-1, landlock_restrict_self(-1, 0)); ASSERT_EQ(-1, landlock_restrict_self(-1, 0));
ASSERT_EQ(EBADF, errno); ASSERT_EQ(EBADF, errno);
} }
TEST(unpriv_enforce_without_no_new_privs) { TEST(unpriv_enforce_without_no_new_privs)
{
int err; int err;
drop_caps(_metadata); drop_caps(_metadata);
...@@ -151,8 +160,8 @@ TEST(ruleset_fd_io) ...@@ -151,8 +160,8 @@ TEST(ruleset_fd_io)
char buf; char buf;
drop_caps(_metadata); drop_caps(_metadata);
ruleset_fd = landlock_create_ruleset(&ruleset_attr, ruleset_fd =
sizeof(ruleset_attr), 0); landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
ASSERT_LE(0, ruleset_fd); ASSERT_LE(0, ruleset_fd);
ASSERT_EQ(-1, write(ruleset_fd, ".", 1)); ASSERT_EQ(-1, write(ruleset_fd, ".", 1));
...@@ -197,14 +206,15 @@ TEST(ruleset_fd_transfer) ...@@ -197,14 +206,15 @@ TEST(ruleset_fd_transfer)
drop_caps(_metadata); drop_caps(_metadata);
/* Creates a test ruleset with a simple rule. */ /* Creates a test ruleset with a simple rule. */
ruleset_fd_tx = landlock_create_ruleset(&ruleset_attr, ruleset_fd_tx =
sizeof(ruleset_attr), 0); landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
ASSERT_LE(0, ruleset_fd_tx); ASSERT_LE(0, ruleset_fd_tx);
path_beneath_attr.parent_fd = open("/tmp", O_PATH | O_NOFOLLOW | path_beneath_attr.parent_fd =
O_DIRECTORY | O_CLOEXEC); open("/tmp", O_PATH | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
ASSERT_LE(0, path_beneath_attr.parent_fd); ASSERT_LE(0, path_beneath_attr.parent_fd);
ASSERT_EQ(0, landlock_add_rule(ruleset_fd_tx, LANDLOCK_RULE_PATH_BENEATH, ASSERT_EQ(0,
&path_beneath_attr, 0)); landlock_add_rule(ruleset_fd_tx, LANDLOCK_RULE_PATH_BENEATH,
&path_beneath_attr, 0));
ASSERT_EQ(0, close(path_beneath_attr.parent_fd)); ASSERT_EQ(0, close(path_beneath_attr.parent_fd));
cmsg = CMSG_FIRSTHDR(&msg); cmsg = CMSG_FIRSTHDR(&msg);
...@@ -215,7 +225,8 @@ TEST(ruleset_fd_transfer) ...@@ -215,7 +225,8 @@ TEST(ruleset_fd_transfer)
memcpy(CMSG_DATA(cmsg), &ruleset_fd_tx, sizeof(ruleset_fd_tx)); memcpy(CMSG_DATA(cmsg), &ruleset_fd_tx, sizeof(ruleset_fd_tx));
/* Sends the ruleset FD over a socketpair and then close it. */ /* Sends the ruleset FD over a socketpair and then close it. */
ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, socket_fds)); ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0,
socket_fds));
ASSERT_EQ(sizeof(data_tx), sendmsg(socket_fds[0], &msg, 0)); ASSERT_EQ(sizeof(data_tx), sendmsg(socket_fds[0], &msg, 0));
ASSERT_EQ(0, close(socket_fds[0])); ASSERT_EQ(0, close(socket_fds[0]));
ASSERT_EQ(0, close(ruleset_fd_tx)); ASSERT_EQ(0, close(ruleset_fd_tx));
...@@ -226,7 +237,8 @@ TEST(ruleset_fd_transfer) ...@@ -226,7 +237,8 @@ TEST(ruleset_fd_transfer)
int ruleset_fd_rx; int ruleset_fd_rx;
*(char *)msg.msg_iov->iov_base = '\0'; *(char *)msg.msg_iov->iov_base = '\0';
ASSERT_EQ(sizeof(data_tx), recvmsg(socket_fds[1], &msg, MSG_CMSG_CLOEXEC)); ASSERT_EQ(sizeof(data_tx),
recvmsg(socket_fds[1], &msg, MSG_CMSG_CLOEXEC));
ASSERT_EQ('.', *(char *)msg.msg_iov->iov_base); ASSERT_EQ('.', *(char *)msg.msg_iov->iov_base);
ASSERT_EQ(0, close(socket_fds[1])); ASSERT_EQ(0, close(socket_fds[1]));
cmsg = CMSG_FIRSTHDR(&msg); cmsg = CMSG_FIRSTHDR(&msg);
......
...@@ -75,9 +75,9 @@ ...@@ -75,9 +75,9 @@
/* clang-format on */ /* clang-format on */
#ifndef landlock_create_ruleset #ifndef landlock_create_ruleset
static inline int landlock_create_ruleset( static inline int
const struct landlock_ruleset_attr *const attr, landlock_create_ruleset(const struct landlock_ruleset_attr *const attr,
const size_t size, const __u32 flags) const size_t size, const __u32 flags)
{ {
return syscall(__NR_landlock_create_ruleset, attr, size, flags); return syscall(__NR_landlock_create_ruleset, attr, size, flags);
} }
...@@ -85,17 +85,18 @@ static inline int landlock_create_ruleset( ...@@ -85,17 +85,18 @@ static inline int landlock_create_ruleset(
#ifndef landlock_add_rule #ifndef landlock_add_rule
static inline int landlock_add_rule(const int ruleset_fd, static inline int landlock_add_rule(const int ruleset_fd,
const enum landlock_rule_type rule_type, const enum landlock_rule_type rule_type,
const void *const rule_attr, const __u32 flags) const void *const rule_attr,
const __u32 flags)
{ {
return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr,
rule_attr, flags); flags);
} }
#endif #endif
#ifndef landlock_restrict_self #ifndef landlock_restrict_self
static inline int landlock_restrict_self(const int ruleset_fd, static inline int landlock_restrict_self(const int ruleset_fd,
const __u32 flags) const __u32 flags)
{ {
return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
} }
...@@ -113,69 +114,76 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all) ...@@ -113,69 +114,76 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all)
}; };
cap_p = cap_get_proc(); cap_p = cap_get_proc();
EXPECT_NE(NULL, cap_p) { EXPECT_NE(NULL, cap_p)
{
TH_LOG("Failed to cap_get_proc: %s", strerror(errno)); TH_LOG("Failed to cap_get_proc: %s", strerror(errno));
} }
EXPECT_NE(-1, cap_clear(cap_p)) { EXPECT_NE(-1, cap_clear(cap_p))
{
TH_LOG("Failed to cap_clear: %s", strerror(errno)); TH_LOG("Failed to cap_clear: %s", strerror(errno));
} }
if (!drop_all) { if (!drop_all) {
EXPECT_NE(-1, cap_set_flag(cap_p, CAP_PERMITTED, EXPECT_NE(-1, cap_set_flag(cap_p, CAP_PERMITTED,
ARRAY_SIZE(caps), caps, CAP_SET)) { ARRAY_SIZE(caps), caps, CAP_SET))
{
TH_LOG("Failed to cap_set_flag: %s", strerror(errno)); TH_LOG("Failed to cap_set_flag: %s", strerror(errno));
} }
} }
EXPECT_NE(-1, cap_set_proc(cap_p)) { EXPECT_NE(-1, cap_set_proc(cap_p))
{
TH_LOG("Failed to cap_set_proc: %s", strerror(errno)); TH_LOG("Failed to cap_set_proc: %s", strerror(errno));
} }
EXPECT_NE(-1, cap_free(cap_p)) { EXPECT_NE(-1, cap_free(cap_p))
{
TH_LOG("Failed to cap_free: %s", strerror(errno)); TH_LOG("Failed to cap_free: %s", strerror(errno));
} }
} }
/* We cannot put such helpers in a library because of kselftest_harness.h . */ /* We cannot put such helpers in a library because of kselftest_harness.h . */
__attribute__((__unused__)) __attribute__((__unused__)) static void
static void disable_caps(struct __test_metadata *const _metadata) disable_caps(struct __test_metadata *const _metadata)
{ {
_init_caps(_metadata, false); _init_caps(_metadata, false);
} }
__attribute__((__unused__)) __attribute__((__unused__)) static void
static void drop_caps(struct __test_metadata *const _metadata) drop_caps(struct __test_metadata *const _metadata)
{ {
_init_caps(_metadata, true); _init_caps(_metadata, true);
} }
static void _effective_cap(struct __test_metadata *const _metadata, static void _effective_cap(struct __test_metadata *const _metadata,
const cap_value_t caps, const cap_flag_value_t value) const cap_value_t caps, const cap_flag_value_t value)
{ {
cap_t cap_p; cap_t cap_p;
cap_p = cap_get_proc(); cap_p = cap_get_proc();
EXPECT_NE(NULL, cap_p) { EXPECT_NE(NULL, cap_p)
{
TH_LOG("Failed to cap_get_proc: %s", strerror(errno)); TH_LOG("Failed to cap_get_proc: %s", strerror(errno));
} }
EXPECT_NE(-1, cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &caps, value)) { EXPECT_NE(-1, cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &caps, value))
{
TH_LOG("Failed to cap_set_flag: %s", strerror(errno)); TH_LOG("Failed to cap_set_flag: %s", strerror(errno));
} }
EXPECT_NE(-1, cap_set_proc(cap_p)) { EXPECT_NE(-1, cap_set_proc(cap_p))
{
TH_LOG("Failed to cap_set_proc: %s", strerror(errno)); TH_LOG("Failed to cap_set_proc: %s", strerror(errno));
} }
EXPECT_NE(-1, cap_free(cap_p)) { EXPECT_NE(-1, cap_free(cap_p))
{
TH_LOG("Failed to cap_free: %s", strerror(errno)); TH_LOG("Failed to cap_free: %s", strerror(errno));
} }
} }
__attribute__((__unused__)) __attribute__((__unused__)) static void
static void set_cap(struct __test_metadata *const _metadata, set_cap(struct __test_metadata *const _metadata, const cap_value_t caps)
const cap_value_t caps)
{ {
_effective_cap(_metadata, caps, CAP_SET); _effective_cap(_metadata, caps, CAP_SET);
} }
__attribute__((__unused__)) __attribute__((__unused__)) static void
static void clear_cap(struct __test_metadata *const _metadata, clear_cap(struct __test_metadata *const _metadata, const cap_value_t caps)
const cap_value_t caps)
{ {
_effective_cap(_metadata, caps, CAP_CLEAR); _effective_cap(_metadata, caps, CAP_CLEAR);
} }
This diff is collapsed.
...@@ -26,9 +26,10 @@ static void create_domain(struct __test_metadata *const _metadata) ...@@ -26,9 +26,10 @@ static void create_domain(struct __test_metadata *const _metadata)
.handled_access_fs = LANDLOCK_ACCESS_FS_MAKE_BLOCK, .handled_access_fs = LANDLOCK_ACCESS_FS_MAKE_BLOCK,
}; };
ruleset_fd = landlock_create_ruleset(&ruleset_attr, ruleset_fd =
sizeof(ruleset_attr), 0); landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
EXPECT_LE(0, ruleset_fd) { EXPECT_LE(0, ruleset_fd)
{
TH_LOG("Failed to create a ruleset: %s", strerror(errno)); TH_LOG("Failed to create a ruleset: %s", strerror(errno));
} }
EXPECT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)); EXPECT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
...@@ -43,7 +44,7 @@ static int test_ptrace_read(const pid_t pid) ...@@ -43,7 +44,7 @@ static int test_ptrace_read(const pid_t pid)
int procenv_path_size, fd; int procenv_path_size, fd;
procenv_path_size = snprintf(procenv_path, sizeof(procenv_path), procenv_path_size = snprintf(procenv_path, sizeof(procenv_path),
path_template, pid); path_template, pid);
if (procenv_path_size >= sizeof(procenv_path)) if (procenv_path_size >= sizeof(procenv_path))
return E2BIG; return E2BIG;
...@@ -63,7 +64,8 @@ static int test_ptrace_read(const pid_t pid) ...@@ -63,7 +64,8 @@ static int test_ptrace_read(const pid_t pid)
FIXTURE(hierarchy) {}; FIXTURE(hierarchy) {};
/* clang-format on */ /* clang-format on */
FIXTURE_VARIANT(hierarchy) { FIXTURE_VARIANT(hierarchy)
{
const bool domain_both; const bool domain_both;
const bool domain_parent; const bool domain_parent;
const bool domain_child; const bool domain_child;
...@@ -217,10 +219,12 @@ FIXTURE_VARIANT_ADD(hierarchy, deny_with_forked_domain) { ...@@ -217,10 +219,12 @@ FIXTURE_VARIANT_ADD(hierarchy, deny_with_forked_domain) {
}; };
FIXTURE_SETUP(hierarchy) FIXTURE_SETUP(hierarchy)
{ } {
}
FIXTURE_TEARDOWN(hierarchy) FIXTURE_TEARDOWN(hierarchy)
{ } {
}
/* Test PTRACE_TRACEME and PTRACE_ATTACH for parent and child. */ /* Test PTRACE_TRACEME and PTRACE_ATTACH for parent and child. */
TEST_F(hierarchy, trace) TEST_F(hierarchy, trace)
...@@ -348,7 +352,7 @@ TEST_F(hierarchy, trace) ...@@ -348,7 +352,7 @@ TEST_F(hierarchy, trace)
ASSERT_EQ(1, write(pipe_parent[1], ".", 1)); ASSERT_EQ(1, write(pipe_parent[1], ".", 1));
ASSERT_EQ(child, waitpid(child, &status, 0)); ASSERT_EQ(child, waitpid(child, &status, 0));
if (WIFSIGNALED(status) || !WIFEXITED(status) || if (WIFSIGNALED(status) || !WIFEXITED(status) ||
WEXITSTATUS(status) != EXIT_SUCCESS) WEXITSTATUS(status) != EXIT_SUCCESS)
_metadata->passed = 0; _metadata->passed = 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment