Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp1266979rwe; Sat, 27 Aug 2022 04:40:30 -0700 (PDT) X-Google-Smtp-Source: AA6agR7u9BYUlL3+ZKdOlSf6gI7p0drbPxE77w6JE2ueu+w9Mnrt49F7ccCT5Gq8eA9L7baRYxIh X-Received: by 2002:a05:6402:5210:b0:448:24f0:ba3a with SMTP id s16-20020a056402521000b0044824f0ba3amr1721006edd.321.1661600430047; Sat, 27 Aug 2022 04:40:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661600430; cv=none; d=google.com; s=arc-20160816; b=EoVBnNJVU1HecLGQRQgb1diC8MJYtww056VLPYo9Z/xcfVe6mROmrmJzHj3DnZ+YMx r/wt3m3U+w9hbbhGRtS0MOvAHDRY+ovCBHn/w0zWIRjcCI5uhIwQgZmpmfh13JtPwrL7 RIvstJtO/rJjBWLffiFl/AZCgQeq2M3uwEHGWlAE0uoB3aOS+hmGUajgg/nFgGSrkpzo YugiKa79M3s2HwuvKDt18Ji2pHMw1vMzVIWTSm7AKLKA1CyM8grDXuuDp/XBG2a9Hfc7 TbWOruorfYh+dQ06n3G7WSpL98SNuhWR/HCQJM/3ewKnQFWjHhZ6jaxewCXEPluvSAZQ JOBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=Gz6+DMbCzImVohtAro7MjNcqBpIbo1T3eUFXvwcjvns=; b=igLrfWHs5NL98xVdhP2fnMII50MuTFUYSNXerFxNvw2Q2kggo9NYvXY/KDw94vbKbd GNO9dTeSi/DKXWFc22QVaLVid2Vwr2O3mXwaF/thYQ27SRuUExEQmY9bcqI6jzzMJZYA TY/uXThilg/GzSelRTVn2dkkn2gD50hOqms6K+G0HoR64gGq8FM12NQXMjV7o2M+S+Sq C6tLZeLEA3JMMAJGsgL+2JS6ouYGwk9ra6PwLrSdIDhonoM8D8QbGa/e4ED2IBYM4ODj 2vEZAvtnKJ4wyWbmUEQeCVALCPrSJHP4cCgNe0uBEDagEFnEgd+Bj0oCXkoZJhRfEm/5 fD7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w2-20020a17090652c200b0072b11a2a2afsi2803641ejn.57.2022.08.27.04.40.02; Sat, 27 Aug 2022 04:40:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345467AbiH0LQ2 (ORCPT + 99 others); Sat, 27 Aug 2022 07:16:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234627AbiH0LP5 (ORCPT ); Sat, 27 Aug 2022 07:15:57 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5258F222A4; Sat, 27 Aug 2022 04:15:55 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4MFDY10qwnzYcn5; Sat, 27 Aug 2022 19:11:33 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Sat, 27 Aug 2022 19:15:53 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next v2 4/6] landlock/selftests: add selftests for chmod and chown Date: Sat, 27 Aug 2022 19:12:13 +0800 Message-ID: <20220827111215.131442-5-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220827111215.131442-1-xiujianfeng@huawei.com> References: <20220827111215.131442-1-xiujianfeng@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following APIs are tested with simple scenarios. 1. chmod/fchmod/fchmodat; 2. chmod/fchmod/lchown/fchownat; The key point is that set these access rights on a directory but only for its content, not the directory itself. this scenario is covered. Signed-off-by: Xiu Jianfeng --- tools/testing/selftests/landlock/fs_test.c | 261 +++++++++++++++++++++ 1 file changed, 261 insertions(+) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index f513cd8d9d51..982cb824967c 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -3272,6 +3272,267 @@ TEST_F_FORK(layout1, truncate) EXPECT_EQ(0, test_creat(file_in_dir_w)); } +/* Invokes chmod(2) and returns its errno or 0. */ +static int test_chmod(const char *const path, mode_t mode) +{ + if (chmod(path, mode) < 0) + return errno; + return 0; +} + +/* Invokes fchmod(2) and returns its errno or 0. */ +static int test_fchmod(int fd, mode_t mode) +{ + if (fchmod(fd, mode) < 0) + return errno; + return 0; +} + +/* Invokes fchmodat(2) and returns its errno or 0. */ +static int test_fchmodat(int dirfd, const char *path, mode_t mode, int flags) +{ + if (fchmodat(dirfd, path, mode, flags) < 0) + return errno; + return 0; +} + +/* Invokes chown(2) and returns its errno or 0. */ +static int test_chown(const char *path, uid_t uid, gid_t gid) +{ + if (chown(path, uid, gid) < 0) + return errno; + return 0; +} + +/* Invokes fchown(2) and returns its errno or 0. */ +static int test_fchown(int fd, uid_t uid, gid_t gid) +{ + if (fchown(fd, uid, gid) < 0) + return errno; + return 0; +} + +/* Invokes lchown(2) and returns its errno or 0. */ +static int test_lchown(const char *path, uid_t uid, gid_t gid) +{ + if (lchown(path, uid, gid) < 0) + return errno; + return 0; +} + +/* Invokes fchownat(2) and returns its errno or 0. */ +static int test_fchownat(int dirfd, const char *path, + uid_t uid, gid_t gid, int flags) +{ + if (fchownat(dirfd, path, uid, gid, flags) < 0) + return errno; + return 0; +} + +TEST_F_FORK(layout1, unhandled_chmod) +{ + int ruleset_fd, file1_fd; + const char *file1 = file1_s1d1; + const char *file2 = file2_s1d1; + const char *dir1 = dir_s1d1; + const struct rule rules[] = { + { + .path = file1, + .access = LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = file2, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = dir1, + .access = ACCESS_RW, + }, + {}, + }; + + ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); + ASSERT_LE(0, ruleset_fd); + file1_fd = open(file1, O_WRONLY | O_CLOEXEC); + ASSERT_LE(0, file1_fd); + + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + EXPECT_EQ(0, test_chmod(file1, 0400)); + EXPECT_EQ(0, test_fchmod(file1_fd, 0400)); + EXPECT_EQ(0, test_fchmodat(AT_FDCWD, file1, 0400, 0)); + EXPECT_EQ(0, test_chmod(file2, 0400)); + EXPECT_EQ(0, test_chmod(dir1, 0700)); + ASSERT_EQ(0, close(file1_fd)); +} + +TEST_F_FORK(layout1, chmod) +{ + int ruleset_fd, file1_fd; + const char *file1 = file1_s1d1; + const char *file2 = file2_s1d1; + const char *file3 = file1_s2d1; + const char *dir1 = dir_s1d1; + const char *dir2 = dir_s2d1; + const struct rule rules[] = { + { + .path = file1, + .access = LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_CHMOD, + }, + { + .path = file2, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = dir1, + .access = ACCESS_RW, + }, + { + .path = dir2, + .access = ACCESS_RW | LANDLOCK_ACCESS_FS_CHMOD, + }, + {}, + }; + + ruleset_fd = create_ruleset(_metadata, ACCESS_RW | LANDLOCK_ACCESS_FS_CHMOD, rules); + ASSERT_LE(0, ruleset_fd); + file1_fd = open(file1, O_WRONLY | O_CLOEXEC); + ASSERT_LE(0, file1_fd); + + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + EXPECT_EQ(0, test_chmod(file1, 0400)); + EXPECT_EQ(0, test_fchmod(file1_fd, 0400)); + EXPECT_EQ(0, test_fchmodat(AT_FDCWD, file1, 0400, 0)); + EXPECT_EQ(EACCES, test_chmod(file2, 0400)); + EXPECT_EQ(EACCES, test_chmod(dir1, 0700)); + /* set CHMOD right on dir will only affect its context not dir itself*/ + EXPECT_EQ(0, test_chmod(file3, 0400)); + EXPECT_EQ(0, test_fchmodat(AT_FDCWD, file3, 0400, 0)); + EXPECT_EQ(EACCES, test_chmod(dir2, 0700)); + EXPECT_EQ(EACCES, test_fchmodat(AT_FDCWD, dir2, 0700, 0)); + ASSERT_EQ(0, close(file1_fd)); +} + +TEST_F_FORK(layout1, unhandled_chown) +{ + int ruleset_fd, file1_fd; + const char *file1 = file1_s1d1; + const char *file2 = file2_s1d1; + const char *dir1 = dir_s1d1; + const struct rule rules[] = { + { + .path = file1, + .access = LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = file2, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = dir1, + .access = ACCESS_RW, + }, + {}, + }; + struct stat st; + uid_t uid; + gid_t gid; + + ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); + ASSERT_LE(0, ruleset_fd); + file1_fd = open(file1, O_WRONLY | O_CLOEXEC); + ASSERT_LE(0, file1_fd); + /* + * there is no CAP_CHOWN when the testcases framework setup, + * and we cannot assume the testcases are run as root, to make + * sure {f}chown syscall won't fail, get the original uid/gid and + * use them in test_{f}chown. + */ + ASSERT_EQ(0, stat(dir1, &st)); + uid = st.st_uid; + gid = st.st_gid; + + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + EXPECT_EQ(0, test_chown(file1, uid, gid)); + EXPECT_EQ(0, test_fchown(file1_fd, uid, gid)); + EXPECT_EQ(0, test_lchown(file1, uid, gid)); + EXPECT_EQ(0, test_fchownat(AT_FDCWD, file1, uid, gid, 0)); + EXPECT_EQ(0, test_chown(file2, uid, gid)); + EXPECT_EQ(0, test_chown(dir1, uid, gid)); + ASSERT_EQ(0, close(file1_fd)); +} + +TEST_F_FORK(layout1, chown) +{ + int ruleset_fd, file1_fd; + const char *file1 = file1_s1d1; + const char *file2 = file2_s1d1; + const char *file3 = file1_s2d1; + const char *dir1 = dir_s1d1; + const char *dir2 = dir_s2d1; + const struct rule rules[] = { + { + .path = file1, + .access = LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_CHGRP, + }, + { + .path = file2, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = dir1, + .access = ACCESS_RW, + }, + { + .path = dir2, + .access = ACCESS_RW | LANDLOCK_ACCESS_FS_CHGRP, + }, + {}, + }; + struct stat st; + uid_t uid; + gid_t gid; + + ruleset_fd = create_ruleset(_metadata, ACCESS_RW | LANDLOCK_ACCESS_FS_CHGRP, rules); + ASSERT_LE(0, ruleset_fd); + file1_fd = open(file1, O_WRONLY | O_CLOEXEC); + ASSERT_LE(0, file1_fd); + /* + * there is no CAP_CHOWN when the testcases framework setup, + * and we cannot assume the testcases are run as root, to make + * sure {f}chown syscall won't fail, get the original uid/gid and + * use them in test_{f}chown. + */ + ASSERT_EQ(0, stat(dir1, &st)); + uid = st.st_uid; + gid = st.st_gid; + + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + EXPECT_EQ(0, test_chown(file1, uid, gid)); + EXPECT_EQ(0, test_fchown(file1_fd, uid, gid)); + EXPECT_EQ(0, test_lchown(file1, uid, gid)); + EXPECT_EQ(0, test_fchownat(AT_FDCWD, file1, uid, gid, 0)); + EXPECT_EQ(EACCES, test_chown(file2, uid, gid)); + EXPECT_EQ(EACCES, test_chown(dir1, uid, gid)); + /* set CHOWN right on dir will only affect its context not dir itself*/ + EXPECT_EQ(0, test_chown(file3, uid, gid)); + EXPECT_EQ(EACCES, test_chown(dir2, uid, gid)); + ASSERT_EQ(0, close(file1_fd)); +} + /* clang-format off */ FIXTURE(layout1_bind) {}; /* clang-format on */ -- 2.17.1