Lines Matching +full:clang +full:- +full:format
1 // SPDX-License-Identifier: GPL-2.0-only
3 * Landlock tests - Network
5 * Copyright © 2022-2023 Huawei Tech. Co., Ltd.
50 srv->protocol = prot; in set_service()
55 srv->port = sock_port_start << (2 * index); in set_service()
60 srv->ipv4_addr.sin_family = prot.domain; in set_service()
61 srv->ipv4_addr.sin_port = htons(srv->port); in set_service()
62 srv->ipv4_addr.sin_addr.s_addr = inet_addr(loopback_ipv4); in set_service()
66 srv->ipv6_addr.sin6_family = prot.domain; in set_service()
67 srv->ipv6_addr.sin6_port = htons(srv->port); in set_service()
68 inet_pton(AF_INET6, loopback_ipv6, &srv->ipv6_addr.sin6_addr); in set_service()
91 return (prot->domain == AF_INET || prot->domain == AF_INET6) && in prot_is_tcp()
92 prot->type == SOCK_STREAM && in prot_is_tcp()
93 (prot->protocol == IPPROTO_TCP || prot->protocol == IPPROTO_IP); in prot_is_tcp()
108 ret = socket(srv->protocol.domain, srv->protocol.type | SOCK_CLOEXEC, in socket_variant()
109 srv->protocol.protocol); in socket_variant()
111 return -errno; in socket_variant()
122 switch (srv->protocol.domain) { in get_addrlen()
125 return sizeof(srv->ipv4_addr); in get_addrlen()
130 return sizeof(srv->ipv6_addr); in get_addrlen()
134 return sizeof(srv->unix_addr) - in get_addrlen()
135 sizeof(srv->unix_addr.sun_path); in get_addrlen()
136 return srv->unix_addr_len; in get_addrlen()
145 switch (srv->protocol.domain) { in set_port()
148 srv->ipv4_addr.sin_port = htons(port); in set_port()
152 srv->ipv6_addr.sin6_port = htons(port); in set_port()
168 switch (prot->domain) { in get_binded_port()
191 switch (srv->protocol.domain) { in bind_variant_addrlen()
194 ret = bind(sock_fd, &srv->ipv4_addr, addrlen); in bind_variant_addrlen()
198 ret = bind(sock_fd, &srv->ipv6_addr, addrlen); in bind_variant_addrlen()
202 ret = bind(sock_fd, &srv->unix_addr, addrlen); in bind_variant_addrlen()
207 return -errno; in bind_variant_addrlen()
211 return -errno; in bind_variant_addrlen()
227 switch (srv->protocol.domain) { in connect_variant_addrlen()
230 ret = connect(sock_fd, &srv->ipv4_addr, addrlen); in connect_variant_addrlen()
234 ret = connect(sock_fd, &srv->ipv6_addr, addrlen); in connect_variant_addrlen()
238 ret = connect(sock_fd, &srv->unix_addr, addrlen); in connect_variant_addrlen()
242 errno = -EAFNOSUPPORT; in connect_variant_addrlen()
243 return -errno; in connect_variant_addrlen()
247 return -errno; in connect_variant_addrlen()
277 ASSERT_EQ(0, set_service(&self->srv0, variant->prot, 0)); in FIXTURE_SETUP()
278 ASSERT_EQ(0, set_service(&self->srv1, variant->prot, 1)); in FIXTURE_SETUP()
279 ASSERT_EQ(0, set_service(&self->srv2, variant->prot, 2)); in FIXTURE_SETUP()
281 ASSERT_EQ(0, set_service(&self->unspec_srv0, prot_unspec, 0)); in FIXTURE_SETUP()
283 ASSERT_EQ(0, set_service(&self->unspec_any0, prot_unspec, 0)); in FIXTURE_SETUP()
284 self->unspec_any0.ipv4_addr.sin_addr.s_addr = htonl(INADDR_ANY); in FIXTURE_SETUP()
293 /* clang-format off */
295 /* clang-format on */ in FIXTURE_VARIANT_ADD()
305 /* clang-format off */
307 /* clang-format on */ in FIXTURE_VARIANT_ADD()
316 /* clang-format off */
318 /* clang-format on */ in FIXTURE_VARIANT_ADD()
327 /* clang-format off */
329 /* clang-format on */ in FIXTURE_VARIANT_ADD()
339 /* clang-format off */
341 /* clang-format on */ in FIXTURE_VARIANT_ADD()
350 /* clang-format off */
352 /* clang-format on */ in FIXTURE_VARIANT_ADD()
361 /* clang-format off */
363 /* clang-format on */ in FIXTURE_VARIANT_ADD()
371 /* clang-format off */
373 /* clang-format on */ in FIXTURE_VARIANT_ADD()
381 /* clang-format off */
383 /* clang-format on */ in FIXTURE_VARIANT_ADD()
391 /* clang-format off */
393 /* clang-format on */ in FIXTURE_VARIANT_ADD()
401 /* clang-format off */
403 /* clang-format on */ in FIXTURE_VARIANT_ADD()
413 /* clang-format off */
415 /* clang-format on */ in FIXTURE_VARIANT_ADD()
424 /* clang-format off */
426 /* clang-format on */ in FIXTURE_VARIANT_ADD()
435 /* clang-format off */
437 /* clang-format on */ in FIXTURE_VARIANT_ADD()
447 /* clang-format off */
449 /* clang-format on */ in FIXTURE_VARIANT_ADD()
458 /* clang-format off */
460 /* clang-format on */ in FIXTURE_VARIANT_ADD()
469 /* clang-format off */
471 /* clang-format on */ in FIXTURE_VARIANT_ADD()
479 /* clang-format off */
481 /* clang-format on */ in FIXTURE_VARIANT_ADD()
489 /* clang-format off */
491 /* clang-format on */ in FIXTURE_VARIANT_ADD()
499 /* clang-format off */
501 /* clang-format on */ in FIXTURE_VARIANT_ADD()
525 EXPECT_EQ(-EINVAL, bind_variant_addrlen(inval_fd, srv, 0)); in test_bind_and_connect()
528 EXPECT_EQ(-EINVAL, bind_variant_addrlen(inval_fd, srv, in test_bind_and_connect()
529 get_addrlen(srv, true) - 1)); in test_bind_and_connect()
534 EXPECT_EQ(-EACCES, ret); in test_bind_and_connect()
548 EXPECT_EQ(-EINVAL, connect_variant_addrlen(inval_fd, srv, 0)); in test_bind_and_connect()
551 EXPECT_EQ(-EINVAL, connect_variant_addrlen(inval_fd, srv, in test_bind_and_connect()
552 get_addrlen(srv, true) - 1)); in test_bind_and_connect()
556 if (srv->protocol.domain == AF_UNIX) { in test_bind_and_connect()
557 EXPECT_EQ(-EINVAL, ret); in test_bind_and_connect()
559 EXPECT_EQ(-EACCES, ret); in test_bind_and_connect()
560 } else if (srv->protocol.type == SOCK_STREAM) { in test_bind_and_connect()
562 EXPECT_EQ(-ECONNREFUSED, ret); in test_bind_and_connect()
578 EXPECT_EQ(-EACCES, ret); in test_bind_and_connect()
583 if (srv->protocol.type == SOCK_STREAM) in test_bind_and_connect()
600 EXPECT_EQ(-EACCES, ret); in test_bind_and_connect()
603 EXPECT_EQ(-ECONNREFUSED, ret); in test_bind_and_connect()
610 _exit(_metadata->exit_code); in test_bind_and_connect()
617 if (srv->protocol.type == SOCK_STREAM) { in test_bind_and_connect()
640 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
648 .port = self->srv0.port, in TEST_F()
652 .port = self->srv1.port, in TEST_F()
675 test_bind_and_connect(_metadata, &self->srv0, false, false); in TEST_F()
678 test_bind_and_connect(_metadata, &self->srv1, in TEST_F()
679 is_restricted(&variant->prot, variant->sandbox), in TEST_F()
683 test_bind_and_connect(_metadata, &self->srv2, in TEST_F()
684 is_restricted(&variant->prot, variant->sandbox), in TEST_F()
685 is_restricted(&variant->prot, variant->sandbox)); in TEST_F()
690 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
698 .port = self->srv0.port, in TEST_F()
702 .port = self->srv1.port, in TEST_F()
724 test_bind_and_connect(_metadata, &self->srv0, false, false); in TEST_F()
726 test_bind_and_connect(_metadata, &self->srv1, false, in TEST_F()
727 is_restricted(&variant->prot, variant->sandbox)); in TEST_F()
729 test_bind_and_connect(_metadata, &self->srv2, in TEST_F()
730 is_restricted(&variant->prot, variant->sandbox), in TEST_F()
731 is_restricted(&variant->prot, variant->sandbox)); in TEST_F()
741 .port = self->srv0.port, in TEST_F()
745 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
758 bind_fd = socket_variant(&self->srv0); in TEST_F()
762 ret = bind_variant(bind_fd, &self->unspec_any0); in TEST_F()
763 if (variant->prot.domain == AF_INET) { in TEST_F()
770 EXPECT_EQ(-EINVAL, ret); in TEST_F()
774 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
784 bind_fd = socket_variant(&self->srv0); in TEST_F()
788 ret = bind_variant(bind_fd, &self->unspec_any0); in TEST_F()
789 if (variant->prot.domain == AF_INET) { in TEST_F()
790 if (is_restricted(&variant->prot, variant->sandbox)) { in TEST_F()
791 EXPECT_EQ(-EACCES, ret); in TEST_F()
796 EXPECT_EQ(-EINVAL, ret); in TEST_F()
801 bind_fd = socket_variant(&self->srv0); in TEST_F()
803 ret = bind_variant(bind_fd, &self->unspec_srv0); in TEST_F()
804 if (variant->prot.domain == AF_INET) { in TEST_F()
805 EXPECT_EQ(-EAFNOSUPPORT, ret); in TEST_F()
807 EXPECT_EQ(-EINVAL, ret) in TEST_F()
822 .port = self->srv0.port, in TEST_F()
828 bind_fd = socket_variant(&self->srv0); in TEST_F()
830 EXPECT_EQ(0, bind_variant(bind_fd, &self->srv0)); in TEST_F()
831 if (self->srv0.protocol.type == SOCK_STREAM) in TEST_F()
842 connect_fd = socket_variant(&self->srv0); in TEST_F()
844 EXPECT_EQ(0, connect_variant(connect_fd, &self->srv0)); in TEST_F()
847 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
848 if (self->srv0.protocol.type == SOCK_STREAM) { in TEST_F()
849 EXPECT_EQ(-EISCONN, ret); in TEST_F()
854 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
868 ret = connect_variant(connect_fd, &self->unspec_any0); in TEST_F()
869 if (self->srv0.protocol.domain == AF_UNIX && in TEST_F()
870 self->srv0.protocol.type == SOCK_STREAM) { in TEST_F()
871 EXPECT_EQ(-EINVAL, ret); in TEST_F()
877 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
878 if (self->srv0.protocol.domain == AF_UNIX && in TEST_F()
879 self->srv0.protocol.type == SOCK_STREAM) { in TEST_F()
880 EXPECT_EQ(-EISCONN, ret); in TEST_F()
885 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
895 ret = connect_variant(connect_fd, &self->unspec_any0); in TEST_F()
896 if (self->srv0.protocol.domain == AF_UNIX && in TEST_F()
897 self->srv0.protocol.type == SOCK_STREAM) { in TEST_F()
898 EXPECT_EQ(-EINVAL, ret); in TEST_F()
905 _exit(_metadata->exit_code); in TEST_F()
910 if (self->srv0.protocol.type == SOCK_STREAM) { in TEST_F()
938 /* clang-format off */
940 /* clang-format on */ in FIXTURE_VARIANT_ADD()
945 /* clang-format off */
947 /* clang-format on */ in FIXTURE_VARIANT_ADD()
952 /* clang-format off */
954 /* clang-format on */ in FIXTURE_VARIANT_ADD()
959 /* clang-format off */
961 /* clang-format on */ in FIXTURE_VARIANT_ADD()
970 .type = variant->type, in FIXTURE_SETUP()
975 set_service(&self->srv0, prot, 0); in FIXTURE_SETUP()
976 set_service(&self->srv1, prot, 1); in FIXTURE_SETUP()
989 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
997 .port = self->srv0.port, in TEST_F()
1022 EXPECT_EQ(-EINVAL, bind_variant(unix_stream_fd, &self->srv0)); in TEST_F()
1023 EXPECT_EQ(-EINVAL, connect_variant(unix_stream_fd, &self->srv0)); in TEST_F()
1026 EXPECT_EQ(-EINVAL, bind_variant(unix_stream_fd, &self->srv1)) in TEST_F()
1030 EXPECT_EQ(-EINVAL, connect_variant(unix_stream_fd, &self->srv1)); in TEST_F()
1033 EXPECT_EQ(-EINVAL, bind_variant(unix_dgram_fd, &self->srv0)); in TEST_F()
1034 EXPECT_EQ(-EINVAL, connect_variant(unix_dgram_fd, &self->srv0)); in TEST_F()
1037 EXPECT_EQ(-EINVAL, bind_variant(unix_dgram_fd, &self->srv1)); in TEST_F()
1038 EXPECT_EQ(-EINVAL, connect_variant(unix_dgram_fd, &self->srv1)); in TEST_F()
1055 .domain = variant->domain, in FIXTURE_SETUP()
1061 ASSERT_EQ(0, set_service(&self->srv0, prot, 0)); in FIXTURE_SETUP()
1062 ASSERT_EQ(0, set_service(&self->srv1, prot, 1)); in FIXTURE_SETUP()
1071 /* clang-format off */
1073 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1078 /* clang-format off */
1080 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1085 /* clang-format off */
1087 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1092 /* clang-format off */
1094 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1099 /* clang-format off */
1101 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1106 /* clang-format off */
1108 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1113 /* clang-format off */
1115 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1120 /* clang-format off */
1122 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1135 .port = self->srv0.port, in TEST_F()
1140 .port = self->srv0.port, in TEST_F()
1143 if (variant->num_layers >= 1) { in TEST_F()
1162 if (variant->num_layers >= 2) { in TEST_F()
1178 if (variant->num_layers >= 3) { in TEST_F()
1198 test_bind_and_connect(_metadata, &self->srv0, false, in TEST_F()
1199 variant->num_layers >= 2); in TEST_F()
1204 if (variant->num_layers >= 1) { in TEST_F()
1211 .port = self->srv0.port, in TEST_F()
1225 if (variant->num_layers >= 2) { in TEST_F()
1235 .port = self->srv0.port, in TEST_F()
1240 .port = self->srv1.port, in TEST_F()
1257 if (variant->num_layers >= 3) { in TEST_F()
1265 .port = self->srv0.port, in TEST_F()
1279 test_bind_and_connect(_metadata, &self->srv0, false, in TEST_F()
1280 variant->num_layers >= 3); in TEST_F()
1282 test_bind_and_connect(_metadata, &self->srv1, variant->num_layers >= 1, in TEST_F()
1283 variant->num_layers >= 2); in TEST_F()
1286 /* clang-format off */
1288 /* clang-format on */
1301 /* clang-format off */
1309 /* clang-format on */
1350 EXPECT_EQ(-1, landlock_create_ruleset(&ruleset_attr, in TEST_F()
1373 EXPECT_EQ(-1, in TEST_F()
1405 EXPECT_EQ(-1, err); in TEST_F()
1438 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1443 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1503 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1507 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1511 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1519 EXPECT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
1543 ASSERT_EQ(0, set_service(&self->srv0, ipv4_tcp, 0)); in FIXTURE_SETUP()
1544 ASSERT_EQ(0, set_service(&self->srv1, ipv4_tcp, 1)); in FIXTURE_SETUP()
1561 /* Host port format. */ in TEST_F()
1562 .port = self->srv0.port, in TEST_F()
1566 /* Big endian port format. */ in TEST_F()
1567 .port = htons(self->srv0.port), in TEST_F()
1572 /* Host port format. */ in TEST_F()
1573 .port = self->srv1.port, in TEST_F()
1591 test_bind_and_connect(_metadata, &self->srv0, false, little_endian); in TEST_F()
1594 test_bind_and_connect(_metadata, &self->srv1, false, false); in TEST_F()
1605 .parent_fd = -1, in TEST_F()
1609 .port = self->srv0.port, in TEST_F()
1638 EXPECT_EQ(-1, dir_fd); in TEST_F()
1644 EXPECT_EQ(0, bind_variant(bind_fd, &self->srv0)); in TEST_F()
1649 EXPECT_EQ(-EACCES, bind_variant(bind_fd, &self->srv1)); in TEST_F()
1663 /* clang-format off */
1665 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1673 /* clang-format off */
1675 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1683 /* clang-format off */
1685 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1693 /* clang-format off */
1695 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1707 ASSERT_EQ(0, set_service(&self->srv0, variant->prot, 0)); in FIXTURE_SETUP()
1722 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
1747 bind_fd = socket_variant(&self->srv0); in TEST_F()
1750 connect_fd = socket_variant(&self->srv0); in TEST_F()
1754 set_port(&self->srv0, 0); in TEST_F()
1759 ret = bind_variant(bind_fd, &self->srv0); in TEST_F()
1765 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
1766 EXPECT_EQ(-ECONNREFUSED, ret); in TEST_F()
1769 port = get_binded_port(bind_fd, &variant->prot); in TEST_F()
1771 set_port(&self->srv0, port); in TEST_F()
1773 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
1774 if (is_restricted(&variant->prot, variant->sandbox)) { in TEST_F()
1776 EXPECT_EQ(-EACCES, ret); in TEST_F()
1790 if (variant->sandbox == TCP_SANDBOX) { in TEST_F()
1824 bind_fd = socket_variant(&self->srv0); in TEST_F()
1827 connect_fd = socket_variant(&self->srv0); in TEST_F()
1831 set_port(&self->srv0, 1023); in TEST_F()
1833 ret = bind_variant(bind_fd, &self->srv0); in TEST_F()
1835 EXPECT_EQ(-EACCES, ret); in TEST_F()
1839 ret = bind_variant(bind_fd, &self->srv0); in TEST_F()
1845 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
1851 bind_fd = socket_variant(&self->srv0); in TEST_F()
1854 connect_fd = socket_variant(&self->srv0); in TEST_F()
1858 set_port(&self->srv0, 1024); in TEST_F()
1860 ret = bind_variant(bind_fd, &self->srv0); in TEST_F()
1865 ret = connect_variant(connect_fd, &self->srv0); in TEST_F()
1890 return -E2BIG; in matches_log_tcp()
1909 /* clang-format off */
1911 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1919 /* clang-format off */
1921 /* clang-format on */ in FIXTURE_VARIANT_ADD()
1931 ASSERT_EQ(0, set_service(&self->srv0, variant->prot, 0)); in FIXTURE_SETUP()
1935 self->audit_fd = audit_init_with_exe_filter(&self->audit_filter); in FIXTURE_SETUP()
1936 EXPECT_LE(0, self->audit_fd); in FIXTURE_SETUP()
1943 EXPECT_EQ(0, audit_cleanup(self->audit_fd, &self->audit_filter)); in FIXTURE_TEARDOWN()
1962 sock_fd = socket_variant(&self->srv0); in TEST_F()
1964 EXPECT_EQ(-EACCES, bind_variant(sock_fd, &self->srv0)); in TEST_F()
1965 EXPECT_EQ(0, matches_log_tcp(self->audit_fd, "net\\.bind_tcp", "saddr", in TEST_F()
1966 variant->addr, "src")); in TEST_F()
1968 EXPECT_EQ(0, audit_count_records(self->audit_fd, &records)); in TEST_F()
1990 sock_fd = socket_variant(&self->srv0); in TEST_F()
1992 EXPECT_EQ(-EACCES, connect_variant(sock_fd, &self->srv0)); in TEST_F()
1993 EXPECT_EQ(0, matches_log_tcp(self->audit_fd, "net\\.connect_tcp", in TEST_F()
1994 "daddr", variant->addr, "dest")); in TEST_F()
1996 EXPECT_EQ(0, audit_count_records(self->audit_fd, &records)); in TEST_F()