1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Linux Security Module infrastructure tests
4 * Tests for the lsm_list_modules system call
5 *
6 * Copyright © 2022 Casey Schaufler <casey@schaufler-ca.com>
7 */
8
9 #define _GNU_SOURCE
10 #include <linux/lsm.h>
11 #include <string.h>
12 #include <stdio.h>
13 #include <unistd.h>
14 #include <sys/types.h>
15 #include "../kselftest_harness.h"
16 #include "common.h"
17
TEST(size_null_lsm_list_modules)18 TEST(size_null_lsm_list_modules)
19 {
20 const long page_size = sysconf(_SC_PAGESIZE);
21 __u64 *syscall_lsms = calloc(page_size, 1);
22
23 ASSERT_NE(NULL, syscall_lsms);
24 errno = 0;
25 ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, NULL, 0));
26 ASSERT_EQ(EFAULT, errno);
27
28 free(syscall_lsms);
29 }
30
TEST(ids_null_lsm_list_modules)31 TEST(ids_null_lsm_list_modules)
32 {
33 const long page_size = sysconf(_SC_PAGESIZE);
34 __u32 size = page_size;
35
36 errno = 0;
37 ASSERT_EQ(-1, lsm_list_modules(NULL, &size, 0));
38 ASSERT_EQ(EFAULT, errno);
39 ASSERT_NE(1, size);
40 }
41
TEST(size_too_small_lsm_list_modules)42 TEST(size_too_small_lsm_list_modules)
43 {
44 const long page_size = sysconf(_SC_PAGESIZE);
45 __u64 *syscall_lsms = calloc(page_size, 1);
46 __u32 size = 1;
47
48 ASSERT_NE(NULL, syscall_lsms);
49 errno = 0;
50 ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 0));
51 ASSERT_EQ(E2BIG, errno);
52 ASSERT_NE(1, size);
53
54 free(syscall_lsms);
55 }
56
TEST(flags_set_lsm_list_modules)57 TEST(flags_set_lsm_list_modules)
58 {
59 const long page_size = sysconf(_SC_PAGESIZE);
60 __u64 *syscall_lsms = calloc(page_size, 1);
61 __u32 size = page_size;
62
63 ASSERT_NE(NULL, syscall_lsms);
64 errno = 0;
65 ASSERT_EQ(-1, lsm_list_modules(syscall_lsms, &size, 7));
66 ASSERT_EQ(EINVAL, errno);
67 ASSERT_EQ(page_size, size);
68
69 free(syscall_lsms);
70 }
71
TEST(correct_lsm_list_modules)72 TEST(correct_lsm_list_modules)
73 {
74 const long page_size = sysconf(_SC_PAGESIZE);
75 __u32 size = page_size;
76 __u64 *syscall_lsms = calloc(page_size, 1);
77 char *sysfs_lsms = calloc(page_size, 1);
78 char *name;
79 char *cp;
80 int count;
81 int i;
82
83 ASSERT_NE(NULL, sysfs_lsms);
84 ASSERT_NE(NULL, syscall_lsms);
85 ASSERT_EQ(0, read_sysfs_lsms(sysfs_lsms, page_size));
86
87 count = lsm_list_modules(syscall_lsms, &size, 0);
88 ASSERT_LE(1, count);
89 cp = sysfs_lsms;
90 for (i = 0; i < count; i++) {
91 switch (syscall_lsms[i]) {
92 case LSM_ID_CAPABILITY:
93 name = "capability";
94 break;
95 case LSM_ID_SELINUX:
96 name = "selinux";
97 break;
98 case LSM_ID_SMACK:
99 name = "smack";
100 break;
101 case LSM_ID_TOMOYO:
102 name = "tomoyo";
103 break;
104 case LSM_ID_APPARMOR:
105 name = "apparmor";
106 break;
107 case LSM_ID_YAMA:
108 name = "yama";
109 break;
110 case LSM_ID_LOADPIN:
111 name = "loadpin";
112 break;
113 case LSM_ID_SAFESETID:
114 name = "safesetid";
115 break;
116 case LSM_ID_LOCKDOWN:
117 name = "lockdown";
118 break;
119 case LSM_ID_BPF:
120 name = "bpf";
121 break;
122 case LSM_ID_LANDLOCK:
123 name = "landlock";
124 break;
125 case LSM_ID_IMA:
126 name = "ima";
127 break;
128 case LSM_ID_EVM:
129 name = "evm";
130 break;
131 case LSM_ID_IPE:
132 name = "ipe";
133 break;
134 default:
135 name = "INVALID";
136 break;
137 }
138 ASSERT_EQ(0, strncmp(cp, name, strlen(name)));
139 cp += strlen(name) + 1;
140 }
141
142 free(sysfs_lsms);
143 free(syscall_lsms);
144 }
145
146 TEST_HARNESS_MAIN
147