1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * Landlock scoped_domains variants
4 *
5 * See the hierarchy variants from ptrace_test.c
6 *
7 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
8 * Copyright © 2019-2020 ANSSI
9 * Copyright © 2024 Tahera Fahimi <fahimitahera@gmail.com>
10 */
11
12 /* clang-format on */
FIXTURE_VARIANT(scoped_domains)13 FIXTURE_VARIANT(scoped_domains)
14 {
15 bool domain_both;
16 bool domain_parent;
17 bool domain_child;
18 };
19
20 /*
21 * No domain
22 *
23 * P1-. P1 -> P2 : allow
24 * \ P2 -> P1 : allow
25 * 'P2
26 */
27 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,without_domain)28 FIXTURE_VARIANT_ADD(scoped_domains, without_domain) {
29 /* clang-format on */
30 .domain_both = false,
31 .domain_parent = false,
32 .domain_child = false,
33 };
34
35 /*
36 * Child domain
37 *
38 * P1--. P1 -> P2 : allow
39 * \ P2 -> P1 : deny
40 * .'-----.
41 * | P2 |
42 * '------'
43 */
44 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,child_domain)45 FIXTURE_VARIANT_ADD(scoped_domains, child_domain) {
46 /* clang-format on */
47 .domain_both = false,
48 .domain_parent = false,
49 .domain_child = true,
50 };
51
52 /*
53 * Parent domain
54 * .------.
55 * | P1 --. P1 -> P2 : deny
56 * '------' \ P2 -> P1 : allow
57 * '
58 * P2
59 */
60 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,parent_domain)61 FIXTURE_VARIANT_ADD(scoped_domains, parent_domain) {
62 /* clang-format on */
63 .domain_both = false,
64 .domain_parent = true,
65 .domain_child = false,
66 };
67
68 /*
69 * Parent + child domain (siblings)
70 * .------.
71 * | P1 ---. P1 -> P2 : deny
72 * '------' \ P2 -> P1 : deny
73 * .---'--.
74 * | P2 |
75 * '------'
76 */
77 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,sibling_domain)78 FIXTURE_VARIANT_ADD(scoped_domains, sibling_domain) {
79 /* clang-format on */
80 .domain_both = false,
81 .domain_parent = true,
82 .domain_child = true,
83 };
84
85 /*
86 * Same domain (inherited)
87 * .-------------.
88 * | P1----. | P1 -> P2 : allow
89 * | \ | P2 -> P1 : allow
90 * | ' |
91 * | P2 |
92 * '-------------'
93 */
94 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,inherited_domain)95 FIXTURE_VARIANT_ADD(scoped_domains, inherited_domain) {
96 /* clang-format on */
97 .domain_both = true,
98 .domain_parent = false,
99 .domain_child = false,
100 };
101
102 /*
103 * Inherited + child domain
104 * .-----------------.
105 * | P1----. | P1 -> P2 : allow
106 * | \ | P2 -> P1 : deny
107 * | .-'----. |
108 * | | P2 | |
109 * | '------' |
110 * '-----------------'
111 */
112 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,nested_domain)113 FIXTURE_VARIANT_ADD(scoped_domains, nested_domain) {
114 /* clang-format on */
115 .domain_both = true,
116 .domain_parent = false,
117 .domain_child = true,
118 };
119
120 /*
121 * Inherited + parent domain
122 * .-----------------.
123 * |.------. | P1 -> P2 : deny
124 * || P1 ----. | P2 -> P1 : allow
125 * |'------' \ |
126 * | ' |
127 * | P2 |
128 * '-----------------'
129 */
130 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,nested_and_parent_domain)131 FIXTURE_VARIANT_ADD(scoped_domains, nested_and_parent_domain) {
132 /* clang-format on */
133 .domain_both = true,
134 .domain_parent = true,
135 .domain_child = false,
136 };
137
138 /*
139 * Inherited + parent and child domain (siblings)
140 * .-----------------.
141 * | .------. | P1 -> P2 : deny
142 * | | P1 . | P2 -> P1 : deny
143 * | '------'\ |
144 * | \ |
145 * | .--'---. |
146 * | | P2 | |
147 * | '------' |
148 * '-----------------'
149 */
150 /* clang-format off */
FIXTURE_VARIANT_ADD(scoped_domains,forked_domains)151 FIXTURE_VARIANT_ADD(scoped_domains, forked_domains) {
152 /* clang-format on */
153 .domain_both = true,
154 .domain_parent = true,
155 .domain_child = true,
156 };
157