1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Copyright (C) 2020 Google LLC. 5 */ 6 7 #include <test_progs.h> 8 #include <sys/wait.h> 9 #include <unistd.h> 10 11 #include "lsm.skel.h" 12 #include "lsm_tailcall.skel.h" 13 14 char *CMD_ARGS[] = {"true", NULL}; 15 16 int exec_cmd(int *monitored_pid) 17 { 18 int child_pid, child_status; 19 20 child_pid = fork(); 21 if (child_pid == 0) { 22 *monitored_pid = getpid(); 23 execvp(CMD_ARGS[0], CMD_ARGS); 24 return -EINVAL; 25 } else if (child_pid > 0) { 26 waitpid(child_pid, &child_status, 0); 27 return child_status; 28 } 29 30 return -EINVAL; 31 } 32 33 static int test_lsm(struct lsm *skel) 34 { 35 struct bpf_link *link; 36 int buf = 1234; 37 int err; 38 39 err = lsm__attach(skel); 40 if (!ASSERT_OK(err, "attach")) 41 return err; 42 43 /* Check that already linked program can't be attached again. */ 44 link = bpf_program__attach(skel->progs.test_int_hook); 45 if (!ASSERT_ERR_PTR(link, "attach_link")) 46 return -1; 47 48 err = exec_cmd(&skel->bss->monitored_pid); 49 if (!ASSERT_OK(err, "exec_cmd")) 50 return err; 51 52 ASSERT_EQ(skel->bss->bprm_count, 1, "bprm_count"); 53 54 skel->bss->monitored_pid = getpid(); 55 56 err = stack_mprotect(); 57 if (!ASSERT_EQ(err, -1, "stack_mprotect") || 58 !ASSERT_EQ(errno, EPERM, "stack_mprotect")) 59 return err; 60 61 ASSERT_EQ(skel->bss->mprotect_count, 1, "mprotect_count"); 62 63 syscall(__NR_setdomainname, &buf, -2L); 64 syscall(__NR_setdomainname, 0, -3L); 65 syscall(__NR_setdomainname, ~0L, -4L); 66 67 ASSERT_EQ(skel->bss->copy_test, 3, "copy_test"); 68 69 lsm__detach(skel); 70 71 skel->bss->copy_test = 0; 72 skel->bss->bprm_count = 0; 73 skel->bss->mprotect_count = 0; 74 return 0; 75 } 76 77 static void test_lsm_basic(void) 78 { 79 struct lsm *skel = NULL; 80 int err; 81 82 skel = lsm__open_and_load(); 83 if (!ASSERT_OK_PTR(skel, "lsm_skel_load")) 84 goto close_prog; 85 86 err = test_lsm(skel); 87 if (!ASSERT_OK(err, "test_lsm_first_attach")) 88 goto close_prog; 89 90 err = test_lsm(skel); 91 ASSERT_OK(err, "test_lsm_second_attach"); 92 93 close_prog: 94 lsm__destroy(skel); 95 } 96 97 static void test_lsm_tailcall(void) 98 { 99 struct lsm_tailcall *skel = NULL; 100 int map_fd, prog_fd; 101 int err, key; 102 103 skel = lsm_tailcall__open_and_load(); 104 if (!ASSERT_OK_PTR(skel, "lsm_tailcall__skel_load")) 105 goto close_prog; 106 107 map_fd = bpf_map__fd(skel->maps.jmp_table); 108 if (CHECK_FAIL(map_fd < 0)) 109 goto close_prog; 110 111 prog_fd = bpf_program__fd(skel->progs.lsm_file_permission_prog); 112 if (CHECK_FAIL(prog_fd < 0)) 113 goto close_prog; 114 115 key = 0; 116 err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY); 117 if (CHECK_FAIL(!err)) 118 goto close_prog; 119 120 prog_fd = bpf_program__fd(skel->progs.lsm_kernfs_init_security_prog); 121 if (CHECK_FAIL(prog_fd < 0)) 122 goto close_prog; 123 124 err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY); 125 if (CHECK_FAIL(err)) 126 goto close_prog; 127 128 close_prog: 129 lsm_tailcall__destroy(skel); 130 } 131 132 void test_test_lsm(void) 133 { 134 if (test__start_subtest("lsm_basic")) 135 test_lsm_basic(); 136 if (test__start_subtest("lsm_tailcall")) 137 test_lsm_tailcall(); 138 } 139