1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * KUnit tests for AppArmor's policy unpack. 4 */ 5 6 #include <kunit/test.h> 7 #include <kunit/visibility.h> 8 9 #include "include/policy.h" 10 #include "include/policy_unpack.h" 11 12 #define TEST_STRING_NAME "TEST_STRING" 13 #define TEST_STRING_DATA "testing" 14 #define TEST_STRING_BUF_OFFSET \ 15 (3 + strlen(TEST_STRING_NAME) + 1) 16 17 #define TEST_U32_NAME "U32_TEST" 18 #define TEST_U32_DATA ((u32)0x01020304) 19 #define TEST_NAMED_U32_BUF_OFFSET \ 20 (TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1) 21 #define TEST_U32_BUF_OFFSET \ 22 (TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1) 23 24 #define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3) 25 #define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16)) 26 27 #define TEST_U64_NAME "U64_TEST" 28 #define TEST_U64_DATA ((u64)0x0102030405060708) 29 #define TEST_NAMED_U64_BUF_OFFSET (TEST_U32_BUF_OFFSET + sizeof(u32) + 1) 30 #define TEST_U64_BUF_OFFSET \ 31 (TEST_NAMED_U64_BUF_OFFSET + 3 + strlen(TEST_U64_NAME) + 1) 32 33 #define TEST_BLOB_NAME "BLOB_TEST" 34 #define TEST_BLOB_DATA "\xde\xad\x00\xbe\xef" 35 #define TEST_BLOB_DATA_SIZE (ARRAY_SIZE(TEST_BLOB_DATA)) 36 #define TEST_NAMED_BLOB_BUF_OFFSET (TEST_U64_BUF_OFFSET + sizeof(u64) + 1) 37 #define TEST_BLOB_BUF_OFFSET \ 38 (TEST_NAMED_BLOB_BUF_OFFSET + 3 + strlen(TEST_BLOB_NAME) + 1) 39 40 #define TEST_ARRAY_NAME "ARRAY_TEST" 41 #define TEST_ARRAY_SIZE 16 42 #define TEST_NAMED_ARRAY_BUF_OFFSET \ 43 (TEST_BLOB_BUF_OFFSET + 5 + TEST_BLOB_DATA_SIZE) 44 #define TEST_ARRAY_BUF_OFFSET \ 45 (TEST_NAMED_ARRAY_BUF_OFFSET + 3 + strlen(TEST_ARRAY_NAME) + 1) 46 47 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); 48 49 struct policy_unpack_fixture { 50 struct aa_ext *e; 51 size_t e_size; 52 }; 53 54 static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf, 55 struct kunit *test, size_t buf_size) 56 { 57 char *buf; 58 struct aa_ext *e; 59 60 buf = kunit_kzalloc(test, buf_size, GFP_USER); 61 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf); 62 63 e = kunit_kmalloc(test, sizeof(*e), GFP_USER); 64 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e); 65 66 e->start = buf; 67 e->end = e->start + buf_size; 68 e->pos = e->start; 69 70 *buf = AA_NAME; 71 *(buf + 1) = strlen(TEST_STRING_NAME) + 1; 72 strcpy(buf + 3, TEST_STRING_NAME); 73 74 buf = e->start + TEST_STRING_BUF_OFFSET; 75 *buf = AA_STRING; 76 *(buf + 1) = strlen(TEST_STRING_DATA) + 1; 77 strcpy(buf + 3, TEST_STRING_DATA); 78 79 buf = e->start + TEST_NAMED_U32_BUF_OFFSET; 80 *buf = AA_NAME; 81 *(buf + 1) = strlen(TEST_U32_NAME) + 1; 82 strcpy(buf + 3, TEST_U32_NAME); 83 *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32; 84 *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA; 85 86 buf = e->start + TEST_NAMED_U64_BUF_OFFSET; 87 *buf = AA_NAME; 88 *(buf + 1) = strlen(TEST_U64_NAME) + 1; 89 strcpy(buf + 3, TEST_U64_NAME); 90 *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64; 91 *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA; 92 93 buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET; 94 *buf = AA_NAME; 95 *(buf + 1) = strlen(TEST_BLOB_NAME) + 1; 96 strcpy(buf + 3, TEST_BLOB_NAME); 97 *(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB; 98 *(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE; 99 memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6, 100 TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE); 101 102 buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET; 103 *buf = AA_NAME; 104 *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1; 105 strcpy(buf + 3, TEST_ARRAY_NAME); 106 *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY; 107 *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE; 108 109 return e; 110 } 111 112 static int policy_unpack_test_init(struct kunit *test) 113 { 114 size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1; 115 struct policy_unpack_fixture *puf; 116 117 puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER); 118 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf); 119 120 puf->e_size = e_size; 121 puf->e = build_aa_ext_struct(puf, test, e_size); 122 123 test->priv = puf; 124 return 0; 125 } 126 127 static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test) 128 { 129 struct policy_unpack_fixture *puf = test->priv; 130 131 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, 0)); 132 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size / 2)); 133 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size)); 134 } 135 136 static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test) 137 { 138 struct policy_unpack_fixture *puf = test->priv; 139 140 KUNIT_EXPECT_FALSE(test, aa_inbounds(puf->e, puf->e_size + 1)); 141 } 142 143 static void policy_unpack_test_unpack_array_with_null_name(struct kunit *test) 144 { 145 struct policy_unpack_fixture *puf = test->priv; 146 u16 array_size; 147 148 puf->e->pos += TEST_ARRAY_BUF_OFFSET; 149 150 array_size = aa_unpack_array(puf->e, NULL); 151 152 KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE); 153 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 154 puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1); 155 } 156 157 static void policy_unpack_test_unpack_array_with_name(struct kunit *test) 158 { 159 struct policy_unpack_fixture *puf = test->priv; 160 const char name[] = TEST_ARRAY_NAME; 161 u16 array_size; 162 163 puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET; 164 165 array_size = aa_unpack_array(puf->e, name); 166 167 KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE); 168 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 169 puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1); 170 } 171 172 static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test) 173 { 174 struct policy_unpack_fixture *puf = test->priv; 175 const char name[] = TEST_ARRAY_NAME; 176 u16 array_size; 177 178 puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET; 179 puf->e->end = puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16); 180 181 array_size = aa_unpack_array(puf->e, name); 182 183 KUNIT_EXPECT_EQ(test, array_size, 0); 184 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 185 puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET); 186 } 187 188 static void policy_unpack_test_unpack_blob_with_null_name(struct kunit *test) 189 { 190 struct policy_unpack_fixture *puf = test->priv; 191 char *blob = NULL; 192 size_t size; 193 194 puf->e->pos += TEST_BLOB_BUF_OFFSET; 195 size = aa_unpack_blob(puf->e, &blob, NULL); 196 197 KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE); 198 KUNIT_EXPECT_TRUE(test, 199 memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0); 200 } 201 202 static void policy_unpack_test_unpack_blob_with_name(struct kunit *test) 203 { 204 struct policy_unpack_fixture *puf = test->priv; 205 char *blob = NULL; 206 size_t size; 207 208 puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET; 209 size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME); 210 211 KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE); 212 KUNIT_EXPECT_TRUE(test, 213 memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0); 214 } 215 216 static void policy_unpack_test_unpack_blob_out_of_bounds(struct kunit *test) 217 { 218 struct policy_unpack_fixture *puf = test->priv; 219 char *blob = NULL; 220 void *start; 221 int size; 222 223 puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET; 224 start = puf->e->pos; 225 puf->e->end = puf->e->start + TEST_BLOB_BUF_OFFSET 226 + TEST_BLOB_DATA_SIZE - 1; 227 228 size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME); 229 230 KUNIT_EXPECT_EQ(test, size, 0); 231 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start); 232 } 233 234 static void policy_unpack_test_unpack_str_with_null_name(struct kunit *test) 235 { 236 struct policy_unpack_fixture *puf = test->priv; 237 const char *string = NULL; 238 size_t size; 239 240 puf->e->pos += TEST_STRING_BUF_OFFSET; 241 size = aa_unpack_str(puf->e, &string, NULL); 242 243 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1); 244 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA); 245 } 246 247 static void policy_unpack_test_unpack_str_with_name(struct kunit *test) 248 { 249 struct policy_unpack_fixture *puf = test->priv; 250 const char *string = NULL; 251 size_t size; 252 253 size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME); 254 255 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1); 256 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA); 257 } 258 259 static void policy_unpack_test_unpack_str_out_of_bounds(struct kunit *test) 260 { 261 struct policy_unpack_fixture *puf = test->priv; 262 const char *string = NULL; 263 void *start = puf->e->pos; 264 int size; 265 266 puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET 267 + strlen(TEST_STRING_DATA) - 1; 268 269 size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME); 270 271 KUNIT_EXPECT_EQ(test, size, 0); 272 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start); 273 } 274 275 static void policy_unpack_test_unpack_strdup_with_null_name(struct kunit *test) 276 { 277 struct policy_unpack_fixture *puf = test->priv; 278 char *string = NULL; 279 size_t size; 280 281 puf->e->pos += TEST_STRING_BUF_OFFSET; 282 size = aa_unpack_strdup(puf->e, &string, NULL); 283 284 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1); 285 KUNIT_EXPECT_FALSE(test, 286 ((uintptr_t)puf->e->start <= (uintptr_t)string) 287 && ((uintptr_t)string <= (uintptr_t)puf->e->end)); 288 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA); 289 } 290 291 static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test) 292 { 293 struct policy_unpack_fixture *puf = test->priv; 294 char *string = NULL; 295 size_t size; 296 297 size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME); 298 299 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1); 300 KUNIT_EXPECT_FALSE(test, 301 ((uintptr_t)puf->e->start <= (uintptr_t)string) 302 && ((uintptr_t)string <= (uintptr_t)puf->e->end)); 303 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA); 304 } 305 306 static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test) 307 { 308 struct policy_unpack_fixture *puf = test->priv; 309 void *start = puf->e->pos; 310 char *string = NULL; 311 int size; 312 313 puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET 314 + strlen(TEST_STRING_DATA) - 1; 315 316 size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME); 317 318 KUNIT_EXPECT_EQ(test, size, 0); 319 KUNIT_EXPECT_NULL(test, string); 320 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start); 321 } 322 323 static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test) 324 { 325 struct policy_unpack_fixture *puf = test->priv; 326 bool success; 327 328 puf->e->pos += TEST_U32_BUF_OFFSET; 329 330 success = aa_unpack_nameX(puf->e, AA_U32, NULL); 331 332 KUNIT_EXPECT_TRUE(test, success); 333 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 334 puf->e->start + TEST_U32_BUF_OFFSET + 1); 335 } 336 337 static void policy_unpack_test_unpack_nameX_with_wrong_code(struct kunit *test) 338 { 339 struct policy_unpack_fixture *puf = test->priv; 340 bool success; 341 342 puf->e->pos += TEST_U32_BUF_OFFSET; 343 344 success = aa_unpack_nameX(puf->e, AA_BLOB, NULL); 345 346 KUNIT_EXPECT_FALSE(test, success); 347 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 348 puf->e->start + TEST_U32_BUF_OFFSET); 349 } 350 351 static void policy_unpack_test_unpack_nameX_with_name(struct kunit *test) 352 { 353 struct policy_unpack_fixture *puf = test->priv; 354 const char name[] = TEST_U32_NAME; 355 bool success; 356 357 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET; 358 359 success = aa_unpack_nameX(puf->e, AA_U32, name); 360 361 KUNIT_EXPECT_TRUE(test, success); 362 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 363 puf->e->start + TEST_U32_BUF_OFFSET + 1); 364 } 365 366 static void policy_unpack_test_unpack_nameX_with_wrong_name(struct kunit *test) 367 { 368 struct policy_unpack_fixture *puf = test->priv; 369 static const char name[] = "12345678"; 370 bool success; 371 372 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET; 373 374 success = aa_unpack_nameX(puf->e, AA_U32, name); 375 376 KUNIT_EXPECT_FALSE(test, success); 377 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 378 puf->e->start + TEST_NAMED_U32_BUF_OFFSET); 379 } 380 381 static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test) 382 { 383 struct policy_unpack_fixture *puf = test->priv; 384 char *chunk = NULL; 385 size_t size; 386 387 puf->e->pos += TEST_U16_OFFSET; 388 /* 389 * WARNING: For unit testing purposes, we're pushing puf->e->end past 390 * the end of the allocated memory. Doing anything other than comparing 391 * memory addresses is dangerous. 392 */ 393 puf->e->end += TEST_U16_DATA; 394 395 size = aa_unpack_u16_chunk(puf->e, &chunk); 396 397 KUNIT_EXPECT_PTR_EQ(test, chunk, 398 puf->e->start + TEST_U16_OFFSET + 2); 399 KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA); 400 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA)); 401 } 402 403 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1( 404 struct kunit *test) 405 { 406 struct policy_unpack_fixture *puf = test->priv; 407 char *chunk = NULL; 408 size_t size; 409 410 puf->e->pos = puf->e->end - 1; 411 412 size = aa_unpack_u16_chunk(puf->e, &chunk); 413 414 KUNIT_EXPECT_EQ(test, size, 0); 415 KUNIT_EXPECT_NULL(test, chunk); 416 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1); 417 } 418 419 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2( 420 struct kunit *test) 421 { 422 struct policy_unpack_fixture *puf = test->priv; 423 char *chunk = NULL; 424 size_t size; 425 426 puf->e->pos += TEST_U16_OFFSET; 427 /* 428 * WARNING: For unit testing purposes, we're pushing puf->e->end past 429 * the end of the allocated memory. Doing anything other than comparing 430 * memory addresses is dangerous. 431 */ 432 puf->e->end = puf->e->pos + TEST_U16_DATA - 1; 433 434 size = aa_unpack_u16_chunk(puf->e, &chunk); 435 436 KUNIT_EXPECT_EQ(test, size, 0); 437 KUNIT_EXPECT_NULL(test, chunk); 438 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET); 439 } 440 441 static void policy_unpack_test_unpack_u32_with_null_name(struct kunit *test) 442 { 443 struct policy_unpack_fixture *puf = test->priv; 444 bool success; 445 u32 data = 0; 446 447 puf->e->pos += TEST_U32_BUF_OFFSET; 448 449 success = aa_unpack_u32(puf->e, &data, NULL); 450 451 KUNIT_EXPECT_TRUE(test, success); 452 KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA); 453 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 454 puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1); 455 } 456 457 static void policy_unpack_test_unpack_u32_with_name(struct kunit *test) 458 { 459 struct policy_unpack_fixture *puf = test->priv; 460 const char name[] = TEST_U32_NAME; 461 bool success; 462 u32 data = 0; 463 464 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET; 465 466 success = aa_unpack_u32(puf->e, &data, name); 467 468 KUNIT_EXPECT_TRUE(test, success); 469 KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA); 470 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 471 puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1); 472 } 473 474 static void policy_unpack_test_unpack_u32_out_of_bounds(struct kunit *test) 475 { 476 struct policy_unpack_fixture *puf = test->priv; 477 const char name[] = TEST_U32_NAME; 478 bool success; 479 u32 data = 0; 480 481 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET; 482 puf->e->end = puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32); 483 484 success = aa_unpack_u32(puf->e, &data, name); 485 486 KUNIT_EXPECT_FALSE(test, success); 487 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 488 puf->e->start + TEST_NAMED_U32_BUF_OFFSET); 489 } 490 491 static void policy_unpack_test_unpack_u64_with_null_name(struct kunit *test) 492 { 493 struct policy_unpack_fixture *puf = test->priv; 494 bool success; 495 u64 data = 0; 496 497 puf->e->pos += TEST_U64_BUF_OFFSET; 498 499 success = aa_unpack_u64(puf->e, &data, NULL); 500 501 KUNIT_EXPECT_TRUE(test, success); 502 KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA); 503 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 504 puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1); 505 } 506 507 static void policy_unpack_test_unpack_u64_with_name(struct kunit *test) 508 { 509 struct policy_unpack_fixture *puf = test->priv; 510 const char name[] = TEST_U64_NAME; 511 bool success; 512 u64 data = 0; 513 514 puf->e->pos += TEST_NAMED_U64_BUF_OFFSET; 515 516 success = aa_unpack_u64(puf->e, &data, name); 517 518 KUNIT_EXPECT_TRUE(test, success); 519 KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA); 520 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 521 puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1); 522 } 523 524 static void policy_unpack_test_unpack_u64_out_of_bounds(struct kunit *test) 525 { 526 struct policy_unpack_fixture *puf = test->priv; 527 const char name[] = TEST_U64_NAME; 528 bool success; 529 u64 data = 0; 530 531 puf->e->pos += TEST_NAMED_U64_BUF_OFFSET; 532 puf->e->end = puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64); 533 534 success = aa_unpack_u64(puf->e, &data, name); 535 536 KUNIT_EXPECT_FALSE(test, success); 537 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, 538 puf->e->start + TEST_NAMED_U64_BUF_OFFSET); 539 } 540 541 static void policy_unpack_test_unpack_X_code_match(struct kunit *test) 542 { 543 struct policy_unpack_fixture *puf = test->priv; 544 bool success = aa_unpack_X(puf->e, AA_NAME); 545 546 KUNIT_EXPECT_TRUE(test, success); 547 KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start + 1); 548 } 549 550 static void policy_unpack_test_unpack_X_code_mismatch(struct kunit *test) 551 { 552 struct policy_unpack_fixture *puf = test->priv; 553 bool success = aa_unpack_X(puf->e, AA_STRING); 554 555 KUNIT_EXPECT_FALSE(test, success); 556 KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start); 557 } 558 559 static void policy_unpack_test_unpack_X_out_of_bounds(struct kunit *test) 560 { 561 struct policy_unpack_fixture *puf = test->priv; 562 bool success; 563 564 puf->e->pos = puf->e->end; 565 success = aa_unpack_X(puf->e, AA_NAME); 566 567 KUNIT_EXPECT_FALSE(test, success); 568 } 569 570 static struct kunit_case apparmor_policy_unpack_test_cases[] = { 571 KUNIT_CASE(policy_unpack_test_inbounds_when_inbounds), 572 KUNIT_CASE(policy_unpack_test_inbounds_when_out_of_bounds), 573 KUNIT_CASE(policy_unpack_test_unpack_array_with_null_name), 574 KUNIT_CASE(policy_unpack_test_unpack_array_with_name), 575 KUNIT_CASE(policy_unpack_test_unpack_array_out_of_bounds), 576 KUNIT_CASE(policy_unpack_test_unpack_blob_with_null_name), 577 KUNIT_CASE(policy_unpack_test_unpack_blob_with_name), 578 KUNIT_CASE(policy_unpack_test_unpack_blob_out_of_bounds), 579 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_null_name), 580 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_code), 581 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_name), 582 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_name), 583 KUNIT_CASE(policy_unpack_test_unpack_str_with_null_name), 584 KUNIT_CASE(policy_unpack_test_unpack_str_with_name), 585 KUNIT_CASE(policy_unpack_test_unpack_str_out_of_bounds), 586 KUNIT_CASE(policy_unpack_test_unpack_strdup_with_null_name), 587 KUNIT_CASE(policy_unpack_test_unpack_strdup_with_name), 588 KUNIT_CASE(policy_unpack_test_unpack_strdup_out_of_bounds), 589 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_basic), 590 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_1), 591 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_2), 592 KUNIT_CASE(policy_unpack_test_unpack_u32_with_null_name), 593 KUNIT_CASE(policy_unpack_test_unpack_u32_with_name), 594 KUNIT_CASE(policy_unpack_test_unpack_u32_out_of_bounds), 595 KUNIT_CASE(policy_unpack_test_unpack_u64_with_null_name), 596 KUNIT_CASE(policy_unpack_test_unpack_u64_with_name), 597 KUNIT_CASE(policy_unpack_test_unpack_u64_out_of_bounds), 598 KUNIT_CASE(policy_unpack_test_unpack_X_code_match), 599 KUNIT_CASE(policy_unpack_test_unpack_X_code_mismatch), 600 KUNIT_CASE(policy_unpack_test_unpack_X_out_of_bounds), 601 {}, 602 }; 603 604 static struct kunit_suite apparmor_policy_unpack_test_module = { 605 .name = "apparmor_policy_unpack", 606 .init = policy_unpack_test_init, 607 .test_cases = apparmor_policy_unpack_test_cases, 608 }; 609 610 kunit_test_suite(apparmor_policy_unpack_test_module); 611 612 MODULE_LICENSE("GPL"); 613