1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Landlock scoped_domains variants 4 * 5 * See the hierarchy variants from ptrace_test.c 6 * 7 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> 8 * Copyright © 2019-2020 ANSSI 9 * Copyright © 2024 Tahera Fahimi <fahimitahera@gmail.com> 10 */ 11 12 /* clang-format on */ 13 FIXTURE_VARIANT(scoped_domains) 14 { 15 bool domain_both; 16 bool domain_parent; 17 bool domain_child; 18 }; 19 20 /* 21 * No domain 22 * 23 * P1-. P1 -> P2 : allow 24 * \ P2 -> P1 : allow 25 * 'P2 26 */ 27 /* clang-format off */ 28 FIXTURE_VARIANT_ADD(scoped_domains, without_domain) { 29 /* clang-format on */ 30 .domain_both = false, 31 .domain_parent = false, 32 .domain_child = false, 33 }; 34 35 /* 36 * Child domain 37 * 38 * P1--. P1 -> P2 : allow 39 * \ P2 -> P1 : deny 40 * .'-----. 41 * | P2 | 42 * '------' 43 */ 44 /* clang-format off */ 45 FIXTURE_VARIANT_ADD(scoped_domains, child_domain) { 46 /* clang-format on */ 47 .domain_both = false, 48 .domain_parent = false, 49 .domain_child = true, 50 }; 51 52 /* 53 * Parent domain 54 * .------. 55 * | P1 --. P1 -> P2 : deny 56 * '------' \ P2 -> P1 : allow 57 * ' 58 * P2 59 */ 60 /* clang-format off */ 61 FIXTURE_VARIANT_ADD(scoped_domains, parent_domain) { 62 /* clang-format on */ 63 .domain_both = false, 64 .domain_parent = true, 65 .domain_child = false, 66 }; 67 68 /* 69 * Parent + child domain (siblings) 70 * .------. 71 * | P1 ---. P1 -> P2 : deny 72 * '------' \ P2 -> P1 : deny 73 * .---'--. 74 * | P2 | 75 * '------' 76 */ 77 /* clang-format off */ 78 FIXTURE_VARIANT_ADD(scoped_domains, sibling_domain) { 79 /* clang-format on */ 80 .domain_both = false, 81 .domain_parent = true, 82 .domain_child = true, 83 }; 84 85 /* 86 * Same domain (inherited) 87 * .-------------. 88 * | P1----. | P1 -> P2 : allow 89 * | \ | P2 -> P1 : allow 90 * | ' | 91 * | P2 | 92 * '-------------' 93 */ 94 /* clang-format off */ 95 FIXTURE_VARIANT_ADD(scoped_domains, inherited_domain) { 96 /* clang-format on */ 97 .domain_both = true, 98 .domain_parent = false, 99 .domain_child = false, 100 }; 101 102 /* 103 * Inherited + child domain 104 * .-----------------. 105 * | P1----. | P1 -> P2 : allow 106 * | \ | P2 -> P1 : deny 107 * | .-'----. | 108 * | | P2 | | 109 * | '------' | 110 * '-----------------' 111 */ 112 /* clang-format off */ 113 FIXTURE_VARIANT_ADD(scoped_domains, nested_domain) { 114 /* clang-format on */ 115 .domain_both = true, 116 .domain_parent = false, 117 .domain_child = true, 118 }; 119 120 /* 121 * Inherited + parent domain 122 * .-----------------. 123 * |.------. | P1 -> P2 : deny 124 * || P1 ----. | P2 -> P1 : allow 125 * |'------' \ | 126 * | ' | 127 * | P2 | 128 * '-----------------' 129 */ 130 /* clang-format off */ 131 FIXTURE_VARIANT_ADD(scoped_domains, nested_and_parent_domain) { 132 /* clang-format on */ 133 .domain_both = true, 134 .domain_parent = true, 135 .domain_child = false, 136 }; 137 138 /* 139 * Inherited + parent and child domain (siblings) 140 * .-----------------. 141 * | .------. | P1 -> P2 : deny 142 * | | P1 . | P2 -> P1 : deny 143 * | '------'\ | 144 * | \ | 145 * | .--'---. | 146 * | | P2 | | 147 * | '------' | 148 * '-----------------' 149 */ 150 /* clang-format off */ 151 FIXTURE_VARIANT_ADD(scoped_domains, forked_domains) { 152 /* clang-format on */ 153 .domain_both = true, 154 .domain_parent = true, 155 .domain_child = true, 156 }; 157