1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Landlock scoped_domains test variant definition. 4 * 5 * This file defines a fixture variant "scoped_domains" that has all 6 * permutations of parent/child process being in separate or shared 7 * Landlock domain, or not being in a Landlock domain at all. 8 * 9 * Scoped access tests can include this file to avoid repeating these 10 * combinations. 11 * 12 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> 13 * Copyright © 2019-2020 ANSSI 14 * Copyright © 2024 Tahera Fahimi <fahimitahera@gmail.com> 15 */ 16 17 /* clang-format on */ 18 FIXTURE_VARIANT(scoped_domains) 19 { 20 bool domain_both; 21 bool domain_parent; 22 bool domain_child; 23 }; 24 25 /* 26 * No domain 27 * 28 * P1-. P1 -> P2 : allow 29 * \ P2 -> P1 : allow 30 * 'P2 31 */ 32 /* clang-format off */ 33 FIXTURE_VARIANT_ADD(scoped_domains, without_domain) { 34 /* clang-format on */ 35 .domain_both = false, 36 .domain_parent = false, 37 .domain_child = false, 38 }; 39 40 /* 41 * Child domain 42 * 43 * P1--. P1 -> P2 : allow 44 * \ P2 -> P1 : deny 45 * .'-----. 46 * | P2 | 47 * '------' 48 */ 49 /* clang-format off */ 50 FIXTURE_VARIANT_ADD(scoped_domains, child_domain) { 51 /* clang-format on */ 52 .domain_both = false, 53 .domain_parent = false, 54 .domain_child = true, 55 }; 56 57 /* 58 * Parent domain 59 * .------. 60 * | P1 --. P1 -> P2 : deny 61 * '------' \ P2 -> P1 : allow 62 * ' 63 * P2 64 */ 65 /* clang-format off */ 66 FIXTURE_VARIANT_ADD(scoped_domains, parent_domain) { 67 /* clang-format on */ 68 .domain_both = false, 69 .domain_parent = true, 70 .domain_child = false, 71 }; 72 73 /* 74 * Parent + child domain (siblings) 75 * .------. 76 * | P1 ---. P1 -> P2 : deny 77 * '------' \ P2 -> P1 : deny 78 * .---'--. 79 * | P2 | 80 * '------' 81 */ 82 /* clang-format off */ 83 FIXTURE_VARIANT_ADD(scoped_domains, sibling_domain) { 84 /* clang-format on */ 85 .domain_both = false, 86 .domain_parent = true, 87 .domain_child = true, 88 }; 89 90 /* 91 * Same domain (inherited) 92 * .-------------. 93 * | P1----. | P1 -> P2 : allow 94 * | \ | P2 -> P1 : allow 95 * | ' | 96 * | P2 | 97 * '-------------' 98 */ 99 /* clang-format off */ 100 FIXTURE_VARIANT_ADD(scoped_domains, inherited_domain) { 101 /* clang-format on */ 102 .domain_both = true, 103 .domain_parent = false, 104 .domain_child = false, 105 }; 106 107 /* 108 * Inherited + child domain 109 * .-----------------. 110 * | P1----. | P1 -> P2 : allow 111 * | \ | P2 -> P1 : deny 112 * | .-'----. | 113 * | | P2 | | 114 * | '------' | 115 * '-----------------' 116 */ 117 /* clang-format off */ 118 FIXTURE_VARIANT_ADD(scoped_domains, nested_domain) { 119 /* clang-format on */ 120 .domain_both = true, 121 .domain_parent = false, 122 .domain_child = true, 123 }; 124 125 /* 126 * Inherited + parent domain 127 * .-----------------. 128 * |.------. | P1 -> P2 : deny 129 * || P1 ----. | P2 -> P1 : allow 130 * |'------' \ | 131 * | ' | 132 * | P2 | 133 * '-----------------' 134 */ 135 /* clang-format off */ 136 FIXTURE_VARIANT_ADD(scoped_domains, nested_and_parent_domain) { 137 /* clang-format on */ 138 .domain_both = true, 139 .domain_parent = true, 140 .domain_child = false, 141 }; 142 143 /* 144 * Inherited + parent and child domain (siblings) 145 * .-----------------. 146 * | .------. | P1 -> P2 : deny 147 * | | P1 . | P2 -> P1 : deny 148 * | '------'\ | 149 * | \ | 150 * | .--'---. | 151 * | | P2 | | 152 * | '------' | 153 * '-----------------' 154 */ 155 /* clang-format off */ 156 FIXTURE_VARIANT_ADD(scoped_domains, forked_domains) { 157 /* clang-format on */ 158 .domain_both = true, 159 .domain_parent = true, 160 .domain_child = true, 161 }; 162