diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/testing/selftests/landlock/fs_test.c | 54 |
1 files changed, 17 insertions, 37 deletions
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index b318627e7561..9fdd3b8f7b11 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -7161,26 +7161,6 @@ TEST_F(audit_layout1, execute_make) * only the blocked ones are logged. */ -/* clang-format off */ -static const __u64 access_fs_16 = - LANDLOCK_ACCESS_FS_EXECUTE | - LANDLOCK_ACCESS_FS_WRITE_FILE | - LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR | - LANDLOCK_ACCESS_FS_REMOVE_DIR | - LANDLOCK_ACCESS_FS_REMOVE_FILE | - LANDLOCK_ACCESS_FS_MAKE_CHAR | - LANDLOCK_ACCESS_FS_MAKE_DIR | - LANDLOCK_ACCESS_FS_MAKE_REG | - LANDLOCK_ACCESS_FS_MAKE_SOCK | - LANDLOCK_ACCESS_FS_MAKE_FIFO | - LANDLOCK_ACCESS_FS_MAKE_BLOCK | - LANDLOCK_ACCESS_FS_MAKE_SYM | - LANDLOCK_ACCESS_FS_REFER | - LANDLOCK_ACCESS_FS_TRUNCATE | - LANDLOCK_ACCESS_FS_IOCTL_DEV; -/* clang-format on */ - TEST_F(audit_layout1, execute_read) { struct audit_records records; @@ -7190,7 +7170,7 @@ TEST_F(audit_layout1, execute_read) test_check_exec(_metadata, 0, file1_s1d1); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); /* @@ -7214,7 +7194,7 @@ TEST_F(audit_layout1, write_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(file1_s1d1, O_WRONLY)); @@ -7231,7 +7211,7 @@ TEST_F(audit_layout1, read_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(file1_s1d1, O_RDONLY)); @@ -7248,7 +7228,7 @@ TEST_F(audit_layout1, read_dir) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(dir_s1d1, O_DIRECTORY)); @@ -7268,7 +7248,7 @@ TEST_F(audit_layout1, remove_dir) EXPECT_EQ(0, unlink(file2_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, rmdir(dir_s1d3)); @@ -7291,7 +7271,7 @@ TEST_F(audit_layout1, remove_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, unlink(file1_s1d3)); @@ -7311,7 +7291,7 @@ TEST_F(audit_layout1, make_char) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFCHR | 0644, 0)); @@ -7331,7 +7311,7 @@ TEST_F(audit_layout1, make_dir) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mkdir(file1_s1d3, 0755)); @@ -7351,7 +7331,7 @@ TEST_F(audit_layout1, make_reg) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFREG | 0644, 0)); @@ -7371,7 +7351,7 @@ TEST_F(audit_layout1, make_sock) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFSOCK | 0644, 0)); @@ -7391,7 +7371,7 @@ TEST_F(audit_layout1, make_fifo) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFIFO | 0644, 0)); @@ -7411,7 +7391,7 @@ TEST_F(audit_layout1, make_block) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFBLK | 0644, 0)); @@ -7431,7 +7411,7 @@ TEST_F(audit_layout1, make_sym) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, symlink("target", file1_s1d3)); @@ -7501,7 +7481,7 @@ TEST_F(audit_layout1, refer_rename) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_rename(file1_s1d2, file1_s2d3)); @@ -7523,7 +7503,7 @@ TEST_F(audit_layout1, refer_exchange) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); /* @@ -7586,7 +7566,7 @@ TEST_F(audit_layout1, truncate) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, truncate(file1_s1d3, 0)); @@ -7607,7 +7587,7 @@ TEST_F(audit_layout1, ioctl_dev) drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ .handled_access_fs = - access_fs_16 & + ACCESS_ALL & ~LANDLOCK_ACCESS_FS_READ_FILE, }); |