Linux/security/ipe/policy

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 // SPDX-License-Identifier: GPL-2.0 1 2 /* 3 * Copyright (C) 2020-2024 Microsoft Corporati 4 */ 5 6 #include <linux/slab.h> 7 #include <linux/types.h> 8 #include <linux/list.h> 9 #include <kunit/test.h> 10 #include "policy.h" 11 struct policy_case { 12 const char *const policy; 13 int errno; 14 const char *const desc; 15 }; 16 17 static const struct policy_case policy_cases[] 18 { 19 "policy_name=allowall policy_v 20 "DEFAULT action=ALLOW", 21 0, 22 "basic", 23 }, 24 { 25 "policy_name=trailing_comment 26 "DEFAULT action=ALLOW", 27 0, 28 "trailing comment", 29 }, 30 { 31 "policy_name=allowallnewline p 32 "DEFAULT action=ALLOW\n" 33 "\n", 34 0, 35 "trailing newline", 36 }, 37 { 38 "policy_name=carriagereturnlin 39 "DEFAULT action=ALLOW\n" 40 "\r\n", 41 0, 42 "clrf newline", 43 }, 44 { 45 "policy_name=whitespace policy 46 "DEFAULT\taction=ALLOW\n" 47 " \t DEFAULT \t op= 48 "op=EXECUTE boot_verified=TRUE 49 "# this is a\tcomment\t\t\t\t\ 50 "DEFAULT \t op=KMODULE\t\t\t 51 "op=KMODULE boot_verified=TRUE 52 0, 53 "various whitespaces and neste 54 }, 55 { 56 "policy_name=boot_verified pol 57 "DEFAULT\taction=ALLOW\n", 58 -EINVAL, 59 "negative version", 60 }, 61 { 62 "policy_name=$@!*&^%%\\:;{}() 63 "DEFAULT action=ALLOW", 64 0, 65 "special characters", 66 }, 67 { 68 "policy_name=test policy_versi 69 "DEFAULT action=ALLOW", 70 -ERANGE, 71 "overflow version", 72 }, 73 { 74 "policy_name=test policy_versi 75 "DEFAULT action=ALLOW", 76 -EBADMSG, 77 "incomplete version", 78 }, 79 { 80 "policy_name=test policy_versi 81 "DEFAULT action=ALLOW", 82 -EBADMSG, 83 "extra version", 84 }, 85 { 86 "", 87 -EBADMSG, 88 "0-length policy", 89 }, 90 { 91 "policy_name=test\0policy_vers 92 "DEFAULT action=ALLOW", 93 -EBADMSG, 94 "random null in header", 95 }, 96 { 97 "policy_name=test policy_versi 98 "\0DEFAULT action=ALLOW", 99 -EBADMSG, 100 "incomplete policy from NULL", 101 }, 102 { 103 "policy_name=test policy_versi 104 "DEFAULT action=DENY\n\0" 105 "op=EXECUTE dmverity_signature 106 0, 107 "NULL truncates policy", 108 }, 109 { 110 "policy_name=test policy_versi 111 "DEFAULT action=ALLOW\n" 112 "op=EXECUTE dmverity_signature 113 -EBADMSG, 114 "invalid property type", 115 }, 116 { 117 "DEFAULT action=ALLOW", 118 -EBADMSG, 119 "missing policy header", 120 }, 121 { 122 "policy_name=test policy_versi 123 -EBADMSG, 124 "missing default definition", 125 }, 126 { 127 "policy_name=test policy_versi 128 "DEFAULT action=ALLOW\n" 129 "dmverity_signature=TRUE op=EX 130 -EBADMSG, 131 "invalid rule ordering" 132 }, 133 { 134 "policy_name=test policy_versi 135 "DEFAULT action=ALLOW\n" 136 "action=ALLOW op=EXECUTE dmver 137 -EBADMSG, 138 "invalid rule ordering (2)", 139 }, 140 { 141 "policy_name=test policy_versi 142 "DEFAULT action=ALLOW\n" 143 "op=EXECUTE dmverity_signature 144 -EBADMSG, 145 "invalid version", 146 }, 147 { 148 "policy_name=test policy_versi 149 "DEFAULT action=ALLOW\n" 150 "op=UNKNOWN dmverity_signature 151 -EBADMSG, 152 "unknown operation", 153 }, 154 { 155 "policy_name=asdvpolicy_versio 156 "DEFAULT action=ALLOW\n", 157 -EBADMSG, 158 "missing space after policy na 159 }, 160 { 161 "policy_name=test\xFF\xEF poli 162 "DEFAULT action=ALLOW\n" 163 "op=EXECUTE dmverity_signature 164 0, 165 "expanded ascii", 166 }, 167 { 168 "policy_name=test\xFF\xEF poli 169 "DEFAULT action=ALLOW\n" 170 "op=EXECUTE dmverity_roothash= 171 -EBADMSG, 172 "invalid property value (2)", 173 }, 174 { 175 "policy_name=test policy_versi 176 "policy_name=test policy_versi 177 "DEFAULT action=ALLOW", 178 -EBADMSG, 179 "double header" 180 }, 181 { 182 "policy_name=test policy_versi 183 "DEFAULT action=ALLOW\n" 184 "DEFAULT action=ALLOW\n", 185 -EBADMSG, 186 "double default" 187 }, 188 { 189 "policy_name=test policy_versi 190 "DEFAULT action=ALLOW\n" 191 "DEFAULT op=EXECUTE action=DEN 192 "DEFAULT op=EXECUTE action=ALL 193 -EBADMSG, 194 "double operation default" 195 }, 196 { 197 "policy_name=test policy_versi 198 "DEFAULT action=ALLOW\n" 199 "DEFAULT op=EXECUTE action=DEN 200 -EBADMSG, 201 "invalid action value" 202 }, 203 { 204 "policy_name=test policy_versi 205 "DEFAULT action=ALLOW\n" 206 "DEFAULT op=EXECUTE action\n", 207 -EBADMSG, 208 "invalid action value (2)" 209 }, 210 { 211 "policy_name=test policy_versi 212 "DEFAULT action=ALLOW\n" 213 "UNKNOWN value=true\n", 214 -EBADMSG, 215 "unrecognized statement" 216 }, 217 { 218 "policy_name=test policy_versi 219 "DEFAULT action=ALLOW\n" 220 "op=EXECUTE dmverity_roothash= 221 -EBADMSG, 222 "old-style digest" 223 }, 224 { 225 "policy_name=test policy_versi 226 "DEFAULT action=ALLOW\n" 227 "op=EXECUTE fsverity_digest=1c 228 -EBADMSG, 229 "old-style digest" 230 } 231 }; 232 233 static void pol_to_desc(const struct policy_ca 234 { 235 strscpy(desc, c->desc, KUNIT_PARAM_DES 236 } 237 238 KUNIT_ARRAY_PARAM(ipe_policies, policy_cases, 239 240 /** 241 * ipe_parser_unsigned_test - Test the parser 242 * @test: Supplies a pointer to a kunit struct 243 * 244 * This is called by the kunit harness. This t 245 * of the policy, but ensures that errors are 246 */ 247 static void ipe_parser_unsigned_test(struct ku 248 { 249 const struct policy_case *p = test->pa 250 struct ipe_policy *pol; 251 252 pol = ipe_new_policy(p->policy, strlen 253 254 if (p->errno) { 255 KUNIT_EXPECT_EQ(test, PTR_ERR( 256 return; 257 } 258 259 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, pol 260 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, pol 261 KUNIT_EXPECT_STREQ(test, pol->text, p- 262 KUNIT_EXPECT_PTR_EQ(test, NULL, pol->p 263 KUNIT_EXPECT_EQ(test, 0, pol->pkcs7len 264 265 ipe_free_policy(pol); 266 } 267 268 /** 269 * ipe_parser_widestring_test - Ensure parser 270 * @test: Supplies a pointer to a kunit struct 271 * 272 * This is called by the kunit harness. 273 */ 274 static void ipe_parser_widestring_test(struct 275 { 276 const unsigned short policy[] = L"poli 277 L"DEFA 278 struct ipe_policy *pol = NULL; 279 280 pol = ipe_new_policy((const char *)pol 281 KUNIT_EXPECT_TRUE(test, IS_ERR_OR_NULL 282 283 ipe_free_policy(pol); 284 } 285 286 static struct kunit_case ipe_parser_test_cases 287 KUNIT_CASE_PARAM(ipe_parser_unsigned_t 288 KUNIT_CASE(ipe_parser_widestring_test) 289 { } 290 }; 291 292 static struct kunit_suite ipe_parser_test_suit 293 .name = "ipe-parser", 294 .test_cases = ipe_parser_test_cases, 295 }; 296 297 kunit_test_suite(ipe_parser_test_suite); 298

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/security/ipe/policy_tests.c

Diff markup

Differences between /security/ipe/policy_tests.c (Version linux-6.12-rc7) and /security/ipe/policy_tests.c (Version linux-5.9.16)

TOMOYO Linux Cross Reference Linux/security/ipe/policy_tests.c

Diff markup

Differences between /security/ipe/policy_tests.c (Version linux-6.12-rc7) and /security/ipe/policy_tests.c (Version linux-5.9.16)

TOMOYO Linux Cross Reference
Linux/security/ipe/policy_tests.c