~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/ipe/policy_tests.c

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/ipe/policy_tests.c (Architecture alpha) and /security/ipe/policy_tests.c (Architecture ppc)


  1 // SPDX-License-Identifier: GPL-2.0                 1 // SPDX-License-Identifier: GPL-2.0
  2 /*                                                  2 /*
  3  * Copyright (C) 2020-2024 Microsoft Corporati      3  * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
  4  */                                                 4  */
  5                                                     5 
  6 #include <linux/slab.h>                             6 #include <linux/slab.h>
  7 #include <linux/types.h>                            7 #include <linux/types.h>
  8 #include <linux/list.h>                             8 #include <linux/list.h>
  9 #include <kunit/test.h>                             9 #include <kunit/test.h>
 10 #include "policy.h"                                10 #include "policy.h"
 11 struct policy_case {                               11 struct policy_case {
 12         const char *const policy;                  12         const char *const policy;
 13         int errno;                                 13         int errno;
 14         const char *const desc;                    14         const char *const desc;
 15 };                                                 15 };
 16                                                    16 
 17 static const struct policy_case policy_cases[]     17 static const struct policy_case policy_cases[] = {
 18         {                                          18         {
 19                 "policy_name=allowall policy_v     19                 "policy_name=allowall policy_version=0.0.0\n"
 20                 "DEFAULT action=ALLOW",            20                 "DEFAULT action=ALLOW",
 21                 0,                                 21                 0,
 22                 "basic",                           22                 "basic",
 23         },                                         23         },
 24         {                                          24         {
 25                 "policy_name=trailing_comment      25                 "policy_name=trailing_comment policy_version=152.0.0 #This is comment\n"
 26                 "DEFAULT action=ALLOW",            26                 "DEFAULT action=ALLOW",
 27                 0,                                 27                 0,
 28                 "trailing comment",                28                 "trailing comment",
 29         },                                         29         },
 30         {                                          30         {
 31                 "policy_name=allowallnewline p     31                 "policy_name=allowallnewline policy_version=0.2.0\n"
 32                 "DEFAULT action=ALLOW\n"           32                 "DEFAULT action=ALLOW\n"
 33                 "\n",                              33                 "\n",
 34                 0,                                 34                 0,
 35                 "trailing newline",                35                 "trailing newline",
 36         },                                         36         },
 37         {                                          37         {
 38                 "policy_name=carriagereturnlin     38                 "policy_name=carriagereturnlinefeed policy_version=0.0.1\n"
 39                 "DEFAULT action=ALLOW\n"           39                 "DEFAULT action=ALLOW\n"
 40                 "\r\n",                            40                 "\r\n",
 41                 0,                                 41                 0,
 42                 "clrf newline",                    42                 "clrf newline",
 43         },                                         43         },
 44         {                                          44         {
 45                 "policy_name=whitespace policy     45                 "policy_name=whitespace policy_version=0.0.0\n"
 46                 "DEFAULT\taction=ALLOW\n"          46                 "DEFAULT\taction=ALLOW\n"
 47                 "     \t     DEFAULT \t    op=     47                 "     \t     DEFAULT \t    op=EXECUTE      action=DENY\n"
 48                 "op=EXECUTE boot_verified=TRUE     48                 "op=EXECUTE boot_verified=TRUE action=ALLOW\n"
 49                 "# this is a\tcomment\t\t\t\t\     49                 "# this is a\tcomment\t\t\t\t\n"
 50                 "DEFAULT \t op=KMODULE\t\t\t       50                 "DEFAULT \t op=KMODULE\t\t\t  action=DENY\r\n"
 51                 "op=KMODULE boot_verified=TRUE     51                 "op=KMODULE boot_verified=TRUE action=ALLOW\n",
 52                 0,                                 52                 0,
 53                 "various whitespaces and neste     53                 "various whitespaces and nested default",
 54         },                                         54         },
 55         {                                          55         {
 56                 "policy_name=boot_verified pol     56                 "policy_name=boot_verified policy_version=-1236.0.0\n"
 57                 "DEFAULT\taction=ALLOW\n",         57                 "DEFAULT\taction=ALLOW\n",
 58                 -EINVAL,                           58                 -EINVAL,
 59                 "negative version",                59                 "negative version",
 60         },                                         60         },
 61         {                                          61         {
 62                 "policy_name=$@!*&^%%\\:;{}()      62                 "policy_name=$@!*&^%%\\:;{}() policy_version=0.0.0\n"
 63                 "DEFAULT action=ALLOW",            63                 "DEFAULT action=ALLOW",
 64                 0,                                 64                 0,
 65                 "special characters",              65                 "special characters",
 66         },                                         66         },
 67         {                                          67         {
 68                 "policy_name=test policy_versi     68                 "policy_name=test policy_version=999999.0.0\n"
 69                 "DEFAULT action=ALLOW",            69                 "DEFAULT action=ALLOW",
 70                 -ERANGE,                           70                 -ERANGE,
 71                 "overflow version",                71                 "overflow version",
 72         },                                         72         },
 73         {                                          73         {
 74                 "policy_name=test policy_versi     74                 "policy_name=test policy_version=255.0\n"
 75                 "DEFAULT action=ALLOW",            75                 "DEFAULT action=ALLOW",
 76                 -EBADMSG,                          76                 -EBADMSG,
 77                 "incomplete version",              77                 "incomplete version",
 78         },                                         78         },
 79         {                                          79         {
 80                 "policy_name=test policy_versi     80                 "policy_name=test policy_version=111.0.0.0\n"
 81                 "DEFAULT action=ALLOW",            81                 "DEFAULT action=ALLOW",
 82                 -EBADMSG,                          82                 -EBADMSG,
 83                 "extra version",                   83                 "extra version",
 84         },                                         84         },
 85         {                                          85         {
 86                 "",                                86                 "",
 87                 -EBADMSG,                          87                 -EBADMSG,
 88                 "0-length policy",                 88                 "0-length policy",
 89         },                                         89         },
 90         {                                          90         {
 91                 "policy_name=test\0policy_vers     91                 "policy_name=test\0policy_version=0.0.0\n"
 92                 "DEFAULT action=ALLOW",            92                 "DEFAULT action=ALLOW",
 93                 -EBADMSG,                          93                 -EBADMSG,
 94                 "random null in header",           94                 "random null in header",
 95         },                                         95         },
 96         {                                          96         {
 97                 "policy_name=test policy_versi     97                 "policy_name=test policy_version=0.0.0\n"
 98                 "\0DEFAULT action=ALLOW",          98                 "\0DEFAULT action=ALLOW",
 99                 -EBADMSG,                          99                 -EBADMSG,
100                 "incomplete policy from NULL",    100                 "incomplete policy from NULL",
101         },                                        101         },
102         {                                         102         {
103                 "policy_name=test policy_versi    103                 "policy_name=test policy_version=0.0.0\n"
104                 "DEFAULT action=DENY\n\0"         104                 "DEFAULT action=DENY\n\0"
105                 "op=EXECUTE dmverity_signature    105                 "op=EXECUTE dmverity_signature=TRUE action=ALLOW\n",
106                 0,                                106                 0,
107                 "NULL truncates policy",          107                 "NULL truncates policy",
108         },                                        108         },
109         {                                         109         {
110                 "policy_name=test policy_versi    110                 "policy_name=test policy_version=0.0.0\n"
111                 "DEFAULT action=ALLOW\n"          111                 "DEFAULT action=ALLOW\n"
112                 "op=EXECUTE dmverity_signature    112                 "op=EXECUTE dmverity_signature=abc action=ALLOW",
113                 -EBADMSG,                         113                 -EBADMSG,
114                 "invalid property type",          114                 "invalid property type",
115         },                                        115         },
116         {                                         116         {
117                 "DEFAULT action=ALLOW",           117                 "DEFAULT action=ALLOW",
118                 -EBADMSG,                         118                 -EBADMSG,
119                 "missing policy header",          119                 "missing policy header",
120         },                                        120         },
121         {                                         121         {
122                 "policy_name=test policy_versi    122                 "policy_name=test policy_version=0.0.0\n",
123                 -EBADMSG,                         123                 -EBADMSG,
124                 "missing default definition",     124                 "missing default definition",
125         },                                        125         },
126         {                                         126         {
127                 "policy_name=test policy_versi    127                 "policy_name=test policy_version=0.0.0\n"
128                 "DEFAULT action=ALLOW\n"          128                 "DEFAULT action=ALLOW\n"
129                 "dmverity_signature=TRUE op=EX    129                 "dmverity_signature=TRUE op=EXECUTE action=ALLOW",
130                 -EBADMSG,                         130                 -EBADMSG,
131                 "invalid rule ordering"           131                 "invalid rule ordering"
132         },                                        132         },
133         {                                         133         {
134                 "policy_name=test policy_versi    134                 "policy_name=test policy_version=0.0.0\n"
135                 "DEFAULT action=ALLOW\n"          135                 "DEFAULT action=ALLOW\n"
136                 "action=ALLOW op=EXECUTE dmver    136                 "action=ALLOW op=EXECUTE dmverity_signature=TRUE",
137                 -EBADMSG,                         137                 -EBADMSG,
138                 "invalid rule ordering (2)",      138                 "invalid rule ordering (2)",
139         },                                        139         },
140         {                                         140         {
141                 "policy_name=test policy_versi    141                 "policy_name=test policy_version=0.0\n"
142                 "DEFAULT action=ALLOW\n"          142                 "DEFAULT action=ALLOW\n"
143                 "op=EXECUTE dmverity_signature    143                 "op=EXECUTE dmverity_signature=TRUE action=ALLOW",
144                 -EBADMSG,                         144                 -EBADMSG,
145                 "invalid version",                145                 "invalid version",
146         },                                        146         },
147         {                                         147         {
148                 "policy_name=test policy_versi    148                 "policy_name=test policy_version=0.0.0\n"
149                 "DEFAULT action=ALLOW\n"          149                 "DEFAULT action=ALLOW\n"
150                 "op=UNKNOWN dmverity_signature    150                 "op=UNKNOWN dmverity_signature=TRUE action=ALLOW",
151                 -EBADMSG,                         151                 -EBADMSG,
152                 "unknown operation",              152                 "unknown operation",
153         },                                        153         },
154         {                                         154         {
155                 "policy_name=asdvpolicy_versio    155                 "policy_name=asdvpolicy_version=0.0.0\n"
156                 "DEFAULT action=ALLOW\n",         156                 "DEFAULT action=ALLOW\n",
157                 -EBADMSG,                         157                 -EBADMSG,
158                 "missing space after policy na    158                 "missing space after policy name",
159         },                                        159         },
160         {                                         160         {
161                 "policy_name=test\xFF\xEF poli    161                 "policy_name=test\xFF\xEF policy_version=0.0.0\n"
162                 "DEFAULT action=ALLOW\n"          162                 "DEFAULT action=ALLOW\n"
163                 "op=EXECUTE dmverity_signature    163                 "op=EXECUTE dmverity_signature=TRUE action=ALLOW",
164                 0,                                164                 0,
165                 "expanded ascii",                 165                 "expanded ascii",
166         },                                        166         },
167         {                                         167         {
168                 "policy_name=test\xFF\xEF poli    168                 "policy_name=test\xFF\xEF policy_version=0.0.0\n"
169                 "DEFAULT action=ALLOW\n"          169                 "DEFAULT action=ALLOW\n"
170                 "op=EXECUTE dmverity_roothash=    170                 "op=EXECUTE dmverity_roothash=GOOD_DOG action=ALLOW",
171                 -EBADMSG,                         171                 -EBADMSG,
172                 "invalid property value (2)",     172                 "invalid property value (2)",
173         },                                        173         },
174         {                                         174         {
175                 "policy_name=test policy_versi    175                 "policy_name=test policy_version=0.0.0\n"
176                 "policy_name=test policy_versi    176                 "policy_name=test policy_version=0.1.0\n"
177                 "DEFAULT action=ALLOW",           177                 "DEFAULT action=ALLOW",
178                 -EBADMSG,                         178                 -EBADMSG,
179                 "double header"                   179                 "double header"
180         },                                        180         },
181         {                                         181         {
182                 "policy_name=test policy_versi    182                 "policy_name=test policy_version=0.0.0\n"
183                 "DEFAULT action=ALLOW\n"          183                 "DEFAULT action=ALLOW\n"
184                 "DEFAULT action=ALLOW\n",         184                 "DEFAULT action=ALLOW\n",
185                 -EBADMSG,                         185                 -EBADMSG,
186                 "double default"                  186                 "double default"
187         },                                        187         },
188         {                                         188         {
189                 "policy_name=test policy_versi    189                 "policy_name=test policy_version=0.0.0\n"
190                 "DEFAULT action=ALLOW\n"          190                 "DEFAULT action=ALLOW\n"
191                 "DEFAULT op=EXECUTE action=DEN    191                 "DEFAULT op=EXECUTE action=DENY\n"
192                 "DEFAULT op=EXECUTE action=ALL    192                 "DEFAULT op=EXECUTE action=ALLOW\n",
193                 -EBADMSG,                         193                 -EBADMSG,
194                 "double operation default"        194                 "double operation default"
195         },                                        195         },
196         {                                         196         {
197                 "policy_name=test policy_versi    197                 "policy_name=test policy_version=0.0.0\n"
198                 "DEFAULT action=ALLOW\n"          198                 "DEFAULT action=ALLOW\n"
199                 "DEFAULT op=EXECUTE action=DEN    199                 "DEFAULT op=EXECUTE action=DEN\n",
200                 -EBADMSG,                         200                 -EBADMSG,
201                 "invalid action value"            201                 "invalid action value"
202         },                                        202         },
203         {                                         203         {
204                 "policy_name=test policy_versi    204                 "policy_name=test policy_version=0.0.0\n"
205                 "DEFAULT action=ALLOW\n"          205                 "DEFAULT action=ALLOW\n"
206                 "DEFAULT op=EXECUTE action\n",    206                 "DEFAULT op=EXECUTE action\n",
207                 -EBADMSG,                         207                 -EBADMSG,
208                 "invalid action value (2)"        208                 "invalid action value (2)"
209         },                                        209         },
210         {                                         210         {
211                 "policy_name=test policy_versi    211                 "policy_name=test policy_version=0.0.0\n"
212                 "DEFAULT action=ALLOW\n"          212                 "DEFAULT action=ALLOW\n"
213                 "UNKNOWN value=true\n",           213                 "UNKNOWN value=true\n",
214                 -EBADMSG,                         214                 -EBADMSG,
215                 "unrecognized statement"          215                 "unrecognized statement"
216         },                                        216         },
217         {                                         217         {
218                 "policy_name=test policy_versi    218                 "policy_name=test policy_version=0.0.0\n"
219                 "DEFAULT action=ALLOW\n"          219                 "DEFAULT action=ALLOW\n"
220                 "op=EXECUTE dmverity_roothash=    220                 "op=EXECUTE dmverity_roothash=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
221                 -EBADMSG,                         221                 -EBADMSG,
222                 "old-style digest"                222                 "old-style digest"
223         },                                        223         },
224         {                                         224         {
225                 "policy_name=test policy_versi    225                 "policy_name=test policy_version=0.0.0\n"
226                 "DEFAULT action=ALLOW\n"          226                 "DEFAULT action=ALLOW\n"
227                 "op=EXECUTE fsverity_digest=1c    227                 "op=EXECUTE fsverity_digest=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
228                 -EBADMSG,                         228                 -EBADMSG,
229                 "old-style digest"                229                 "old-style digest"
230         }                                         230         }
231 };                                                231 };
232                                                   232 
233 static void pol_to_desc(const struct policy_ca    233 static void pol_to_desc(const struct policy_case *c, char *desc)
234 {                                                 234 {
235         strscpy(desc, c->desc, KUNIT_PARAM_DES    235         strscpy(desc, c->desc, KUNIT_PARAM_DESC_SIZE);
236 }                                                 236 }
237                                                   237 
238 KUNIT_ARRAY_PARAM(ipe_policies, policy_cases,     238 KUNIT_ARRAY_PARAM(ipe_policies, policy_cases, pol_to_desc);
239                                                   239 
240 /**                                               240 /**
241  * ipe_parser_unsigned_test - Test the parser     241  * ipe_parser_unsigned_test - Test the parser by passing unsigned policies.
242  * @test: Supplies a pointer to a kunit struct    242  * @test: Supplies a pointer to a kunit structure.
243  *                                                243  *
244  * This is called by the kunit harness. This t    244  * This is called by the kunit harness. This test does not check the correctness
245  * of the policy, but ensures that errors are     245  * of the policy, but ensures that errors are handled correctly.
246  */                                               246  */
247 static void ipe_parser_unsigned_test(struct ku    247 static void ipe_parser_unsigned_test(struct kunit *test)
248 {                                                 248 {
249         const struct policy_case *p = test->pa    249         const struct policy_case *p = test->param_value;
250         struct ipe_policy *pol;                   250         struct ipe_policy *pol;
251                                                   251 
252         pol = ipe_new_policy(p->policy, strlen    252         pol = ipe_new_policy(p->policy, strlen(p->policy), NULL, 0);
253                                                   253 
254         if (p->errno) {                           254         if (p->errno) {
255                 KUNIT_EXPECT_EQ(test, PTR_ERR(    255                 KUNIT_EXPECT_EQ(test, PTR_ERR(pol), p->errno);
256                 return;                           256                 return;
257         }                                         257         }
258                                                   258 
259         KUNIT_ASSERT_NOT_ERR_OR_NULL(test, pol    259         KUNIT_ASSERT_NOT_ERR_OR_NULL(test, pol);
260         KUNIT_EXPECT_NOT_ERR_OR_NULL(test, pol    260         KUNIT_EXPECT_NOT_ERR_OR_NULL(test, pol->parsed);
261         KUNIT_EXPECT_STREQ(test, pol->text, p-    261         KUNIT_EXPECT_STREQ(test, pol->text, p->policy);
262         KUNIT_EXPECT_PTR_EQ(test, NULL, pol->p    262         KUNIT_EXPECT_PTR_EQ(test, NULL, pol->pkcs7);
263         KUNIT_EXPECT_EQ(test, 0, pol->pkcs7len    263         KUNIT_EXPECT_EQ(test, 0, pol->pkcs7len);
264                                                   264 
265         ipe_free_policy(pol);                     265         ipe_free_policy(pol);
266 }                                                 266 }
267                                                   267 
268 /**                                               268 /**
269  * ipe_parser_widestring_test - Ensure parser     269  * ipe_parser_widestring_test - Ensure parser fail on a wide string policy.
270  * @test: Supplies a pointer to a kunit struct    270  * @test: Supplies a pointer to a kunit structure.
271  *                                                271  *
272  * This is called by the kunit harness.           272  * This is called by the kunit harness.
273  */                                               273  */
274 static void ipe_parser_widestring_test(struct     274 static void ipe_parser_widestring_test(struct kunit *test)
275 {                                                 275 {
276         const unsigned short policy[] = L"poli    276         const unsigned short policy[] = L"policy_name=Test policy_version=0.0.0\n"
277                                         L"DEFA    277                                         L"DEFAULT action=ALLOW";
278         struct ipe_policy *pol = NULL;            278         struct ipe_policy *pol = NULL;
279                                                   279 
280         pol = ipe_new_policy((const char *)pol    280         pol = ipe_new_policy((const char *)policy, (ARRAY_SIZE(policy) - 1) * 2, NULL, 0);
281         KUNIT_EXPECT_TRUE(test, IS_ERR_OR_NULL    281         KUNIT_EXPECT_TRUE(test, IS_ERR_OR_NULL(pol));
282                                                   282 
283         ipe_free_policy(pol);                     283         ipe_free_policy(pol);
284 }                                                 284 }
285                                                   285 
286 static struct kunit_case ipe_parser_test_cases    286 static struct kunit_case ipe_parser_test_cases[] = {
287         KUNIT_CASE_PARAM(ipe_parser_unsigned_t    287         KUNIT_CASE_PARAM(ipe_parser_unsigned_test, ipe_policies_gen_params),
288         KUNIT_CASE(ipe_parser_widestring_test)    288         KUNIT_CASE(ipe_parser_widestring_test),
289         { }                                       289         { }
290 };                                                290 };
291                                                   291 
292 static struct kunit_suite ipe_parser_test_suit    292 static struct kunit_suite ipe_parser_test_suite = {
293         .name = "ipe-parser",                     293         .name = "ipe-parser",
294         .test_cases = ipe_parser_test_cases,      294         .test_cases = ipe_parser_test_cases,
295 };                                                295 };
296                                                   296 
297 kunit_test_suite(ipe_parser_test_suite);          297 kunit_test_suite(ipe_parser_test_suite);
298                                                   298 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php