Linux/tools/testing/selftests/landlock/scoped_multiple_domain

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Landlock variants for three processes with various domains. 4 * 5 * Copyright © 2024 Tahera Fahimi <fahimitahera@gmail.com> 6 */ 7 8 enum sandbox_type { 9 NO_SANDBOX, 10 SCOPE_SANDBOX, 11 /* Any other type of sandboxing domain */ 12 OTHER_SANDBOX, 13 }; 14 15 /* clang-format on */ 16 FIXTURE_VARIANT(scoped_vs_unscoped) 17 { 18 const int domain_all; 19 const int domain_parent; 20 const int domain_children; 21 const int domain_child; 22 const int domain_grand_child; 23 }; 24 25 /* 26 * .-----------------. 27 * | ####### | P3 -> P2 : allow 28 * | P1----# P2 # | P3 -> P1 : deny 29 * | # | # | 30 * | # P3 # | 31 * | ####### | 32 * '-----------------' 33 */ 34 /* clang-format off */ 35 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, deny_scoped) { 36 .domain_all = OTHER_SANDBOX, 37 .domain_parent = NO_SANDBOX, 38 .domain_children = SCOPE_SANDBOX, 39 .domain_child = NO_SANDBOX, 40 .domain_grand_child = NO_SANDBOX, 41 /* clang-format on */ 42 }; 43 44 /* 45 * ################### 46 * # ####### # P3 -> P2 : allow 47 * # P1----# P2 # # P3 -> P1 : deny 48 * # # | # # 49 * # # P3 # # 50 * # ####### # 51 * ################### 52 */ 53 /* clang-format off */ 54 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, all_scoped) { 55 .domain_all = SCOPE_SANDBOX, 56 .domain_parent = NO_SANDBOX, 57 .domain_children = SCOPE_SANDBOX, 58 .domain_child = NO_SANDBOX, 59 .domain_grand_child = NO_SANDBOX, 60 /* clang-format on */ 61 }; 62 63 /* 64 * .-----------------. 65 * | .-----. | P3 -> P2 : allow 66 * | P1----| P2 | | P3 -> P1 : allow 67 * | | | | 68 * | | P3 | | 69 * | '-----' | 70 * '-----------------' 71 */ 72 /* clang-format off */ 73 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, allow_with_other_domain) { 74 .domain_all = OTHER_SANDBOX, 75 .domain_parent = NO_SANDBOX, 76 .domain_children = OTHER_SANDBOX, 77 .domain_child = NO_SANDBOX, 78 .domain_grand_child = NO_SANDBOX, 79 /* clang-format on */ 80 }; 81 82 /* 83 * .----. ###### P3 -> P2 : allow 84 * | P1 |----# P2 # P3 -> P1 : allow 85 * '----' ###### 86 * | 87 * P3 88 */ 89 /* clang-format off */ 90 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, allow_with_one_domain) { 91 .domain_all = NO_SANDBOX, 92 .domain_parent = OTHER_SANDBOX, 93 .domain_children = NO_SANDBOX, 94 .domain_child = SCOPE_SANDBOX, 95 .domain_grand_child = NO_SANDBOX, 96 /* clang-format on */ 97 }; 98 99 /* 100 * ###### .-----. P3 -> P2 : allow 101 * # P1 #----| P2 | P3 -> P1 : allow 102 * ###### '-----' 103 * | 104 * P3 105 */ 106 /* clang-format off */ 107 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, allow_with_grand_parent_scoped) { 108 .domain_all = NO_SANDBOX, 109 .domain_parent = SCOPE_SANDBOX, 110 .domain_children = NO_SANDBOX, 111 .domain_child = OTHER_SANDBOX, 112 .domain_grand_child = NO_SANDBOX, 113 /* clang-format on */ 114 }; 115 116 /* 117 * ###### ###### P3 -> P2 : allow 118 * # P1 #----# P2 # P3 -> P1 : allow 119 * ###### ###### 120 * | 121 * .----. 122 * | P3 | 123 * '----' 124 */ 125 /* clang-format off */ 126 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, allow_with_parents_domain) { 127 .domain_all = NO_SANDBOX, 128 .domain_parent = SCOPE_SANDBOX, 129 .domain_children = NO_SANDBOX, 130 .domain_child = SCOPE_SANDBOX, 131 .domain_grand_child = NO_SANDBOX, 132 /* clang-format on */ 133 }; 134 135 /* 136 * ###### P3 -> P2 : deny 137 * # P1 #----P2 P3 -> P1 : deny 138 * ###### | 139 * | 140 * ###### 141 * # P3 # 142 * ###### 143 */ 144 /* clang-format off */ 145 FIXTURE_VARIANT_ADD(scoped_vs_unscoped, deny_with_self_and_grandparent_domain) { 146 .domain_all = NO_SANDBOX, 147 .domain_parent = SCOPE_SANDBOX, 148 .domain_children = NO_SANDBOX, 149 .domain_child = NO_SANDBOX, 150 .domain_grand_child = SCOPE_SANDBOX, 151 /* clang-format on */ 152 }; 153

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/landlock/scoped_multiple_domain_variants.h

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/landlock/scoped_multiple_domain_variants.h