mirror of
https://github.com/torvalds/linux.git
synced 2026-05-30 10:04:04 +02:00
selftests/landlock: Replace access_fs_16 with ACCESS_ALL in fs_test
The access_fs_16 variable was originally intended to stay frozen at 16 access rights so that audit tests would not need updating when new access rights are added. Now that we have 17 access rights, the name is confusing. Replace all uses of access_fs_16 with ACCESS_ALL and delete the variable. Suggested-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20260327164838.38231-8-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net>
This commit is contained in:
Günther Noack
Mickaël Salaün
parent
a92cb5d7c6
commit
db8201a3fa
|
|
@ -7161,26 +7161,6 @@ TEST_F(audit_layout1, execute_make)
|
|||
* only the blocked ones are logged.
|
||||
*/
|
||||
|
||||
/* clang-format off */
|
||||
static const __u64 access_fs_16 =
|
||||
LANDLOCK_ACCESS_FS_EXECUTE |
|
||||
LANDLOCK_ACCESS_FS_WRITE_FILE |
|
||||
LANDLOCK_ACCESS_FS_READ_FILE |
|
||||
LANDLOCK_ACCESS_FS_READ_DIR |
|
||||
LANDLOCK_ACCESS_FS_REMOVE_DIR |
|
||||
LANDLOCK_ACCESS_FS_REMOVE_FILE |
|
||||
LANDLOCK_ACCESS_FS_MAKE_CHAR |
|
||||
LANDLOCK_ACCESS_FS_MAKE_DIR |
|
||||
LANDLOCK_ACCESS_FS_MAKE_REG |
|
||||
LANDLOCK_ACCESS_FS_MAKE_SOCK |
|
||||
LANDLOCK_ACCESS_FS_MAKE_FIFO |
|
||||
LANDLOCK_ACCESS_FS_MAKE_BLOCK |
|
||||
LANDLOCK_ACCESS_FS_MAKE_SYM |
|
||||
LANDLOCK_ACCESS_FS_REFER |
|
||||
LANDLOCK_ACCESS_FS_TRUNCATE |
|
||||
LANDLOCK_ACCESS_FS_IOCTL_DEV;
|
||||
/* clang-format on */
|
||||
|
||||
TEST_F(audit_layout1, execute_read)
|
||||
{
|
||||
struct audit_records records;
|
||||
|
|
@ -7190,7 +7170,7 @@ TEST_F(audit_layout1, execute_read)
|
|||
test_check_exec(_metadata, 0, file1_s1d1);
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
/*
|
||||
|
|
@ -7214,7 +7194,7 @@ TEST_F(audit_layout1, write_file)
|
|||
struct audit_records records;
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(EACCES, test_open(file1_s1d1, O_WRONLY));
|
||||
|
|
@ -7231,7 +7211,7 @@ TEST_F(audit_layout1, read_file)
|
|||
struct audit_records records;
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(EACCES, test_open(file1_s1d1, O_RDONLY));
|
||||
|
|
@ -7248,7 +7228,7 @@ TEST_F(audit_layout1, read_dir)
|
|||
struct audit_records records;
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(EACCES, test_open(dir_s1d1, O_DIRECTORY));
|
||||
|
|
@ -7268,7 +7248,7 @@ TEST_F(audit_layout1, remove_dir)
|
|||
EXPECT_EQ(0, unlink(file2_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, rmdir(dir_s1d3));
|
||||
|
|
@ -7291,7 +7271,7 @@ TEST_F(audit_layout1, remove_file)
|
|||
struct audit_records records;
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, unlink(file1_s1d3));
|
||||
|
|
@ -7311,7 +7291,7 @@ TEST_F(audit_layout1, make_char)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mknod(file1_s1d3, S_IFCHR | 0644, 0));
|
||||
|
|
@ -7331,7 +7311,7 @@ TEST_F(audit_layout1, make_dir)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mkdir(file1_s1d3, 0755));
|
||||
|
|
@ -7351,7 +7331,7 @@ TEST_F(audit_layout1, make_reg)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mknod(file1_s1d3, S_IFREG | 0644, 0));
|
||||
|
|
@ -7371,7 +7351,7 @@ TEST_F(audit_layout1, make_sock)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mknod(file1_s1d3, S_IFSOCK | 0644, 0));
|
||||
|
|
@ -7391,7 +7371,7 @@ TEST_F(audit_layout1, make_fifo)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mknod(file1_s1d3, S_IFIFO | 0644, 0));
|
||||
|
|
@ -7411,7 +7391,7 @@ TEST_F(audit_layout1, make_block)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, mknod(file1_s1d3, S_IFBLK | 0644, 0));
|
||||
|
|
@ -7431,7 +7411,7 @@ TEST_F(audit_layout1, make_sym)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, symlink("target", file1_s1d3));
|
||||
|
|
@ -7501,7 +7481,7 @@ TEST_F(audit_layout1, refer_rename)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(EACCES, test_rename(file1_s1d2, file1_s2d3));
|
||||
|
|
@ -7523,7 +7503,7 @@ TEST_F(audit_layout1, refer_exchange)
|
|||
EXPECT_EQ(0, unlink(file1_s1d3));
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
/*
|
||||
|
|
@ -7586,7 +7566,7 @@ TEST_F(audit_layout1, truncate)
|
|||
struct audit_records records;
|
||||
|
||||
drop_access_rights(_metadata, &(struct landlock_ruleset_attr){
|
||||
.handled_access_fs = access_fs_16,
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
});
|
||||
|
||||
EXPECT_EQ(-1, truncate(file1_s1d3, 0));
|
||||
|
|
@ -7607,7 +7587,7 @@ TEST_F(audit_layout1, ioctl_dev)
|
|||
drop_access_rights(_metadata,
|
||||
&(struct landlock_ruleset_attr){
|
||||
.handled_access_fs =
|
||||
access_fs_16 &
|
||||
ACCESS_ALL &
|
||||
~LANDLOCK_ACCESS_FS_READ_FILE,
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user