selftests/seccomp: Prepare for exclusive seccomp flags
Some seccomp flags will become exclusive, so the selftest needs to be adjusted to mask those out and test them individually for the "all flags" tests. Cc: stable@vger.kernel.org # v5.0+ Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Tycho Andersen <tycho@tycho.ws> Acked-by: James Morris <jamorris@linux.microsoft.com>
This commit is contained in:
Родитель
8c2ffd9174
Коммит
4ee0776760
|
@ -2166,11 +2166,14 @@ TEST(detect_seccomp_filter_flags)
|
|||
SECCOMP_FILTER_FLAG_LOG,
|
||||
SECCOMP_FILTER_FLAG_SPEC_ALLOW,
|
||||
SECCOMP_FILTER_FLAG_NEW_LISTENER };
|
||||
unsigned int flag, all_flags;
|
||||
unsigned int exclusive[] = {
|
||||
SECCOMP_FILTER_FLAG_TSYNC,
|
||||
SECCOMP_FILTER_FLAG_NEW_LISTENER };
|
||||
unsigned int flag, all_flags, exclusive_mask;
|
||||
int i;
|
||||
long ret;
|
||||
|
||||
/* Test detection of known-good filter flags */
|
||||
/* Test detection of individual known-good filter flags */
|
||||
for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) {
|
||||
int bits = 0;
|
||||
|
||||
|
@ -2197,16 +2200,29 @@ TEST(detect_seccomp_filter_flags)
|
|||
all_flags |= flag;
|
||||
}
|
||||
|
||||
/* Test detection of all known-good filter flags */
|
||||
ret = seccomp(SECCOMP_SET_MODE_FILTER, all_flags, NULL);
|
||||
EXPECT_EQ(-1, ret);
|
||||
EXPECT_EQ(EFAULT, errno) {
|
||||
TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!",
|
||||
all_flags);
|
||||
/*
|
||||
* Test detection of all known-good filter flags combined. But
|
||||
* for the exclusive flags we need to mask them out and try them
|
||||
* individually for the "all flags" testing.
|
||||
*/
|
||||
exclusive_mask = 0;
|
||||
for (i = 0; i < ARRAY_SIZE(exclusive); i++)
|
||||
exclusive_mask |= exclusive[i];
|
||||
for (i = 0; i < ARRAY_SIZE(exclusive); i++) {
|
||||
flag = all_flags & ~exclusive_mask;
|
||||
flag |= exclusive[i];
|
||||
|
||||
ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
|
||||
EXPECT_EQ(-1, ret);
|
||||
EXPECT_EQ(EFAULT, errno) {
|
||||
TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!",
|
||||
flag);
|
||||
}
|
||||
}
|
||||
|
||||
/* Test detection of an unknown filter flag */
|
||||
/* Test detection of an unknown filter flags, without exclusives. */
|
||||
flag = -1;
|
||||
flag &= ~exclusive_mask;
|
||||
ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
|
||||
EXPECT_EQ(-1, ret);
|
||||
EXPECT_EQ(EINVAL, errno) {
|
||||
|
|
Загрузка…
Ссылка в новой задаче