From patchwork Fri Nov 24 17:30:24 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?G=C3=BCnther_Noack?= <gnoack@google.com>
X-Patchwork-Id: 13468057
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="WeLtt356"
Received: from mail-ej1-x649.google.com (mail-ej1-x649.google.com
 [IPv6:2a00:1450:4864:20::649])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8437A4
	for <linux-fsdevel@vger.kernel.org>; Fri, 24 Nov 2023 09:30:50 -0800 (PST)
Received: by mail-ej1-x649.google.com with SMTP id
 a640c23a62f3a-a018014e8e5so166807166b.2
        for <linux-fsdevel@vger.kernel.org>;
 Fri, 24 Nov 2023 09:30:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1700847049; x=1701451849;
 darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=4o0npWr6QQfeGUIjBW1i5UWIlhIkHbBxxWJVk4Cg53c=;
        b=WeLtt3566O2w+oNzIy73EOLNEkcJs5AVtpXo1GYqotOV0OoeJWHyN0CgdO8UnS0nwU
         DB5X9J+AVCdlnSD0fzp6t5FgHBs8xxCcP7WMB6cXJ+DF5iozPgpdFV9fKgHEhkXJfL9p
         OhSXYh0vJ4jMFekzVTvH5mSxh0lcJR2igODKZqApedkvnxS2aXqx7Jj+0bgjkwOFWb3F
         24JLimtQrnA9fdi72yPggUkBqYyFbF54Zvmk2Bj86pBcEptLnqdiVlSFGkCDrXy48QVi
         /zx8Kd0OzUWLt2QqNQ8CG/f6//dc6IN0CXpogTxwCmqeB7dSRz3+xPbze7U9CO3UgqAu
         AXFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1700847049; x=1701451849;
        h=content-transfer-encoding:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=4o0npWr6QQfeGUIjBW1i5UWIlhIkHbBxxWJVk4Cg53c=;
        b=O+vmpS09qCne9YujMIMO9OW3Ul6VOXOKcRk+kGrZhYLaCST3yVJR0XuoejGV1V7HEX
         cCm7Oolchm/oCXMBVc8n9A0Do6ARvoVFkSMG9GlIWTXH6kBJl656C5e/BX0p00MZ8VS0
         KqqUVMLe3ePppsjLGtzrR1jcgsn9wToViHGer8brFHHI5vkS9rdTGKrV401+pUOgr9+e
         bxmS+QstvlM89k1doR5Gxx2xZ3ofPFFbeRSqmX2FzrX1LLQ833R7L6oSvJjyLLMR4PeH
         0OnhHLwGbfpvLqnxxiBDl7Ra+RCWyE4NCyghoPu7lfGst1LVi/zvafI8AhgWVPctoHJN
         0muQ==
X-Gm-Message-State: AOJu0YwlUj7rGRUSvr+qwcktbR9u0OzWt0nT6+NT0qpljAtiZMfc5I5A
	XA+gKPeDnMSHK0qTz+RlypoG95NFpkw=
X-Google-Smtp-Source: 
 AGHT+IGaXn4S5eUG2SwbJoESQtF1eYE/p/j1rWSZx4+Zni38QT9Z3tNq/MLESaBeJcTTai4ogOYf4kSJaNc=
X-Received: from sport.zrh.corp.google.com
 ([2a00:79e0:9d:4:9429:6eed:3418:ad8a])
 (user=gnoack job=sendgmr) by 2002:a17:906:76d7:b0:9c7:5826:b9ad with SMTP id
 q23-20020a17090676d700b009c75826b9admr35877ejn.5.1700847049214; Fri, 24 Nov
 2023 09:30:49 -0800 (PST)
Date: Fri, 24 Nov 2023 18:30:24 +0100
In-Reply-To: <20231124173026.3257122-1-gnoack@google.com>
Message-Id: <20231124173026.3257122-8-gnoack@google.com>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20231124173026.3257122-1-gnoack@google.com>
X-Mailer: git-send-email 2.43.0.rc1.413.gea7ed67945-goog
Subject: [PATCH v6 7/9] selftests/landlock: Test ioctl(2) and ftruncate(2)
 with open(O_PATH)
From: " =?utf-8?q?G=C3=BCnther_Noack?= " <gnoack@google.com>
To: linux-security-module@vger.kernel.org,  " =?utf-8?q?Micka=C3=ABl_Sala?=
	=?utf-8?q?=C3=BCn?= " <mic@digikod.net>
Cc: Jeff Xu <jeffxu@google.com>, Jorge Lucangeli Obes <jorgelo@chromium.org>,
  Allen Webb <allenwebb@google.com>, Dmitry Torokhov <dtor@google.com>,
 Paul Moore <paul@paul-moore.com>,
  Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
 Matt Bobrowski <repnop@google.com>,  linux-fsdevel@vger.kernel.org,  "
	=?utf-8?q?G=C3=BCnther_Noack?= " <gnoack@google.com>

ioctl(2) and ftruncate(2) operations on files opened with O_PATH
should always return EBADF, independent of the
LANDLOCK_ACCESS_FS_TRUNCATE and LANDLOCK_ACCESS_FS_IOCTL access rights
in that file hierarchy.

Signed-off-by: Günther Noack <gnoack@google.com>
Suggested-by: Mickaël Salaün <mic@digikod.net>
---
 tools/testing/selftests/landlock/fs_test.c | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index 734647f86564..d7987b631ec4 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -3814,6 +3814,46 @@ TEST(memfd_ftruncate_and_ioctl)
 	}
 }
 
+TEST_F_FORK(layout1, o_path_ftruncate_and_ioctl)
+{
+	const struct landlock_ruleset_attr attr = {
+		.handled_access_fs = ACCESS_ALL,
+	};
+	int ruleset_fd, fd;
+
+	/*
+	 * Checks that for files opened with O_PATH, both ioctl(2) and
+	 * ftruncate(2) yield EBADF, as it is documented in open(2) for the
+	 * O_PATH flag.
+	 */
+	fd = open(dir_s1d1, O_PATH | O_CLOEXEC);
+	ASSERT_LE(0, fd);
+
+	EXPECT_EQ(EBADF, test_ftruncate(fd));
+	EXPECT_EQ(EBADF, test_fs_ioc_getflags_ioctl(fd));
+
+	ASSERT_EQ(0, close(fd));
+
+	/* Enables Landlock. */
+	ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
+	ASSERT_LE(0, ruleset_fd);
+	enforce_ruleset(_metadata, ruleset_fd);
+	ASSERT_EQ(0, close(ruleset_fd));
+
+	/*
+	 * Checks that after enabling Landlock,
+	 * - the file can still be opened with O_PATH
+	 * - both ioctl and truncate still yield EBADF (not EACCES).
+	 */
+	fd = open(dir_s1d1, O_PATH | O_CLOEXEC);
+	ASSERT_LE(0, fd);
+
+	EXPECT_EQ(EBADF, test_ftruncate(fd));
+	EXPECT_EQ(EBADF, test_fs_ioc_getflags_ioctl(fd));
+
+	ASSERT_EQ(0, close(fd));
+}
+
 /* clang-format off */
 FIXTURE(ioctl) {};
 /* clang-format on */