Lines Matching refs:ruleset_fd
301 int ruleset_fd; in TEST_F_FORK() local
307 ruleset_fd = open(dir_s1d1, O_PATH | O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
308 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
309 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
313 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
315 ruleset_fd = open(dir_s1d1, O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
316 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
317 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
321 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
324 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F_FORK()
326 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
327 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
334 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
339 path_beneath.parent_fd = ruleset_fd; in TEST_F_FORK()
340 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
351 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
358 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
365 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
374 ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); in TEST_F_FORK()
376 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
407 const int ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F_FORK() local
410 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
417 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
430 const int ruleset_fd, const __u64 allowed_access, in add_path_beneath() argument
442 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in add_path_beneath()
466 int ruleset_fd, i; in create_ruleset() local
478 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in create_ruleset()
480 ASSERT_LE(0, ruleset_fd) { in create_ruleset()
485 add_path_beneath(_metadata, ruleset_fd, rules[i].access, in create_ruleset()
488 return ruleset_fd; in create_ruleset()
492 const int ruleset_fd) in enforce_ruleset() argument
495 ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, 0)) { in enforce_ruleset()
511 const int ruleset_fd = create_ruleset(_metadata, rules[0].access | in TEST_F_FORK() local
514 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
517 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
542 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
556 int ruleset_fd; in TEST_F_FORK() local
560 ruleset_fd = create_ruleset(_metadata, ACCESS_RO, rules); in TEST_F_FORK()
561 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
562 ASSERT_EQ(-1, landlock_restrict_self(ruleset_fd, 0)); in TEST_F_FORK()
566 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
567 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
584 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
588 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
589 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
590 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
632 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RO, rules); in TEST_F_FORK() local
634 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
635 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
636 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
665 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
667 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
668 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
669 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
706 int ruleset_fd; in TEST_F_FORK() local
711 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_MAKE_REG, in TEST_F_FORK()
713 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
714 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
715 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
722 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_REMOVE_FILE, in TEST_F_FORK()
724 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
725 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
726 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
830 int ruleset_fd; in TEST_F_FORK() local
832 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
834 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
835 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
836 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
843 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE | in TEST_F_FORK()
845 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
846 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
847 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
854 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
856 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
857 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
858 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
866 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE | in TEST_F_FORK()
868 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
869 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
870 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
881 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE, in TEST_F_FORK()
883 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
884 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
885 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
893 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_EXECUTE, in TEST_F_FORK()
895 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
896 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
897 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
905 ruleset_fd = create_ruleset(_metadata, LANDLOCK_ACCESS_FS_READ_FILE | in TEST_F_FORK()
907 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
908 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
909 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
928 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
930 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
931 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
951 add_path_beneath(_metadata, ruleset_fd, LANDLOCK_ACCESS_FS_WRITE_FILE, in TEST_F_FORK()
964 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
984 add_path_beneath(_metadata, ruleset_fd, ACCESS_RW, dir_s1d1); in TEST_F_FORK()
985 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1006 add_path_beneath(_metadata, ruleset_fd, LANDLOCK_ACCESS_FS_WRITE_FILE, in TEST_F_FORK()
1008 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1009 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1044 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1046 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1047 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1057 add_path_beneath(_metadata, ruleset_fd, LANDLOCK_ACCESS_FS_READ_FILE | in TEST_F_FORK()
1059 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1060 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1080 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1082 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1084 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1087 err = landlock_restrict_self(ruleset_fd, 0); in TEST_F_FORK()
1091 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1097 int ruleset_fd; in TEST_F_FORK() local
1100 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F_FORK()
1102 ASSERT_LE(-1, ruleset_fd); in TEST_F_FORK()
1107 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F_FORK()
1109 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1110 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1116 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F_FORK()
1118 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1119 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1124 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1125 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1142 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1144 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1145 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1146 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1171 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1173 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1174 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1175 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1199 int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1201 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1202 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1203 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1210 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1211 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1212 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1213 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1229 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1231 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1232 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1233 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1249 int ruleset_fd; in TEST_F_FORK() local
1258 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK()
1259 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1260 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1261 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1276 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1278 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1279 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1280 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1299 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1301 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1313 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1314 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1340 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); in TEST_F_FORK() local
1342 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1348 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1349 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1389 int dirfd, ruleset_fd; in test_relative_path() local
1391 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_base); in test_relative_path()
1392 ASSERT_LE(0, ruleset_fd); in test_relative_path()
1393 enforce_ruleset(_metadata, ruleset_fd); in test_relative_path()
1394 ASSERT_EQ(0, close(ruleset_fd)); in test_relative_path()
1396 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_subs); in test_relative_path()
1398 ASSERT_LE(0, ruleset_fd); in test_relative_path()
1415 enforce_ruleset(_metadata, ruleset_fd); in test_relative_path()
1474 ASSERT_EQ(0, close(ruleset_fd)); in test_relative_path()
1554 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1557 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1562 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1563 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1587 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1590 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1596 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1597 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1624 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1627 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1632 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1633 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1701 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1704 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1710 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1711 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1755 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1758 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1765 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1766 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1792 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1795 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1796 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1797 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1817 const int ruleset_fd = create_ruleset(_metadata, access, rules); in test_make_file() local
1819 ASSERT_LE(0, ruleset_fd); in test_make_file()
1834 enforce_ruleset(_metadata, ruleset_fd); in test_make_file()
1835 ASSERT_EQ(0, close(ruleset_fd)); in test_make_file()
1903 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1906 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1918 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1919 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1948 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
1951 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1957 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1958 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
1989 const int ruleset_fd = create_ruleset(_metadata, in TEST_F_FORK() local
1993 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
1994 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
1995 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2031 const int ruleset_fd = create_ruleset(_metadata, rules[0].access, in TEST_F_FORK() local
2034 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2035 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2036 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2198 int ruleset_fd; in TEST_F_FORK() local
2201 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_parent); in TEST_F_FORK()
2202 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2203 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2204 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2223 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_mount_point); in TEST_F_FORK()
2224 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2225 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2226 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2247 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer3_source); in TEST_F_FORK()
2248 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2249 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2250 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2271 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer4_destination); in TEST_F_FORK()
2272 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2273 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2274 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2646 int ruleset_fd; in TEST_F_FORK() local
2651 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_base); in TEST_F_FORK()
2652 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2653 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2654 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2697 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer2_data); in TEST_F_FORK()
2698 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2699 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2700 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2714 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer3_subdirs); in TEST_F_FORK()
2715 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2716 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2717 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2739 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer4_files); in TEST_F_FORK()
2740 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2741 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2742 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
2766 ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer5_merge_only); in TEST_F_FORK()
2767 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
2768 enforce_ruleset(_metadata, ruleset_fd); in TEST_F_FORK()
2769 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()