selftests/landlock: Test signal scoping for threads

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Expand the signal scoping tests with pthread_kill(3). Test if a scoped
thread can send signal to a process in the same scoped domain, or a
non-sandboxed thread.

Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/c15e9eafbb2da1210e46ba8db7b8907f5ea11009.1725657728.git.fahimitahera@gmail.com
[mic: Improve commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

authored by

Tahera Fahimi and committed by

Mickaël Salaün 2 years ago c8994965 ea292363

+49

1 changed file

expand all

tools

testing

selftests

landlock

scoped_signal_test.c

+49

tools/testing/selftests/landlock/scoped_signal_test.c

··· 9 9 #include <errno.h> 10 10 #include <fcntl.h> 11 11 #include <linux/landlock.h> 12 + #include <pthread.h> 12 13 #include <signal.h> 13 14 #include <sys/prctl.h> 14 15 #include <sys/types.h> ··· 247 246 if (WIFSIGNALED(status) || !WIFEXITED(status) || 248 247 WEXITSTATUS(status) != EXIT_SUCCESS) 249 248 _metadata->exit_code = KSFT_FAIL; 249 + } 250 + 251 + static int thread_pipe[2]; 252 + 253 + enum thread_return { 254 + THREAD_INVALID = 0, 255 + THREAD_SUCCESS = 1, 256 + THREAD_ERROR = 2, 257 + }; 258 + 259 + void *thread_func(void *arg) 260 + { 261 + char buf; 262 + 263 + if (read(thread_pipe[0], &buf, 1) != 1) 264 + return (void *)THREAD_ERROR; 265 + 266 + return (void *)THREAD_SUCCESS; 267 + } 268 + 269 + TEST(signal_scoping_threads) 270 + { 271 + pthread_t no_sandbox_thread, scoped_thread; 272 + enum thread_return ret = THREAD_INVALID; 273 + 274 + drop_caps(_metadata); 275 + ASSERT_EQ(0, pipe2(thread_pipe, O_CLOEXEC)); 276 + 277 + ASSERT_EQ(0, 278 + pthread_create(&no_sandbox_thread, NULL, thread_func, NULL)); 279 + 280 + /* Restricts the domain after creating the first thread. */ 281 + create_scoped_domain(_metadata, LANDLOCK_SCOPE_SIGNAL); 282 + 283 + ASSERT_EQ(EPERM, pthread_kill(no_sandbox_thread, 0)); 284 + ASSERT_EQ(1, write(thread_pipe[1], ".", 1)); 285 + 286 + ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_func, NULL)); 287 + ASSERT_EQ(0, pthread_kill(scoped_thread, 0)); 288 + ASSERT_EQ(1, write(thread_pipe[1], ".", 1)); 289 + 290 + EXPECT_EQ(0, pthread_join(no_sandbox_thread, (void **)&ret)); 291 + EXPECT_EQ(THREAD_SUCCESS, ret); 292 + EXPECT_EQ(0, pthread_join(scoped_thread, (void **)&ret)); 293 + EXPECT_EQ(THREAD_SUCCESS, ret); 294 + 295 + EXPECT_EQ(0, close(thread_pipe[0])); 296 + EXPECT_EQ(0, close(thread_pipe[1])); 250 297 } 251 298 252 299 TEST_HARNESS_MAIN