1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2013 SUSE. All Rights Reserved.
4 *
5 * Started by Jan Kara <jack@suse.cz>
6 */
7
8 /*\
9 * [Description]
10 * Check that fanotify permission events work.
11 */
12
13 #define _GNU_SOURCE
14 #include "config.h"
15
16 #include <stdio.h>
17 #include <unistd.h>
18 #include <sys/stat.h>
19 #include <sys/types.h>
20 #include <sys/wait.h>
21 #include <errno.h>
22 #include <string.h>
23 #include <signal.h>
24 #include <sys/syscall.h>
25 #include <stdlib.h>
26 #include "tst_test.h"
27
28 #ifdef HAVE_SYS_FANOTIFY_H
29 # include "fanotify.h"
30
31 #define EVENT_MAX 1024
32 /* size of the event structure, not counting name */
33 #define EVENT_SIZE (sizeof (struct fanotify_event_metadata))
34 /* reasonable guess as to size of 1024 events */
35 #define EVENT_BUF_LEN (EVENT_MAX * EVENT_SIZE)
36 /* Size large enough to hold a reasonable amount of expected event objects */
37 #define EVENT_SET_MAX 16
38
39 #define BUF_SIZE 256
40 #define TST_TOTAL 3
41 #define TEST_APP "fanotify_child"
42 #define MOUNT_PATH "fs_mnt"
43 #define FILE_EXEC_PATH MOUNT_PATH"/"TEST_APP
44
45 static char fname[BUF_SIZE];
46 static char buf[BUF_SIZE];
47 static volatile int fd_notify;
48
49 static pid_t child_pid;
50
51 static char event_buf[EVENT_BUF_LEN];
52 static int exec_events_unsupported;
53 static int filesystem_mark_unsupported;
54
55 struct event {
56 unsigned long long mask;
57 unsigned int response;
58 };
59
60 static struct tcase {
61 const char *tname;
62 struct fanotify_mark_type mark;
63 unsigned long long mask;
64 int event_count;
65 struct event event_set[EVENT_SET_MAX];
66 } tcases[] = {
67 {
68 "inode mark, FAN_OPEN_PERM | FAN_ACCESS_PERM events",
69 INIT_FANOTIFY_MARK_TYPE(INODE),
70 FAN_OPEN_PERM | FAN_ACCESS_PERM, 3,
71 {
72 {FAN_OPEN_PERM, FAN_ALLOW},
73 {FAN_ACCESS_PERM, FAN_DENY},
74 {FAN_OPEN_PERM, FAN_DENY}
75 }
76 },
77 {
78 "inode mark, FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM events",
79 INIT_FANOTIFY_MARK_TYPE(INODE),
80 FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM, 2,
81 {
82 {FAN_ACCESS_PERM, FAN_DENY},
83 {FAN_OPEN_EXEC_PERM, FAN_DENY}
84 }
85 },
86 {
87 "mount mark, FAN_OPEN_PERM | FAN_ACCESS_PERM events",
88 INIT_FANOTIFY_MARK_TYPE(MOUNT),
89 FAN_OPEN_PERM | FAN_ACCESS_PERM, 3,
90 {
91 {FAN_OPEN_PERM, FAN_ALLOW},
92 {FAN_ACCESS_PERM, FAN_DENY},
93 {FAN_OPEN_PERM, FAN_DENY}
94 }
95 },
96 {
97 "mount mark, FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM events",
98 INIT_FANOTIFY_MARK_TYPE(MOUNT),
99 FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM, 2,
100 {
101 {FAN_ACCESS_PERM, FAN_DENY},
102 {FAN_OPEN_EXEC_PERM, FAN_DENY}
103 }
104 },
105 {
106 "filesystem mark, FAN_OPEN_PERM | FAN_ACCESS_PERM events",
107 INIT_FANOTIFY_MARK_TYPE(FILESYSTEM),
108 FAN_OPEN_PERM | FAN_ACCESS_PERM, 3,
109 {
110 {FAN_OPEN_PERM, FAN_ALLOW},
111 {FAN_ACCESS_PERM, FAN_DENY},
112 {FAN_OPEN_PERM, FAN_DENY}
113 }
114 },
115 {
116 "filesystem mark, FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM events",
117 INIT_FANOTIFY_MARK_TYPE(FILESYSTEM),
118 FAN_ACCESS_PERM | FAN_OPEN_EXEC_PERM, 2,
119 {
120 {FAN_ACCESS_PERM, FAN_DENY},
121 {FAN_OPEN_EXEC_PERM, FAN_DENY}
122 }
123 },
124 };
125
generate_events(void)126 static void generate_events(void)
127 {
128 int fd;
129 char *const argv[] = {FILE_EXEC_PATH, NULL};
130
131 /*
132 * Generate sequence of events
133 */
134 fd = SAFE_OPEN(fname, O_RDWR | O_CREAT, 0700);
135
136 SAFE_WRITE(0, fd, fname, 1);
137 SAFE_LSEEK(fd, 0, SEEK_SET);
138
139 if (read(fd, buf, BUF_SIZE) != -1)
140 exit(3);
141
142 SAFE_CLOSE(fd);
143
144 if (execve(FILE_EXEC_PATH, argv, environ) != -1)
145 exit(5);
146 }
147
child_handler(int tmp)148 static void child_handler(int tmp)
149 {
150 (void)tmp;
151 /*
152 * Close notification fd so that we cannot block while reading
153 * from it
154 */
155 SAFE_CLOSE(fd_notify);
156 fd_notify = -1;
157 }
158
run_child(void)159 static void run_child(void)
160 {
161 struct sigaction child_action;
162
163 child_action.sa_handler = child_handler;
164 sigemptyset(&child_action.sa_mask);
165 child_action.sa_flags = SA_NOCLDSTOP;
166
167 if (sigaction(SIGCHLD, &child_action, NULL) < 0) {
168 tst_brk(TBROK | TERRNO,
169 "sigaction(SIGCHLD, &child_action, NULL) failed");
170 }
171
172 child_pid = SAFE_FORK();
173
174 if (child_pid == 0) {
175 /* Child will generate events now */
176 SAFE_CLOSE(fd_notify);
177 generate_events();
178 exit(0);
179 }
180 }
181
check_child(void)182 static void check_child(void)
183 {
184 struct sigaction child_action;
185 int child_ret;
186
187 child_action.sa_handler = SIG_IGN;
188 sigemptyset(&child_action.sa_mask);
189 child_action.sa_flags = SA_NOCLDSTOP;
190 if (sigaction(SIGCHLD, &child_action, NULL) < 0) {
191 tst_brk(TBROK | TERRNO,
192 "sigaction(SIGCHLD, &child_action, NULL) failed");
193 }
194 SAFE_WAITPID(-1, &child_ret, 0);
195
196 if (WIFEXITED(child_ret) && WEXITSTATUS(child_ret) == 0)
197 tst_res(TPASS, "child exited correctly");
198 else
199 tst_res(TFAIL, "child %s", tst_strstatus(child_ret));
200 }
201
setup_mark(unsigned int n)202 static int setup_mark(unsigned int n)
203 {
204 unsigned int i = 0;
205 struct tcase *tc = &tcases[n];
206 struct fanotify_mark_type *mark = &tc->mark;
207 char *const files[] = {fname, FILE_EXEC_PATH};
208
209 tst_res(TINFO, "Test #%d: %s", n, tc->tname);
210
211 if (exec_events_unsupported && tc->mask & FAN_OPEN_EXEC_PERM) {
212 tst_res(TCONF, "FAN_OPEN_EXEC_PERM not supported in kernel?");
213 return -1;
214 }
215
216 if (filesystem_mark_unsupported && mark->flag == FAN_MARK_FILESYSTEM) {
217 tst_res(TCONF, "FAN_MARK_FILESYSTEM not supported in kernel?");
218 return -1;
219 }
220
221 fd_notify = SAFE_FANOTIFY_INIT(FAN_CLASS_CONTENT, O_RDONLY);
222
223 for (; i < ARRAY_SIZE(files); i++) {
224 SAFE_FANOTIFY_MARK(fd_notify, FAN_MARK_ADD | mark->flag,
225 tc->mask, AT_FDCWD, files[i]);
226 }
227
228 return 0;
229 }
230
test_fanotify(unsigned int n)231 static void test_fanotify(unsigned int n)
232 {
233 int ret, len = 0, i = 0, test_num = 0;
234 struct tcase *tc = &tcases[n];
235 struct event *event_set = tc->event_set;
236
237 if (setup_mark(n) != 0)
238 return;
239
240 run_child();
241
242 /*
243 * Process events
244 *
245 * tc->count + 1 is to accommodate for checking the child process
246 * return value
247 */
248 while (test_num < tc->event_count + 1 && fd_notify != -1) {
249 struct fanotify_event_metadata *event;
250
251 if (i == len) {
252 /* Get more events */
253 ret = read(fd_notify, event_buf + len,
254 EVENT_BUF_LEN - len);
255 if (fd_notify == -1)
256 break;
257 if (ret < 0) {
258 tst_brk(TBROK,
259 "read(%d, buf, %zu) failed",
260 fd_notify, EVENT_BUF_LEN);
261 }
262 len += ret;
263 }
264
265 event = (struct fanotify_event_metadata *)&event_buf[i];
266 /* Permission events cannot be merged, so the event mask
267 * reported should exactly match the event mask within the
268 * event set.
269 */
270 if (event->mask != event_set[test_num].mask) {
271 tst_res(TFAIL,
272 "got event: mask=%llx (expected %llx) "
273 "pid=%u fd=%d",
274 (unsigned long long)event->mask,
275 event_set[test_num].mask,
276 (unsigned)event->pid, event->fd);
277 } else if (event->pid != child_pid) {
278 tst_res(TFAIL,
279 "got event: mask=%llx pid=%u "
280 "(expected %u) fd=%d",
281 (unsigned long long)event->mask,
282 (unsigned)event->pid,
283 (unsigned)child_pid,
284 event->fd);
285 } else {
286 tst_res(TPASS,
287 "got event: mask=%llx pid=%u fd=%d",
288 (unsigned long long)event->mask,
289 (unsigned)event->pid, event->fd);
290 }
291
292 /* Write response to the permission event */
293 if (event_set[test_num].mask & LTP_ALL_PERM_EVENTS) {
294 struct fanotify_response resp;
295
296 resp.fd = event->fd;
297 resp.response = event_set[test_num].response;
298 SAFE_WRITE(1, fd_notify, &resp, sizeof(resp));
299 }
300
301 i += event->event_len;
302
303 if (event->fd != FAN_NOFD)
304 SAFE_CLOSE(event->fd);
305
306 test_num++;
307 }
308
309 for (; test_num < tc->event_count; test_num++) {
310 tst_res(TFAIL, "didn't get event: mask=%llx",
311 event_set[test_num].mask);
312
313 }
314
315 check_child();
316
317 if (fd_notify > 0)
318 SAFE_CLOSE(fd_notify);
319 }
320
setup(void)321 static void setup(void)
322 {
323 require_fanotify_access_permissions_supported_by_kernel();
324
325 filesystem_mark_unsupported = fanotify_mark_supported_by_kernel(FAN_MARK_FILESYSTEM);
326 exec_events_unsupported = fanotify_events_supported_by_kernel(FAN_OPEN_EXEC_PERM,
327 FAN_CLASS_CONTENT, 0);
328 sprintf(fname, MOUNT_PATH"/fname_%d", getpid());
329 SAFE_FILE_PRINTF(fname, "1");
330
331 SAFE_CP(TEST_APP, FILE_EXEC_PATH);
332 }
333
cleanup(void)334 static void cleanup(void)
335 {
336 if (fd_notify > 0)
337 SAFE_CLOSE(fd_notify);
338 }
339
340 static const char *const resource_files[] = {
341 TEST_APP,
342 NULL
343 };
344
345 static struct tst_test test = {
346 .test = test_fanotify,
347 .tcnt = ARRAY_SIZE(tcases),
348 .setup = setup,
349 .cleanup = cleanup,
350 .forks_child = 1,
351 .needs_root = 1,
352 .mount_device = 1,
353 .mntpoint = MOUNT_PATH,
354 .resource_files = resource_files
355 };
356
357 #else
358 TST_TEST_TCONF("system doesn't have required fanotify support");
359 #endif
360