Lines Matching +full:parent +full:- +full:child
1 // SPDX-License-Identifier: GPL-2.0
3 * Landlock tests - Ptrace
5 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
6 * Copyright © 2019-2020 ANSSI
80 return -1; in get_yama_ptrace_scope()
88 /* clang-format off */
90 /* clang-format on */
100 * Test multiple tracing combinations between a parent process P1 and a child
111 * P1-. P1 -> P2 : allow
112 * \ P2 -> P1 : allow
115 /* clang-format off */
117 /* clang-format on */ in FIXTURE_VARIANT_ADD()
124 * Child domain
126 * P1--. P1 -> P2 : allow
127 * \ P2 -> P1 : deny
128 * .'-----.
130 * '------'
132 /* clang-format off */
134 /* clang-format on */ in FIXTURE_VARIANT_ADD()
141 * Parent domain
142 * .------.
143 * | P1 --. P1 -> P2 : deny
144 * '------' \ P2 -> P1 : allow
148 /* clang-format off */
150 /* clang-format on */ in FIXTURE_VARIANT_ADD()
157 * Parent + child domain (siblings)
158 * .------.
159 * | P1 ---. P1 -> P2 : deny
160 * '------' \ P2 -> P1 : deny
161 * .---'--.
163 * '------'
165 /* clang-format off */
167 /* clang-format on */ in FIXTURE_VARIANT_ADD()
175 * .-------------.
176 * | P1----. | P1 -> P2 : allow
177 * | \ | P2 -> P1 : allow
180 * '-------------'
182 /* clang-format off */
184 /* clang-format on */ in FIXTURE_VARIANT_ADD()
191 * Inherited + child domain
192 * .-----------------.
193 * | P1----. | P1 -> P2 : allow
194 * | \ | P2 -> P1 : deny
195 * | .-'----. |
197 * | '------' |
198 * '-----------------'
200 /* clang-format off */
202 /* clang-format on */ in FIXTURE_VARIANT_ADD()
209 * Inherited + parent domain
210 * .-----------------.
211 * |.------. | P1 -> P2 : deny
212 * || P1 ----. | P2 -> P1 : allow
213 * |'------' \ |
216 * '-----------------'
218 /* clang-format off */
220 /* clang-format on */ in FIXTURE_VARIANT_ADD()
227 * Inherited + parent and child domain (siblings)
228 * .-----------------.
229 * | .------. | P1 -> P2 : deny
230 * | | P1 . | P2 -> P1 : deny
231 * | '------'\ |
233 * | .--'---. |
235 * | '------' |
236 * '-----------------'
238 /* clang-format off */
240 /* clang-format on */ in FIXTURE_VARIANT_ADD()
254 /* Test PTRACE_TRACEME and PTRACE_ATTACH for parent and child. */
257 pid_t child, parent; in TEST_F() local
273 * can_read_child is true if a parent process can read its child in TEST_F()
274 * process, which is only the case when the parent process is not in TEST_F()
275 * isolated from the child with a dedicated Landlock domain. in TEST_F()
277 can_read_child = !variant->domain_parent; in TEST_F()
280 * can_trace_child is true if a parent process can trace its child in TEST_F()
282 * - The parent process is not isolated from the child with a dedicated in TEST_F()
284 * - Yama allows tracing children (up to YAMA_SCOPE_RELATIONAL). in TEST_F()
290 * can_read_parent is true if a child process can read its parent in TEST_F()
291 * process, which is only the case when the child process is not in TEST_F()
292 * isolated from the parent with a dedicated Landlock domain. in TEST_F()
294 can_read_parent = !variant->domain_child; in TEST_F()
297 * can_trace_parent is true if a child process can trace its parent in TEST_F()
299 * - The child process is not isolated from the parent with a dedicated in TEST_F()
301 * - Yama is disabled (YAMA_SCOPE_DISABLED). in TEST_F()
312 parent = getpid(); in TEST_F()
315 if (variant->domain_both) { in TEST_F()
317 if (!_metadata->passed) in TEST_F()
322 child = fork(); in TEST_F()
323 ASSERT_LE(0, child); in TEST_F()
324 if (child == 0) { in TEST_F()
329 if (variant->domain_child) in TEST_F()
332 /* Waits for the parent to be in a domain, if any. */ in TEST_F()
335 /* Tests PTRACE_MODE_READ on the parent. */ in TEST_F()
336 err_proc_read = test_ptrace_read(parent); in TEST_F()
343 /* Tests PTRACE_ATTACH on the parent. */ in TEST_F()
344 ret = ptrace(PTRACE_ATTACH, parent, NULL, 0); in TEST_F()
348 EXPECT_EQ(-1, ret); in TEST_F()
352 ASSERT_EQ(parent, waitpid(parent, &status, 0)); in TEST_F()
354 ASSERT_EQ(0, ptrace(PTRACE_DETACH, parent, NULL, 0)); in TEST_F()
357 /* Tests child PTRACE_TRACEME. */ in TEST_F()
362 EXPECT_EQ(-1, ret); in TEST_F()
376 /* Waits for the parent PTRACE_ATTACH test. */ in TEST_F()
378 _exit(_metadata->passed ? EXIT_SUCCESS : EXIT_FAILURE); in TEST_F()
384 if (variant->domain_parent) in TEST_F()
387 /* Signals that the parent is in a domain, if any. */ in TEST_F()
391 * Waits for the child to test PTRACE_ATTACH on the parent and start in TEST_F()
396 /* Tests child PTRACE_TRACEME. */ in TEST_F()
398 ASSERT_EQ(child, waitpid(child, &status, 0)); in TEST_F()
400 ASSERT_EQ(0, ptrace(PTRACE_DETACH, child, NULL, 0)); in TEST_F()
402 /* The child should not be traced by the parent. */ in TEST_F()
403 EXPECT_EQ(-1, ptrace(PTRACE_DETACH, child, NULL, 0)); in TEST_F()
407 /* Tests PTRACE_MODE_READ on the child. */ in TEST_F()
408 err_proc_read = test_ptrace_read(child); in TEST_F()
415 /* Tests PTRACE_ATTACH on the child. */ in TEST_F()
416 ret = ptrace(PTRACE_ATTACH, child, NULL, 0); in TEST_F()
420 EXPECT_EQ(-1, ret); in TEST_F()
425 ASSERT_EQ(child, waitpid(child, &status, 0)); in TEST_F()
427 ASSERT_EQ(0, ptrace(PTRACE_DETACH, child, NULL, 0)); in TEST_F()
430 /* Signals that the parent PTRACE_ATTACH test is done. */ in TEST_F()
432 ASSERT_EQ(child, waitpid(child, &status, 0)); in TEST_F()
435 _metadata->passed = 0; in TEST_F()