xref: /openbmc/linux/security/apparmor/policy_unpack_test.c (revision e65e175b07bef5974045cc42238de99057669ca7)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * KUnit tests for AppArmor's policy unpack.
4  */
5 
6 #include <kunit/test.h>
7 #include <kunit/visibility.h>
8 
9 #include "include/policy.h"
10 #include "include/policy_unpack.h"
11 
12 #define TEST_STRING_NAME "TEST_STRING"
13 #define TEST_STRING_DATA "testing"
14 #define TEST_STRING_BUF_OFFSET \
15 	(3 + strlen(TEST_STRING_NAME) + 1)
16 
17 #define TEST_U32_NAME "U32_TEST"
18 #define TEST_U32_DATA ((u32)0x01020304)
19 #define TEST_NAMED_U32_BUF_OFFSET \
20 	(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
21 #define TEST_U32_BUF_OFFSET \
22 	(TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
23 
24 #define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
25 #define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
26 
27 #define TEST_U64_NAME "U64_TEST"
28 #define TEST_U64_DATA ((u64)0x0102030405060708)
29 #define TEST_NAMED_U64_BUF_OFFSET (TEST_U32_BUF_OFFSET + sizeof(u32) + 1)
30 #define TEST_U64_BUF_OFFSET \
31 	(TEST_NAMED_U64_BUF_OFFSET + 3 + strlen(TEST_U64_NAME) + 1)
32 
33 #define TEST_BLOB_NAME "BLOB_TEST"
34 #define TEST_BLOB_DATA "\xde\xad\x00\xbe\xef"
35 #define TEST_BLOB_DATA_SIZE (ARRAY_SIZE(TEST_BLOB_DATA))
36 #define TEST_NAMED_BLOB_BUF_OFFSET (TEST_U64_BUF_OFFSET + sizeof(u64) + 1)
37 #define TEST_BLOB_BUF_OFFSET \
38 	(TEST_NAMED_BLOB_BUF_OFFSET + 3 + strlen(TEST_BLOB_NAME) + 1)
39 
40 #define TEST_ARRAY_NAME "ARRAY_TEST"
41 #define TEST_ARRAY_SIZE 16
42 #define TEST_NAMED_ARRAY_BUF_OFFSET \
43 	(TEST_BLOB_BUF_OFFSET + 5 + TEST_BLOB_DATA_SIZE)
44 #define TEST_ARRAY_BUF_OFFSET \
45 	(TEST_NAMED_ARRAY_BUF_OFFSET + 3 + strlen(TEST_ARRAY_NAME) + 1)
46 
47 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
48 
49 struct policy_unpack_fixture {
50 	struct aa_ext *e;
51 	size_t e_size;
52 };
53 
54 static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
55 					  struct kunit *test, size_t buf_size)
56 {
57 	char *buf;
58 	struct aa_ext *e;
59 
60 	buf = kunit_kzalloc(test, buf_size, GFP_USER);
61 	KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf);
62 
63 	e = kunit_kmalloc(test, sizeof(*e), GFP_USER);
64 	KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e);
65 
66 	e->start = buf;
67 	e->end = e->start + buf_size;
68 	e->pos = e->start;
69 
70 	*buf = AA_NAME;
71 	*(buf + 1) = strlen(TEST_STRING_NAME) + 1;
72 	strcpy(buf + 3, TEST_STRING_NAME);
73 
74 	buf = e->start + TEST_STRING_BUF_OFFSET;
75 	*buf = AA_STRING;
76 	*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
77 	strcpy(buf + 3, TEST_STRING_DATA);
78 
79 	buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
80 	*buf = AA_NAME;
81 	*(buf + 1) = strlen(TEST_U32_NAME) + 1;
82 	strcpy(buf + 3, TEST_U32_NAME);
83 	*(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
84 	*((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
85 
86 	buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
87 	*buf = AA_NAME;
88 	*(buf + 1) = strlen(TEST_U64_NAME) + 1;
89 	strcpy(buf + 3, TEST_U64_NAME);
90 	*(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
91 	*((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
92 
93 	buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
94 	*buf = AA_NAME;
95 	*(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
96 	strcpy(buf + 3, TEST_BLOB_NAME);
97 	*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
98 	*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
99 	memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
100 		TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
101 
102 	buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
103 	*buf = AA_NAME;
104 	*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
105 	strcpy(buf + 3, TEST_ARRAY_NAME);
106 	*(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
107 	*((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
108 
109 	return e;
110 }
111 
112 static int policy_unpack_test_init(struct kunit *test)
113 {
114 	size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1;
115 	struct policy_unpack_fixture *puf;
116 
117 	puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER);
118 	KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf);
119 
120 	puf->e_size = e_size;
121 	puf->e = build_aa_ext_struct(puf, test, e_size);
122 
123 	test->priv = puf;
124 	return 0;
125 }
126 
127 static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test)
128 {
129 	struct policy_unpack_fixture *puf = test->priv;
130 
131 	KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, 0));
132 	KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size / 2));
133 	KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size));
134 }
135 
136 static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test)
137 {
138 	struct policy_unpack_fixture *puf = test->priv;
139 
140 	KUNIT_EXPECT_FALSE(test, aa_inbounds(puf->e, puf->e_size + 1));
141 }
142 
143 static void policy_unpack_test_unpack_array_with_null_name(struct kunit *test)
144 {
145 	struct policy_unpack_fixture *puf = test->priv;
146 	u16 array_size = 0;
147 
148 	puf->e->pos += TEST_ARRAY_BUF_OFFSET;
149 
150 	KUNIT_EXPECT_TRUE(test, aa_unpack_array(puf->e, NULL, &array_size));
151 	KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
152 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
153 		puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
154 }
155 
156 static void policy_unpack_test_unpack_array_with_name(struct kunit *test)
157 {
158 	struct policy_unpack_fixture *puf = test->priv;
159 	const char name[] = TEST_ARRAY_NAME;
160 	u16 array_size = 0;
161 
162 	puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
163 
164 	KUNIT_EXPECT_TRUE(test, aa_unpack_array(puf->e, name, &array_size));
165 	KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
166 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
167 		puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
168 }
169 
170 static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test)
171 {
172 	struct policy_unpack_fixture *puf = test->priv;
173 	const char name[] = TEST_ARRAY_NAME;
174 	u16 array_size;
175 
176 	puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
177 	puf->e->end = puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16);
178 
179 	KUNIT_EXPECT_FALSE(test, aa_unpack_array(puf->e, name, &array_size));
180 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
181 		puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET);
182 }
183 
184 static void policy_unpack_test_unpack_blob_with_null_name(struct kunit *test)
185 {
186 	struct policy_unpack_fixture *puf = test->priv;
187 	char *blob = NULL;
188 	size_t size;
189 
190 	puf->e->pos += TEST_BLOB_BUF_OFFSET;
191 	size = aa_unpack_blob(puf->e, &blob, NULL);
192 
193 	KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
194 	KUNIT_EXPECT_TRUE(test,
195 		memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
196 }
197 
198 static void policy_unpack_test_unpack_blob_with_name(struct kunit *test)
199 {
200 	struct policy_unpack_fixture *puf = test->priv;
201 	char *blob = NULL;
202 	size_t size;
203 
204 	puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
205 	size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
206 
207 	KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
208 	KUNIT_EXPECT_TRUE(test,
209 		memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
210 }
211 
212 static void policy_unpack_test_unpack_blob_out_of_bounds(struct kunit *test)
213 {
214 	struct policy_unpack_fixture *puf = test->priv;
215 	char *blob = NULL;
216 	void *start;
217 	int size;
218 
219 	puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
220 	start = puf->e->pos;
221 	puf->e->end = puf->e->start + TEST_BLOB_BUF_OFFSET
222 		+ TEST_BLOB_DATA_SIZE - 1;
223 
224 	size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
225 
226 	KUNIT_EXPECT_EQ(test, size, 0);
227 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
228 }
229 
230 static void policy_unpack_test_unpack_str_with_null_name(struct kunit *test)
231 {
232 	struct policy_unpack_fixture *puf = test->priv;
233 	const char *string = NULL;
234 	size_t size;
235 
236 	puf->e->pos += TEST_STRING_BUF_OFFSET;
237 	size = aa_unpack_str(puf->e, &string, NULL);
238 
239 	KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
240 	KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
241 }
242 
243 static void policy_unpack_test_unpack_str_with_name(struct kunit *test)
244 {
245 	struct policy_unpack_fixture *puf = test->priv;
246 	const char *string = NULL;
247 	size_t size;
248 
249 	size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME);
250 
251 	KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
252 	KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
253 }
254 
255 static void policy_unpack_test_unpack_str_out_of_bounds(struct kunit *test)
256 {
257 	struct policy_unpack_fixture *puf = test->priv;
258 	const char *string = NULL;
259 	void *start = puf->e->pos;
260 	int size;
261 
262 	puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
263 		+ strlen(TEST_STRING_DATA) - 1;
264 
265 	size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME);
266 
267 	KUNIT_EXPECT_EQ(test, size, 0);
268 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
269 }
270 
271 static void policy_unpack_test_unpack_strdup_with_null_name(struct kunit *test)
272 {
273 	struct policy_unpack_fixture *puf = test->priv;
274 	char *string = NULL;
275 	size_t size;
276 
277 	puf->e->pos += TEST_STRING_BUF_OFFSET;
278 	size = aa_unpack_strdup(puf->e, &string, NULL);
279 
280 	KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
281 	KUNIT_EXPECT_FALSE(test,
282 			   ((uintptr_t)puf->e->start <= (uintptr_t)string)
283 			   && ((uintptr_t)string <= (uintptr_t)puf->e->end));
284 	KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
285 }
286 
287 static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test)
288 {
289 	struct policy_unpack_fixture *puf = test->priv;
290 	char *string = NULL;
291 	size_t size;
292 
293 	size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME);
294 
295 	KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
296 	KUNIT_EXPECT_FALSE(test,
297 			   ((uintptr_t)puf->e->start <= (uintptr_t)string)
298 			   && ((uintptr_t)string <= (uintptr_t)puf->e->end));
299 	KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
300 }
301 
302 static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test)
303 {
304 	struct policy_unpack_fixture *puf = test->priv;
305 	void *start = puf->e->pos;
306 	char *string = NULL;
307 	int size;
308 
309 	puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
310 		+ strlen(TEST_STRING_DATA) - 1;
311 
312 	size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME);
313 
314 	KUNIT_EXPECT_EQ(test, size, 0);
315 	KUNIT_EXPECT_NULL(test, string);
316 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
317 }
318 
319 static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test)
320 {
321 	struct policy_unpack_fixture *puf = test->priv;
322 	bool success;
323 
324 	puf->e->pos += TEST_U32_BUF_OFFSET;
325 
326 	success = aa_unpack_nameX(puf->e, AA_U32, NULL);
327 
328 	KUNIT_EXPECT_TRUE(test, success);
329 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
330 			    puf->e->start + TEST_U32_BUF_OFFSET + 1);
331 }
332 
333 static void policy_unpack_test_unpack_nameX_with_wrong_code(struct kunit *test)
334 {
335 	struct policy_unpack_fixture *puf = test->priv;
336 	bool success;
337 
338 	puf->e->pos += TEST_U32_BUF_OFFSET;
339 
340 	success = aa_unpack_nameX(puf->e, AA_BLOB, NULL);
341 
342 	KUNIT_EXPECT_FALSE(test, success);
343 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
344 			    puf->e->start + TEST_U32_BUF_OFFSET);
345 }
346 
347 static void policy_unpack_test_unpack_nameX_with_name(struct kunit *test)
348 {
349 	struct policy_unpack_fixture *puf = test->priv;
350 	const char name[] = TEST_U32_NAME;
351 	bool success;
352 
353 	puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
354 
355 	success = aa_unpack_nameX(puf->e, AA_U32, name);
356 
357 	KUNIT_EXPECT_TRUE(test, success);
358 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
359 			    puf->e->start + TEST_U32_BUF_OFFSET + 1);
360 }
361 
362 static void policy_unpack_test_unpack_nameX_with_wrong_name(struct kunit *test)
363 {
364 	struct policy_unpack_fixture *puf = test->priv;
365 	static const char name[] = "12345678";
366 	bool success;
367 
368 	puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
369 
370 	success = aa_unpack_nameX(puf->e, AA_U32, name);
371 
372 	KUNIT_EXPECT_FALSE(test, success);
373 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
374 			    puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
375 }
376 
377 static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test)
378 {
379 	struct policy_unpack_fixture *puf = test->priv;
380 	char *chunk = NULL;
381 	size_t size;
382 
383 	puf->e->pos += TEST_U16_OFFSET;
384 	/*
385 	 * WARNING: For unit testing purposes, we're pushing puf->e->end past
386 	 * the end of the allocated memory. Doing anything other than comparing
387 	 * memory addresses is dangerous.
388 	 */
389 	puf->e->end += TEST_U16_DATA;
390 
391 	size = aa_unpack_u16_chunk(puf->e, &chunk);
392 
393 	KUNIT_EXPECT_PTR_EQ(test, chunk,
394 			    puf->e->start + TEST_U16_OFFSET + 2);
395 	KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA);
396 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA));
397 }
398 
399 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1(
400 		struct kunit *test)
401 {
402 	struct policy_unpack_fixture *puf = test->priv;
403 	char *chunk = NULL;
404 	size_t size;
405 
406 	puf->e->pos = puf->e->end - 1;
407 
408 	size = aa_unpack_u16_chunk(puf->e, &chunk);
409 
410 	KUNIT_EXPECT_EQ(test, size, 0);
411 	KUNIT_EXPECT_NULL(test, chunk);
412 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1);
413 }
414 
415 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2(
416 		struct kunit *test)
417 {
418 	struct policy_unpack_fixture *puf = test->priv;
419 	char *chunk = NULL;
420 	size_t size;
421 
422 	puf->e->pos += TEST_U16_OFFSET;
423 	/*
424 	 * WARNING: For unit testing purposes, we're pushing puf->e->end past
425 	 * the end of the allocated memory. Doing anything other than comparing
426 	 * memory addresses is dangerous.
427 	 */
428 	puf->e->end = puf->e->pos + TEST_U16_DATA - 1;
429 
430 	size = aa_unpack_u16_chunk(puf->e, &chunk);
431 
432 	KUNIT_EXPECT_EQ(test, size, 0);
433 	KUNIT_EXPECT_NULL(test, chunk);
434 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET);
435 }
436 
437 static void policy_unpack_test_unpack_u32_with_null_name(struct kunit *test)
438 {
439 	struct policy_unpack_fixture *puf = test->priv;
440 	bool success;
441 	u32 data = 0;
442 
443 	puf->e->pos += TEST_U32_BUF_OFFSET;
444 
445 	success = aa_unpack_u32(puf->e, &data, NULL);
446 
447 	KUNIT_EXPECT_TRUE(test, success);
448 	KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
449 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
450 			puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
451 }
452 
453 static void policy_unpack_test_unpack_u32_with_name(struct kunit *test)
454 {
455 	struct policy_unpack_fixture *puf = test->priv;
456 	const char name[] = TEST_U32_NAME;
457 	bool success;
458 	u32 data = 0;
459 
460 	puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
461 
462 	success = aa_unpack_u32(puf->e, &data, name);
463 
464 	KUNIT_EXPECT_TRUE(test, success);
465 	KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
466 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
467 			puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
468 }
469 
470 static void policy_unpack_test_unpack_u32_out_of_bounds(struct kunit *test)
471 {
472 	struct policy_unpack_fixture *puf = test->priv;
473 	const char name[] = TEST_U32_NAME;
474 	bool success;
475 	u32 data = 0;
476 
477 	puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
478 	puf->e->end = puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32);
479 
480 	success = aa_unpack_u32(puf->e, &data, name);
481 
482 	KUNIT_EXPECT_FALSE(test, success);
483 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
484 			puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
485 }
486 
487 static void policy_unpack_test_unpack_u64_with_null_name(struct kunit *test)
488 {
489 	struct policy_unpack_fixture *puf = test->priv;
490 	bool success;
491 	u64 data = 0;
492 
493 	puf->e->pos += TEST_U64_BUF_OFFSET;
494 
495 	success = aa_unpack_u64(puf->e, &data, NULL);
496 
497 	KUNIT_EXPECT_TRUE(test, success);
498 	KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
499 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
500 			puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
501 }
502 
503 static void policy_unpack_test_unpack_u64_with_name(struct kunit *test)
504 {
505 	struct policy_unpack_fixture *puf = test->priv;
506 	const char name[] = TEST_U64_NAME;
507 	bool success;
508 	u64 data = 0;
509 
510 	puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
511 
512 	success = aa_unpack_u64(puf->e, &data, name);
513 
514 	KUNIT_EXPECT_TRUE(test, success);
515 	KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
516 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
517 			puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
518 }
519 
520 static void policy_unpack_test_unpack_u64_out_of_bounds(struct kunit *test)
521 {
522 	struct policy_unpack_fixture *puf = test->priv;
523 	const char name[] = TEST_U64_NAME;
524 	bool success;
525 	u64 data = 0;
526 
527 	puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
528 	puf->e->end = puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64);
529 
530 	success = aa_unpack_u64(puf->e, &data, name);
531 
532 	KUNIT_EXPECT_FALSE(test, success);
533 	KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
534 			puf->e->start + TEST_NAMED_U64_BUF_OFFSET);
535 }
536 
537 static void policy_unpack_test_unpack_X_code_match(struct kunit *test)
538 {
539 	struct policy_unpack_fixture *puf = test->priv;
540 	bool success = aa_unpack_X(puf->e, AA_NAME);
541 
542 	KUNIT_EXPECT_TRUE(test, success);
543 	KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start + 1);
544 }
545 
546 static void policy_unpack_test_unpack_X_code_mismatch(struct kunit *test)
547 {
548 	struct policy_unpack_fixture *puf = test->priv;
549 	bool success = aa_unpack_X(puf->e, AA_STRING);
550 
551 	KUNIT_EXPECT_FALSE(test, success);
552 	KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start);
553 }
554 
555 static void policy_unpack_test_unpack_X_out_of_bounds(struct kunit *test)
556 {
557 	struct policy_unpack_fixture *puf = test->priv;
558 	bool success;
559 
560 	puf->e->pos = puf->e->end;
561 	success = aa_unpack_X(puf->e, AA_NAME);
562 
563 	KUNIT_EXPECT_FALSE(test, success);
564 }
565 
566 static struct kunit_case apparmor_policy_unpack_test_cases[] = {
567 	KUNIT_CASE(policy_unpack_test_inbounds_when_inbounds),
568 	KUNIT_CASE(policy_unpack_test_inbounds_when_out_of_bounds),
569 	KUNIT_CASE(policy_unpack_test_unpack_array_with_null_name),
570 	KUNIT_CASE(policy_unpack_test_unpack_array_with_name),
571 	KUNIT_CASE(policy_unpack_test_unpack_array_out_of_bounds),
572 	KUNIT_CASE(policy_unpack_test_unpack_blob_with_null_name),
573 	KUNIT_CASE(policy_unpack_test_unpack_blob_with_name),
574 	KUNIT_CASE(policy_unpack_test_unpack_blob_out_of_bounds),
575 	KUNIT_CASE(policy_unpack_test_unpack_nameX_with_null_name),
576 	KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_code),
577 	KUNIT_CASE(policy_unpack_test_unpack_nameX_with_name),
578 	KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_name),
579 	KUNIT_CASE(policy_unpack_test_unpack_str_with_null_name),
580 	KUNIT_CASE(policy_unpack_test_unpack_str_with_name),
581 	KUNIT_CASE(policy_unpack_test_unpack_str_out_of_bounds),
582 	KUNIT_CASE(policy_unpack_test_unpack_strdup_with_null_name),
583 	KUNIT_CASE(policy_unpack_test_unpack_strdup_with_name),
584 	KUNIT_CASE(policy_unpack_test_unpack_strdup_out_of_bounds),
585 	KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_basic),
586 	KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_1),
587 	KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_2),
588 	KUNIT_CASE(policy_unpack_test_unpack_u32_with_null_name),
589 	KUNIT_CASE(policy_unpack_test_unpack_u32_with_name),
590 	KUNIT_CASE(policy_unpack_test_unpack_u32_out_of_bounds),
591 	KUNIT_CASE(policy_unpack_test_unpack_u64_with_null_name),
592 	KUNIT_CASE(policy_unpack_test_unpack_u64_with_name),
593 	KUNIT_CASE(policy_unpack_test_unpack_u64_out_of_bounds),
594 	KUNIT_CASE(policy_unpack_test_unpack_X_code_match),
595 	KUNIT_CASE(policy_unpack_test_unpack_X_code_mismatch),
596 	KUNIT_CASE(policy_unpack_test_unpack_X_out_of_bounds),
597 	{},
598 };
599 
600 static struct kunit_suite apparmor_policy_unpack_test_module = {
601 	.name = "apparmor_policy_unpack",
602 	.init = policy_unpack_test_init,
603 	.test_cases = apparmor_policy_unpack_test_cases,
604 };
605 
606 kunit_test_suite(apparmor_policy_unpack_test_module);
607 
608 MODULE_LICENSE("GPL");
609