Loading...
Note: File does not exist in v4.6.
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * KUnit tests for AppArmor's policy unpack.
4 */
5
6#include <kunit/test.h>
7#include <kunit/visibility.h>
8
9#include "include/policy.h"
10#include "include/policy_unpack.h"
11
12#define TEST_STRING_NAME "TEST_STRING"
13#define TEST_STRING_DATA "testing"
14#define TEST_STRING_BUF_OFFSET \
15 (3 + strlen(TEST_STRING_NAME) + 1)
16
17#define TEST_U32_NAME "U32_TEST"
18#define TEST_U32_DATA ((u32)0x01020304)
19#define TEST_NAMED_U32_BUF_OFFSET \
20 (TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
21#define TEST_U32_BUF_OFFSET \
22 (TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
23
24#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
25#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
26
27#define TEST_U64_NAME "U64_TEST"
28#define TEST_U64_DATA ((u64)0x0102030405060708)
29#define TEST_NAMED_U64_BUF_OFFSET (TEST_U32_BUF_OFFSET + sizeof(u32) + 1)
30#define TEST_U64_BUF_OFFSET \
31 (TEST_NAMED_U64_BUF_OFFSET + 3 + strlen(TEST_U64_NAME) + 1)
32
33#define TEST_BLOB_NAME "BLOB_TEST"
34#define TEST_BLOB_DATA "\xde\xad\x00\xbe\xef"
35#define TEST_BLOB_DATA_SIZE (ARRAY_SIZE(TEST_BLOB_DATA))
36#define TEST_NAMED_BLOB_BUF_OFFSET (TEST_U64_BUF_OFFSET + sizeof(u64) + 1)
37#define TEST_BLOB_BUF_OFFSET \
38 (TEST_NAMED_BLOB_BUF_OFFSET + 3 + strlen(TEST_BLOB_NAME) + 1)
39
40#define TEST_ARRAY_NAME "ARRAY_TEST"
41#define TEST_ARRAY_SIZE 16
42#define TEST_NAMED_ARRAY_BUF_OFFSET \
43 (TEST_BLOB_BUF_OFFSET + 5 + TEST_BLOB_DATA_SIZE)
44#define TEST_ARRAY_BUF_OFFSET \
45 (TEST_NAMED_ARRAY_BUF_OFFSET + 3 + strlen(TEST_ARRAY_NAME) + 1)
46
47MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
48
49struct policy_unpack_fixture {
50 struct aa_ext *e;
51 size_t e_size;
52};
53
54static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
55 struct kunit *test, size_t buf_size)
56{
57 char *buf;
58 struct aa_ext *e;
59
60 buf = kunit_kzalloc(test, buf_size, GFP_USER);
61 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf);
62
63 e = kunit_kmalloc(test, sizeof(*e), GFP_USER);
64 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e);
65
66 e->start = buf;
67 e->end = e->start + buf_size;
68 e->pos = e->start;
69
70 *buf = AA_NAME;
71 *(buf + 1) = strlen(TEST_STRING_NAME) + 1;
72 strcpy(buf + 3, TEST_STRING_NAME);
73
74 buf = e->start + TEST_STRING_BUF_OFFSET;
75 *buf = AA_STRING;
76 *(buf + 1) = strlen(TEST_STRING_DATA) + 1;
77 strcpy(buf + 3, TEST_STRING_DATA);
78
79 buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
80 *buf = AA_NAME;
81 *(buf + 1) = strlen(TEST_U32_NAME) + 1;
82 strcpy(buf + 3, TEST_U32_NAME);
83 *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
84 *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
85
86 buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
87 *buf = AA_NAME;
88 *(buf + 1) = strlen(TEST_U64_NAME) + 1;
89 strcpy(buf + 3, TEST_U64_NAME);
90 *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
91 *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
92
93 buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
94 *buf = AA_NAME;
95 *(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
96 strcpy(buf + 3, TEST_BLOB_NAME);
97 *(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
98 *(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
99 memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
100 TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
101
102 buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
103 *buf = AA_NAME;
104 *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
105 strcpy(buf + 3, TEST_ARRAY_NAME);
106 *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
107 *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
108
109 return e;
110}
111
112static int policy_unpack_test_init(struct kunit *test)
113{
114 size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1;
115 struct policy_unpack_fixture *puf;
116
117 puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER);
118 KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf);
119
120 puf->e_size = e_size;
121 puf->e = build_aa_ext_struct(puf, test, e_size);
122
123 test->priv = puf;
124 return 0;
125}
126
127static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test)
128{
129 struct policy_unpack_fixture *puf = test->priv;
130
131 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, 0));
132 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size / 2));
133 KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size));
134}
135
136static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test)
137{
138 struct policy_unpack_fixture *puf = test->priv;
139
140 KUNIT_EXPECT_FALSE(test, aa_inbounds(puf->e, puf->e_size + 1));
141}
142
143static void policy_unpack_test_unpack_array_with_null_name(struct kunit *test)
144{
145 struct policy_unpack_fixture *puf = test->priv;
146 u16 array_size = 0;
147
148 puf->e->pos += TEST_ARRAY_BUF_OFFSET;
149
150 KUNIT_EXPECT_TRUE(test, aa_unpack_array(puf->e, NULL, &array_size));
151 KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
152 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
153 puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
154}
155
156static void policy_unpack_test_unpack_array_with_name(struct kunit *test)
157{
158 struct policy_unpack_fixture *puf = test->priv;
159 const char name[] = TEST_ARRAY_NAME;
160 u16 array_size = 0;
161
162 puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
163
164 KUNIT_EXPECT_TRUE(test, aa_unpack_array(puf->e, name, &array_size));
165 KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
166 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
167 puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
168}
169
170static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test)
171{
172 struct policy_unpack_fixture *puf = test->priv;
173 const char name[] = TEST_ARRAY_NAME;
174 u16 array_size;
175
176 puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
177 puf->e->end = puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16);
178
179 KUNIT_EXPECT_FALSE(test, aa_unpack_array(puf->e, name, &array_size));
180 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
181 puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET);
182}
183
184static void policy_unpack_test_unpack_blob_with_null_name(struct kunit *test)
185{
186 struct policy_unpack_fixture *puf = test->priv;
187 char *blob = NULL;
188 size_t size;
189
190 puf->e->pos += TEST_BLOB_BUF_OFFSET;
191 size = aa_unpack_blob(puf->e, &blob, NULL);
192
193 KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
194 KUNIT_EXPECT_TRUE(test,
195 memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
196}
197
198static void policy_unpack_test_unpack_blob_with_name(struct kunit *test)
199{
200 struct policy_unpack_fixture *puf = test->priv;
201 char *blob = NULL;
202 size_t size;
203
204 puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
205 size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
206
207 KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
208 KUNIT_EXPECT_TRUE(test,
209 memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
210}
211
212static void policy_unpack_test_unpack_blob_out_of_bounds(struct kunit *test)
213{
214 struct policy_unpack_fixture *puf = test->priv;
215 char *blob = NULL;
216 void *start;
217 int size;
218
219 puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
220 start = puf->e->pos;
221 puf->e->end = puf->e->start + TEST_BLOB_BUF_OFFSET
222 + TEST_BLOB_DATA_SIZE - 1;
223
224 size = aa_unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
225
226 KUNIT_EXPECT_EQ(test, size, 0);
227 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
228}
229
230static void policy_unpack_test_unpack_str_with_null_name(struct kunit *test)
231{
232 struct policy_unpack_fixture *puf = test->priv;
233 const char *string = NULL;
234 size_t size;
235
236 puf->e->pos += TEST_STRING_BUF_OFFSET;
237 size = aa_unpack_str(puf->e, &string, NULL);
238
239 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
240 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
241}
242
243static void policy_unpack_test_unpack_str_with_name(struct kunit *test)
244{
245 struct policy_unpack_fixture *puf = test->priv;
246 const char *string = NULL;
247 size_t size;
248
249 size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME);
250
251 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
252 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
253}
254
255static void policy_unpack_test_unpack_str_out_of_bounds(struct kunit *test)
256{
257 struct policy_unpack_fixture *puf = test->priv;
258 const char *string = NULL;
259 void *start = puf->e->pos;
260 int size;
261
262 puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
263 + strlen(TEST_STRING_DATA) - 1;
264
265 size = aa_unpack_str(puf->e, &string, TEST_STRING_NAME);
266
267 KUNIT_EXPECT_EQ(test, size, 0);
268 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
269}
270
271static void policy_unpack_test_unpack_strdup_with_null_name(struct kunit *test)
272{
273 struct policy_unpack_fixture *puf = test->priv;
274 char *string = NULL;
275 size_t size;
276
277 puf->e->pos += TEST_STRING_BUF_OFFSET;
278 size = aa_unpack_strdup(puf->e, &string, NULL);
279
280 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
281 KUNIT_EXPECT_FALSE(test,
282 ((uintptr_t)puf->e->start <= (uintptr_t)string)
283 && ((uintptr_t)string <= (uintptr_t)puf->e->end));
284 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
285}
286
287static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test)
288{
289 struct policy_unpack_fixture *puf = test->priv;
290 char *string = NULL;
291 size_t size;
292
293 size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME);
294
295 KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
296 KUNIT_EXPECT_FALSE(test,
297 ((uintptr_t)puf->e->start <= (uintptr_t)string)
298 && ((uintptr_t)string <= (uintptr_t)puf->e->end));
299 KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
300}
301
302static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test)
303{
304 struct policy_unpack_fixture *puf = test->priv;
305 void *start = puf->e->pos;
306 char *string = NULL;
307 int size;
308
309 puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
310 + strlen(TEST_STRING_DATA) - 1;
311
312 size = aa_unpack_strdup(puf->e, &string, TEST_STRING_NAME);
313
314 KUNIT_EXPECT_EQ(test, size, 0);
315 KUNIT_EXPECT_NULL(test, string);
316 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
317}
318
319static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test)
320{
321 struct policy_unpack_fixture *puf = test->priv;
322 bool success;
323
324 puf->e->pos += TEST_U32_BUF_OFFSET;
325
326 success = aa_unpack_nameX(puf->e, AA_U32, NULL);
327
328 KUNIT_EXPECT_TRUE(test, success);
329 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
330 puf->e->start + TEST_U32_BUF_OFFSET + 1);
331}
332
333static void policy_unpack_test_unpack_nameX_with_wrong_code(struct kunit *test)
334{
335 struct policy_unpack_fixture *puf = test->priv;
336 bool success;
337
338 puf->e->pos += TEST_U32_BUF_OFFSET;
339
340 success = aa_unpack_nameX(puf->e, AA_BLOB, NULL);
341
342 KUNIT_EXPECT_FALSE(test, success);
343 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
344 puf->e->start + TEST_U32_BUF_OFFSET);
345}
346
347static void policy_unpack_test_unpack_nameX_with_name(struct kunit *test)
348{
349 struct policy_unpack_fixture *puf = test->priv;
350 const char name[] = TEST_U32_NAME;
351 bool success;
352
353 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
354
355 success = aa_unpack_nameX(puf->e, AA_U32, name);
356
357 KUNIT_EXPECT_TRUE(test, success);
358 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
359 puf->e->start + TEST_U32_BUF_OFFSET + 1);
360}
361
362static void policy_unpack_test_unpack_nameX_with_wrong_name(struct kunit *test)
363{
364 struct policy_unpack_fixture *puf = test->priv;
365 static const char name[] = "12345678";
366 bool success;
367
368 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
369
370 success = aa_unpack_nameX(puf->e, AA_U32, name);
371
372 KUNIT_EXPECT_FALSE(test, success);
373 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
374 puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
375}
376
377static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test)
378{
379 struct policy_unpack_fixture *puf = test->priv;
380 char *chunk = NULL;
381 size_t size;
382
383 puf->e->pos += TEST_U16_OFFSET;
384 /*
385 * WARNING: For unit testing purposes, we're pushing puf->e->end past
386 * the end of the allocated memory. Doing anything other than comparing
387 * memory addresses is dangerous.
388 */
389 puf->e->end += TEST_U16_DATA;
390
391 size = aa_unpack_u16_chunk(puf->e, &chunk);
392
393 KUNIT_EXPECT_PTR_EQ(test, chunk,
394 puf->e->start + TEST_U16_OFFSET + 2);
395 KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA);
396 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA));
397}
398
399static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1(
400 struct kunit *test)
401{
402 struct policy_unpack_fixture *puf = test->priv;
403 char *chunk = NULL;
404 size_t size;
405
406 puf->e->pos = puf->e->end - 1;
407
408 size = aa_unpack_u16_chunk(puf->e, &chunk);
409
410 KUNIT_EXPECT_EQ(test, size, 0);
411 KUNIT_EXPECT_NULL(test, chunk);
412 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1);
413}
414
415static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2(
416 struct kunit *test)
417{
418 struct policy_unpack_fixture *puf = test->priv;
419 char *chunk = NULL;
420 size_t size;
421
422 puf->e->pos += TEST_U16_OFFSET;
423 /*
424 * WARNING: For unit testing purposes, we're pushing puf->e->end past
425 * the end of the allocated memory. Doing anything other than comparing
426 * memory addresses is dangerous.
427 */
428 puf->e->end = puf->e->pos + TEST_U16_DATA - 1;
429
430 size = aa_unpack_u16_chunk(puf->e, &chunk);
431
432 KUNIT_EXPECT_EQ(test, size, 0);
433 KUNIT_EXPECT_NULL(test, chunk);
434 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET);
435}
436
437static void policy_unpack_test_unpack_u32_with_null_name(struct kunit *test)
438{
439 struct policy_unpack_fixture *puf = test->priv;
440 bool success;
441 u32 data = 0;
442
443 puf->e->pos += TEST_U32_BUF_OFFSET;
444
445 success = aa_unpack_u32(puf->e, &data, NULL);
446
447 KUNIT_EXPECT_TRUE(test, success);
448 KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
449 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
450 puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
451}
452
453static void policy_unpack_test_unpack_u32_with_name(struct kunit *test)
454{
455 struct policy_unpack_fixture *puf = test->priv;
456 const char name[] = TEST_U32_NAME;
457 bool success;
458 u32 data = 0;
459
460 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
461
462 success = aa_unpack_u32(puf->e, &data, name);
463
464 KUNIT_EXPECT_TRUE(test, success);
465 KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
466 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
467 puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
468}
469
470static void policy_unpack_test_unpack_u32_out_of_bounds(struct kunit *test)
471{
472 struct policy_unpack_fixture *puf = test->priv;
473 const char name[] = TEST_U32_NAME;
474 bool success;
475 u32 data = 0;
476
477 puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
478 puf->e->end = puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32);
479
480 success = aa_unpack_u32(puf->e, &data, name);
481
482 KUNIT_EXPECT_FALSE(test, success);
483 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
484 puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
485}
486
487static void policy_unpack_test_unpack_u64_with_null_name(struct kunit *test)
488{
489 struct policy_unpack_fixture *puf = test->priv;
490 bool success;
491 u64 data = 0;
492
493 puf->e->pos += TEST_U64_BUF_OFFSET;
494
495 success = aa_unpack_u64(puf->e, &data, NULL);
496
497 KUNIT_EXPECT_TRUE(test, success);
498 KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
499 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
500 puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
501}
502
503static void policy_unpack_test_unpack_u64_with_name(struct kunit *test)
504{
505 struct policy_unpack_fixture *puf = test->priv;
506 const char name[] = TEST_U64_NAME;
507 bool success;
508 u64 data = 0;
509
510 puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
511
512 success = aa_unpack_u64(puf->e, &data, name);
513
514 KUNIT_EXPECT_TRUE(test, success);
515 KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
516 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
517 puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
518}
519
520static void policy_unpack_test_unpack_u64_out_of_bounds(struct kunit *test)
521{
522 struct policy_unpack_fixture *puf = test->priv;
523 const char name[] = TEST_U64_NAME;
524 bool success;
525 u64 data = 0;
526
527 puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
528 puf->e->end = puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64);
529
530 success = aa_unpack_u64(puf->e, &data, name);
531
532 KUNIT_EXPECT_FALSE(test, success);
533 KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
534 puf->e->start + TEST_NAMED_U64_BUF_OFFSET);
535}
536
537static void policy_unpack_test_unpack_X_code_match(struct kunit *test)
538{
539 struct policy_unpack_fixture *puf = test->priv;
540 bool success = aa_unpack_X(puf->e, AA_NAME);
541
542 KUNIT_EXPECT_TRUE(test, success);
543 KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start + 1);
544}
545
546static void policy_unpack_test_unpack_X_code_mismatch(struct kunit *test)
547{
548 struct policy_unpack_fixture *puf = test->priv;
549 bool success = aa_unpack_X(puf->e, AA_STRING);
550
551 KUNIT_EXPECT_FALSE(test, success);
552 KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start);
553}
554
555static void policy_unpack_test_unpack_X_out_of_bounds(struct kunit *test)
556{
557 struct policy_unpack_fixture *puf = test->priv;
558 bool success;
559
560 puf->e->pos = puf->e->end;
561 success = aa_unpack_X(puf->e, AA_NAME);
562
563 KUNIT_EXPECT_FALSE(test, success);
564}
565
566static struct kunit_case apparmor_policy_unpack_test_cases[] = {
567 KUNIT_CASE(policy_unpack_test_inbounds_when_inbounds),
568 KUNIT_CASE(policy_unpack_test_inbounds_when_out_of_bounds),
569 KUNIT_CASE(policy_unpack_test_unpack_array_with_null_name),
570 KUNIT_CASE(policy_unpack_test_unpack_array_with_name),
571 KUNIT_CASE(policy_unpack_test_unpack_array_out_of_bounds),
572 KUNIT_CASE(policy_unpack_test_unpack_blob_with_null_name),
573 KUNIT_CASE(policy_unpack_test_unpack_blob_with_name),
574 KUNIT_CASE(policy_unpack_test_unpack_blob_out_of_bounds),
575 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_null_name),
576 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_code),
577 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_name),
578 KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_name),
579 KUNIT_CASE(policy_unpack_test_unpack_str_with_null_name),
580 KUNIT_CASE(policy_unpack_test_unpack_str_with_name),
581 KUNIT_CASE(policy_unpack_test_unpack_str_out_of_bounds),
582 KUNIT_CASE(policy_unpack_test_unpack_strdup_with_null_name),
583 KUNIT_CASE(policy_unpack_test_unpack_strdup_with_name),
584 KUNIT_CASE(policy_unpack_test_unpack_strdup_out_of_bounds),
585 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_basic),
586 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_1),
587 KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_2),
588 KUNIT_CASE(policy_unpack_test_unpack_u32_with_null_name),
589 KUNIT_CASE(policy_unpack_test_unpack_u32_with_name),
590 KUNIT_CASE(policy_unpack_test_unpack_u32_out_of_bounds),
591 KUNIT_CASE(policy_unpack_test_unpack_u64_with_null_name),
592 KUNIT_CASE(policy_unpack_test_unpack_u64_with_name),
593 KUNIT_CASE(policy_unpack_test_unpack_u64_out_of_bounds),
594 KUNIT_CASE(policy_unpack_test_unpack_X_code_match),
595 KUNIT_CASE(policy_unpack_test_unpack_X_code_mismatch),
596 KUNIT_CASE(policy_unpack_test_unpack_X_out_of_bounds),
597 {},
598};
599
600static struct kunit_suite apparmor_policy_unpack_test_module = {
601 .name = "apparmor_policy_unpack",
602 .init = policy_unpack_test_init,
603 .test_cases = apparmor_policy_unpack_test_cases,
604};
605
606kunit_test_suite(apparmor_policy_unpack_test_module);
607
608MODULE_LICENSE("GPL");