selftests/landlock: Extend access right tests to directories

Make sure that all filesystem access rights can be tied to directories.

Rename layout1.file_access_rights to layout1.file_and_dir_access_rights
to reflect this change.

Cc: Shuah Khan <shuah@kernel.org>
Link: https://lore.kernel.org/r/20220506160820.524344-6-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index f293b7e..75f9358 100644 (file)
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -418,11 +418,12 @@ TEST_F_FORK(layout1, inval)
 
 /* clang-format on */
 
-TEST_F_FORK(layout1, file_access_rights)
+TEST_F_FORK(layout1, file_and_dir_access_rights)
 {
        __u64 access;
        int err;
-       struct landlock_path_beneath_attr path_beneath = {};
+       struct landlock_path_beneath_attr path_beneath_file = {},
+                                         path_beneath_dir = {};
        struct landlock_ruleset_attr ruleset_attr = {
                .handled_access_fs = ACCESS_ALL,
        };
@@ -432,20 +433,33 @@ TEST_F_FORK(layout1, file_access_rights)
        ASSERT_LE(0, ruleset_fd);
 
        /* Tests access rights for files. */
-       path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
-       ASSERT_LE(0, path_beneath.parent_fd);
+       path_beneath_file.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
+       ASSERT_LE(0, path_beneath_file.parent_fd);
+
+       /* Tests access rights for directories. */
+       path_beneath_dir.parent_fd =
+               open(dir_s1d2, O_PATH | O_DIRECTORY | O_CLOEXEC);
+       ASSERT_LE(0, path_beneath_dir.parent_fd);
+
        for (access = 1; access <= ACCESS_LAST; access <<= 1) {
-               path_beneath.allowed_access = access;
+               path_beneath_dir.allowed_access = access;
+               ASSERT_EQ(0, landlock_add_rule(ruleset_fd,
+                                              LANDLOCK_RULE_PATH_BENEATH,
+                                              &path_beneath_dir, 0));
+
+               path_beneath_file.allowed_access = access;
                err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
-                                       &path_beneath, 0);
-               if ((access | ACCESS_FILE) == ACCESS_FILE) {
+                                       &path_beneath_file, 0);
+               if (access & ACCESS_FILE) {
                        ASSERT_EQ(0, err);
                } else {
                        ASSERT_EQ(-1, err);
                        ASSERT_EQ(EINVAL, errno);
                }
        }
-       ASSERT_EQ(0, close(path_beneath.parent_fd));
+       ASSERT_EQ(0, close(path_beneath_file.parent_fd));
+       ASSERT_EQ(0, close(path_beneath_dir.parent_fd));
+       ASSERT_EQ(0, close(ruleset_fd));
 }
 
 TEST_F_FORK(layout1, unknown_access_rights)