fs_test.c - OpenGrok cross reference for /Linux-v6.1/tools/testing/selftests/landlock/fs

Lines Matching full:access
273 	 * (access type) confusion for this test.  in test_open_rel()
374 	/* Tests with denied-by-default access right. */  in TEST_F_FORK()
388 	/* Test with no access. */  in TEST_F_FORK()
431 	__u64 access;  in TEST_F_FORK()  local
443 	/* Tests access rights for files. */  in TEST_F_FORK()
447 	/* Tests access rights for directories. */  in TEST_F_FORK()
452 	for (access = 1; access <= ACCESS_LAST; access <<= 1) {  in TEST_F_FORK()
453 		path_beneath_dir.allowed_access = access;  in TEST_F_FORK()
458 		path_beneath_file.allowed_access = access;  in TEST_F_FORK()
461 		if (access & ACCESS_FILE) {  in TEST_F_FORK()
514 	__u64 access;  member
555 		add_path_beneath(_metadata, ruleset_fd, rules[i].access,  in create_ruleset()
576 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
583 		_metadata, rules[0].access | LANDLOCK_ACCESS_FS_READ_DIR,  in TEST_F_FORK()
625 			.access = ACCESS_RO,  in TEST_F_FORK()
648 			.access = ACCESS_RO,  in TEST_F_FORK()
652 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
706 			.access = ACCESS_RO,  in TEST_F_FORK()
734 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
739 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
774 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
779 			.access = LANDLOCK_ACCESS_FS_WRITE_FILE,  in TEST_F_FORK()
787 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
796 			.access = LANDLOCK_ACCESS_FS_WRITE_FILE,  in TEST_F_FORK()
881 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
888 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
942 		/* Allows read access to file1_s1d3 with the first layer. */  in TEST_F_FORK()
945 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
951 		/* Start by granting read-write access via its parent directory... */  in TEST_F_FORK()
954 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
957 		/* ...but also denies read access via its grandparent directory. */  in TEST_F_FORK()
960 			.access = LANDLOCK_ACCESS_FS_WRITE_FILE,  in TEST_F_FORK()
965 		/* Allows read access via its great-grandparent directory. */  in TEST_F_FORK()
968 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
974 		 * Try to confuse the deny access by denying write (but not  in TEST_F_FORK()
975 		 * read) access via its grandparent directory.  in TEST_F_FORK()
979 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
985 		 * Try to override layer2's deny read access by explicitly  in TEST_F_FORK()
986 		 * allowing read access via file1_s1d3's grandparent.  in TEST_F_FORK()
990 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
996 		 * Restricts an unrelated file hierarchy with a new access  in TEST_F_FORK()
1001 			.access = LANDLOCK_ACCESS_FS_EXECUTE,  in TEST_F_FORK()
1007 		 * Finally, denies read access to file1_s1d3 via its  in TEST_F_FORK()
1012 			.access = LANDLOCK_ACCESS_FS_WRITE_FILE,  in TEST_F_FORK()
1024 	/* Checks that read access is granted for file1_s1d3 with layer 1. */  in TEST_F_FORK()
1037 	/* Checks that previous access rights are unchanged with layer 2. */  in TEST_F_FORK()
1048 	/* Checks that previous access rights are unchanged with layer 3. */  in TEST_F_FORK()
1053 	/* This time, denies write access for the file hierarchy. */  in TEST_F_FORK()
1063 	 * Checks that the only change with layer 4 is that write access is  in TEST_F_FORK()
1077 	/* Checks that previous access rights are unchanged with layer 5. */  in TEST_F_FORK()
1089 	/* Checks that previous access rights are unchanged with layer 6. */  in TEST_F_FORK()
1103 	/* Checks read access is now denied with layer 7. */  in TEST_F_FORK()
1115 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
1128 	/* Write access is forbidden. */  in TEST_F_FORK()
1130 	/* Readdir access is allowed. */  in TEST_F_FORK()
1133 	/* Write access is forbidden. */  in TEST_F_FORK()
1135 	/* Readdir access is allowed. */  in TEST_F_FORK()
1140 	 * any new access, only remove some.  Once enforced, these rules are  in TEST_F_FORK()
1148 	 * access rights (even if this directory is opened a second time).  in TEST_F_FORK()
1164 	/* Readdir access is still allowed. */  in TEST_F_FORK()
1169 	/* Readdir access is still allowed. */  in TEST_F_FORK()
1173 	 * Try to get more privileges by adding new access rights to the parent  in TEST_F_FORK()
1185 	/* Readdir access is still allowed. */  in TEST_F_FORK()
1190 	/* Readdir access is still allowed. */  in TEST_F_FORK()
1215 	/* Readdir access is still allowed. */  in TEST_F_FORK()
1232 			.access = ACCESS_RO,  in TEST_F_FORK()
1241 	/* Readdir access is denied for dir_s1d2. */  in TEST_F_FORK()
1243 	/* Readdir access is allowed for dir_s1d3. */  in TEST_F_FORK()
1245 	/* File access is allowed for file1_s1d3. */  in TEST_F_FORK()
1256 	/* Readdir access is still denied for dir_s1d2. */  in TEST_F_FORK()
1258 	/* Readdir access is still allowed for dir_s1d3. */  in TEST_F_FORK()
1260 	/* File access is still allowed for file1_s1d3. */  in TEST_F_FORK()
1270 			.access = ACCESS_RO,  in TEST_F_FORK()
1299 	/* Enforces policy which deny read access to all files. */  in TEST_F_FORK()
1308 	/* Nests a policy which deny read access to all directories. */  in TEST_F_FORK()
1327 			.access = ACCESS_RO,  in TEST_F_FORK()
1332 			.access = ACCESS_RO,  in TEST_F_FORK()
1356 			.access = ACCESS_RO,  in TEST_F_FORK()
1361 			.access = ACCESS_RO,  in TEST_F_FORK()
1389 			.access = ACCESS_RO,  in TEST_F_FORK()
1399 	/* Checks allowed access. */  in TEST_F_FORK()
1403 	rules[0].access = LANDLOCK_ACCESS_FS_READ_FILE;  in TEST_F_FORK()
1409 	/* Checks denied access (on a directory). */  in TEST_F_FORK()
1419 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
1429 	/* Checks denied access (on a directory). */  in TEST_F_FORK()
1439 			.access = ACCESS_RO,  in TEST_F_FORK()
1467 			.access = ACCESS_RO,  in TEST_F_FORK()
1490 			.access = ACCESS_RO,  in TEST_F_FORK()
1524 			.access = ACCESS_RO,  in TEST_F_FORK()
1528 			.access = ACCESS_RO,  in TEST_F_FORK()
1532 			.access = ACCESS_RO,  in TEST_F_FORK()
1570 			.access = ACCESS_RO,  in test_relative_path()
1577 			.access = ACCESS_RO,  in test_relative_path()
1581 			.access = ACCESS_RO,  in test_relative_path()
1753 			.access = LANDLOCK_ACCESS_FS_EXECUTE,  in TEST_F_FORK()
1758 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
1786 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
1793 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
1797 	int ruleset_fd = create_ruleset(_metadata, layer1[0].access, layer1);  in TEST_F_FORK()
1826 	ruleset_fd = create_ruleset(_metadata, layer2[0].access, layer2);  in TEST_F_FORK()
1855 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
1859 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
1864 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
1937 			.access = LANDLOCK_ACCESS_FS_REMOVE_DIR,  in TEST_F_FORK()
1941 			.access = LANDLOCK_ACCESS_FS_REMOVE_DIR,  in TEST_F_FORK()
1946 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
2001 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2005 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2048 	ruleset_fd = create_ruleset(_metadata, layer1[0].access, layer1);  in refer_denied_by_default()
2063 	ruleset_fd = create_ruleset(_metadata, layer2[0].access, layer2);  in refer_denied_by_default()
2082 		.access = LANDLOCK_ACCESS_FS_REFER,
2091 		.access = LANDLOCK_ACCESS_FS_EXECUTE,
2100 		.access = LANDLOCK_ACCESS_FS_EXECUTE,
2108  * denying access (with MAKE_REG nor REMOVE).
2129  * denying access (with MAKE_REG nor REMOVE).
2152 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
2156 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2160 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2164 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
2210 	 * directory rename (because of the superset of access rights.  in TEST_F_FORK()
2230 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
2234 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2238 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2242 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in TEST_F_FORK()
2322 	 * directory rename (because of the superset of access rights).  in TEST_F_FORK()
2330 	 * access rights tied to dir_s2d3. dir_s2d2 is missing one access right  in TEST_F_FORK()
2375 			.access = LANDLOCK_ACCESS_FS_REFER,  in reparent_exdev_layers_enforce1()
2380 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in reparent_exdev_layers_enforce1()
2384 			.access = LANDLOCK_ACCESS_FS_REFER,  in reparent_exdev_layers_enforce1()
2388 			.access = LANDLOCK_ACCESS_FS_MAKE_REG,  in reparent_exdev_layers_enforce1()
2407 			.access = LANDLOCK_ACCESS_FS_MAKE_DIR,  in reparent_exdev_layers_enforce2()
2432 	 * because it doesn't inherit new access rights.  in TEST_F_FORK()
2439 	 * gets a new inherited access rights (MAKE_REG), because MAKE_REG is  in TEST_F_FORK()
2543 	 * because of access rights that would be inherited.  in TEST_F_FORK()
2552 	/* Checks with same access rights. */  in TEST_F_FORK()
2558 	/* Checks with different (child-only) access rights. */  in TEST_F_FORK()
2568 	 * directory-related access rights is allowed, and at the same time  in TEST_F_FORK()
2570 	 * grants less access rights is allowed too.  in TEST_F_FORK()
2578 	 * more access rights than the current state and because file creation  in TEST_F_FORK()
2606 	/* Checks with different (child-only) access rights. */  in TEST_F_FORK()
2615 	/* Checks with different (child-only) access rights. */  in TEST_F_FORK()
2675 			.access = LANDLOCK_ACCESS_FS_REFER |  in TEST_F_FORK()
2680 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
2684 			.access = LANDLOCK_ACCESS_FS_REFER |  in TEST_F_FORK()
2699 	/* Access denied because of wrong/swapped remove file/dir. */  in TEST_F_FORK()
2711 	/* Access allowed thanks to the matching rights. */  in TEST_F_FORK()
2737 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
2741 			.access = LANDLOCK_ACCESS_FS_EXECUTE,  in TEST_F_FORK()
2745 			.access = LANDLOCK_ACCESS_FS_MAKE_SOCK |  in TEST_F_FORK()
2750 			.access = LANDLOCK_ACCESS_FS_REFER |  in TEST_F_FORK()
2756 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
2777 	 * access right.  in TEST_F_FORK()
2783 	 * superset of access rights compared to dir_s1d2, because file1_s1d2  in TEST_F_FORK()
2784 	 * already has these access rights anyway.  in TEST_F_FORK()
2792 	 * Moving dir_s1d3 beneath dir_s2d3 would grant it the MAKE_FIFO access  in TEST_F_FORK()
2799 	 * of access rights compared to dir_s1d2, because dir_s1d3 already has  in TEST_F_FORK()
2800 	 * these access rights anyway.  in TEST_F_FORK()
2807 	 * will be denied because the new inherited access rights from dir_s1d2  in TEST_F_FORK()
2830 			.access = LANDLOCK_ACCESS_FS_REMOVE_DIR,  in TEST_F_FORK()
2835 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
2867 			.access = LANDLOCK_ACCESS_FS_REMOVE_FILE,  in TEST_F_FORK()
2872 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
2887 			   const __u64 access, const mode_t mode,  in test_make_file()  argument
2893 			.access = access,  in test_make_file()
2897 	const int ruleset_fd = create_ruleset(_metadata, access, rules);  in test_make_file()
2981 			.access = LANDLOCK_ACCESS_FS_MAKE_SYM,  in TEST_F_FORK()
2986 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
3026 			.access = LANDLOCK_ACCESS_FS_MAKE_DIR,  in TEST_F_FORK()
3031 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
3066 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3109 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3114 	/* Limits read and write access to files tied to the filesystem. */  in TEST_F_FORK()
3116 		create_ruleset(_metadata, rules[0].access, rules);  in TEST_F_FORK()
3126 	/* Checks access to pipes through FD. */  in TEST_F_FORK()
3135 	/* Checks write access to pipe through /proc/self/fd . */  in TEST_F_FORK()
3145 	/* Checks read access to pipe through /proc/self/fd . */  in TEST_F_FORK()
3240 	 * Sets access right on parent directories of both source and  in TEST_F_FORK()
3246 			.access = ACCESS_RO,  in TEST_F_FORK()
3250 			.access = ACCESS_RW,  in TEST_F_FORK()
3255 	 * Sets access rights on the same bind-mounted directories.  The result  in TEST_F_FORK()
3262 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3266 			.access = ACCESS_RW,  in TEST_F_FORK()
3270 	/* Only allow read-access to the s1d3 hierarchies. */  in TEST_F_FORK()
3274 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3278 	/* Removes all access rights. */  in TEST_F_FORK()
3282 			.access = LANDLOCK_ACCESS_FS_WRITE_FILE,  in TEST_F_FORK()
3379 			.access = LANDLOCK_ACCESS_FS_REFER,  in TEST_F_FORK()
3383 			.access = LANDLOCK_ACCESS_FS_EXECUTE,  in TEST_F_FORK()
3644 	/* Sets access right on parent directories of both layers. */  in TEST_F_FORK()
3648 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3652 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3656 			.access = ACCESS_RW,  in TEST_F_FORK()
3663 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3667 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3671 			.access = ACCESS_RW,  in TEST_F_FORK()
3675 	/* Sets access right on directories inside both layers. */  in TEST_F_FORK()
3679 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3683 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3687 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3691 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3695 			.access = ACCESS_RW,  in TEST_F_FORK()
3699 			.access = ACCESS_RW,  in TEST_F_FORK()
3703 			.access = ACCESS_RW,  in TEST_F_FORK()
3707 	/* Tighten access rights to the files. */  in TEST_F_FORK()
3711 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3715 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3719 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3723 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3727 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3731 			.access = LANDLOCK_ACCESS_FS_READ_FILE,  in TEST_F_FORK()
3735 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3740 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3745 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3750 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3755 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3763 			.access = LANDLOCK_ACCESS_FS_READ_FILE |  in TEST_F_FORK()
3805 	 * Checks that access rights are independent from the lower and upper  in TEST_F_FORK()
3806 	 * layers: write access to upper files viewed through the merge point  in TEST_F_FORK()
3807 	 * is still allowed, and write access to lower file viewed (and copied)  in TEST_F_FORK()
3890 	/* Only allowes access to the merge hierarchy. */  in TEST_F_FORK()
In current file

In project "undefined"

On Google
