Back to home page

OSCL-LXR

 
 

    


0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * KUnit tests for AppArmor's policy unpack.
0004  */
0005 
0006 #include <kunit/test.h>
0007 
0008 #include "include/policy.h"
0009 #include "include/policy_unpack.h"
0010 
0011 #define TEST_STRING_NAME "TEST_STRING"
0012 #define TEST_STRING_DATA "testing"
0013 #define TEST_STRING_BUF_OFFSET \
0014     (3 + strlen(TEST_STRING_NAME) + 1)
0015 
0016 #define TEST_U32_NAME "U32_TEST"
0017 #define TEST_U32_DATA ((u32)0x01020304)
0018 #define TEST_NAMED_U32_BUF_OFFSET \
0019     (TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
0020 #define TEST_U32_BUF_OFFSET \
0021     (TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
0022 
0023 #define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
0024 #define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
0025 
0026 #define TEST_U64_NAME "U64_TEST"
0027 #define TEST_U64_DATA ((u64)0x0102030405060708)
0028 #define TEST_NAMED_U64_BUF_OFFSET (TEST_U32_BUF_OFFSET + sizeof(u32) + 1)
0029 #define TEST_U64_BUF_OFFSET \
0030     (TEST_NAMED_U64_BUF_OFFSET + 3 + strlen(TEST_U64_NAME) + 1)
0031 
0032 #define TEST_BLOB_NAME "BLOB_TEST"
0033 #define TEST_BLOB_DATA "\xde\xad\x00\xbe\xef"
0034 #define TEST_BLOB_DATA_SIZE (ARRAY_SIZE(TEST_BLOB_DATA))
0035 #define TEST_NAMED_BLOB_BUF_OFFSET (TEST_U64_BUF_OFFSET + sizeof(u64) + 1)
0036 #define TEST_BLOB_BUF_OFFSET \
0037     (TEST_NAMED_BLOB_BUF_OFFSET + 3 + strlen(TEST_BLOB_NAME) + 1)
0038 
0039 #define TEST_ARRAY_NAME "ARRAY_TEST"
0040 #define TEST_ARRAY_SIZE 16
0041 #define TEST_NAMED_ARRAY_BUF_OFFSET \
0042     (TEST_BLOB_BUF_OFFSET + 5 + TEST_BLOB_DATA_SIZE)
0043 #define TEST_ARRAY_BUF_OFFSET \
0044     (TEST_NAMED_ARRAY_BUF_OFFSET + 3 + strlen(TEST_ARRAY_NAME) + 1)
0045 
0046 struct policy_unpack_fixture {
0047     struct aa_ext *e;
0048     size_t e_size;
0049 };
0050 
0051 static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
0052                       struct kunit *test, size_t buf_size)
0053 {
0054     char *buf;
0055     struct aa_ext *e;
0056 
0057     buf = kunit_kzalloc(test, buf_size, GFP_USER);
0058     KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf);
0059 
0060     e = kunit_kmalloc(test, sizeof(*e), GFP_USER);
0061     KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e);
0062 
0063     e->start = buf;
0064     e->end = e->start + buf_size;
0065     e->pos = e->start;
0066 
0067     *buf = AA_NAME;
0068     *(buf + 1) = strlen(TEST_STRING_NAME) + 1;
0069     strcpy(buf + 3, TEST_STRING_NAME);
0070 
0071     buf = e->start + TEST_STRING_BUF_OFFSET;
0072     *buf = AA_STRING;
0073     *(buf + 1) = strlen(TEST_STRING_DATA) + 1;
0074     strcpy(buf + 3, TEST_STRING_DATA);
0075 
0076     buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
0077     *buf = AA_NAME;
0078     *(buf + 1) = strlen(TEST_U32_NAME) + 1;
0079     strcpy(buf + 3, TEST_U32_NAME);
0080     *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
0081     *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
0082 
0083     buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
0084     *buf = AA_NAME;
0085     *(buf + 1) = strlen(TEST_U64_NAME) + 1;
0086     strcpy(buf + 3, TEST_U64_NAME);
0087     *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
0088     *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
0089 
0090     buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
0091     *buf = AA_NAME;
0092     *(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
0093     strcpy(buf + 3, TEST_BLOB_NAME);
0094     *(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
0095     *(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
0096     memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
0097         TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
0098 
0099     buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
0100     *buf = AA_NAME;
0101     *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
0102     strcpy(buf + 3, TEST_ARRAY_NAME);
0103     *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
0104     *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
0105 
0106     return e;
0107 }
0108 
0109 static int policy_unpack_test_init(struct kunit *test)
0110 {
0111     size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1;
0112     struct policy_unpack_fixture *puf;
0113 
0114     puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER);
0115     KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf);
0116 
0117     puf->e_size = e_size;
0118     puf->e = build_aa_ext_struct(puf, test, e_size);
0119 
0120     test->priv = puf;
0121     return 0;
0122 }
0123 
0124 static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test)
0125 {
0126     struct policy_unpack_fixture *puf = test->priv;
0127 
0128     KUNIT_EXPECT_TRUE(test, inbounds(puf->e, 0));
0129     KUNIT_EXPECT_TRUE(test, inbounds(puf->e, puf->e_size / 2));
0130     KUNIT_EXPECT_TRUE(test, inbounds(puf->e, puf->e_size));
0131 }
0132 
0133 static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test)
0134 {
0135     struct policy_unpack_fixture *puf = test->priv;
0136 
0137     KUNIT_EXPECT_FALSE(test, inbounds(puf->e, puf->e_size + 1));
0138 }
0139 
0140 static void policy_unpack_test_unpack_array_with_null_name(struct kunit *test)
0141 {
0142     struct policy_unpack_fixture *puf = test->priv;
0143     u16 array_size;
0144 
0145     puf->e->pos += TEST_ARRAY_BUF_OFFSET;
0146 
0147     array_size = unpack_array(puf->e, NULL);
0148 
0149     KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
0150     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0151         puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
0152 }
0153 
0154 static void policy_unpack_test_unpack_array_with_name(struct kunit *test)
0155 {
0156     struct policy_unpack_fixture *puf = test->priv;
0157     const char name[] = TEST_ARRAY_NAME;
0158     u16 array_size;
0159 
0160     puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
0161 
0162     array_size = unpack_array(puf->e, name);
0163 
0164     KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
0165     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0166         puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
0167 }
0168 
0169 static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test)
0170 {
0171     struct policy_unpack_fixture *puf = test->priv;
0172     const char name[] = TEST_ARRAY_NAME;
0173     u16 array_size;
0174 
0175     puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
0176     puf->e->end = puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16);
0177 
0178     array_size = unpack_array(puf->e, name);
0179 
0180     KUNIT_EXPECT_EQ(test, array_size, 0);
0181     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0182         puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET);
0183 }
0184 
0185 static void policy_unpack_test_unpack_blob_with_null_name(struct kunit *test)
0186 {
0187     struct policy_unpack_fixture *puf = test->priv;
0188     char *blob = NULL;
0189     size_t size;
0190 
0191     puf->e->pos += TEST_BLOB_BUF_OFFSET;
0192     size = unpack_blob(puf->e, &blob, NULL);
0193 
0194     KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
0195     KUNIT_EXPECT_TRUE(test,
0196         memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
0197 }
0198 
0199 static void policy_unpack_test_unpack_blob_with_name(struct kunit *test)
0200 {
0201     struct policy_unpack_fixture *puf = test->priv;
0202     char *blob = NULL;
0203     size_t size;
0204 
0205     puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
0206     size = unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
0207 
0208     KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
0209     KUNIT_EXPECT_TRUE(test,
0210         memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
0211 }
0212 
0213 static void policy_unpack_test_unpack_blob_out_of_bounds(struct kunit *test)
0214 {
0215     struct policy_unpack_fixture *puf = test->priv;
0216     char *blob = NULL;
0217     void *start;
0218     int size;
0219 
0220     puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
0221     start = puf->e->pos;
0222     puf->e->end = puf->e->start + TEST_BLOB_BUF_OFFSET
0223         + TEST_BLOB_DATA_SIZE - 1;
0224 
0225     size = unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
0226 
0227     KUNIT_EXPECT_EQ(test, size, 0);
0228     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
0229 }
0230 
0231 static void policy_unpack_test_unpack_str_with_null_name(struct kunit *test)
0232 {
0233     struct policy_unpack_fixture *puf = test->priv;
0234     const char *string = NULL;
0235     size_t size;
0236 
0237     puf->e->pos += TEST_STRING_BUF_OFFSET;
0238     size = unpack_str(puf->e, &string, NULL);
0239 
0240     KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
0241     KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
0242 }
0243 
0244 static void policy_unpack_test_unpack_str_with_name(struct kunit *test)
0245 {
0246     struct policy_unpack_fixture *puf = test->priv;
0247     const char *string = NULL;
0248     size_t size;
0249 
0250     size = unpack_str(puf->e, &string, TEST_STRING_NAME);
0251 
0252     KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
0253     KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
0254 }
0255 
0256 static void policy_unpack_test_unpack_str_out_of_bounds(struct kunit *test)
0257 {
0258     struct policy_unpack_fixture *puf = test->priv;
0259     const char *string = NULL;
0260     void *start = puf->e->pos;
0261     int size;
0262 
0263     puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
0264         + strlen(TEST_STRING_DATA) - 1;
0265 
0266     size = unpack_str(puf->e, &string, TEST_STRING_NAME);
0267 
0268     KUNIT_EXPECT_EQ(test, size, 0);
0269     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
0270 }
0271 
0272 static void policy_unpack_test_unpack_strdup_with_null_name(struct kunit *test)
0273 {
0274     struct policy_unpack_fixture *puf = test->priv;
0275     char *string = NULL;
0276     size_t size;
0277 
0278     puf->e->pos += TEST_STRING_BUF_OFFSET;
0279     size = unpack_strdup(puf->e, &string, NULL);
0280 
0281     KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
0282     KUNIT_EXPECT_FALSE(test,
0283                ((uintptr_t)puf->e->start <= (uintptr_t)string)
0284                && ((uintptr_t)string <= (uintptr_t)puf->e->end));
0285     KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
0286 }
0287 
0288 static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test)
0289 {
0290     struct policy_unpack_fixture *puf = test->priv;
0291     char *string = NULL;
0292     size_t size;
0293 
0294     size = unpack_strdup(puf->e, &string, TEST_STRING_NAME);
0295 
0296     KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
0297     KUNIT_EXPECT_FALSE(test,
0298                ((uintptr_t)puf->e->start <= (uintptr_t)string)
0299                && ((uintptr_t)string <= (uintptr_t)puf->e->end));
0300     KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
0301 }
0302 
0303 static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test)
0304 {
0305     struct policy_unpack_fixture *puf = test->priv;
0306     void *start = puf->e->pos;
0307     char *string = NULL;
0308     int size;
0309 
0310     puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
0311         + strlen(TEST_STRING_DATA) - 1;
0312 
0313     size = unpack_strdup(puf->e, &string, TEST_STRING_NAME);
0314 
0315     KUNIT_EXPECT_EQ(test, size, 0);
0316     KUNIT_EXPECT_NULL(test, string);
0317     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
0318 }
0319 
0320 static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test)
0321 {
0322     struct policy_unpack_fixture *puf = test->priv;
0323     bool success;
0324 
0325     puf->e->pos += TEST_U32_BUF_OFFSET;
0326 
0327     success = unpack_nameX(puf->e, AA_U32, NULL);
0328 
0329     KUNIT_EXPECT_TRUE(test, success);
0330     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0331                 puf->e->start + TEST_U32_BUF_OFFSET + 1);
0332 }
0333 
0334 static void policy_unpack_test_unpack_nameX_with_wrong_code(struct kunit *test)
0335 {
0336     struct policy_unpack_fixture *puf = test->priv;
0337     bool success;
0338 
0339     puf->e->pos += TEST_U32_BUF_OFFSET;
0340 
0341     success = unpack_nameX(puf->e, AA_BLOB, NULL);
0342 
0343     KUNIT_EXPECT_FALSE(test, success);
0344     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0345                 puf->e->start + TEST_U32_BUF_OFFSET);
0346 }
0347 
0348 static void policy_unpack_test_unpack_nameX_with_name(struct kunit *test)
0349 {
0350     struct policy_unpack_fixture *puf = test->priv;
0351     const char name[] = TEST_U32_NAME;
0352     bool success;
0353 
0354     puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
0355 
0356     success = unpack_nameX(puf->e, AA_U32, name);
0357 
0358     KUNIT_EXPECT_TRUE(test, success);
0359     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0360                 puf->e->start + TEST_U32_BUF_OFFSET + 1);
0361 }
0362 
0363 static void policy_unpack_test_unpack_nameX_with_wrong_name(struct kunit *test)
0364 {
0365     struct policy_unpack_fixture *puf = test->priv;
0366     static const char name[] = "12345678";
0367     bool success;
0368 
0369     puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
0370 
0371     success = unpack_nameX(puf->e, AA_U32, name);
0372 
0373     KUNIT_EXPECT_FALSE(test, success);
0374     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0375                 puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
0376 }
0377 
0378 static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test)
0379 {
0380     struct policy_unpack_fixture *puf = test->priv;
0381     char *chunk = NULL;
0382     size_t size;
0383 
0384     puf->e->pos += TEST_U16_OFFSET;
0385     /*
0386      * WARNING: For unit testing purposes, we're pushing puf->e->end past
0387      * the end of the allocated memory. Doing anything other than comparing
0388      * memory addresses is dangerous.
0389      */
0390     puf->e->end += TEST_U16_DATA;
0391 
0392     size = unpack_u16_chunk(puf->e, &chunk);
0393 
0394     KUNIT_EXPECT_PTR_EQ(test, chunk,
0395                 puf->e->start + TEST_U16_OFFSET + 2);
0396     KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA);
0397     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA));
0398 }
0399 
0400 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1(
0401         struct kunit *test)
0402 {
0403     struct policy_unpack_fixture *puf = test->priv;
0404     char *chunk = NULL;
0405     size_t size;
0406 
0407     puf->e->pos = puf->e->end - 1;
0408 
0409     size = unpack_u16_chunk(puf->e, &chunk);
0410 
0411     KUNIT_EXPECT_EQ(test, size, 0);
0412     KUNIT_EXPECT_NULL(test, chunk);
0413     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1);
0414 }
0415 
0416 static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2(
0417         struct kunit *test)
0418 {
0419     struct policy_unpack_fixture *puf = test->priv;
0420     char *chunk = NULL;
0421     size_t size;
0422 
0423     puf->e->pos += TEST_U16_OFFSET;
0424     /*
0425      * WARNING: For unit testing purposes, we're pushing puf->e->end past
0426      * the end of the allocated memory. Doing anything other than comparing
0427      * memory addresses is dangerous.
0428      */
0429     puf->e->end = puf->e->pos + TEST_U16_DATA - 1;
0430 
0431     size = unpack_u16_chunk(puf->e, &chunk);
0432 
0433     KUNIT_EXPECT_EQ(test, size, 0);
0434     KUNIT_EXPECT_NULL(test, chunk);
0435     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET);
0436 }
0437 
0438 static void policy_unpack_test_unpack_u32_with_null_name(struct kunit *test)
0439 {
0440     struct policy_unpack_fixture *puf = test->priv;
0441     bool success;
0442     u32 data = 0;
0443 
0444     puf->e->pos += TEST_U32_BUF_OFFSET;
0445 
0446     success = unpack_u32(puf->e, &data, NULL);
0447 
0448     KUNIT_EXPECT_TRUE(test, success);
0449     KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
0450     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0451             puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
0452 }
0453 
0454 static void policy_unpack_test_unpack_u32_with_name(struct kunit *test)
0455 {
0456     struct policy_unpack_fixture *puf = test->priv;
0457     const char name[] = TEST_U32_NAME;
0458     bool success;
0459     u32 data = 0;
0460 
0461     puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
0462 
0463     success = unpack_u32(puf->e, &data, name);
0464 
0465     KUNIT_EXPECT_TRUE(test, success);
0466     KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
0467     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0468             puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
0469 }
0470 
0471 static void policy_unpack_test_unpack_u32_out_of_bounds(struct kunit *test)
0472 {
0473     struct policy_unpack_fixture *puf = test->priv;
0474     const char name[] = TEST_U32_NAME;
0475     bool success;
0476     u32 data = 0;
0477 
0478     puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
0479     puf->e->end = puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32);
0480 
0481     success = unpack_u32(puf->e, &data, name);
0482 
0483     KUNIT_EXPECT_FALSE(test, success);
0484     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0485             puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
0486 }
0487 
0488 static void policy_unpack_test_unpack_u64_with_null_name(struct kunit *test)
0489 {
0490     struct policy_unpack_fixture *puf = test->priv;
0491     bool success;
0492     u64 data = 0;
0493 
0494     puf->e->pos += TEST_U64_BUF_OFFSET;
0495 
0496     success = unpack_u64(puf->e, &data, NULL);
0497 
0498     KUNIT_EXPECT_TRUE(test, success);
0499     KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
0500     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0501             puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
0502 }
0503 
0504 static void policy_unpack_test_unpack_u64_with_name(struct kunit *test)
0505 {
0506     struct policy_unpack_fixture *puf = test->priv;
0507     const char name[] = TEST_U64_NAME;
0508     bool success;
0509     u64 data = 0;
0510 
0511     puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
0512 
0513     success = unpack_u64(puf->e, &data, name);
0514 
0515     KUNIT_EXPECT_TRUE(test, success);
0516     KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
0517     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0518             puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
0519 }
0520 
0521 static void policy_unpack_test_unpack_u64_out_of_bounds(struct kunit *test)
0522 {
0523     struct policy_unpack_fixture *puf = test->priv;
0524     const char name[] = TEST_U64_NAME;
0525     bool success;
0526     u64 data = 0;
0527 
0528     puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
0529     puf->e->end = puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64);
0530 
0531     success = unpack_u64(puf->e, &data, name);
0532 
0533     KUNIT_EXPECT_FALSE(test, success);
0534     KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
0535             puf->e->start + TEST_NAMED_U64_BUF_OFFSET);
0536 }
0537 
0538 static void policy_unpack_test_unpack_X_code_match(struct kunit *test)
0539 {
0540     struct policy_unpack_fixture *puf = test->priv;
0541     bool success = unpack_X(puf->e, AA_NAME);
0542 
0543     KUNIT_EXPECT_TRUE(test, success);
0544     KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start + 1);
0545 }
0546 
0547 static void policy_unpack_test_unpack_X_code_mismatch(struct kunit *test)
0548 {
0549     struct policy_unpack_fixture *puf = test->priv;
0550     bool success = unpack_X(puf->e, AA_STRING);
0551 
0552     KUNIT_EXPECT_FALSE(test, success);
0553     KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start);
0554 }
0555 
0556 static void policy_unpack_test_unpack_X_out_of_bounds(struct kunit *test)
0557 {
0558     struct policy_unpack_fixture *puf = test->priv;
0559     bool success;
0560 
0561     puf->e->pos = puf->e->end;
0562     success = unpack_X(puf->e, AA_NAME);
0563 
0564     KUNIT_EXPECT_FALSE(test, success);
0565 }
0566 
0567 static struct kunit_case apparmor_policy_unpack_test_cases[] = {
0568     KUNIT_CASE(policy_unpack_test_inbounds_when_inbounds),
0569     KUNIT_CASE(policy_unpack_test_inbounds_when_out_of_bounds),
0570     KUNIT_CASE(policy_unpack_test_unpack_array_with_null_name),
0571     KUNIT_CASE(policy_unpack_test_unpack_array_with_name),
0572     KUNIT_CASE(policy_unpack_test_unpack_array_out_of_bounds),
0573     KUNIT_CASE(policy_unpack_test_unpack_blob_with_null_name),
0574     KUNIT_CASE(policy_unpack_test_unpack_blob_with_name),
0575     KUNIT_CASE(policy_unpack_test_unpack_blob_out_of_bounds),
0576     KUNIT_CASE(policy_unpack_test_unpack_nameX_with_null_name),
0577     KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_code),
0578     KUNIT_CASE(policy_unpack_test_unpack_nameX_with_name),
0579     KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_name),
0580     KUNIT_CASE(policy_unpack_test_unpack_str_with_null_name),
0581     KUNIT_CASE(policy_unpack_test_unpack_str_with_name),
0582     KUNIT_CASE(policy_unpack_test_unpack_str_out_of_bounds),
0583     KUNIT_CASE(policy_unpack_test_unpack_strdup_with_null_name),
0584     KUNIT_CASE(policy_unpack_test_unpack_strdup_with_name),
0585     KUNIT_CASE(policy_unpack_test_unpack_strdup_out_of_bounds),
0586     KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_basic),
0587     KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_1),
0588     KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_2),
0589     KUNIT_CASE(policy_unpack_test_unpack_u32_with_null_name),
0590     KUNIT_CASE(policy_unpack_test_unpack_u32_with_name),
0591     KUNIT_CASE(policy_unpack_test_unpack_u32_out_of_bounds),
0592     KUNIT_CASE(policy_unpack_test_unpack_u64_with_null_name),
0593     KUNIT_CASE(policy_unpack_test_unpack_u64_with_name),
0594     KUNIT_CASE(policy_unpack_test_unpack_u64_out_of_bounds),
0595     KUNIT_CASE(policy_unpack_test_unpack_X_code_match),
0596     KUNIT_CASE(policy_unpack_test_unpack_X_code_mismatch),
0597     KUNIT_CASE(policy_unpack_test_unpack_X_out_of_bounds),
0598     {},
0599 };
0600 
0601 static struct kunit_suite apparmor_policy_unpack_test_module = {
0602     .name = "apparmor_policy_unpack",
0603     .init = policy_unpack_test_init,
0604     .test_cases = apparmor_policy_unpack_test_cases,
0605 };
0606 
0607 kunit_test_suite(apparmor_policy_unpack_test_module);