linux/security/apparmor/policy_unpack_test.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * KUnit tests for AppArmor's policy unpack.
   4 */
   5
   6#include <kunit/test.h>
   7
   8#include "include/policy.h"
   9#include "include/policy_unpack.h"
  10
  11#define TEST_STRING_NAME "TEST_STRING"
  12#define TEST_STRING_DATA "testing"
  13#define TEST_STRING_BUF_OFFSET \
  14        (3 + strlen(TEST_STRING_NAME) + 1)
  15
  16#define TEST_U32_NAME "U32_TEST"
  17#define TEST_U32_DATA ((u32)0x01020304)
  18#define TEST_NAMED_U32_BUF_OFFSET \
  19        (TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
  20#define TEST_U32_BUF_OFFSET \
  21        (TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
  22
  23#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
  24#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
  25
  26#define TEST_U64_NAME "U64_TEST"
  27#define TEST_U64_DATA ((u64)0x0102030405060708)
  28#define TEST_NAMED_U64_BUF_OFFSET (TEST_U32_BUF_OFFSET + sizeof(u32) + 1)
  29#define TEST_U64_BUF_OFFSET \
  30        (TEST_NAMED_U64_BUF_OFFSET + 3 + strlen(TEST_U64_NAME) + 1)
  31
  32#define TEST_BLOB_NAME "BLOB_TEST"
  33#define TEST_BLOB_DATA "\xde\xad\x00\xbe\xef"
  34#define TEST_BLOB_DATA_SIZE (ARRAY_SIZE(TEST_BLOB_DATA))
  35#define TEST_NAMED_BLOB_BUF_OFFSET (TEST_U64_BUF_OFFSET + sizeof(u64) + 1)
  36#define TEST_BLOB_BUF_OFFSET \
  37        (TEST_NAMED_BLOB_BUF_OFFSET + 3 + strlen(TEST_BLOB_NAME) + 1)
  38
  39#define TEST_ARRAY_NAME "ARRAY_TEST"
  40#define TEST_ARRAY_SIZE 16
  41#define TEST_NAMED_ARRAY_BUF_OFFSET \
  42        (TEST_BLOB_BUF_OFFSET + 5 + TEST_BLOB_DATA_SIZE)
  43#define TEST_ARRAY_BUF_OFFSET \
  44        (TEST_NAMED_ARRAY_BUF_OFFSET + 3 + strlen(TEST_ARRAY_NAME) + 1)
  45
  46struct policy_unpack_fixture {
  47        struct aa_ext *e;
  48        size_t e_size;
  49};
  50
  51struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
  52                                   struct kunit *test, size_t buf_size)
  53{
  54        char *buf;
  55        struct aa_ext *e;
  56
  57        buf = kunit_kzalloc(test, buf_size, GFP_USER);
  58        KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf);
  59
  60        e = kunit_kmalloc(test, sizeof(*e), GFP_USER);
  61        KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e);
  62
  63        e->start = buf;
  64        e->end = e->start + buf_size;
  65        e->pos = e->start;
  66
  67        *buf = AA_NAME;
  68        *(buf + 1) = strlen(TEST_STRING_NAME) + 1;
  69        strcpy(buf + 3, TEST_STRING_NAME);
  70
  71        buf = e->start + TEST_STRING_BUF_OFFSET;
  72        *buf = AA_STRING;
  73        *(buf + 1) = strlen(TEST_STRING_DATA) + 1;
  74        strcpy(buf + 3, TEST_STRING_DATA);
  75
  76        buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
  77        *buf = AA_NAME;
  78        *(buf + 1) = strlen(TEST_U32_NAME) + 1;
  79        strcpy(buf + 3, TEST_U32_NAME);
  80        *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
  81        *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
  82
  83        buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
  84        *buf = AA_NAME;
  85        *(buf + 1) = strlen(TEST_U64_NAME) + 1;
  86        strcpy(buf + 3, TEST_U64_NAME);
  87        *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
  88        *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
  89
  90        buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
  91        *buf = AA_NAME;
  92        *(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
  93        strcpy(buf + 3, TEST_BLOB_NAME);
  94        *(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
  95        *(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
  96        memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
  97                TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
  98
  99        buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
 100        *buf = AA_NAME;
 101        *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
 102        strcpy(buf + 3, TEST_ARRAY_NAME);
 103        *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
 104        *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
 105
 106        return e;
 107}
 108
 109static int policy_unpack_test_init(struct kunit *test)
 110{
 111        size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1;
 112        struct policy_unpack_fixture *puf;
 113
 114        puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER);
 115        KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf);
 116
 117        puf->e_size = e_size;
 118        puf->e = build_aa_ext_struct(puf, test, e_size);
 119
 120        test->priv = puf;
 121        return 0;
 122}
 123
 124static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test)
 125{
 126        struct policy_unpack_fixture *puf = test->priv;
 127
 128        KUNIT_EXPECT_TRUE(test, inbounds(puf->e, 0));
 129        KUNIT_EXPECT_TRUE(test, inbounds(puf->e, puf->e_size / 2));
 130        KUNIT_EXPECT_TRUE(test, inbounds(puf->e, puf->e_size));
 131}
 132
 133static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test)
 134{
 135        struct policy_unpack_fixture *puf = test->priv;
 136
 137        KUNIT_EXPECT_FALSE(test, inbounds(puf->e, puf->e_size + 1));
 138}
 139
 140static void policy_unpack_test_unpack_array_with_null_name(struct kunit *test)
 141{
 142        struct policy_unpack_fixture *puf = test->priv;
 143        u16 array_size;
 144
 145        puf->e->pos += TEST_ARRAY_BUF_OFFSET;
 146
 147        array_size = unpack_array(puf->e, NULL);
 148
 149        KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
 150        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 151                puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
 152}
 153
 154static void policy_unpack_test_unpack_array_with_name(struct kunit *test)
 155{
 156        struct policy_unpack_fixture *puf = test->priv;
 157        const char name[] = TEST_ARRAY_NAME;
 158        u16 array_size;
 159
 160        puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
 161
 162        array_size = unpack_array(puf->e, name);
 163
 164        KUNIT_EXPECT_EQ(test, array_size, (u16)TEST_ARRAY_SIZE);
 165        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 166                puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1);
 167}
 168
 169static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test)
 170{
 171        struct policy_unpack_fixture *puf = test->priv;
 172        const char name[] = TEST_ARRAY_NAME;
 173        u16 array_size;
 174
 175        puf->e->pos += TEST_NAMED_ARRAY_BUF_OFFSET;
 176        puf->e->end = puf->e->start + TEST_ARRAY_BUF_OFFSET + sizeof(u16);
 177
 178        array_size = unpack_array(puf->e, name);
 179
 180        KUNIT_EXPECT_EQ(test, array_size, (u16)0);
 181        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 182                puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET);
 183}
 184
 185static void policy_unpack_test_unpack_blob_with_null_name(struct kunit *test)
 186{
 187        struct policy_unpack_fixture *puf = test->priv;
 188        char *blob = NULL;
 189        size_t size;
 190
 191        puf->e->pos += TEST_BLOB_BUF_OFFSET;
 192        size = unpack_blob(puf->e, &blob, NULL);
 193
 194        KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
 195        KUNIT_EXPECT_TRUE(test,
 196                memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
 197}
 198
 199static void policy_unpack_test_unpack_blob_with_name(struct kunit *test)
 200{
 201        struct policy_unpack_fixture *puf = test->priv;
 202        char *blob = NULL;
 203        size_t size;
 204
 205        puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
 206        size = unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
 207
 208        KUNIT_ASSERT_EQ(test, size, TEST_BLOB_DATA_SIZE);
 209        KUNIT_EXPECT_TRUE(test,
 210                memcmp(blob, TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE) == 0);
 211}
 212
 213static void policy_unpack_test_unpack_blob_out_of_bounds(struct kunit *test)
 214{
 215        struct policy_unpack_fixture *puf = test->priv;
 216        char *blob = NULL;
 217        void *start;
 218        int size;
 219
 220        puf->e->pos += TEST_NAMED_BLOB_BUF_OFFSET;
 221        start = puf->e->pos;
 222        puf->e->end = puf->e->start + TEST_BLOB_BUF_OFFSET
 223                + TEST_BLOB_DATA_SIZE - 1;
 224
 225        size = unpack_blob(puf->e, &blob, TEST_BLOB_NAME);
 226
 227        KUNIT_EXPECT_EQ(test, size, 0);
 228        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
 229}
 230
 231static void policy_unpack_test_unpack_str_with_null_name(struct kunit *test)
 232{
 233        struct policy_unpack_fixture *puf = test->priv;
 234        const char *string = NULL;
 235        size_t size;
 236
 237        puf->e->pos += TEST_STRING_BUF_OFFSET;
 238        size = unpack_str(puf->e, &string, NULL);
 239
 240        KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
 241        KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
 242}
 243
 244static void policy_unpack_test_unpack_str_with_name(struct kunit *test)
 245{
 246        struct policy_unpack_fixture *puf = test->priv;
 247        const char *string = NULL;
 248        size_t size;
 249
 250        size = unpack_str(puf->e, &string, TEST_STRING_NAME);
 251
 252        KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
 253        KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
 254}
 255
 256static void policy_unpack_test_unpack_str_out_of_bounds(struct kunit *test)
 257{
 258        struct policy_unpack_fixture *puf = test->priv;
 259        const char *string = NULL;
 260        void *start = puf->e->pos;
 261        int size;
 262
 263        puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
 264                + strlen(TEST_STRING_DATA) - 1;
 265
 266        size = unpack_str(puf->e, &string, TEST_STRING_NAME);
 267
 268        KUNIT_EXPECT_EQ(test, size, 0);
 269        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
 270}
 271
 272static void policy_unpack_test_unpack_strdup_with_null_name(struct kunit *test)
 273{
 274        struct policy_unpack_fixture *puf = test->priv;
 275        char *string = NULL;
 276        size_t size;
 277
 278        puf->e->pos += TEST_STRING_BUF_OFFSET;
 279        size = unpack_strdup(puf->e, &string, NULL);
 280
 281        KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
 282        KUNIT_EXPECT_FALSE(test,
 283                           ((uintptr_t)puf->e->start <= (uintptr_t)string)
 284                           && ((uintptr_t)string <= (uintptr_t)puf->e->end));
 285        KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
 286}
 287
 288static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test)
 289{
 290        struct policy_unpack_fixture *puf = test->priv;
 291        char *string = NULL;
 292        size_t size;
 293
 294        size = unpack_strdup(puf->e, &string, TEST_STRING_NAME);
 295
 296        KUNIT_EXPECT_EQ(test, size, strlen(TEST_STRING_DATA) + 1);
 297        KUNIT_EXPECT_FALSE(test,
 298                           ((uintptr_t)puf->e->start <= (uintptr_t)string)
 299                           && ((uintptr_t)string <= (uintptr_t)puf->e->end));
 300        KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
 301}
 302
 303static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test)
 304{
 305        struct policy_unpack_fixture *puf = test->priv;
 306        void *start = puf->e->pos;
 307        char *string = NULL;
 308        int size;
 309
 310        puf->e->end = puf->e->pos + TEST_STRING_BUF_OFFSET
 311                + strlen(TEST_STRING_DATA) - 1;
 312
 313        size = unpack_strdup(puf->e, &string, TEST_STRING_NAME);
 314
 315        KUNIT_EXPECT_EQ(test, size, 0);
 316        KUNIT_EXPECT_PTR_EQ(test, string, (char *)NULL);
 317        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
 318}
 319
 320static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test)
 321{
 322        struct policy_unpack_fixture *puf = test->priv;
 323        bool success;
 324
 325        puf->e->pos += TEST_U32_BUF_OFFSET;
 326
 327        success = unpack_nameX(puf->e, AA_U32, NULL);
 328
 329        KUNIT_EXPECT_TRUE(test, success);
 330        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 331                            puf->e->start + TEST_U32_BUF_OFFSET + 1);
 332}
 333
 334static void policy_unpack_test_unpack_nameX_with_wrong_code(struct kunit *test)
 335{
 336        struct policy_unpack_fixture *puf = test->priv;
 337        bool success;
 338
 339        puf->e->pos += TEST_U32_BUF_OFFSET;
 340
 341        success = unpack_nameX(puf->e, AA_BLOB, NULL);
 342
 343        KUNIT_EXPECT_FALSE(test, success);
 344        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 345                            puf->e->start + TEST_U32_BUF_OFFSET);
 346}
 347
 348static void policy_unpack_test_unpack_nameX_with_name(struct kunit *test)
 349{
 350        struct policy_unpack_fixture *puf = test->priv;
 351        const char name[] = TEST_U32_NAME;
 352        bool success;
 353
 354        puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
 355
 356        success = unpack_nameX(puf->e, AA_U32, name);
 357
 358        KUNIT_EXPECT_TRUE(test, success);
 359        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 360                            puf->e->start + TEST_U32_BUF_OFFSET + 1);
 361}
 362
 363static void policy_unpack_test_unpack_nameX_with_wrong_name(struct kunit *test)
 364{
 365        struct policy_unpack_fixture *puf = test->priv;
 366        static const char name[] = "12345678";
 367        bool success;
 368
 369        puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
 370
 371        success = unpack_nameX(puf->e, AA_U32, name);
 372
 373        KUNIT_EXPECT_FALSE(test, success);
 374        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 375                            puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
 376}
 377
 378static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test)
 379{
 380        struct policy_unpack_fixture *puf = test->priv;
 381        char *chunk = NULL;
 382        size_t size;
 383
 384        puf->e->pos += TEST_U16_OFFSET;
 385        /*
 386         * WARNING: For unit testing purposes, we're pushing puf->e->end past
 387         * the end of the allocated memory. Doing anything other than comparing
 388         * memory addresses is dangerous.
 389         */
 390        puf->e->end += TEST_U16_DATA;
 391
 392        size = unpack_u16_chunk(puf->e, &chunk);
 393
 394        KUNIT_EXPECT_PTR_EQ(test, (void *)chunk,
 395                            puf->e->start + TEST_U16_OFFSET + 2);
 396        KUNIT_EXPECT_EQ(test, size, (size_t)TEST_U16_DATA);
 397        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (void *)(chunk + TEST_U16_DATA));
 398}
 399
 400static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1(
 401                struct kunit *test)
 402{
 403        struct policy_unpack_fixture *puf = test->priv;
 404        char *chunk = NULL;
 405        size_t size;
 406
 407        puf->e->pos = puf->e->end - 1;
 408
 409        size = unpack_u16_chunk(puf->e, &chunk);
 410
 411        KUNIT_EXPECT_EQ(test, size, (size_t)0);
 412        KUNIT_EXPECT_PTR_EQ(test, chunk, (char *)NULL);
 413        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1);
 414}
 415
 416static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2(
 417                struct kunit *test)
 418{
 419        struct policy_unpack_fixture *puf = test->priv;
 420        char *chunk = NULL;
 421        size_t size;
 422
 423        puf->e->pos += TEST_U16_OFFSET;
 424        /*
 425         * WARNING: For unit testing purposes, we're pushing puf->e->end past
 426         * the end of the allocated memory. Doing anything other than comparing
 427         * memory addresses is dangerous.
 428         */
 429        puf->e->end = puf->e->pos + TEST_U16_DATA - 1;
 430
 431        size = unpack_u16_chunk(puf->e, &chunk);
 432
 433        KUNIT_EXPECT_EQ(test, size, (size_t)0);
 434        KUNIT_EXPECT_PTR_EQ(test, chunk, (char *)NULL);
 435        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET);
 436}
 437
 438static void policy_unpack_test_unpack_u32_with_null_name(struct kunit *test)
 439{
 440        struct policy_unpack_fixture *puf = test->priv;
 441        bool success;
 442        u32 data;
 443
 444        puf->e->pos += TEST_U32_BUF_OFFSET;
 445
 446        success = unpack_u32(puf->e, &data, NULL);
 447
 448        KUNIT_EXPECT_TRUE(test, success);
 449        KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
 450        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 451                        puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
 452}
 453
 454static void policy_unpack_test_unpack_u32_with_name(struct kunit *test)
 455{
 456        struct policy_unpack_fixture *puf = test->priv;
 457        const char name[] = TEST_U32_NAME;
 458        bool success;
 459        u32 data;
 460
 461        puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
 462
 463        success = unpack_u32(puf->e, &data, name);
 464
 465        KUNIT_EXPECT_TRUE(test, success);
 466        KUNIT_EXPECT_EQ(test, data, TEST_U32_DATA);
 467        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 468                        puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32) + 1);
 469}
 470
 471static void policy_unpack_test_unpack_u32_out_of_bounds(struct kunit *test)
 472{
 473        struct policy_unpack_fixture *puf = test->priv;
 474        const char name[] = TEST_U32_NAME;
 475        bool success;
 476        u32 data;
 477
 478        puf->e->pos += TEST_NAMED_U32_BUF_OFFSET;
 479        puf->e->end = puf->e->start + TEST_U32_BUF_OFFSET + sizeof(u32);
 480
 481        success = unpack_u32(puf->e, &data, name);
 482
 483        KUNIT_EXPECT_FALSE(test, success);
 484        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 485                        puf->e->start + TEST_NAMED_U32_BUF_OFFSET);
 486}
 487
 488static void policy_unpack_test_unpack_u64_with_null_name(struct kunit *test)
 489{
 490        struct policy_unpack_fixture *puf = test->priv;
 491        bool success;
 492        u64 data;
 493
 494        puf->e->pos += TEST_U64_BUF_OFFSET;
 495
 496        success = unpack_u64(puf->e, &data, NULL);
 497
 498        KUNIT_EXPECT_TRUE(test, success);
 499        KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
 500        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 501                        puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
 502}
 503
 504static void policy_unpack_test_unpack_u64_with_name(struct kunit *test)
 505{
 506        struct policy_unpack_fixture *puf = test->priv;
 507        const char name[] = TEST_U64_NAME;
 508        bool success;
 509        u64 data;
 510
 511        puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
 512
 513        success = unpack_u64(puf->e, &data, name);
 514
 515        KUNIT_EXPECT_TRUE(test, success);
 516        KUNIT_EXPECT_EQ(test, data, TEST_U64_DATA);
 517        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 518                        puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64) + 1);
 519}
 520
 521static void policy_unpack_test_unpack_u64_out_of_bounds(struct kunit *test)
 522{
 523        struct policy_unpack_fixture *puf = test->priv;
 524        const char name[] = TEST_U64_NAME;
 525        bool success;
 526        u64 data;
 527
 528        puf->e->pos += TEST_NAMED_U64_BUF_OFFSET;
 529        puf->e->end = puf->e->start + TEST_U64_BUF_OFFSET + sizeof(u64);
 530
 531        success = unpack_u64(puf->e, &data, name);
 532
 533        KUNIT_EXPECT_FALSE(test, success);
 534        KUNIT_EXPECT_PTR_EQ(test, puf->e->pos,
 535                        puf->e->start + TEST_NAMED_U64_BUF_OFFSET);
 536}
 537
 538static void policy_unpack_test_unpack_X_code_match(struct kunit *test)
 539{
 540        struct policy_unpack_fixture *puf = test->priv;
 541        bool success = unpack_X(puf->e, AA_NAME);
 542
 543        KUNIT_EXPECT_TRUE(test, success);
 544        KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start + 1);
 545}
 546
 547static void policy_unpack_test_unpack_X_code_mismatch(struct kunit *test)
 548{
 549        struct policy_unpack_fixture *puf = test->priv;
 550        bool success = unpack_X(puf->e, AA_STRING);
 551
 552        KUNIT_EXPECT_FALSE(test, success);
 553        KUNIT_EXPECT_TRUE(test, puf->e->pos == puf->e->start);
 554}
 555
 556static void policy_unpack_test_unpack_X_out_of_bounds(struct kunit *test)
 557{
 558        struct policy_unpack_fixture *puf = test->priv;
 559        bool success;
 560
 561        puf->e->pos = puf->e->end;
 562        success = unpack_X(puf->e, AA_NAME);
 563
 564        KUNIT_EXPECT_FALSE(test, success);
 565}
 566
 567static struct kunit_case apparmor_policy_unpack_test_cases[] = {
 568        KUNIT_CASE(policy_unpack_test_inbounds_when_inbounds),
 569        KUNIT_CASE(policy_unpack_test_inbounds_when_out_of_bounds),
 570        KUNIT_CASE(policy_unpack_test_unpack_array_with_null_name),
 571        KUNIT_CASE(policy_unpack_test_unpack_array_with_name),
 572        KUNIT_CASE(policy_unpack_test_unpack_array_out_of_bounds),
 573        KUNIT_CASE(policy_unpack_test_unpack_blob_with_null_name),
 574        KUNIT_CASE(policy_unpack_test_unpack_blob_with_name),
 575        KUNIT_CASE(policy_unpack_test_unpack_blob_out_of_bounds),
 576        KUNIT_CASE(policy_unpack_test_unpack_nameX_with_null_name),
 577        KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_code),
 578        KUNIT_CASE(policy_unpack_test_unpack_nameX_with_name),
 579        KUNIT_CASE(policy_unpack_test_unpack_nameX_with_wrong_name),
 580        KUNIT_CASE(policy_unpack_test_unpack_str_with_null_name),
 581        KUNIT_CASE(policy_unpack_test_unpack_str_with_name),
 582        KUNIT_CASE(policy_unpack_test_unpack_str_out_of_bounds),
 583        KUNIT_CASE(policy_unpack_test_unpack_strdup_with_null_name),
 584        KUNIT_CASE(policy_unpack_test_unpack_strdup_with_name),
 585        KUNIT_CASE(policy_unpack_test_unpack_strdup_out_of_bounds),
 586        KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_basic),
 587        KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_1),
 588        KUNIT_CASE(policy_unpack_test_unpack_u16_chunk_out_of_bounds_2),
 589        KUNIT_CASE(policy_unpack_test_unpack_u32_with_null_name),
 590        KUNIT_CASE(policy_unpack_test_unpack_u32_with_name),
 591        KUNIT_CASE(policy_unpack_test_unpack_u32_out_of_bounds),
 592        KUNIT_CASE(policy_unpack_test_unpack_u64_with_null_name),
 593        KUNIT_CASE(policy_unpack_test_unpack_u64_with_name),
 594        KUNIT_CASE(policy_unpack_test_unpack_u64_out_of_bounds),
 595        KUNIT_CASE(policy_unpack_test_unpack_X_code_match),
 596        KUNIT_CASE(policy_unpack_test_unpack_X_code_mismatch),
 597        KUNIT_CASE(policy_unpack_test_unpack_X_out_of_bounds),
 598        {},
 599};
 600
 601static struct kunit_suite apparmor_policy_unpack_test_module = {
 602        .name = "apparmor_policy_unpack",
 603        .init = policy_unpack_test_init,
 604        .test_cases = apparmor_policy_unpack_test_cases,
 605};
 606
 607kunit_test_suite(apparmor_policy_unpack_test_module);
 608