Add scoped_cross_domain_variants.h providing shared test variants for interactions between two independent Landlock domains. Current tests only cover hierarchical (parent-child) relationships but miss the case where unrelated processes establish peer domains.
The header defines four canonical variants: - none_to_none: both processes unrestricted - none_to_scoped: only accessor process scoped - scoped_to_none: only resource process scoped - scoped_to_scoped: both processes scoped (peer domains)
This abstraction will be shared across signal, abstract UNIX socket, and future scope types (like memfd execution) to ensure comprehensive cross-domain test coverage.
Signed-off-by: Abhinav Saxena xandfury@gmail.com --- .../landlock/scoped_cross_domain_variants.h | 54 ++++++++++++++++++++++ 1 file changed, 54 insertions(+)
diff --git a/tools/testing/selftests/landlock/scoped_cross_domain_variants.h b/tools/testing/selftests/landlock/scoped_cross_domain_variants.h new file mode 100644 index 000000000000..6068987a52c8 --- /dev/null +++ b/tools/testing/selftests/landlock/scoped_cross_domain_variants.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Landlock self-tests - cross-domain scope variants + * + * Provides one FIXTURE_VARIANT and the four canonical combinations + * (none->none, none->scoped, scoped->none, scoped->scoped). Every test that + * checks interactions between two independently created domains + * includes this header and iterates over the variants. + * + * Variant structure: which domain each side of the interaction lives in. + * resource_domain - process that creates/owns the resource + * accessor_domain - process that uses the resource + * + * Copyright © 2025 Abhinav Saxena xandfury@gmail.com + * + */ + +FIXTURE_VARIANT(cross_domain_scope) +{ + enum sandbox_type resource_domain; + enum sandbox_type accessor_domain; +}; + +/* Four concrete combinations */ +FIXTURE_VARIANT_ADD(cross_domain_scope, none_to_none) { + .resource_domain = NO_SANDBOX, + .accessor_domain = NO_SANDBOX, +}; + +FIXTURE_VARIANT_ADD(cross_domain_scope, none_to_scoped) { + .resource_domain = NO_SANDBOX, + .accessor_domain = SCOPE_SANDBOX, +}; + +FIXTURE_VARIANT_ADD(cross_domain_scope, scoped_to_none) { + .resource_domain = SCOPE_SANDBOX, + .accessor_domain = NO_SANDBOX, +}; + +FIXTURE_VARIANT_ADD(cross_domain_scope, scoped_to_scoped) { + .resource_domain = SCOPE_SANDBOX, + .accessor_domain = SCOPE_SANDBOX, +}; + +/* + * Mapping reminder: + * SIGNAL resource = receiver accessor = sender + * ABSTRACT UNIX resource = server accessor = client + * future scopes resource = creator accessor = user + * + * Only the accessor domain is enforced; tests therefore expect: + * accessor NO_SANDBOX -> ALLOW operation + * accessor SCOPE_SANDBOX -> DENY if resource is outside its domain + */