slsm: t: add simple userspace "wrapper" for tree.c

security/slsm/t/Makefile

+main: main.c
+	cc -g -Og -Wall -Wextra -Wconversion -Iinclude -I.. main.c ../tree.c

security/slsm/t/include/linux/_compat.h

+#ifndef _COMPAT_H
+#define _COMPAT_H
+
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <stdarg.h>
+
+
+#define KERN_INFO
+#define KERN_ERR
+#define printk(...) printf(__VA_ARGS__)
+
+static inline int kstrtouint(const char *s, unsigned int base, unsigned int *res) {
+    char *end;
+    unsigned long int val;
+
+    errno = 0;
+    val = strtoul(s, &end, base);
+
+    if ((errno == ERANGE && val == ULONG_MAX)
+            || (errno != 0 && val == 0)) {
+        return -errno;
+    }
+    if (s == end) {
+        return -EINVAL;
+    }
+    *res = val;
+
+    return 0;
+}
+
+
+#define BUG_ON(x) assert(!(x))
+
+
+typedef unsigned gfp_t;
+
+#define GFP_KERNEL 0
+#define kfree free
+
+static inline void *kcalloc(size_t n, size_t size, gfp_t flags) {
+    (void)flags;
+    return calloc(n, size);
+}
+
+static inline void *kzalloc(size_t size, gfp_t flags) {
+    return kcalloc(1, size, flags);
+}
+static inline void *krealloc(const void *p, size_t new_size, gfp_t flags) {
+    (void)flags;
+    return realloc((void *)p, new_size);
+}
+
+static inline char *kstrdup(const char *s, gfp_t gfp) {
+    (void)gfp;
+    return strdup(s);
+}
+
+
+#define __rcu
+
+#define rcu_assign_pointer(p, v) p = v
+#define rcu_dereference(p) p
+
+static inline void rcu_read_lock() {}
+static inline void rcu_read_unlock() {}
+static inline void synchronize_rcu() {}
+
+
+struct mutex {
+    int dummy;
+};
+#define DEFINE_MUTEX(x) struct mutex x
+static inline void mutex_lock(struct mutex *m) {
+    (void)m;
+}
+static inline void mutex_unlock(struct mutex *m) {
+    (void)m;
+}
+
+#endif

security/slsm/t/include/linux/fs.h

+_compat.h
\ No newline at end of file

security/slsm/t/include/linux/mutex.h

+_compat.h
\ No newline at end of file

security/slsm/t/include/linux/slab.h

+_compat.h
\ No newline at end of file

security/slsm/t/include/linux/string.h

+_compat.h
\ No newline at end of file

security/slsm/t/main.c

+#include <assert.h>
+#include <stdio.h>
+
+#include "tree.h"
+
+
+const char rule1[] = "\
+f=/\0p=0\0\0\
+";
+
+const char rule2[] = "\
+f=/\0p=0\0\0\
+f=/\0p=0\0a=/a\0\0\
+f=/\0p=0\0a=/b\0\0\
+f=/\0p=0\0a=/c\0\0\
+f=/\0p=0\0a=/d\0\0\
+f=/\0p=0\0a=/e\0\0\
+";
+
+const char rule3[] = "\
+f=/tmp/slsm/a\0a=/bin/cat\0p=0\0\0\
+f=/tmp/slsm/b\0a=/bin/cat\0p=0\0\0\
+f=/tmp/slsm/c\0a=/bin/cat\0p=4\0\0\
+f=/tmp/slsm/d\0a=/usr/bin/head\0p=0\0\0\
+f=/tmp/slsm/e\0a=/usr/bin/head\0p=0\0\0\
+f=/tmp/slsm/f\0a=/usr/bin/head\0p=0\0\0\
+";
+
+const char rule4[] = "\
+f=/\0a=/bin/cat\0p=3\0\0\
+f=/tmp/slsm\0a=/bin/cat\0p=0\0\0\
+";
+
+const char rule5[] = "\
+f=/tmp/slsm\0a=/bin/touch\0p=5\0\0\
+";
+
+const char rule6[] = "\
+p=/usr/bin/ssh-add\0m=7\0f=8\0\0\
+";
+
+
+int main(void) {
+    struct slsm_perms perms;
+#if 0
+    assert(slsm_new_tree(rule1, sizeof(rule1)-1) == 0);
+    assert(slsm_new_tree(rule2, sizeof(rule2)-1) == 0);
+    assert(slsm_new_tree(rule3, sizeof(rule3)-1) == 0);
+
+    assert(slsm_new_tree("", 0) == 0); // delete rules
+
+    assert(slsm_new_tree(rule1, sizeof(rule1)-1) == 0);
+    assert(slsm_new_tree(rule2, sizeof(rule2)-1) == 0);
+    assert(slsm_new_tree(rule3, sizeof(rule3)-1) == 0);
+    assert(slsm_new_tree(rule4, sizeof(rule4)-1) == 0);
+    assert(slsm_new_tree(rule5, sizeof(rule5)-1) == 0);
+
+    printf("\n");
+    struct slsm_perms perms = slsm_query_perms("/tmp/slsm", "/bin/touch");
+    printf("==> %u %u\n", perms.mode, perms.flags);
+
+    assert(slsm_new_tree("", 0) == 0); // delete rules
+#endif
+
+    assert(slsm_new_tree(rule6, sizeof(rule6)-1) == 0);
+
+    printf("\n");
+    perms = slsm_query_perms("/usr/bin/ssh", "/bin/touch");
+    printf("==> %u %u\n", perms.mode, perms.flags);
+
+    return 0;
+}