security/apparmor/policy_unpack_test.c
Source file repositories/reference/linux-study-clean/security/apparmor/policy_unpack_test.c
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/policy_unpack_test.c- Extension
.c- Size
- 18620 bytes
- Lines
- 617
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
kunit/test.hkunit/visibility.hinclude/policy.hinclude/policy_unpack.hlinux/unaligned.h
Detected Declarations
struct policy_unpack_fixturefunction policy_unpack_test_initfunction policy_unpack_test_inbounds_when_inboundsfunction policy_unpack_test_inbounds_when_out_of_boundsfunction policy_unpack_test_unpack_array_with_null_namefunction policy_unpack_test_unpack_array_with_namefunction policy_unpack_test_unpack_array_out_of_boundsfunction policy_unpack_test_unpack_blob_with_null_namefunction policy_unpack_test_unpack_blob_with_namefunction policy_unpack_test_unpack_blob_out_of_boundsfunction policy_unpack_test_unpack_str_with_null_namefunction policy_unpack_test_unpack_str_with_namefunction policy_unpack_test_unpack_str_out_of_boundsfunction policy_unpack_test_unpack_strdup_with_null_namefunction policy_unpack_test_unpack_strdup_with_namefunction policy_unpack_test_unpack_strdup_out_of_boundsfunction policy_unpack_test_unpack_nameX_with_null_namefunction policy_unpack_test_unpack_nameX_with_wrong_codefunction policy_unpack_test_unpack_nameX_with_namefunction policy_unpack_test_unpack_nameX_with_wrong_namefunction policy_unpack_test_unpack_u16_chunk_basicfunction policy_unpack_test_unpack_u16_chunk_out_of_bounds_1function policy_unpack_test_unpack_u16_chunk_out_of_bounds_2function policy_unpack_test_unpack_u32_with_null_namefunction policy_unpack_test_unpack_u32_with_namefunction policy_unpack_test_unpack_u32_out_of_boundsfunction policy_unpack_test_unpack_u64_with_null_namefunction policy_unpack_test_unpack_u64_with_namefunction policy_unpack_test_unpack_u64_out_of_boundsfunction policy_unpack_test_unpack_X_code_matchfunction policy_unpack_test_unpack_X_code_mismatchfunction policy_unpack_test_unpack_X_out_of_bounds
Annotated Snippet
struct policy_unpack_fixture {
struct aa_ext *e;
size_t e_size;
};
static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
struct kunit *test, size_t buf_size)
{
char *buf;
struct aa_ext *e;
buf = kunit_kzalloc(test, buf_size, GFP_USER);
KUNIT_EXPECT_NOT_ERR_OR_NULL(test, buf);
e = kunit_kmalloc(test, sizeof(*e), GFP_USER);
KUNIT_EXPECT_NOT_ERR_OR_NULL(test, e);
e->start = buf;
e->end = e->start + buf_size;
e->pos = e->start;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_STRING_NAME) + 1;
strscpy(buf + 3, TEST_STRING_NAME, e->end - (void *)(buf + 3));
buf = e->start + TEST_STRING_BUF_OFFSET;
*buf = AA_STRING;
*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
strscpy(buf + 3, TEST_STRING_DATA, e->end - (void *)(buf + 3));
buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strscpy(buf + 3, TEST_U32_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
put_unaligned_le32(TEST_U32_DATA, buf + 3 + strlen(TEST_U32_NAME) + 2);
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U64_NAME) + 1;
strscpy(buf + 3, TEST_U64_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
*((__le64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = cpu_to_le64(TEST_U64_DATA);
buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
strscpy(buf + 3, TEST_BLOB_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
strscpy(buf + 3, TEST_ARRAY_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
put_unaligned_le16(TEST_ARRAY_SIZE, buf + 3 + strlen(TEST_ARRAY_NAME) + 2);
return e;
}
static int policy_unpack_test_init(struct kunit *test)
{
size_t e_size = TEST_ARRAY_BUF_OFFSET + sizeof(u16) + 1;
struct policy_unpack_fixture *puf;
puf = kunit_kmalloc(test, sizeof(*puf), GFP_USER);
KUNIT_EXPECT_NOT_ERR_OR_NULL(test, puf);
puf->e_size = e_size;
puf->e = build_aa_ext_struct(puf, test, e_size);
test->priv = puf;
return 0;
}
static void policy_unpack_test_inbounds_when_inbounds(struct kunit *test)
{
struct policy_unpack_fixture *puf = test->priv;
KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, 0));
KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size / 2));
KUNIT_EXPECT_TRUE(test, aa_inbounds(puf->e, puf->e_size));
}
static void policy_unpack_test_inbounds_when_out_of_bounds(struct kunit *test)
{
struct policy_unpack_fixture *puf = test->priv;
Annotation
- Immediate include surface: `kunit/test.h`, `kunit/visibility.h`, `include/policy.h`, `include/policy_unpack.h`, `linux/unaligned.h`.
- Detected declarations: `struct policy_unpack_fixture`, `function policy_unpack_test_init`, `function policy_unpack_test_inbounds_when_inbounds`, `function policy_unpack_test_inbounds_when_out_of_bounds`, `function policy_unpack_test_unpack_array_with_null_name`, `function policy_unpack_test_unpack_array_with_name`, `function policy_unpack_test_unpack_array_out_of_bounds`, `function policy_unpack_test_unpack_blob_with_null_name`, `function policy_unpack_test_unpack_blob_with_name`, `function policy_unpack_test_unpack_blob_out_of_bounds`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.