18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* Copyright (c) 2017 Facebook 38c2ecf20Sopenharmony_ci */ 48c2ecf20Sopenharmony_ci 58c2ecf20Sopenharmony_ci#include <stdio.h> 68c2ecf20Sopenharmony_ci#include <stdlib.h> 78c2ecf20Sopenharmony_ci#include <string.h> 88c2ecf20Sopenharmony_ci#include <errno.h> 98c2ecf20Sopenharmony_ci#include <assert.h> 108c2ecf20Sopenharmony_ci#include <sys/time.h> 118c2ecf20Sopenharmony_ci 128c2ecf20Sopenharmony_ci#include <linux/bpf.h> 138c2ecf20Sopenharmony_ci#include <bpf/bpf.h> 148c2ecf20Sopenharmony_ci#include <bpf/libbpf.h> 158c2ecf20Sopenharmony_ci 168c2ecf20Sopenharmony_ci#include "cgroup_helpers.h" 178c2ecf20Sopenharmony_ci#include "bpf_rlimit.h" 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_ci#define DEV_CGROUP_PROG "./dev_cgroup.o" 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ci#define TEST_CGROUP "/test-bpf-based-device-cgroup/" 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_ciint main(int argc, char **argv) 248c2ecf20Sopenharmony_ci{ 258c2ecf20Sopenharmony_ci struct bpf_object *obj; 268c2ecf20Sopenharmony_ci int error = EXIT_FAILURE; 278c2ecf20Sopenharmony_ci int prog_fd, cgroup_fd; 288c2ecf20Sopenharmony_ci __u32 prog_cnt; 298c2ecf20Sopenharmony_ci 308c2ecf20Sopenharmony_ci if (bpf_prog_load(DEV_CGROUP_PROG, BPF_PROG_TYPE_CGROUP_DEVICE, 318c2ecf20Sopenharmony_ci &obj, &prog_fd)) { 328c2ecf20Sopenharmony_ci printf("Failed to load DEV_CGROUP program\n"); 338c2ecf20Sopenharmony_ci goto out; 348c2ecf20Sopenharmony_ci } 358c2ecf20Sopenharmony_ci 368c2ecf20Sopenharmony_ci cgroup_fd = cgroup_setup_and_join(TEST_CGROUP); 378c2ecf20Sopenharmony_ci if (cgroup_fd < 0) { 388c2ecf20Sopenharmony_ci printf("Failed to create test cgroup\n"); 398c2ecf20Sopenharmony_ci goto out; 408c2ecf20Sopenharmony_ci } 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_ci /* Attach bpf program */ 438c2ecf20Sopenharmony_ci if (bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, 0)) { 448c2ecf20Sopenharmony_ci printf("Failed to attach DEV_CGROUP program"); 458c2ecf20Sopenharmony_ci goto err; 468c2ecf20Sopenharmony_ci } 478c2ecf20Sopenharmony_ci 488c2ecf20Sopenharmony_ci if (bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, 498c2ecf20Sopenharmony_ci &prog_cnt)) { 508c2ecf20Sopenharmony_ci printf("Failed to query attached programs"); 518c2ecf20Sopenharmony_ci goto err; 528c2ecf20Sopenharmony_ci } 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci /* All operations with /dev/zero and and /dev/urandom are allowed, 558c2ecf20Sopenharmony_ci * everything else is forbidden. 568c2ecf20Sopenharmony_ci */ 578c2ecf20Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 588c2ecf20Sopenharmony_ci assert(system("mknod /tmp/test_dev_cgroup_null c 1 3")); 598c2ecf20Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_ci /* /dev/zero is whitelisted */ 628c2ecf20Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 638c2ecf20Sopenharmony_ci assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0); 648c2ecf20Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 658c2ecf20Sopenharmony_ci 668c2ecf20Sopenharmony_ci assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0); 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_ci /* src is allowed, target is forbidden */ 698c2ecf20Sopenharmony_ci assert(system("dd if=/dev/urandom of=/dev/full count=64")); 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci /* src is forbidden, target is allowed */ 728c2ecf20Sopenharmony_ci assert(system("dd if=/dev/random of=/dev/zero count=64")); 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci error = 0; 758c2ecf20Sopenharmony_ci printf("test_dev_cgroup:PASS\n"); 768c2ecf20Sopenharmony_ci 778c2ecf20Sopenharmony_cierr: 788c2ecf20Sopenharmony_ci cleanup_cgroup_environment(); 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ciout: 818c2ecf20Sopenharmony_ci return error; 828c2ecf20Sopenharmony_ci} 83