From 4946424b11eaef7e2f1d620d655c5e49c2310509 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net>
Date: Fri, 6 Sep 2024 15:21:01 +0200
Subject: [PATCH] src: Handle Landlock ABI v5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the AccessFs::IoctlDev right.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
 examples/sandboxer.rs |  2 +-
 src/compat.rs         | 10 +++++++---
 src/fs.rs             |  7 +++++--
 src/lib.rs            | 17 +++++++++++++++++
 src/net.rs            |  2 +-
 src/uapi/mod.rs       |  1 +
 6 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/examples/sandboxer.rs b/examples/sandboxer.rs
index 756df19e..dc106193 100644
--- a/examples/sandboxer.rs
+++ b/examples/sandboxer.rs
@@ -111,7 +111,7 @@ fn main() -> anyhow::Result<()> {
         anyhow!("Missing command")
     })?;
 
-    let abi = ABI::V4;
+    let abi = ABI::V5;
     let mut ruleset = Ruleset::default().handle_access(AccessFs::from_all(abi))?;
     let ruleset_ref = &mut ruleset;
 
diff --git a/src/compat.rs b/src/compat.rs
index fd217700..86f115e2 100644
--- a/src/compat.rs
+++ b/src/compat.rs
@@ -61,6 +61,9 @@ pub enum ABI {
     /// Fourth Landlock ABI, introduced with
     /// [Linux 6.7](https://git.kernel.org/stable/c/136cc1e1f5be75f57f1e0404b94ee1c8792cb07d).
     V4 = 4,
+    /// Fifth Landlock ABI, introduced with
+    /// [Linux 6.10](https://git.kernel.org/stable/c/2fc0e7892c10734c1b7c613ef04836d57d4676d5).
+    V5 = 5,
 }
 
 impl ABI {
@@ -87,8 +90,9 @@ impl ABI {
             1 => ABI::V1,
             2 => ABI::V2,
             3 => ABI::V3,
+            4 => ABI::V4,
             // Returns the greatest known ABI.
-            _ => ABI::V4,
+            _ => ABI::V5,
         }
     }
 
@@ -385,7 +389,7 @@ pub trait Compatible: Sized + private::OptionCompatLevelMut {
     ///         // However, this ruleset may also handle other (future) access rights
     ///         // if they are supported by the running kernel.
     ///         .set_compatibility(CompatLevel::BestEffort)
-    ///         .handle_access(AccessFs::from_all(ABI::V4))?
+    ///         .handle_access(AccessFs::from_all(ABI::V5))?
     ///         .create()?)
     /// }
     /// ```
@@ -414,7 +418,7 @@ pub trait Compatible: Sized + private::OptionCompatLevelMut {
     ///         // if they are supported by the running kernel,
     ///         // but without returning any error otherwise.
     ///         .set_compatibility(CompatLevel::BestEffort)
-    ///         .handle_access(AccessFs::from_all(ABI::V2))?
+    ///         .handle_access(AccessFs::from_all(ABI::V5))?
     ///         .create()?)
     /// }
     /// ```
diff --git a/src/fs.rs b/src/fs.rs
index 09fa65be..e1a4066d 100644
--- a/src/fs.rs
+++ b/src/fs.rs
@@ -84,6 +84,8 @@ pub enum AccessFs {
     Refer = uapi::LANDLOCK_ACCESS_FS_REFER as u64,
     /// Truncate a file with `truncate(2)`, `ftruncate(2)`, `creat(2)`, or `open(2)` with `O_TRUNC`.
     Truncate = uapi::LANDLOCK_ACCESS_FS_TRUNCATE as u64,
+    /// Send IOCL commands to a device file.
+    IoctlDev = uapi::LANDLOCK_ACCESS_FS_IOCTL_DEV as u64,
 }
 
 impl Access for AccessFs {
@@ -104,7 +106,7 @@ impl AccessFs {
     pub fn from_read(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported => BitFlags::EMPTY,
-            ABI::V1 | ABI::V2 | ABI::V3 | ABI::V4 => make_bitflags!(AccessFs::{
+            ABI::V1 | ABI::V2 | ABI::V3 | ABI::V4 | ABI::V5 => make_bitflags!(AccessFs::{
                 Execute
                 | ReadFile
                 | ReadDir
@@ -132,6 +134,7 @@ impl AccessFs {
             }),
             ABI::V2 => Self::from_write(ABI::V1) | AccessFs::Refer,
             ABI::V3 | ABI::V4 => Self::from_write(ABI::V2) | AccessFs::Truncate,
+            ABI::V5 => Self::from_write(ABI::V4) | AccessFs::IoctlDev,
         }
     }
 
@@ -185,7 +188,7 @@ impl PrivateAccess for AccessFs {
 // TODO: Make ACCESS_FILE a property of AccessFs.
 // TODO: Add tests for ACCESS_FILE.
 const ACCESS_FILE: BitFlags<AccessFs> = make_bitflags!(AccessFs::{
-    ReadFile | WriteFile | Execute | Truncate
+    ReadFile | WriteFile | Execute | Truncate | IoctlDev
 });
 
 // XXX: What should we do when a stat call failed?
diff --git a/src/lib.rs b/src/lib.rs
index 317ed058..d3eb8b95 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -385,4 +385,21 @@ mod tests {
             false,
         );
     }
+
+    #[test]
+    fn abi_v5_ioctl_dev() {
+        check_ruleset_support(
+            ABI::V4,
+            Some(ABI::V5),
+            move |ruleset: Ruleset| -> _ {
+                Ok(ruleset
+                    .handle_access(AccessNet::BindTcp)?
+                    .handle_access(AccessFs::IoctlDev)?
+                    .create()?
+                    .add_rule(PathBeneath::new(PathFd::new("/")?, AccessFs::IoctlDev))?
+                    .restrict_self()?)
+            },
+            false,
+        );
+    }
 }
diff --git a/src/net.rs b/src/net.rs
index e15af39c..d2d9a923 100644
--- a/src/net.rs
+++ b/src/net.rs
@@ -55,7 +55,7 @@ impl Access for AccessNet {
     fn from_all(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported | ABI::V1 | ABI::V2 | ABI::V3 => BitFlags::EMPTY,
-            ABI::V4 => AccessNet::BindTcp | AccessNet::ConnectTcp,
+            ABI::V4 | ABI::V5 => AccessNet::BindTcp | AccessNet::ConnectTcp,
         }
     }
 }
diff --git a/src/uapi/mod.rs b/src/uapi/mod.rs
index b1d67501..b9676e5e 100644
--- a/src/uapi/mod.rs
+++ b/src/uapi/mod.rs
@@ -27,6 +27,7 @@ pub use self::landlock::{
     LANDLOCK_ACCESS_FS_MAKE_SYM,
     LANDLOCK_ACCESS_FS_REFER,
     LANDLOCK_ACCESS_FS_TRUNCATE,
+    LANDLOCK_ACCESS_FS_IOCTL_DEV,
     LANDLOCK_ACCESS_NET_BIND_TCP,
     LANDLOCK_ACCESS_NET_CONNECT_TCP,
     LANDLOCK_CREATE_RULESET_VERSION,