From e44d5391f34ed89fc3133608c784aaa2d0a9540b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@digikod.net>
Date: Fri, 16 Dec 2022 16:18:12 +0100
Subject: [PATCH] src: Handle Landlock ABI v3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the AccessFs::Truncate right.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
 examples/sandboxer.rs |  2 +-
 src/compat.rs         |  9 ++++++---
 src/fs.rs             |  9 +++++++--
 src/lib.rs            | 16 ++++++++++++++++
 src/uapi/mod.rs       |  1 +
 5 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/examples/sandboxer.rs b/examples/sandboxer.rs
index 97e9284a..f93a43ac 100644
--- a/examples/sandboxer.rs
+++ b/examples/sandboxer.rs
@@ -81,7 +81,7 @@ fn main() -> anyhow::Result<()> {
         anyhow!("Missing command")
     })?;
 
-    let abi = ABI::V2;
+    let abi = ABI::V3;
     let status = Ruleset::new()
         .handle_access(AccessFs::from_all(abi))?
         .create()?
diff --git a/src/compat.rs b/src/compat.rs
index a4f770a1..f71020c1 100644
--- a/src/compat.rs
+++ b/src/compat.rs
@@ -40,6 +40,9 @@ pub enum ABI {
     /// Second Landlock ABI, introduced with
     /// [Linux 5.19](https://git.kernel.org/stable/c/cb44e4f061e16be65b8a16505e121490c66d30d0).
     V2 = 2,
+    /// Third Landlock ABI, introduced with
+    /// [Linux 6.2](https://git.kernel.org/stable/c/299e2b1967578b1442128ba8b3e86ed3427d3651).
+    V3 = 3,
 }
 
 impl ABI {
@@ -64,8 +67,9 @@ impl ABI {
             // all kind of errors as unsupported.
             n if n <= 0 => ABI::Unsupported,
             1 => ABI::V1,
+            2 => ABI::V2,
             // Returns the greatest known ABI.
-            _ => ABI::V2,
+            _ => ABI::V3,
         }
     }
 
@@ -289,7 +293,6 @@ impl Compatibility {
 /// it may be required to error out if some of these features are not available
 /// and will then not be enforced.
 pub trait Compatible: Sized + AsMut<Option<CompatLevel>> {
-    // TODO: Update ruleset_handling_renames() with ABI::V3
     /// To enable a best-effort security approach,
     /// Landlock features that are not supported by the running system
     /// are silently ignored by default,
@@ -359,7 +362,7 @@ pub trait Compatible: Sized + AsMut<Option<CompatLevel>> {
     ///         // However, this ruleset may also handle other (future) access rights
     ///         // if they are supported by the running kernel.
     ///         .set_compatibility(CompatLevel::BestEffort)
-    ///         .handle_access(AccessFs::from_all(ABI::V2))?
+    ///         .handle_access(AccessFs::from_all(ABI::V3))?
     ///         .create()?)
     /// }
     /// ```
diff --git a/src/fs.rs b/src/fs.rs
index c12f816a..5fcdec98 100644
--- a/src/fs.rs
+++ b/src/fs.rs
@@ -81,6 +81,8 @@ pub enum AccessFs {
     MakeSym = uapi::LANDLOCK_ACCESS_FS_MAKE_SYM as u64,
     /// Link or rename a file from or to a different directory.
     Refer = uapi::LANDLOCK_ACCESS_FS_REFER as u64,
+    /// Truncate a file with `truncate(2)`, `ftruncate(2)`, `creat(2)`, or `open(2)` with `O_TRUNC`.
+    Truncate = uapi::LANDLOCK_ACCESS_FS_TRUNCATE as u64,
 }
 
 impl Access for AccessFs {
@@ -88,7 +90,7 @@ impl Access for AccessFs {
     fn from_read(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported => BitFlags::EMPTY,
-            ABI::V1 | ABI::V2 => make_bitflags!(AccessFs::{
+            ABI::V1 | ABI::V2 | ABI::V3 => make_bitflags!(AccessFs::{
                 Execute
                 | ReadFile
                 | ReadDir
@@ -113,6 +115,7 @@ impl Access for AccessFs {
                 | MakeSym
             }),
             ABI::V2 => Self::from_write(ABI::V1) | AccessFs::Refer,
+            ABI::V3 => Self::from_write(ABI::V2) | AccessFs::Truncate,
         }
     }
 }
@@ -165,8 +168,10 @@ impl PrivateAccess for AccessFs {
     }
 }
 
+// TODO: Make ACCESS_FILE a property of AccessFs.
+// TODO: Add tests for ACCESS_FILE.
 const ACCESS_FILE: BitFlags<AccessFs> = make_bitflags!(AccessFs::{
-    ReadFile | WriteFile | Execute
+    ReadFile | WriteFile | Execute | Truncate
 });
 
 // XXX: What should we do when a stat call failed?
diff --git a/src/lib.rs b/src/lib.rs
index c0a37cd7..55e44931 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -324,4 +324,20 @@ mod tests {
             false,
         );
     }
+
+    #[test]
+    fn abi_v3_truncate() {
+        check_ruleset_support(
+            ABI::V2,
+            Some(ABI::V3),
+            |ruleset: Ruleset| -> _ {
+                Ok(ruleset
+                    .handle_access(AccessFs::Refer)?
+                    .handle_access(AccessFs::Truncate)?
+                    .create()?
+                    .restrict_self()?)
+            },
+            false,
+        );
+    }
 }
diff --git a/src/uapi/mod.rs b/src/uapi/mod.rs
index a3e7bb04..cc407d53 100644
--- a/src/uapi/mod.rs
+++ b/src/uapi/mod.rs
@@ -24,6 +24,7 @@ pub use self::landlock::{
     LANDLOCK_ACCESS_FS_MAKE_BLOCK,
     LANDLOCK_ACCESS_FS_MAKE_SYM,
     LANDLOCK_ACCESS_FS_REFER,
+    LANDLOCK_ACCESS_FS_TRUNCATE,
     LANDLOCK_CREATE_RULESET_VERSION,
 };