ruleset: Use abi and state getters for Compatibility

This gives a guarantee that abi and state can only be modified with the update() method. Signed-off-by: Mickaël Salaün <mic@digikod.net>
landlock-lsm · Aug 29, 2022 · 1aa1c83 · 1aa1c83
1 parent 43cc2c1
commit 1aa1c83
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 14 deletions.
diff --git a/src/access.rs b/src/access.rs
@@ -78,7 +78,7 @@ where
             }
             .into());
         } else {
-            let compat_bits = self & T::from_all(compat.abi);
+            let compat_bits = self & T::from_all(compat.abi());
             if compat_bits.is_empty() {
                 match compat.level {
                     // Empty access-rights are ignored to avoid an error when passing them to
@@ -143,7 +143,7 @@ fn compat_bit_flags() {
 
     assert!(!compat.is_mooted());
 
-    compat.abi = ABI::Unsupported;
+    compat = ABI::Unsupported.into();
     assert!(!compat.is_mooted());
 
     // Access-rights are valid (but ignored) when they are not required for the current ABI.

diff --git a/src/compat.rs b/src/compat.rs
@@ -214,9 +214,9 @@ fn compat_state_update_2() {
 #[derive(Clone)]
 // Compatibility is not public outside this crate.
 pub struct Compatibility {
-    pub(crate) abi: ABI,
+    abi: ABI,
     pub(crate) level: CompatLevel,
-    pub(crate) state: CompatState,
+    state: CompatState,
     // is_mooted is required to differenciate a kernel not supporting Landlock from an error that
     // occured with CompatLevel::SoftRequirement.  is_mooted is only changed with update() and only
     // used to not set no_new_privs in RulesetCreated::restrict_self().
@@ -253,6 +253,14 @@ impl Compatibility {
         }
     }
 
+    pub(crate) fn abi(&self) -> ABI {
+        self.abi
+    }
+
+    pub(crate) fn state(&self) -> CompatState {
+        self.state
+    }
+
     pub(crate) fn is_mooted(&self) -> bool {
         self.is_mooted
     }

diff --git a/src/fs.rs b/src/fs.rs
@@ -307,7 +307,7 @@ fn path_beneath_try_compat() {
             .attr
             .allowed_access;
         assert_eq!(raw_access, full_access.bits());
-        assert_eq!(compat_copy.state, CompatState::Full);
+        assert_eq!(compat_copy.state(), CompatState::Full);
     }
 }
 

diff --git a/src/ruleset.rs b/src/ruleset.rs
@@ -250,10 +250,10 @@ impl Ruleset {
                 handled_access_fs: self.actual_handled_fs.bits(),
             };
 
-            match self.compat.abi {
+            match self.compat.abi() {
                 ABI::Unsupported => {
                     #[cfg(test)]
-                    assert_eq!(self.compat.state, CompatState::Final);
+                    assert_eq!(self.compat.state(), CompatState::Final);
                     Ok(RulesetCreated::new(self, -1))
                 }
                 _ => match unsafe { uapi::landlock_create_ruleset(&attr, size_of_val(&attr), 0) } {
@@ -337,10 +337,10 @@ impl RulesetCreated {
                 Some(r) => r,
                 None => return Ok(self),
             };
-            match self.compat.abi {
+            match self.compat.abi() {
                 ABI::Unsupported => {
                     #[cfg(test)]
-                    assert_eq!(self.compat.state, CompatState::Final);
+                    assert_eq!(self.compat.state(), CompatState::Final);
                     Ok(self)
                 }
                 _ => match unsafe {
@@ -489,7 +489,7 @@ impl RulesetCreated {
                     // To get a consistent behavior, calls this prctl whether or not
                     // Landlock is supported by the running kernel.
                     let support_nnp = support_no_new_privs();
-                    match self.compat.abi {
+                    match self.compat.abi() {
                         // It should not be an error for kernel (older than 3.5) not supporting
                         // no_new_privs.
                         ABI::Unsupported => {
@@ -511,20 +511,20 @@ impl RulesetCreated {
                 false
             };
 
-            match self.compat.abi {
+            match self.compat.abi() {
                 ABI::Unsupported => {
                     #[cfg(test)]
-                    assert_eq!(self.compat.state, CompatState::Final);
+                    assert_eq!(self.compat.state(), CompatState::Final);
                     Ok(RestrictionStatus {
-                        ruleset: self.compat.state.into(),
+                        ruleset: self.compat.state().into(),
                         no_new_privs: enforced_nnp,
                     })
                 }
                 _ => match unsafe { uapi::landlock_restrict_self(self.fd, 0) } {
                     0 => {
                         self.compat.update(CompatState::Full);
                         Ok(RestrictionStatus {
-                            ruleset: self.compat.state.into(),
+                            ruleset: self.compat.state().into(),
                             no_new_privs: enforced_nnp,
                         })
                     }