127 |
|
|
128 |
static void stage_file_test(void) |
static void stage_file_test(void) |
129 |
{ |
{ |
|
#if 0 |
|
130 |
char *filename = ""; |
char *filename = ""; |
131 |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range " |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range " |
132 |
"if task.uid=0 task.gid=0"; |
"if task.uid=0 task.gid=0"; |
206 |
errno = err; |
errno = err; |
207 |
show_result(err ? EOF : 0, 0); |
show_result(err ? EOF : 0, 0); |
208 |
} |
} |
|
#endif |
|
209 |
|
|
210 |
policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 path1.dev_minor=3"; |
policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 " |
211 |
|
"path1.dev_minor=3"; |
212 |
if (write_policy()) { |
if (write_policy()) { |
213 |
int fd = open("/dev/null", O_RDONLY); |
int fd = open("/dev/null", O_RDONLY); |
214 |
show_result(fd, 1); |
show_result(fd, 1); |
234 |
close(fd); |
close(fd); |
235 |
} |
} |
236 |
|
|
237 |
policy = "allow_read /dev/null if path1.perm=owner_read path1.perm=owner_write path1.perm!=owner_execute path1.perm=group_read path1.perm=group_write path1.perm!=group_execute path1.perm=others_read path1.perm=others_write path1.perm!=others_execute path1.perm!=setuid path1.perm!=setgid path1.perm!=sticky"; |
policy = "allow_read /dev/null if path1.perm!=0777"; |
238 |
if (write_policy()) { |
if (write_policy()) { |
239 |
int fd = open("/dev/null", O_RDONLY); |
int fd = open("/dev/null", O_RDONLY); |
240 |
show_result(fd, 1); |
show_result(fd, 1); |
247 |
close(fd); |
close(fd); |
248 |
} |
} |
249 |
|
|
250 |
|
policy = "allow_read /dev/null if path1.perm=owner_read " |
251 |
|
"path1.perm=owner_write path1.perm!=owner_execute " |
252 |
|
"path1.perm=group_read path1.perm=group_write " |
253 |
|
"path1.perm!=group_execute path1.perm=others_read " |
254 |
|
"path1.perm=others_write path1.perm!=others_execute " |
255 |
|
"path1.perm!=setuid path1.perm!=setgid path1.perm!=sticky"; |
256 |
|
if (write_policy()) { |
257 |
|
int fd = open("/dev/null", O_RDONLY); |
258 |
|
show_result(fd, 1); |
259 |
|
if (fd != EOF) |
260 |
|
close(fd); |
261 |
|
delete_policy(); |
262 |
|
fd = open("/dev/null", O_RDONLY); |
263 |
|
show_result(fd, 0); |
264 |
|
if (fd != EOF) |
265 |
|
close(fd); |
266 |
|
} |
267 |
|
|
268 |
|
policy = "allow_mkfifo /tmp/mknod_fifo_test " |
269 |
|
"if path1.parent.perm=01777 path1.parent.perm=sticky " |
270 |
|
"path1.parent.uid=0 path1.parent.gid=0"; |
271 |
|
if (write_policy()) { |
272 |
|
filename = "/tmp/mknod_fifo_test"; |
273 |
|
show_result(mknod(filename, S_IFIFO, 0), 1); |
274 |
|
delete_policy(); |
275 |
|
unlink2(filename); |
276 |
|
show_result(mknod(filename, S_IFIFO, 0), 0); |
277 |
|
} |
278 |
|
|
279 |
|
{ |
280 |
|
char buffer[1024]; |
281 |
|
struct stat sbuf; |
282 |
|
memset(buffer, 0, sizeof(buffer)); |
283 |
|
memset(&sbuf, 0, sizeof(sbuf)); |
284 |
|
filename = "/dev/null"; |
285 |
|
stat(filename, &sbuf); |
286 |
|
snprintf(buffer, sizeof(buffer) - 1, |
287 |
|
"allow_write %s if path1.major=%u path1.minor=%u", |
288 |
|
filename, (unsigned int) MAJOR(sbuf.st_dev), |
289 |
|
(unsigned int) MINOR(sbuf.st_dev)); |
290 |
|
policy = buffer; |
291 |
|
if (write_policy()) { |
292 |
|
int fd = open(filename, O_WRONLY); |
293 |
|
show_result(fd, 1); |
294 |
|
if (fd != EOF) |
295 |
|
close(fd); |
296 |
|
delete_policy(); |
297 |
|
fd = open(filename, O_WRONLY); |
298 |
|
show_result(fd, 0); |
299 |
|
if (fd != EOF) |
300 |
|
close(fd); |
301 |
|
} |
302 |
|
} |
303 |
|
|
304 |
policy = "allow_read /dev/initctl if path1.type=fifo"; |
policy = "allow_read /dev/initctl if path1.type=fifo"; |
305 |
if (write_policy()) { |
if (write_policy()) { |
306 |
int fd = open("/dev/initctl", O_RDONLY); |
int fd = open("/dev/initctl", O_RDONLY); |
313 |
if (fd != EOF) |
if (fd != EOF) |
314 |
close(fd); |
close(fd); |
315 |
} |
} |
316 |
#if 0 |
|
317 |
policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino"; |
policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino"; |
318 |
if (write_policy()) { |
if (write_policy()) { |
319 |
int fd = open("/dev/null", O_RDONLY); |
int fd = open("/dev/null", O_RDONLY); |
650 |
write(exception_fd, cp, strlen(cp)); |
write(exception_fd, cp, strlen(cp)); |
651 |
} |
} |
652 |
unlink2(filename); |
unlink2(filename); |
|
#endif |
|
653 |
} |
} |
654 |
|
|
655 |
int main(int argc, char *argv[]) |
int main(int argc, char *argv[]) |