5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.1 2008/05/10 |
* Version: 1.6.5-pre 2008/10/07 |
9 |
* |
* |
10 |
*/ |
*/ |
11 |
#include "include.h" |
#include "include.h" |
115 |
|
|
116 |
static void StageFileTest(void) { |
static void StageFileTest(void) { |
117 |
char *filename = ""; |
char *filename = ""; |
118 |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range"; |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range if task.uid=0 task.gid=0"; |
119 |
if (write_policy()) { |
if (write_policy()) { |
120 |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
121 |
int buffer[2] = { 32768, 61000 }; |
int buffer[2] = { 32768, 61000 }; |
124 |
delete_policy(); |
delete_policy(); |
125 |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 0); |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 0); |
126 |
} |
} |
127 |
policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range"; |
policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range if task.euid=0 0=0 1-100=10-1000"; |
128 |
if (write_policy()) { |
if (write_policy()) { |
129 |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
130 |
int buffer[2] = { 32768, 61000 }; |
int buffer[2] = { 32768, 61000 }; |
133 |
delete_policy(); |
delete_policy(); |
134 |
show_result(sysctl(name, 3, 0, 0, buffer, size), 0); |
show_result(sysctl(name, 3, 0, 0, buffer, size), 0); |
135 |
} |
} |
136 |
policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range"; |
policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range if 1!=10-100"; |
137 |
if (write_policy()) { |
if (write_policy()) { |
138 |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE }; |
139 |
int buffer[2] = { 32768, 61000 }; |
int buffer[2] = { 32768, 61000 }; |
143 |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 0); |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 0); |
144 |
} |
} |
145 |
|
|
146 |
policy = "allow_read /bin/true"; |
policy = "allow_read /bin/true if path1.uid=0 path1.parent.uid=0 10=10-100"; |
147 |
if (write_policy()) { |
if (write_policy()) { |
148 |
show_result(uselib("/bin/true"), 1); |
show_result(uselib("/bin/true"), 1); |
149 |
delete_policy(); |
delete_policy(); |
150 |
show_result(uselib("/bin/true"), 0); |
show_result(uselib("/bin/true"), 0); |
151 |
} |
} |
152 |
|
|
153 |
policy = "allow_execute /bin/true"; |
policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0"; |
154 |
if (write_policy()) { |
if (write_policy()) { |
155 |
int pipe_fd[2] = { EOF, EOF }; |
int pipe_fd[2] = { EOF, EOF }; |
156 |
int err = 0; |
int err = 0; |
185 |
show_result(err ? EOF : 0, 0); |
show_result(err ? EOF : 0, 0); |
186 |
} |
} |
187 |
|
|
188 |
policy = "allow_read /dev/null"; |
policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino"; |
189 |
if (write_policy()) { |
if (write_policy()) { |
190 |
int fd = open("/dev/null", O_RDONLY); |
int fd = open("/dev/null", O_RDONLY); |
191 |
show_result(fd, 1); |
show_result(fd, 1); |
196 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
197 |
} |
} |
198 |
|
|
199 |
policy = "allow_write /dev/null"; |
policy = "allow_write /dev/null if path1.uid=path1.gid"; |
200 |
if (write_policy()) { |
if (write_policy()) { |
201 |
int fd = open("/dev/null", O_WRONLY); |
int fd = open("/dev/null", O_WRONLY); |
202 |
show_result(fd, 1); |
show_result(fd, 1); |
207 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
208 |
} |
} |
209 |
|
|
210 |
policy = "allow_read/write /dev/null"; |
policy = "allow_read/write /dev/null if task.uid=path1.parent.uid"; |
211 |
if (write_policy()) { |
if (write_policy()) { |
212 |
int fd = open("/dev/null", O_RDWR); |
int fd = open("/dev/null", O_RDWR); |
213 |
show_result(fd, 1); |
show_result(fd, 1); |
218 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
219 |
} |
} |
220 |
|
|
221 |
policy = "allow_create /tmp/open_test"; |
policy = "allow_create /tmp/open_test if path1.parent.uid=task.uid"; |
222 |
if (write_policy()) { |
if (write_policy()) { |
223 |
policy = "allow_write /tmp/open_test"; |
policy = "allow_write /tmp/open_test if path1.parent.uid=0"; |
224 |
if (write_policy()) { |
if (write_policy()) { |
225 |
int fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0666); |
int fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0666); |
226 |
show_result(fd, 1); |
show_result(fd, 1); |
232 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
233 |
unlink2("/tmp/open_test"); |
unlink2("/tmp/open_test"); |
234 |
} |
} |
235 |
policy = "allow_create /tmp/open_test\n"; |
policy = "allow_create /tmp/open_test if path1.parent.uid=task.uid\n"; |
236 |
delete_policy(); |
delete_policy(); |
237 |
} |
} |
238 |
|
|
239 |
policy = "allow_write /tmp/open_test"; |
policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0"; |
240 |
if (write_policy()) { |
if (write_policy()) { |
241 |
policy = "allow_create /tmp/open_test"; |
policy = "allow_create /tmp/open_test if 0=0"; |
242 |
if (write_policy()) { |
if (write_policy()) { |
243 |
int fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0666); |
int fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0666); |
244 |
show_result(fd, 1); |
show_result(fd, 1); |
250 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
251 |
unlink2("/tmp/open_test"); |
unlink2("/tmp/open_test"); |
252 |
} |
} |
253 |
policy = "allow_write /tmp/open_test\n"; |
policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0\n"; |
254 |
delete_policy(); |
delete_policy(); |
255 |
} |
} |
256 |
|
|
257 |
filename = "/tmp/truncate_test"; |
filename = "/tmp/truncate_test"; |
258 |
create2(filename); |
create2(filename); |
259 |
|
|
260 |
policy = "allow_truncate /tmp/truncate_test"; |
policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid"; |
261 |
if (write_policy()) { |
if (write_policy()) { |
262 |
policy = "allow_write /tmp/truncate_test"; |
policy = "allow_write /tmp/truncate_test if 1!=100-1000000"; |
263 |
if (write_policy()) { |
if (write_policy()) { |
264 |
int fd = open(filename, O_WRONLY | O_TRUNC); |
int fd = open(filename, O_WRONLY | O_TRUNC); |
265 |
show_result(fd, 1); |
show_result(fd, 1); |
269 |
show_result(fd, 0); |
show_result(fd, 0); |
270 |
if (fd != EOF) close(fd); |
if (fd != EOF) close(fd); |
271 |
} |
} |
272 |
policy = "allow_truncate /tmp/truncate_test"; |
policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid"; |
273 |
delete_policy(); |
delete_policy(); |
274 |
} |
} |
275 |
|
|