| 12 |
|
|
| 13 |
static int is_enforce = 0; |
static int is_enforce = 0; |
| 14 |
|
|
| 15 |
static void ShowPrompt(const char *str) |
static void show_prompt(const char *str) |
| 16 |
{ |
{ |
| 17 |
printf("Testing %35s: (%s) ", str, |
printf("Testing %35s: (%s) ", str, |
| 18 |
is_enforce ? "must fail" : "must success"); |
is_enforce ? "must fail" : "must success"); |
| 19 |
errno = 0; |
errno = 0; |
| 20 |
} |
} |
| 21 |
|
|
| 22 |
static void ShowResult(int result) |
static void show_result(int result) |
| 23 |
{ |
{ |
| 24 |
if (is_enforce) { |
if (is_enforce) { |
| 25 |
if (result == EOF) { |
if (result == EOF) { |
| 39 |
} |
} |
| 40 |
|
|
| 41 |
|
|
| 42 |
static void SetStatus(int status) |
static void set_status(int status) |
| 43 |
{ |
{ |
| 44 |
char buffer[128]; |
char buffer[128]; |
| 45 |
memset(buffer, 0, sizeof(buffer)); |
memset(buffer, 0, sizeof(buffer)); |
| 46 |
snprintf(buffer, sizeof(buffer) - 1, "MAC_FOR_FILE=%d\n", status); |
snprintf(buffer, sizeof(buffer) - 1, "MAC_FOR_FILE=%d\n", status); |
| 47 |
WriteStatus(buffer); |
write_status(buffer); |
| 48 |
} |
} |
| 49 |
|
|
| 50 |
static void AddDomainPolicy(const char *data) |
static void add_domain_policy(const char *data) |
| 51 |
{ |
{ |
| 52 |
char buffer[4096]; |
char buffer[4096]; |
| 53 |
FILE *fp; |
FILE *fp; |
| 54 |
SetStatus(0); |
set_status(0); |
| 55 |
fp = fopen(proc_policy_self_domain, "r"); |
fp = fopen(proc_policy_self_domain, "r"); |
| 56 |
if (fp) { |
if (fp) { |
| 57 |
fgets(buffer, sizeof(buffer) - 1, fp); |
fgets(buffer, sizeof(buffer) - 1, fp); |
| 71 |
} |
} |
| 72 |
} |
} |
| 73 |
|
|
| 74 |
static void AddExceptionPolicy(const char *data) |
static void add_exception_policy(const char *data) |
| 75 |
{ |
{ |
| 76 |
FILE *fp; |
FILE *fp; |
| 77 |
SetStatus(0); |
set_status(0); |
| 78 |
fp = fopen(proc_policy_exception_policy, "w"); |
fp = fopen(proc_policy_exception_policy, "w"); |
| 79 |
if (fp) { |
if (fp) { |
| 80 |
fprintf(fp, "%s\n", data); |
fprintf(fp, "%s\n", data); |
| 87 |
|
|
| 88 |
#define REWRITE_PATH "/tmp/rewrite_test" |
#define REWRITE_PATH "/tmp/rewrite_test" |
| 89 |
|
|
| 90 |
static void StageRewriteTest(void) |
static void stage_rewrite_test(void) |
| 91 |
{ |
{ |
| 92 |
int fd; |
int fd; |
| 93 |
|
|
| 94 |
/* Start up */ |
/* Start up */ |
| 95 |
AddDomainPolicy("6 " REWRITE_PATH); |
add_domain_policy("6 " REWRITE_PATH); |
| 96 |
AddDomainPolicy("allow_truncate " REWRITE_PATH); |
add_domain_policy("allow_truncate " REWRITE_PATH); |
| 97 |
AddDomainPolicy("allow_create " REWRITE_PATH); |
add_domain_policy("allow_create " REWRITE_PATH); |
| 98 |
AddDomainPolicy("allow_unlink " REWRITE_PATH); |
add_domain_policy("allow_unlink " REWRITE_PATH); |
| 99 |
AddExceptionPolicy("deny_rewrite " REWRITE_PATH); |
add_exception_policy("deny_rewrite " REWRITE_PATH); |
| 100 |
close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600)); |
close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600)); |
| 101 |
|
|
| 102 |
/* Enforce mode */ |
/* Enforce mode */ |
| 103 |
SetStatus(3); |
set_status(3); |
| 104 |
is_enforce = 0; |
is_enforce = 0; |
| 105 |
|
|
| 106 |
ShowPrompt("open(O_RDONLY)"); |
show_prompt("open(O_RDONLY)"); |
| 107 |
fd = open(REWRITE_PATH, O_RDONLY); |
fd = open(REWRITE_PATH, O_RDONLY); |
| 108 |
ShowResult(fd); |
show_result(fd); |
| 109 |
close(fd); |
close(fd); |
| 110 |
|
|
| 111 |
ShowPrompt("open(O_WRONLY | O_APPEND)"); |
show_prompt("open(O_WRONLY | O_APPEND)"); |
| 112 |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
| 113 |
ShowResult(fd); |
show_result(fd); |
| 114 |
close(fd); |
close(fd); |
| 115 |
|
|
| 116 |
is_enforce = 1; |
is_enforce = 1; |
| 117 |
ShowPrompt("open(O_WRONLY)"); |
show_prompt("open(O_WRONLY)"); |
| 118 |
fd = open(REWRITE_PATH, O_WRONLY); |
fd = open(REWRITE_PATH, O_WRONLY); |
| 119 |
ShowResult(fd); |
show_result(fd); |
| 120 |
close(fd); |
close(fd); |
| 121 |
|
|
| 122 |
ShowPrompt("open(O_WRONLY | O_TRUNC)"); |
show_prompt("open(O_WRONLY | O_TRUNC)"); |
| 123 |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC); |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC); |
| 124 |
ShowResult(fd); |
show_result(fd); |
| 125 |
close(fd); |
close(fd); |
| 126 |
|
|
| 127 |
ShowPrompt("open(O_WRONLY | O_TRUNC | O_APPEND)"); |
show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)"); |
| 128 |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND); |
| 129 |
ShowResult(fd); |
show_result(fd); |
| 130 |
close(fd); |
close(fd); |
| 131 |
|
|
| 132 |
ShowPrompt("truncate()"); |
show_prompt("truncate()"); |
| 133 |
ShowResult(truncate(REWRITE_PATH, 0)); |
show_result(truncate(REWRITE_PATH, 0)); |
| 134 |
|
|
| 135 |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
| 136 |
ShowPrompt("ftruncate()"); |
show_prompt("ftruncate()"); |
| 137 |
ShowResult(ftruncate(fd, 0)); |
show_result(ftruncate(fd, 0)); |
| 138 |
|
|
| 139 |
ShowPrompt("fcntl(F_SETFL, ~O_APPEND)"); |
show_prompt("fcntl(F_SETFL, ~O_APPEND)"); |
| 140 |
ShowResult(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND)); |
show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND)); |
| 141 |
close(fd); |
close(fd); |
| 142 |
|
|
| 143 |
/* Permissive mode */ |
/* Permissive mode */ |
| 144 |
SetStatus(2); |
set_status(2); |
| 145 |
is_enforce = 0; |
is_enforce = 0; |
| 146 |
|
|
| 147 |
ShowPrompt("open(O_RDONLY)"); |
show_prompt("open(O_RDONLY)"); |
| 148 |
fd = open(REWRITE_PATH, O_RDONLY); |
fd = open(REWRITE_PATH, O_RDONLY); |
| 149 |
ShowResult(fd); |
show_result(fd); |
| 150 |
close(fd); |
close(fd); |
| 151 |
|
|
| 152 |
ShowPrompt("open(O_WRONLY | O_APPEND)"); |
show_prompt("open(O_WRONLY | O_APPEND)"); |
| 153 |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
| 154 |
ShowResult(fd); |
show_result(fd); |
| 155 |
close(fd); |
close(fd); |
| 156 |
|
|
| 157 |
ShowPrompt("open(O_WRONLY)"); |
show_prompt("open(O_WRONLY)"); |
| 158 |
fd = open(REWRITE_PATH, O_WRONLY); |
fd = open(REWRITE_PATH, O_WRONLY); |
| 159 |
ShowResult(fd); |
show_result(fd); |
| 160 |
close(fd); |
close(fd); |
| 161 |
|
|
| 162 |
ShowPrompt("open(O_WRONLY | O_TRUNC)"); |
show_prompt("open(O_WRONLY | O_TRUNC)"); |
| 163 |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC); |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC); |
| 164 |
ShowResult(fd); |
show_result(fd); |
| 165 |
close(fd); |
close(fd); |
| 166 |
|
|
| 167 |
ShowPrompt("open(O_WRONLY | O_TRUNC | O_APPEND)"); |
show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)"); |
| 168 |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND); |
| 169 |
ShowResult(fd); |
show_result(fd); |
| 170 |
close(fd); |
close(fd); |
| 171 |
|
|
| 172 |
ShowPrompt("truncate()"); |
show_prompt("truncate()"); |
| 173 |
ShowResult(truncate(REWRITE_PATH, 0)); |
show_result(truncate(REWRITE_PATH, 0)); |
| 174 |
|
|
| 175 |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND); |
| 176 |
ShowPrompt("ftruncate()"); |
show_prompt("ftruncate()"); |
| 177 |
ShowResult(ftruncate(fd, 0)); |
show_result(ftruncate(fd, 0)); |
| 178 |
|
|
| 179 |
ShowPrompt("fcntl(F_SETFL, ~O_APPEND)"); |
show_prompt("fcntl(F_SETFL, ~O_APPEND)"); |
| 180 |
ShowResult(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND)); |
show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND)); |
| 181 |
close(fd); |
close(fd); |
| 182 |
|
|
| 183 |
/* Clean up */ |
/* Clean up */ |
| 184 |
unlink(REWRITE_PATH); |
unlink(REWRITE_PATH); |
| 185 |
AddExceptionPolicy("delete " "deny_rewrite " REWRITE_PATH); |
add_exception_policy("delete " "deny_rewrite " REWRITE_PATH); |
| 186 |
printf("\n\n"); |
printf("\n\n"); |
| 187 |
} |
} |
| 188 |
|
|
| 189 |
int main(int argc, char *argv[]) |
int main(int argc, char *argv[]) |
| 190 |
{ |
{ |
| 191 |
Init(); |
ccs_test_init(); |
| 192 |
StageRewriteTest(); |
stage_rewrite_test(); |
| 193 |
ClearStatus(); |
clear_status(); |
| 194 |
return 0; |
return 0; |
| 195 |
} |
} |
TOMOYO
Parent Directory
Revision Log
Patch