オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Annotation of /trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3875 - (hide annotations) (download) (as text)
Sun Aug 1 11:39:42 2010 UTC (13 years, 9 months ago) by kumaneko
File MIME type: text/x-csrc
File size: 18047 byte(s) 
start trunk/1.8.x/
1 kumaneko 1066 /*
2 kumaneko 3071 * ccs_new_file_test.c
3 kumaneko 1066 *
4 kumaneko 3871 * Copyright (C) 2005-2010 NTT DATA CORPORATION
5 kumaneko 1066 *
6 kumaneko 3871 * Version: 1.8.0-pre 2010/08/01
7 kumaneko 1066 *
8     */
9     #include "include.h"
10    
11     static const char *policy = "";
12    
13 kumaneko 2943 #if 0
14 kumaneko 1726 static int write_policy(void)
15     {
16 kumaneko 1066 FILE *fp;
17     char buffer[8192];
18     int domain_found = 0;
19     int policy_found = 0;
20     memset(buffer, 0, sizeof(buffer));
21 kumaneko 2943 set_profile(0, "file::open");
22 kumaneko 1066 fp = fopen(proc_policy_domain_policy, "r");
23 kumaneko 2943 set_profile(3, "file::open");
24 kumaneko 2908 fprintf(domain_fp, "%s\n", policy);
25 kumaneko 1066 if (!fp) {
26     printf("%s : BUG: policy read failed\n", policy);
27     return 0;
28     }
29     while (fgets(buffer, sizeof(buffer) - 1, fp)) {
30 kumaneko 2908 char *cp = strchr(buffer, '\n');
31 kumaneko 1726 if (cp)
32     *cp = '\0';
33     if (!strncmp(buffer, "<kernel>", 8))
34     domain_found = !strcmp(self_domain, buffer);
35 kumaneko 2908 if (!domain_found)
36     continue;
37     /* printf("<%s>\n", buffer); */
38     if (!strcmp(buffer, policy)) {
39     policy_found = 1;
40     break;
41 kumaneko 1066 }
42     }
43     fclose(fp);
44     if (!policy_found) {
45     printf("%s : BUG: policy write failed\n", policy);
46     return 0;
47     }
48     errno = 0;
49     return 1;
50     }
51 kumaneko 2943 #endif
52 kumaneko 1066
53 kumaneko 1726 static void show_result(int result, char should_success)
54     {
55 kumaneko 1066 int err = errno;
56     printf("%s : ", policy);
57     if (should_success) {
58 kumaneko 1726 if (result != EOF)
59     printf("OK\n");
60     else
61     printf("FAILED: %s\n", strerror(err));
62 kumaneko 1066 } else {
63     if (result == EOF) {
64 kumaneko 1726 if (err == EPERM)
65     printf("OK: Permission denied.\n");
66     else
67     printf("FAILED: %s\n", strerror(err));
68 kumaneko 1066 } else {
69     printf("BUG: didn't fail.\n");
70     }
71     }
72     }
73    
74 kumaneko 1726 static void create2(const char *pathname)
75     {
76 kumaneko 2943 set_profile(0, "file::create");
77     set_profile(0, "file::open");
78 kumaneko 1066 close(creat(pathname, 0600));
79 kumaneko 2943 set_profile(3, "file::create");
80     set_profile(3, "file::open");
81 kumaneko 1148 errno = 0;
82 kumaneko 1066 }
83    
84 kumaneko 1726 static void mkdir2(const char *pathname)
85     {
86 kumaneko 2943 set_profile(0, "file::mkdir");
87 kumaneko 1066 mkdir(pathname, 0600);
88 kumaneko 2943 set_profile(3, "file::mkdir");
89 kumaneko 1148 errno = 0;
90 kumaneko 1066 }
91    
92 kumaneko 1726 static void unlink2(const char *pathname)
93     {
94 kumaneko 2943 set_profile(0, "file::unlink");
95 kumaneko 1066 unlink(pathname);
96 kumaneko 2943 set_profile(3, "file::unlink");
97 kumaneko 1148 errno = 0;
98 kumaneko 1726 }
99 kumaneko 1066
100 kumaneko 1726 static void rmdir2(const char *pathname)
101     {
102 kumaneko 2943 set_profile(0, "file::rmdir");
103 kumaneko 1066 rmdir(pathname);
104 kumaneko 2943 set_profile(3, "file::rmdir");
105 kumaneko 1148 errno = 0;
106 kumaneko 1066 }
107    
108 kumaneko 2563 static void mkfifo2(const char *pathname)
109     {
110 kumaneko 2943 set_profile(0, "file::mkfifo");
111 kumaneko 2563 mkfifo(pathname, 0600);
112 kumaneko 2943 set_profile(3, "file::mkfifo");
113 kumaneko 2563 errno = 0;
114     }
115    
116 kumaneko 1744 static void stage_file_test(void)
117 kumaneko 1726 {
118 kumaneko 2943 static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE };
119     int buffer[2] = { 32768, 61000 };
120     size_t size = sizeof(buffer);
121     int pipe_fd[2] = { EOF, EOF };
122     int err = 0;
123     int fd;
124     char pbuffer[1024];
125     struct stat sbuf;
126     struct sockaddr_un addr;
127     struct ifreq ifreq;
128 kumaneko 1066 char *filename = "";
129 kumaneko 2943 set_profile(3, "file::execute");
130     set_profile(3, "file::open");
131     set_profile(3, "file::create");
132     set_profile(3, "file::unlink");
133     set_profile(3, "file::mkdir");
134     set_profile(3, "file::rmdir");
135     set_profile(3, "file::mkfifo");
136     set_profile(3, "file::mksock");
137     set_profile(3, "file::truncate");
138     set_profile(3, "file::symlink");
139     set_profile(3, "file::mkblock");
140     set_profile(3, "file::mkchar");
141     set_profile(3, "file::link");
142     set_profile(3, "file::rename");
143     set_profile(3, "file::chmod");
144     set_profile(3, "file::chown");
145     set_profile(3, "file::chgrp");
146     set_profile(3, "file::ioctl");
147     set_profile(3, "file::chroot");
148     set_profile(3, "file::mount");
149     set_profile(3, "file::umount");
150     set_profile(3, "file::pivot_root");
151 kumaneko 2984
152 kumaneko 3821 policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
153 kumaneko 1726 "if task.uid=0 task.gid=0";
154 kumaneko 2943 write_domain_policy(policy, 0);
155     show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
156     write_domain_policy(policy, 1);
157     show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
158 kumaneko 2984
159 kumaneko 3821 policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
160 kumaneko 1726 "if task.euid=0 0=0 1-100=10-1000";
161 kumaneko 2943 write_domain_policy(policy, 0);
162     show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
163     write_domain_policy(policy, 1);
164     show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
165 kumaneko 2984
166 kumaneko 3821 policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
167 kumaneko 1726 "if 1!=10-100";
168 kumaneko 2943 write_domain_policy(policy, 0);
169 kumaneko 3821 policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
170 kumaneko 3808 "if 1!=10-100";
171     write_domain_policy(policy, 0);
172 kumaneko 2943 show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
173 kumaneko 3821 policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
174 kumaneko 3808 "if 1!=10-100";
175 kumaneko 2943 write_domain_policy(policy, 1);
176 kumaneko 3821 policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
177 kumaneko 3808 "if 1!=10-100";
178     write_domain_policy(policy, 1);
179 kumaneko 2943 show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
180 kumaneko 2984
181 kumaneko 3808 policy = "file read /bin/true "
182 kumaneko 1726 "if path1.uid=0 path1.parent.uid=0 10=10-100";
183 kumaneko 2943 write_domain_policy(policy, 0);
184     show_result(uselib("/bin/true"), 1);
185     write_domain_policy(policy, 1);
186     show_result(uselib("/bin/true"), 0);
187 kumaneko 2984
188 kumaneko 3808 policy = "file execute /bin/true if task.uid!=10 path1.parent.uid=0";
189 kumaneko 2943 write_domain_policy(policy, 0);
190     fflush(stdout);
191     fflush(stderr);
192     pipe(pipe_fd);
193     if (fork() == 0) {
194     execl("/bin/true", "/bin/true", NULL);
195     err = errno;
196     write(pipe_fd[1], &err, sizeof(err));
197     _exit(0);
198 kumaneko 1066 }
199 kumaneko 2943 close(pipe_fd[1]);
200     read(pipe_fd[0], &err, sizeof(err));
201     close(pipe_fd[0]);
202     wait(NULL);
203     errno = err;
204     show_result(err ? EOF : 0, 1);
205     write_domain_policy(policy, 1);
206     fflush(stdout);
207     fflush(stderr);
208     pipe(pipe_fd);
209     if (fork() == 0) {
210     execl("/bin/true", "/bin/true", NULL);
211     err = errno;
212     write(pipe_fd[1], &err, sizeof(err));
213     _exit(0);
214     }
215     close(pipe_fd[1]);
216     read(pipe_fd[0], &err, sizeof(err));
217     close(pipe_fd[0]);
218     wait(NULL);
219     errno = err;
220     show_result(err ? EOF : 0, 0);
221 kumaneko 1066
222 kumaneko 3808 policy = "file read /dev/null if path1.type=char path1.dev_major=1 "
223 kumaneko 1996 "path1.dev_minor=3";
224 kumaneko 2943 write_domain_policy(policy, 0);
225     fd = open("/dev/null", O_RDONLY);
226     show_result(fd, 1);
227     if (fd != EOF)
228     close(fd);
229     write_domain_policy(policy, 1);
230     fd = open("/dev/null", O_RDONLY);
231     show_result(fd, 0);
232     if (fd != EOF)
233     close(fd);
234 kumaneko 2984
235 kumaneko 3808 policy = "file read /dev/null if path1.perm=0666";
236 kumaneko 2943 write_domain_policy(policy, 0);
237     fd = open("/dev/null", O_RDONLY);
238     show_result(fd, 1);
239     if (fd != EOF)
240     close(fd);
241     write_domain_policy(policy, 1);
242     fd = open("/dev/null", O_RDONLY);
243     show_result(fd, 0);
244     if (fd != EOF)
245     close(fd);
246 kumaneko 1995
247 kumaneko 3808 policy = "file read /dev/null if path1.perm!=0777";
248 kumaneko 2943 write_domain_policy(policy, 0);
249     fd = open("/dev/null", O_RDONLY);
250     show_result(fd, 1);
251     if (fd != EOF)
252     close(fd);
253     write_domain_policy(policy, 1);
254     fd = open("/dev/null", O_RDONLY);
255     show_result(fd, 0);
256     if (fd != EOF)
257     close(fd);
258 kumaneko 1995
259 kumaneko 3808 policy = "file read /dev/null if path1.perm=owner_read "
260 kumaneko 1996 "path1.perm=owner_write path1.perm!=owner_execute "
261     "path1.perm=group_read path1.perm=group_write "
262     "path1.perm!=group_execute path1.perm=others_read "
263     "path1.perm=others_write path1.perm!=others_execute "
264     "path1.perm!=setuid path1.perm!=setgid path1.perm!=sticky";
265 kumaneko 2943 write_domain_policy(policy, 0);
266     fd = open("/dev/null", O_RDONLY);
267     show_result(fd, 1);
268     if (fd != EOF)
269     close(fd);
270     write_domain_policy(policy, 1);
271     fd = open("/dev/null", O_RDONLY);
272     show_result(fd, 0);
273     if (fd != EOF)
274     close(fd);
275 kumaneko 1996
276 kumaneko 2943 set_profile(3, "file::mkfifo");
277 kumaneko 3808 policy = "file mkfifo /tmp/mknod_fifo_test 0644 "
278 kumaneko 1996 "if path1.parent.perm=01777 path1.parent.perm=sticky "
279     "path1.parent.uid=0 path1.parent.gid=0";
280 kumaneko 2943 write_domain_policy(policy, 0);
281     filename = "/tmp/mknod_fifo_test";
282     show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
283     write_domain_policy(policy, 1);
284     unlink2(filename);
285     show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
286 kumaneko 1996
287 kumaneko 2943 memset(pbuffer, 0, sizeof(pbuffer));
288     memset(&sbuf, 0, sizeof(sbuf));
289     filename = "/dev/null";
290     stat(filename, &sbuf);
291     snprintf(pbuffer, sizeof(pbuffer) - 1,
292 kumaneko 3808 "file write %s if path1.major=%u path1.minor=%u",
293 kumaneko 2943 filename, (unsigned int) MAJOR(sbuf.st_dev),
294     (unsigned int) MINOR(sbuf.st_dev));
295     policy = pbuffer;
296     write_domain_policy(policy, 0);
297     fd = open(filename, O_WRONLY);
298     show_result(fd, 1);
299     if (fd != EOF)
300     close(fd);
301     write_domain_policy(policy, 1);
302     fd = open(filename, O_WRONLY);
303     show_result(fd, 0);
304     if (fd != EOF)
305     close(fd);
306 kumaneko 1996
307 kumaneko 3808 policy = "file read/write /tmp/fifo if path1.type=fifo";
308 kumaneko 2563 mkfifo2("/tmp/fifo");
309 kumaneko 2943 write_domain_policy(policy, 0);
310     fd = open("/tmp/fifo", O_RDWR);
311     show_result(fd, 1);
312     if (fd != EOF)
313     close(fd);
314     write_domain_policy(policy, 1);
315     fd = open("/tmp/fifo", O_RDWR);
316     show_result(fd, 0);
317     if (fd != EOF)
318     close(fd);
319 kumaneko 1996
320 kumaneko 3808 policy = "file read /dev/null if path1.parent.ino=path1.parent.ino";
321 kumaneko 2943 write_domain_policy(policy, 0);
322     fd = open("/dev/null", O_RDONLY);
323     show_result(fd, 1);
324     if (fd != EOF)
325     close(fd);
326     write_domain_policy(policy, 1);
327     fd = open("/dev/null", O_RDONLY);
328     show_result(fd, 0);
329     if (fd != EOF)
330     close(fd);
331 kumaneko 1066
332 kumaneko 3808 policy = "file write /dev/null if path1.uid=path1.gid";
333 kumaneko 2943 write_domain_policy(policy, 0);
334     fd = open("/dev/null", O_WRONLY);
335     show_result(fd, 1);
336     if (fd != EOF)
337     close(fd);
338     write_domain_policy(policy, 1);
339     fd = open("/dev/null", O_WRONLY);
340     show_result(fd, 0);
341     if (fd != EOF)
342     close(fd);
343 kumaneko 1066
344 kumaneko 3808 policy = "file read/write /dev/null if task.uid=path1.parent.uid";
345 kumaneko 2943 write_domain_policy(policy, 0);
346     fd = open("/dev/null", O_RDWR);
347     show_result(fd, 1);
348     if (fd != EOF)
349     close(fd);
350     write_domain_policy(policy, 1);
351     fd = open("/dev/null", O_RDWR);
352     show_result(fd, 0);
353     if (fd != EOF)
354     close(fd);
355 kumaneko 1066
356 kumaneko 3808 policy = "file create /tmp/open_test 0644 "
357 kumaneko 2984 "if path1.parent.uid=task.uid";
358 kumaneko 2943 write_domain_policy(policy, 0);
359 kumaneko 3808 policy = "file write /tmp/open_test if path1.parent.uid=0";
360 kumaneko 2943 write_domain_policy(policy, 0);
361     fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
362     show_result(fd, 1);
363     if (fd != EOF)
364     close(fd);
365     unlink2("/tmp/open_test");
366     write_domain_policy(policy, 1);
367     fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
368     show_result(fd, 0);
369     if (fd != EOF)
370     close(fd);
371     unlink2("/tmp/open_test");
372 kumaneko 1066
373 kumaneko 3808 policy = "file create /tmp/open_test 0644 "
374 kumaneko 2943 "if path1.parent.uid=task.uid";
375     write_domain_policy(policy, 1);
376    
377 kumaneko 3808 policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
378 kumaneko 2943 write_domain_policy(policy, 0);
379 kumaneko 3808 policy = "file create /tmp/open_test 0644 if 0=0";
380 kumaneko 2943 write_domain_policy(policy, 0);
381     fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
382     show_result(fd, 1);
383     if (fd != EOF)
384     close(fd);
385     unlink2("/tmp/open_test");
386     write_domain_policy(policy, 1);
387     fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
388     show_result(fd, 0);
389     if (fd != EOF)
390     close(fd);
391     unlink2("/tmp/open_test");
392 kumaneko 3808 policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
393 kumaneko 2943 write_domain_policy(policy, 1);
394 kumaneko 1066
395     filename = "/tmp/truncate_test";
396     create2(filename);
397    
398 kumaneko 3808 policy = "file truncate /tmp/truncate_test if task.uid=path1.uid";
399 kumaneko 2943 write_domain_policy(policy, 0);
400 kumaneko 3808 policy = "file write /tmp/truncate_test if 1!=100-1000000";
401 kumaneko 2943 write_domain_policy(policy, 0);
402     fd = open(filename, O_WRONLY | O_TRUNC);
403     show_result(fd, 1);
404     if (fd != EOF)
405     close(fd);
406     write_domain_policy(policy, 1);
407     fd = open(filename, O_WRONLY | O_TRUNC);
408     show_result(fd, 0);
409     if (fd != EOF)
410     close(fd);
411 kumaneko 3808 policy = "file truncate /tmp/truncate_test "
412 kumaneko 2943 "if task.uid=path1.uid";
413     write_domain_policy(policy, 1);
414 kumaneko 1066
415 kumaneko 3808 policy = "file write /tmp/truncate_test";
416 kumaneko 2943 write_domain_policy(policy, 0);
417 kumaneko 3808 policy = "file truncate /tmp/truncate_test";
418 kumaneko 2943 write_domain_policy(policy, 0);
419     fd = open(filename, O_WRONLY | O_TRUNC);
420     show_result(fd, 1);
421     if (fd != EOF)
422     close(fd);
423     write_domain_policy(policy, 1);
424     fd = open(filename, O_WRONLY | O_TRUNC);
425     show_result(fd, 0);
426     if (fd != EOF)
427     close(fd);
428 kumaneko 3808 policy = "file write /tmp/truncate_test";
429 kumaneko 2943 write_domain_policy(policy, 1);
430 kumaneko 1726
431 kumaneko 3808 policy = "file truncate /tmp/truncate_test";
432 kumaneko 2943 write_domain_policy(policy, 0);
433     show_result(truncate(filename, 0), 1);
434     write_domain_policy(policy, 1);
435     show_result(truncate(filename, 0), 0);
436 kumaneko 1066
437 kumaneko 3808 policy = "file truncate /tmp/truncate_test";
438 kumaneko 2943 write_domain_policy(policy, 0);
439     set_profile(0, "file::open");
440     fd = open(filename, O_WRONLY);
441     set_profile(3, "file::open");
442     show_result(ftruncate(fd, 0), 1);
443     write_domain_policy(policy, 1);
444     show_result(ftruncate(fd, 0), 0);
445     if (fd != EOF)
446     close(fd);
447 kumaneko 1726
448 kumaneko 1066 unlink2(filename);
449 kumaneko 1726
450 kumaneko 3808 policy = "file create /tmp/mknod_reg_test 0644";
451 kumaneko 2943 write_domain_policy(policy, 0);
452     filename = "/tmp/mknod_reg_test";
453     show_result(mknod(filename, S_IFREG | 0644, 0), 1);
454     write_domain_policy(policy, 1);
455     unlink2(filename);
456     show_result(mknod(filename, S_IFREG | 0644, 0), 0);
457 kumaneko 1066
458 kumaneko 3808 policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";
459 kumaneko 2943 write_domain_policy(policy, 0);
460     filename = "/tmp/mknod_chr_test";
461     show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
462     write_domain_policy(policy, 1);
463     unlink2(filename);
464     show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
465 kumaneko 1066
466 kumaneko 3808 policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";
467 kumaneko 2943 write_domain_policy(policy, 0);
468     filename = "/tmp/mknod_blk_test";
469     show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
470     write_domain_policy(policy, 1);
471     unlink2(filename);
472     show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
473 kumaneko 1066
474 kumaneko 3808 policy = "file mkfifo /tmp/mknod_fifo_test 0644";
475 kumaneko 2943 write_domain_policy(policy, 0);
476     filename = "/tmp/mknod_fifo_test";
477     show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
478     write_domain_policy(policy, 1);
479     unlink2(filename);
480     show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
481 kumaneko 1066
482 kumaneko 3808 policy = "file mksock /tmp/mknod_sock_test 0644";
483 kumaneko 2943 write_domain_policy(policy, 0);
484     filename = "/tmp/mknod_sock_test";
485     show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
486     write_domain_policy(policy, 1);
487     unlink2(filename);
488     show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
489 kumaneko 1726
490 kumaneko 3808 policy = "file mkdir /tmp/mkdir_test/ 0600";
491 kumaneko 2943 write_domain_policy(policy, 0);
492     filename = "/tmp/mkdir_test";
493     show_result(mkdir(filename, 0600), 1);
494     write_domain_policy(policy, 1);
495     rmdir2(filename);
496     show_result(mkdir(filename, 0600), 0);
497 kumaneko 1726
498 kumaneko 3808 policy = "file rmdir /tmp/rmdir_test/";
499 kumaneko 2943 write_domain_policy(policy, 0);
500     filename = "/tmp/rmdir_test";
501     mkdir2(filename);
502     show_result(rmdir(filename), 1);
503     write_domain_policy(policy, 1);
504     mkdir2(filename);
505     show_result(rmdir(filename), 0);
506     rmdir2(filename);
507 kumaneko 1726
508 kumaneko 3808 policy = "file unlink /tmp/unlink_test";
509 kumaneko 2943 write_domain_policy(policy, 0);
510     filename = "/tmp/unlink_test";
511     create2(filename);
512     show_result(unlink(filename), 1);
513     write_domain_policy(policy, 1);
514     create2(filename);
515     show_result(unlink(filename), 0);
516     unlink2(filename);
517 kumaneko 1726
518 kumaneko 3808 policy = "file symlink /tmp/symlink_source_test";
519 kumaneko 2943 write_domain_policy(policy, 0);
520     filename = "/tmp/symlink_source_test";
521     show_result(symlink("/tmp/symlink_dest_test", filename), 1);
522     write_domain_policy(policy, 1);
523     unlink2(filename);
524     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
525 kumaneko 1726
526 kumaneko 3808 policy = "file symlink /tmp/symlink_source_test "
527 kumaneko 2574 "if symlink.target=\"/tmp/symlink_\\*_test\"";
528 kumaneko 2943 write_domain_policy(policy, 0);
529     filename = "/tmp/symlink_source_test";
530     show_result(symlink("/tmp/symlink_dest_test", filename), 1);
531     write_domain_policy(policy, 1);
532     unlink2(filename);
533     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
534 kumaneko 2563
535 kumaneko 3808 policy = "file symlink /tmp/symlink_source_test "
536 kumaneko 2574 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
537 kumaneko 2943 write_domain_policy(policy, 0);
538     filename = "/tmp/symlink_source_test";
539     show_result(symlink("/tmp/symlink_dest_test", filename), 1);
540     write_domain_policy(policy, 1);
541     unlink2(filename);
542     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
543 kumaneko 2563
544 kumaneko 3808 policy = "file symlink /tmp/symlink_source_test "
545 kumaneko 2574 "if symlink.target!=\"\\*\"";
546 kumaneko 2943 write_domain_policy(policy, 0);
547     filename = "/tmp/symlink_source_test";
548     show_result(symlink("/tmp/symlink_dest_test", filename), 1);
549     write_domain_policy(policy, 1);
550     unlink2(filename);
551     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
552 kumaneko 2563
553 kumaneko 3808 policy = "file symlink /tmp/symlink_source_test "
554 kumaneko 2574 "if symlink.target!=\"/tmp/symlink_\\*_test\"";
555 kumaneko 2943 write_domain_policy(policy, 0);
556     filename = "/tmp/symlink_source_test";
557     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
558     write_domain_policy(policy, 1);
559     unlink2(filename);
560     show_result(symlink("/tmp/symlink_dest_test", filename), 0);
561 kumaneko 2563
562 kumaneko 3808 policy = "file link /tmp/link_source_test /tmp/link_dest_test";
563 kumaneko 2943 write_domain_policy(policy, 0);
564     filename = "/tmp/link_source_test";
565     create2(filename);
566     show_result(link(filename, "/tmp/link_dest_test"), 1);
567     write_domain_policy(policy, 1);
568     unlink2("/tmp/link_dest_test");
569     show_result(link(filename, "/tmp/link_dest_test"), 0);
570     unlink2(filename);
571 kumaneko 1066
572 kumaneko 3808 policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";
573 kumaneko 2943 write_domain_policy(policy, 0);
574     filename = "/tmp/rename_source_test";
575     create2(filename);
576     show_result(rename(filename, "/tmp/rename_dest_test"), 1);
577     write_domain_policy(policy, 1);
578     unlink2("/tmp/rename_dest_test");
579     create2(filename);
580     show_result(rename(filename, "/tmp/rename_dest_test"), 0);
581     unlink2(filename);
582 kumaneko 1066
583 kumaneko 3808 policy = "file mksock /tmp/socket_test 0755";
584 kumaneko 2943 write_domain_policy(policy, 0);
585     filename = "/tmp/socket_test";
586     memset(&addr, 0, sizeof(addr));
587     addr.sun_family = AF_UNIX;
588     strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
589     fd = socket(AF_UNIX, SOCK_STREAM, 0);
590     show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
591     1);
592     if (fd != EOF)
593     close(fd);
594     write_domain_policy(policy, 1);
595     unlink2(filename);
596     fd = socket(AF_UNIX, SOCK_STREAM, 0);
597     show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
598     0);
599     if (fd != EOF)
600     close(fd);
601 kumaneko 1067 unlink2(filename);
602 kumaneko 2301
603 kumaneko 3808 policy = "file ioctl socket:[family=2:type=2:protocol=17] "
604 kumaneko 2943 "35122-35124 if task.uid=0";
605     write_domain_policy(policy, 0);
606     fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
607     memset(&ifreq, 0, sizeof(ifreq));
608     snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1,
609     "lo");
610     show_result(ioctl(fd, 35123, &ifreq), 1);
611     write_domain_policy(policy, 1);
612 kumaneko 3808 policy = "file ioctl "
613 kumaneko 2943 "socket:[family=2:type=2:protocol=17] 0-35122";
614     write_domain_policy(policy, 0);
615     show_result(ioctl(fd, 35123, &ifreq), 0);
616     write_domain_policy(policy, 1);
617     if (fd != EOF)
618     close(fd);
619 kumaneko 1066 }
620    
621 kumaneko 1726 int main(int argc, char *argv[])
622     {
623 kumaneko 1744 ccs_test_init();
624 kumaneko 2908 fprintf(domain_fp, "%s /bin/true\n", self_domain);
625     fprintf(domain_fp, "use_profile 255\n");
626     fprintf(domain_fp, "select pid=%u\n", pid);
627 kumaneko 3059 fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
628 kumaneko 1744 stage_file_test();
629 kumaneko 2908 fprintf(domain_fp, "use_profile 0\n");
630 kumaneko 1744 clear_status();
631 kumaneko 1066 return 0;
632     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ