126 |
errno = 0; |
errno = 0; |
127 |
} |
} |
128 |
|
|
129 |
|
static void mkfifo2(const char *pathname) |
130 |
|
{ |
131 |
|
const char *cp = "255-MAC_FOR_FILE=disabled\n"; |
132 |
|
write(profile_fd, cp, strlen(cp)); |
133 |
|
mkfifo(pathname, 0600); |
134 |
|
cp = "255-MAC_FOR_FILE=enforcing\n"; |
135 |
|
write(profile_fd, cp, strlen(cp)); |
136 |
|
errno = 0; |
137 |
|
} |
138 |
|
|
139 |
static void stage_file_test(void) |
static void stage_file_test(void) |
140 |
{ |
{ |
141 |
char *filename = ""; |
char *filename = ""; |
335 |
} |
} |
336 |
} |
} |
337 |
|
|
338 |
policy = "allow_read /dev/initctl if path1.type=fifo"; |
policy = "allow_read/write /tmp/fifo if path1.type=fifo"; |
339 |
if (!has_cond) |
if (!has_cond) |
340 |
policy = "allow_read /dev/initctl"; |
policy = "allow_read/write /tmp/fifo"; |
341 |
|
mkfifo2("/tmp/fifo"); |
342 |
if (write_policy()) { |
if (write_policy()) { |
343 |
int fd = open("/dev/initctl", O_RDONLY); |
int fd = open("/tmp/fifo", O_RDWR); |
344 |
show_result(fd, 1); |
show_result(fd, 1); |
345 |
if (fd != EOF) |
if (fd != EOF) |
346 |
close(fd); |
close(fd); |
347 |
delete_policy(); |
delete_policy(); |
348 |
fd = open("/dev/initctl", O_RDONLY); |
fd = open("/tmp/fifo", O_RDWR); |
349 |
show_result(fd, 0); |
show_result(fd, 0); |
350 |
if (fd != EOF) |
if (fd != EOF) |
351 |
close(fd); |
close(fd); |
607 |
delete_policy(); |
delete_policy(); |
608 |
unlink2(filename); |
unlink2(filename); |
609 |
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
610 |
|
} |
611 |
|
|
612 |
|
policy = "allow_symlink /tmp/symlink_source_test if symlink.target=\"/tmp/symlink_\\*_test\""; |
613 |
|
if (write_policy()) { |
614 |
|
filename = "/tmp/symlink_source_test"; |
615 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 1); |
616 |
|
delete_policy(); |
617 |
|
unlink2(filename); |
618 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
619 |
|
} |
620 |
|
|
621 |
|
policy = "allow_symlink /tmp/symlink_source_test if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\""; |
622 |
|
if (write_policy()) { |
623 |
|
filename = "/tmp/symlink_source_test"; |
624 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 1); |
625 |
|
delete_policy(); |
626 |
|
unlink2(filename); |
627 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
628 |
|
} |
629 |
|
|
630 |
|
policy = "allow_symlink /tmp/symlink_source_test if symlink.target!=\"\\*\""; |
631 |
|
if (write_policy()) { |
632 |
|
filename = "/tmp/symlink_source_test"; |
633 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 1); |
634 |
|
delete_policy(); |
635 |
|
unlink2(filename); |
636 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
637 |
|
} |
638 |
|
|
639 |
|
policy = "allow_symlink /tmp/symlink_source_test if symlink.target!=\"/tmp/symlink_\\*_test\""; |
640 |
|
if (write_policy()) { |
641 |
|
filename = "/tmp/symlink_source_test"; |
642 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
643 |
|
delete_policy(); |
644 |
|
unlink2(filename); |
645 |
|
show_result(symlink("/tmp/symlink_dest_test", filename), 0); |
646 |
} |
} |
647 |
|
|
648 |
policy = "allow_link /tmp/link_source_test /tmp/link_dest_test"; |
policy = "allow_link /tmp/link_source_test /tmp/link_dest_test"; |