オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Contents of /trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1726 - (show annotations) (download) (as text)
Mon Oct 20 14:21:31 2008 UTC (15 years, 7 months ago) by kumaneko
Original Path: trunk/1.6.x/ccs-tools/ccstools/kernel_test/tomoyo_new_file_test.c
File MIME type: text/x-csrc
File size: 14599 byte(s) 
























1

/*








2

 * tomoyo_file_test.c








3

 *








4

 * Testing program for fs/tomoyo_file.c








5

 *








6

 * Copyright (C) 2005-2008  NTT DATA CORPORATION








7

 *








8

 * Version: 1.6.5-pre   2008/10/20








9

 *








10

 */








11

#include "include.h"








12










13

static int domain_fd = EOF;








14

static int exception_fd = EOF;








15

static const char *policy = "";








16

static char self_domain[4096] = "";








17










18

static int write_policy(void)








19

{








20

        FILE *fp;








21

        char buffer[8192];








22

        char *cp;








23

        int domain_found = 0;








24

        int policy_found = 0;








25

        memset(buffer, 0, sizeof(buffer));








26

        cp = "255-MAC_FOR_FILE=disabled\n";








27

        write(profile_fd, cp, strlen(cp));








28

        fp = fopen(proc_policy_domain_policy, "r");








29

        cp = "255-MAC_FOR_FILE=enforcing\n";








30

        write(profile_fd, cp, strlen(cp));








31

        write(domain_fd, policy, strlen(policy));








32

        write(domain_fd, "\n", 1);








33

        if (!fp) {








34

                printf("%s : BUG: policy read failed\n", policy);








35

                return 0;








36

        }








37

        while (fgets(buffer, sizeof(buffer) - 1, fp)) {








38

                cp = strchr(buffer, '\n');








39

                if (cp)








40

                        *cp = '\0';








41

                if (!strncmp(buffer, "<kernel>", 8))








42

                        domain_found = !strcmp(self_domain, buffer);








43

                if (domain_found) {








44

                        /* printf("<%s>\n", buffer); */








45

                        if (!strcmp(buffer, policy)) {








46

                                policy_found = 1;








47

                                break;








48

                        }








49

                }








50

        }








51

        fclose(fp);








52

        if (!policy_found) {








53

                printf("%s : BUG: policy write failed\n", policy);








54

                return 0;








55

        }








56

        errno = 0;








57

        return 1;








58

}








59










60

static void delete_policy(void)








61

{








62

        write(domain_fd, "delete ", 7);








63

        write(domain_fd, policy, strlen(policy));








64

        write(domain_fd, "\n", 1);








65

}








66










67

static void show_result(int result, char should_success)








68

{








69

        int err = errno;








70

        printf("%s : ", policy);








71

        if (should_success) {








72

                if (result != EOF)








73

                        printf("OK\n");








74

                else








75

                        printf("FAILED: %s\n", strerror(err));








76

        } else {








77

                if (result == EOF) {








78

                        if (err == EPERM)








79

                                printf("OK: Permission denied.\n");








80

                        else








81

                                printf("FAILED: %s\n", strerror(err));








82

                } else {








83

                        printf("BUG: didn't fail.\n");








84

                }








85

        }








86

}








87










88

static void create2(const char *pathname)








89

{








90

        const char *cp = "255-MAC_FOR_FILE=disabled\n";








91

        write(profile_fd, cp, strlen(cp));








92

        close(creat(pathname, 0600));








93

        cp = "255-MAC_FOR_FILE=enforcing\n";








94

        write(profile_fd, cp, strlen(cp));








95

        errno = 0;








96

}








97










98

static void mkdir2(const char *pathname)








99

{








100

        const char *cp = "255-MAC_FOR_FILE=disabled\n";








101

        write(profile_fd, cp, strlen(cp));








102

        mkdir(pathname, 0600);








103

        cp = "255-MAC_FOR_FILE=enforcing\n";








104

        write(profile_fd, cp, strlen(cp));








105

        errno = 0;








106

}








107










108

static void unlink2(const char *pathname)








109

{








110

        const char *cp = "255-MAC_FOR_FILE=disabled\n";








111

        write(profile_fd, cp, strlen(cp));








112

        unlink(pathname);








113

        cp = "255-MAC_FOR_FILE=enforcing\n";








114

        write(profile_fd, cp, strlen(cp));








115

        errno = 0;








116

}








117










118

static void rmdir2(const char *pathname)








119

{








120

        const char *cp = "255-MAC_FOR_FILE=disabled\n";








121

        write(profile_fd, cp, strlen(cp));








122

        rmdir(pathname);








123

        cp = "255-MAC_FOR_FILE=enforcing\n";








124

        write(profile_fd, cp, strlen(cp));








125

        errno = 0;








126

}








127










128

static void StageFileTest(void)








129

{








130

        char *filename = "";








131

        policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "








132

                "if task.uid=0 task.gid=0";








133

        if (write_policy()) {








134

                static int name[] = { CTL_NET, NET_IPV4,








135

                                      NET_IPV4_LOCAL_PORT_RANGE };








136

                int buffer[2] = { 32768, 61000 };








137

                size_t size = sizeof(buffer);








138

                show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);








139

                delete_policy();








140

                show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);








141

        }








142

        policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "








143

                "if task.euid=0 0=0 1-100=10-1000";








144

        if (write_policy()) {








145

                static int name[] = { CTL_NET, NET_IPV4,








146

                                      NET_IPV4_LOCAL_PORT_RANGE };








147

                int buffer[2] = { 32768, 61000 };








148

                size_t size = sizeof(buffer);








149

                show_result(sysctl(name, 3, 0, 0, buffer, size), 1);








150

                delete_policy();








151

                show_result(sysctl(name, 3, 0, 0, buffer, size), 0);








152

        }








153

        policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "








154

                "if 1!=10-100";








155

        if (write_policy()) {








156

                static int name[] = { CTL_NET, NET_IPV4,








157

                                      NET_IPV4_LOCAL_PORT_RANGE };








158

                int buffer[2] = { 32768, 61000 };








159

                size_t size = sizeof(buffer);








160

                show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);








161

                delete_policy();








162

                show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);








163

        }








164










165

        policy = "allow_read /bin/true "








166

                "if path1.uid=0 path1.parent.uid=0 10=10-100";








167

        if (write_policy()) {








168

                show_result(uselib("/bin/true"), 1);








169

                delete_policy();








170

                show_result(uselib("/bin/true"), 0);








171

        }








172










173

        policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";








174

        if (write_policy()) {








175

                int pipe_fd[2] = { EOF, EOF };








176

                int err = 0;








177

                fflush(stdout);








178

                fflush(stderr);








179

                pipe(pipe_fd);








180

                if (fork() == 0) {








181

                        execl("/bin/true", "/bin/true", NULL);








182

                        err = errno;








183

                        write(pipe_fd[1], &err, sizeof(err));








184

                        _exit(0);








185

                }








186

                close(pipe_fd[1]);








187

                read(pipe_fd[0], &err, sizeof(err));








188

                close(pipe_fd[0]);








189

                wait(NULL);








190

                errno = err;








191

                show_result(err ? EOF : 0, 1);








192

                delete_policy();








193

                fflush(stdout);








194

                fflush(stderr);








195

                pipe(pipe_fd);








196

                if (fork() == 0) {








197

                        execl("/bin/true", "/bin/true", NULL);








198

                        err = errno;








199

                        write(pipe_fd[1], &err, sizeof(err));








200

                        _exit(0);








201

                }








202

                close(pipe_fd[1]);








203

                read(pipe_fd[0], &err, sizeof(err));








204

                close(pipe_fd[0]);








205

                wait(NULL);








206

                errno = err;








207

                show_result(err ? EOF : 0, 0);








208

        }








209










210

        policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";








211

        if (write_policy()) {








212

                int fd = open("/dev/null", O_RDONLY);








213

                show_result(fd, 1);








214

                if (fd != EOF)








215

                        close(fd);








216

                delete_policy();








217

                fd = open("/dev/null", O_RDONLY);








218

                show_result(fd, 0);








219

                if (fd != EOF)








220

                        close(fd);








221

        }








222










223

        policy = "allow_write /dev/null if path1.uid=path1.gid";








224

        if (write_policy()) {








225

                int fd = open("/dev/null", O_WRONLY);








226

                show_result(fd, 1);








227

                if (fd != EOF)








228

                        close(fd);








229

                delete_policy();








230

                fd = open("/dev/null", O_WRONLY);








231

                show_result(fd, 0);








232

                if (fd != EOF)








233

                        close(fd);








234

        }








235










236

        policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";








237

        if (write_policy()) {








238

                int fd = open("/dev/null", O_RDWR);








239

                show_result(fd, 1);








240

                if (fd != EOF)








241

                        close(fd);








242

                delete_policy();








243

                fd = open("/dev/null", O_RDWR);








244

                show_result(fd, 0);








245

                if (fd != EOF)








246

                        close(fd);








247

        }








248










249

        policy = "allow_create /tmp/open_test if path1.parent.uid=task.uid";








250

        if (write_policy()) {








251

                policy = "allow_write /tmp/open_test if path1.parent.uid=0";








252

                if (write_policy()) {








253

                        int fd = open("/tmp/open_test",








254

                                      O_WRONLY | O_CREAT | O_EXCL, 0666);








255

                        show_result(fd, 1);








256

                        if (fd != EOF)








257

                                close(fd);








258

                        unlink2("/tmp/open_test");








259

                        delete_policy();








260

                        fd = open("/tmp/open_test",








261

                                  O_WRONLY | O_CREAT | O_EXCL, 0666);








262

                        show_result(fd, 0);








263

                        if (fd != EOF)








264

                                close(fd);








265

                        unlink2("/tmp/open_test");








266

                }








267

                policy = "allow_create /tmp/open_test "








268

                        "if path1.parent.uid=task.uid\n";








269

                delete_policy();








270

        }








271










272

        policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";








273

        if (write_policy()) {








274

                policy = "allow_create /tmp/open_test if 0=0";








275

                if (write_policy()) {








276

                        int fd = open("/tmp/open_test",








277

                                      O_WRONLY | O_CREAT | O_EXCL, 0666);








278

                        show_result(fd, 1);








279

                        if (fd != EOF)








280

                                close(fd);








281

                        unlink2("/tmp/open_test");








282

                        delete_policy();








283

                        fd = open("/tmp/open_test",








284

                                  O_WRONLY | O_CREAT | O_EXCL, 0666);








285

                        show_result(fd, 0);








286

                        if (fd != EOF)








287

                                close(fd);








288

                        unlink2("/tmp/open_test");








289

                }








290

                policy = "allow_write /tmp/open_test "








291

                        "if task.uid=0 path1.ino!=0\n";








292

                delete_policy();








293

        }








294










295

        filename = "/tmp/truncate_test";








296

        create2(filename);








297










298

        policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";








299

        if (write_policy()) {








300

                policy = "allow_write /tmp/truncate_test if 1!=100-1000000";








301

                if (write_policy()) {








302

                        int fd = open(filename, O_WRONLY | O_TRUNC);








303

                        show_result(fd, 1);








304

                        if (fd != EOF)








305

                                close(fd);








306

                        delete_policy();








307

                        fd = open(filename, O_WRONLY | O_TRUNC);








308

                        show_result(fd, 0);








309

                        if (fd != EOF)








310

                                close(fd);








311

                }








312

                policy = "allow_truncate /tmp/truncate_test "








313

                        "if task.uid=path1.uid";








314

                delete_policy();








315

        }








316










317

        policy = "allow_write /tmp/truncate_test";








318

        if (write_policy()) {








319

                policy = "allow_truncate /tmp/truncate_test";








320

                if (write_policy()) {








321

                        int fd = open(filename, O_WRONLY | O_TRUNC);








322

                        show_result(fd, 1);








323

                        if (fd != EOF)








324

                                close(fd);








325

                        delete_policy();








326

                        fd = open(filename, O_WRONLY | O_TRUNC);








327

                        show_result(fd, 0);








328

                        if (fd != EOF)








329

                                close(fd);








330

                }








331

                policy = "allow_write /tmp/truncate_test\n";








332

                delete_policy();








333

        }








334










335

        policy = "allow_truncate /tmp/truncate_test";








336

        if (write_policy()) {








337

                show_result(truncate(filename, 0), 1);








338

                delete_policy();








339

                show_result(truncate(filename, 0), 0);








340

        }








341










342

        policy = "allow_truncate /tmp/truncate_test";








343

        if (write_policy()) {








344

                int fd;








345

                const char *cp = "255-MAC_FOR_FILE=disabled\n";








346

                write(profile_fd, cp, strlen(cp));








347

                fd = open(filename, O_WRONLY);








348

                cp = "255-MAC_FOR_FILE=enforcing\n";








349

                write(profile_fd, cp, strlen(cp));








350

                show_result(ftruncate(fd, 0), 1);








351

                delete_policy();








352

                show_result(ftruncate(fd, 0), 0);








353

                if (fd != EOF)








354

                        close(fd);








355

        }








356










357

        unlink2(filename);








358










359

        policy = "allow_create /tmp/mknod_reg_test";








360

        if (write_policy()) {








361

                filename = "/tmp/mknod_reg_test";








362

                show_result(mknod(filename, S_IFREG, 0), 1);








363

                delete_policy();








364

                unlink2(filename);








365

                show_result(mknod(filename, S_IFREG, 0), 0);








366

        }








367










368

        policy = "allow_mkchar /tmp/mknod_chr_test";








369

        if (write_policy()) {








370

                filename = "/tmp/mknod_chr_test";








371

                show_result(mknod(filename, S_IFCHR, MKDEV(1, 3)), 1);








372

                delete_policy();








373

                unlink2(filename);








374

                show_result(mknod(filename, S_IFCHR, MKDEV(1, 3)), 0);








375

        }








376










377

        policy = "allow_mkblock /tmp/mknod_blk_test";








378

        if (write_policy()) {








379

                filename = "/tmp/mknod_blk_test";








380

                show_result(mknod(filename, S_IFBLK, MKDEV(1, 0)), 1);








381

                delete_policy();








382

                unlink2(filename);








383

                show_result(mknod(filename, S_IFBLK, MKDEV(1, 0)), 0);








384

        }








385










386

        policy = "allow_mkfifo /tmp/mknod_fifo_test";








387

        if (write_policy()) {








388

                filename = "/tmp/mknod_fifo_test";








389

                show_result(mknod(filename, S_IFIFO, 0), 1);








390

                delete_policy();








391

                unlink2(filename);








392

                show_result(mknod(filename, S_IFIFO, 0), 0);








393

        }








394










395

        policy = "allow_mksock /tmp/mknod_sock_test";








396

        if (write_policy()) {








397

                filename = "/tmp/mknod_sock_test";








398

                show_result(mknod(filename, S_IFSOCK, 0), 1);








399

                delete_policy();








400

                unlink2(filename);








401

                show_result(mknod(filename, S_IFSOCK, 0), 0);








402

        }








403










404

        policy = "allow_mkdir /tmp/mkdir_test/";








405

        if (write_policy()) {








406

                filename = "/tmp/mkdir_test";








407

                show_result(mkdir(filename, 0600), 1);








408

                delete_policy();








409

                rmdir2(filename);








410

                show_result(mkdir(filename, 0600), 0);








411

        }








412










413

        policy = "allow_rmdir /tmp/rmdir_test/";








414

        if (write_policy()) {








415

                filename = "/tmp/rmdir_test";








416

                mkdir2(filename);








417

                show_result(rmdir(filename), 1);








418

                delete_policy();








419

                mkdir2(filename);








420

                show_result(rmdir(filename), 0);








421

                rmdir2(filename);








422

        }








423










424

        policy = "allow_unlink /tmp/unlink_test";








425

        if (write_policy()) {








426

                filename = "/tmp/unlink_test";








427

                create2(filename);








428

                show_result(unlink(filename), 1);








429

                delete_policy();








430

                create2(filename);








431

                show_result(unlink(filename), 0);








432

                unlink2(filename);








433

        }








434










435

        policy = "allow_symlink /tmp/symlink_source_test";








436

        if (write_policy()) {








437

                filename = "/tmp/symlink_source_test";








438

                show_result(symlink("/tmp/symlink_dest_test", filename), 1);








439

                delete_policy();








440

                unlink2(filename);








441

                show_result(symlink("/tmp/symlink_dest_test", filename), 0);








442

        }








443










444

        policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";








445

        if (write_policy()) {








446

                filename = "/tmp/link_source_test";








447

                create2(filename);








448

                show_result(link(filename, "/tmp/link_dest_test"), 1);








449

                delete_policy();








450

                unlink2("/tmp/link_dest_test");








451

                show_result(link(filename, "/tmp/link_dest_test"), 0);








452

                unlink2(filename);








453

        }








454










455

        policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";








456

        if (write_policy()) {








457

                filename = "/tmp/rename_source_test";








458

                create2(filename);








459

                show_result(rename(filename, "/tmp/rename_dest_test"), 1);








460

                delete_policy();








461

                unlink2("/tmp/rename_dest_test");








462

                create2(filename);








463

                show_result(rename(filename, "/tmp/rename_dest_test"), 0);








464

                unlink2(filename);








465

        }








466










467

        policy = "allow_mksock /tmp/socket_test";








468

        if (write_policy()) {








469

                struct sockaddr_un addr;








470

                int fd;








471

                filename = "/tmp/socket_test";








472

                memset(&addr, 0, sizeof(addr));








473

                addr.sun_family = AF_UNIX;








474

                strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);








475

                fd = socket(AF_UNIX, SOCK_STREAM, 0);








476

                show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),








477

                            1);








478

                if (fd != EOF)








479

                        close(fd);








480

                delete_policy();








481

                unlink2(filename);








482

                fd = socket(AF_UNIX, SOCK_STREAM, 0);








483

                show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),








484

                            0);








485

                if (fd != EOF)








486

                        close(fd);








487

        }








488










489

        filename = "/tmp/rewrite_test";








490

        create2(filename);








491

        policy = "allow_read/write /tmp/rewrite_test";








492

        if (write_policy()) {








493

                char *cp = "deny_rewrite /tmp/rewrite_test\n";








494

                write(exception_fd, cp, strlen(cp));








495

                policy = "allow_truncate /tmp/rewrite_test";








496

                if (write_policy()) {








497

                        int fd;








498










499

                        fd = open(filename, O_RDONLY);








500

                        show_result(fd, 1);








501

                        if (fd != EOF)








502

                                close(fd);








503










504

                        fd = open(filename, O_WRONLY | O_APPEND);








505

                        show_result(fd, 1);








506

                        if (fd != EOF)








507

                                close(fd);








508










509

                        fd = open(filename, O_WRONLY);








510

                        show_result(fd, 0);








511

                        if (fd != EOF)








512

                                close(fd);








513










514

                        fd = open(filename, O_WRONLY | O_TRUNC);








515

                        show_result(fd, 0);








516

                        if (fd != EOF)








517

                                close(fd);








518










519

                        fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);








520

                        show_result(fd, 0);








521

                        if (fd != EOF)








522

                                close(fd);








523










524

                        show_result(truncate(filename, 0), 0);








525










526

                        cp = "255-MAC_FOR_FILE=disabled\n";








527

                        write(profile_fd, cp, strlen(cp));








528

                        fd = open(filename, O_WRONLY | O_APPEND);








529

                        cp = "255-MAC_FOR_FILE=enforcing\n";








530

                        write(profile_fd, cp, strlen(cp));








531

                        show_result(ftruncate(fd, 0), 0);








532










533

                        show_result(fcntl(fd, F_SETFL,








534

                                          fcntl(fd, F_GETFL) & ~O_APPEND), 0);








535

                        if (fd != EOF)








536

                                close(fd);








537










538

                        delete_policy();








539

                }








540

                policy = "allow_read/write /tmp/rewrite_test";








541

                delete_policy();








542

                cp = "delete deny_rewrite /tmp/rewrite_test\n";








543

                write(exception_fd, cp, strlen(cp));








544

        }








545

        unlink2(filename);








546

}








547










548

int main(int argc, char *argv[])








549

{








550

        char *cp;








551

        Init();








552

        domain_fd = open(proc_policy_domain_policy, O_WRONLY);








553

        exception_fd = open(proc_policy_exception_policy, O_WRONLY);








554

        {








555

                int self_fd = open(proc_policy_self_domain, O_RDONLY);








556

                memset(self_domain, 0, sizeof(self_domain));








557

                read(self_fd, self_domain, sizeof(self_domain) - 1);








558

                close(self_fd);








559

                write(domain_fd, self_domain, strlen(self_domain));








560

                cp = " /bin/true\n";








561

                write(domain_fd, cp, strlen(cp));








562

                write(domain_fd, self_domain, strlen(self_domain));








563

                write(domain_fd, "\n", 1);








564

                cp = "use_profile 255\n";








565

                write(domain_fd, cp, strlen(cp));








566

        }








567

        cp = "255-MAX_REJECT_LOG=1024\n";








568

        write(profile_fd, cp, strlen(cp));








569

        StageFileTest();








570

        cp = "use_profile 0\n";








571

        write(domain_fd, cp, strlen(cp));








572

        ClearStatus();








573

        return 0;








574

}




















Back to OSDN">Back to OSDN

ViewVC Help




Powered by ViewVC 1.1.26
 



















サイト情報





ソフトウェアを探す





ソフトウェアを作る





コミュニティ





ヘルプ