オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Contents of /trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3751 - (show annotations) (download) (as text)
Fri Jun 11 02:26:44 2010 UTC (13 years, 11 months ago) by kumaneko
Original Path: branches/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
File MIME type: text/x-csrc
File size: 19020 byte(s) 
























1

/*








2

 * ccs_new_file_test.c








3

 *








4

 * Copyright (C) 2005-2009  NTT DATA CORPORATION








5

 *








6

 * Version: 1.7.1   2009/11/11








7

 *








8

 */








9

#include "include.h"








10










11

static const char *policy = "";








12










13

#if 0








14

static int write_policy(void)








15

{








16

        FILE *fp;








17

        char buffer[8192];








18

        int domain_found = 0;








19

        int policy_found = 0;








20

        memset(buffer, 0, sizeof(buffer));








21

        set_profile(0, "file::open");








22

        fp = fopen(proc_policy_domain_policy, "r");








23

        set_profile(3, "file::open");








24

        fprintf(domain_fp, "%s\n", policy);








25

        if (!fp) {








26

                printf("%s : BUG: policy read failed\n", policy);








27

                return 0;








28

        }








29

        while (fgets(buffer, sizeof(buffer) - 1, fp)) {








30

                char *cp = strchr(buffer, '\n');








31

                if (cp)








32

                        *cp = '\0';








33

                if (!strncmp(buffer, "<kernel>", 8))








34

                        domain_found = !strcmp(self_domain, buffer);








35

                if (!domain_found)








36

                        continue;








37

                /* printf("<%s>\n", buffer); */








38

                if (!strcmp(buffer, policy)) {








39

                        policy_found = 1;








40

                        break;








41

                }








42

        }








43

        fclose(fp);








44

        if (!policy_found) {








45

                printf("%s : BUG: policy write failed\n", policy);








46

                return 0;








47

        }








48

        errno = 0;








49

        return 1;








50

}








51

#endif








52










53

static void show_result(int result, char should_success)








54

{








55

        int err = errno;








56

        printf("%s : ", policy);








57

        if (should_success) {








58

                if (result != EOF)








59

                        printf("OK\n");








60

                else








61

                        printf("FAILED: %s\n", strerror(err));








62

        } else {








63

                if (result == EOF) {








64

                        if (err == EPERM)








65

                                printf("OK: Permission denied.\n");








66

                        else








67

                                printf("FAILED: %s\n", strerror(err));








68

                } else {








69

                        printf("BUG: didn't fail.\n");








70

                }








71

        }








72

}








73










74

static void create2(const char *pathname)








75

{








76

        set_profile(0, "file::create");








77

        set_profile(0, "file::open");








78

        close(creat(pathname, 0600));








79

        set_profile(3, "file::create");








80

        set_profile(3, "file::open");








81

        errno = 0;








82

}








83










84

static void mkdir2(const char *pathname)








85

{








86

        set_profile(0, "file::mkdir");








87

        mkdir(pathname, 0600);








88

        set_profile(3, "file::mkdir");








89

        errno = 0;








90

}








91










92

static void unlink2(const char *pathname)








93

{








94

        set_profile(0, "file::unlink");








95

        unlink(pathname);








96

        set_profile(3, "file::unlink");








97

        errno = 0;








98

}








99










100

static void rmdir2(const char *pathname)








101

{








102

        set_profile(0, "file::rmdir");








103

        rmdir(pathname);








104

        set_profile(3, "file::rmdir");








105

        errno = 0;








106

}








107










108

static void mkfifo2(const char *pathname)








109

{








110

        set_profile(0, "file::mkfifo");








111

        mkfifo(pathname, 0600);








112

        set_profile(3, "file::mkfifo");








113

        errno = 0;








114

}








115










116

static void stage_file_test(void)








117

{








118

        static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE };








119

        int buffer[2] = { 32768, 61000 };








120

        size_t size = sizeof(buffer);








121

        int pipe_fd[2] = { EOF, EOF };








122

        int err = 0;








123

        int fd;








124

        char pbuffer[1024];








125

        struct stat sbuf;








126

        struct sockaddr_un addr;








127

        struct ifreq ifreq;








128

        char *filename = "";








129

        set_profile(3, "file::execute");








130

        set_profile(3, "file::open");








131

        set_profile(3, "file::create");








132

        set_profile(3, "file::unlink");








133

        set_profile(3, "file::mkdir");








134

        set_profile(3, "file::rmdir");








135

        set_profile(3, "file::mkfifo");








136

        set_profile(3, "file::mksock");








137

        set_profile(3, "file::truncate");








138

        set_profile(3, "file::symlink");








139

        set_profile(3, "file::rewrite");








140

        set_profile(3, "file::mkblock");








141

        set_profile(3, "file::mkchar");








142

        set_profile(3, "file::link");








143

        set_profile(3, "file::rename");








144

        set_profile(3, "file::chmod");








145

        set_profile(3, "file::chown");








146

        set_profile(3, "file::chgrp");








147

        set_profile(3, "file::ioctl");








148

        set_profile(3, "file::chroot");








149

        set_profile(3, "file::mount");








150

        set_profile(3, "file::umount");








151

        set_profile(3, "file::pivot_root");








152










153

        policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "








154

                "if task.uid=0 task.gid=0";








155

        write_domain_policy(policy, 0);








156

        show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);








157

        write_domain_policy(policy, 1);








158

        show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);








159










160

        policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "








161

                "if task.euid=0 0=0 1-100=10-1000";








162

        write_domain_policy(policy, 0);








163

        show_result(sysctl(name, 3, 0, 0, buffer, size), 1);








164

        write_domain_policy(policy, 1);








165

        show_result(sysctl(name, 3, 0, 0, buffer, size), 0);








166










167

        policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "








168

                "if 1!=10-100";








169

        write_domain_policy(policy, 0);








170

        show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);








171

        write_domain_policy(policy, 1);








172

        show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);








173










174

        policy = "allow_read /bin/true "








175

                "if path1.uid=0 path1.parent.uid=0 10=10-100";








176

        write_domain_policy(policy, 0);








177

        show_result(uselib("/bin/true"), 1);








178

        write_domain_policy(policy, 1);








179

        show_result(uselib("/bin/true"), 0);








180










181

        policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";








182

        write_domain_policy(policy, 0);








183

        fflush(stdout);








184

        fflush(stderr);








185

        pipe(pipe_fd);








186

        if (fork() == 0) {








187

                execl("/bin/true", "/bin/true", NULL);








188

                err = errno;








189

                write(pipe_fd[1], &err, sizeof(err));








190

                _exit(0);








191

        }








192

        close(pipe_fd[1]);








193

        read(pipe_fd[0], &err, sizeof(err));








194

        close(pipe_fd[0]);








195

        wait(NULL);








196

        errno = err;








197

        show_result(err ? EOF : 0, 1);








198

        write_domain_policy(policy, 1);








199

        fflush(stdout);








200

        fflush(stderr);








201

        pipe(pipe_fd);








202

        if (fork() == 0) {








203

                execl("/bin/true", "/bin/true", NULL);








204

                err = errno;








205

                write(pipe_fd[1], &err, sizeof(err));








206

                _exit(0);








207

        }








208

        close(pipe_fd[1]);








209

        read(pipe_fd[0], &err, sizeof(err));








210

        close(pipe_fd[0]);








211

        wait(NULL);








212

        errno = err;








213

        show_result(err ? EOF : 0, 0);








214










215

        policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "








216

                "path1.dev_minor=3";








217

        write_domain_policy(policy, 0);








218

        fd = open("/dev/null", O_RDONLY);








219

        show_result(fd, 1);








220

        if (fd != EOF)








221

                close(fd);








222

        write_domain_policy(policy, 1);








223

        fd = open("/dev/null", O_RDONLY);








224

        show_result(fd, 0);








225

        if (fd != EOF)








226

                close(fd);








227










228

        policy = "allow_read /dev/null if path1.perm=0666";








229

        write_domain_policy(policy, 0);








230

        fd = open("/dev/null", O_RDONLY);








231

        show_result(fd, 1);








232

        if (fd != EOF)








233

                close(fd);








234

        write_domain_policy(policy, 1);








235

        fd = open("/dev/null", O_RDONLY);








236

        show_result(fd, 0);








237

        if (fd != EOF)








238

                close(fd);








239










240

        policy = "allow_read /dev/null if path1.perm!=0777";








241

        write_domain_policy(policy, 0);








242

        fd = open("/dev/null", O_RDONLY);








243

        show_result(fd, 1);








244

        if (fd != EOF)








245

                close(fd);








246

        write_domain_policy(policy, 1);








247

        fd = open("/dev/null", O_RDONLY);








248

        show_result(fd, 0);








249

        if (fd != EOF)








250

                close(fd);








251










252

        policy = "allow_read /dev/null if path1.perm=owner_read "








253

                "path1.perm=owner_write path1.perm!=owner_execute "








254

                "path1.perm=group_read path1.perm=group_write "








255

                "path1.perm!=group_execute path1.perm=others_read "








256

                "path1.perm=others_write path1.perm!=others_execute "








257

                "path1.perm!=setuid path1.perm!=setgid path1.perm!=sticky";








258

        write_domain_policy(policy, 0);








259

        fd = open("/dev/null", O_RDONLY);








260

        show_result(fd, 1);








261

        if (fd != EOF)








262

                close(fd);








263

        write_domain_policy(policy, 1);








264

        fd = open("/dev/null", O_RDONLY);








265

        show_result(fd, 0);








266

        if (fd != EOF)








267

                close(fd);








268










269

        set_profile(3, "file::mkfifo");








270

        policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "








271

                "if path1.parent.perm=01777 path1.parent.perm=sticky "








272

                "path1.parent.uid=0 path1.parent.gid=0";








273

        write_domain_policy(policy, 0);








274

        filename = "/tmp/mknod_fifo_test";








275

        show_result(mknod(filename, S_IFIFO | 0644, 0), 1);








276

        write_domain_policy(policy, 1);








277

        unlink2(filename);








278

        show_result(mknod(filename, S_IFIFO | 0644, 0), 0);








279










280

        memset(pbuffer, 0, sizeof(pbuffer));








281

        memset(&sbuf, 0, sizeof(sbuf));








282

        filename = "/dev/null";








283

        stat(filename, &sbuf);








284

        snprintf(pbuffer, sizeof(pbuffer) - 1,








285

                 "allow_write %s if path1.major=%u path1.minor=%u",








286

                 filename, (unsigned int) MAJOR(sbuf.st_dev),








287

                 (unsigned int) MINOR(sbuf.st_dev));








288

        policy = pbuffer;








289

        write_domain_policy(policy, 0);








290

        fd = open(filename, O_WRONLY);








291

        show_result(fd, 1);








292

        if (fd != EOF)








293

                close(fd);








294

        write_domain_policy(policy, 1);








295

        fd = open(filename, O_WRONLY);








296

        show_result(fd, 0);








297

        if (fd != EOF)








298

                close(fd);








299










300

        policy = "allow_read/write /tmp/fifo if path1.type=fifo";








301

        mkfifo2("/tmp/fifo");








302

        write_domain_policy(policy, 0);








303

        fd = open("/tmp/fifo", O_RDWR);








304

        show_result(fd, 1);








305

        if (fd != EOF)








306

                close(fd);








307

        write_domain_policy(policy, 1);








308

        fd = open("/tmp/fifo", O_RDWR);








309

        show_result(fd, 0);








310

        if (fd != EOF)








311

                close(fd);








312










313

        policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";








314

        write_domain_policy(policy, 0);








315

        fd = open("/dev/null", O_RDONLY);








316

        show_result(fd, 1);








317

        if (fd != EOF)








318

                close(fd);








319

        write_domain_policy(policy, 1);








320

        fd = open("/dev/null", O_RDONLY);








321

        show_result(fd, 0);








322

        if (fd != EOF)








323

                close(fd);








324










325

        policy = "allow_write /dev/null if path1.uid=path1.gid";








326

        write_domain_policy(policy, 0);








327

        fd = open("/dev/null", O_WRONLY);








328

        show_result(fd, 1);








329

        if (fd != EOF)








330

                close(fd);








331

        write_domain_policy(policy, 1);








332

        fd = open("/dev/null", O_WRONLY);








333

        show_result(fd, 0);








334

        if (fd != EOF)








335

                close(fd);








336










337

        policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";








338

        write_domain_policy(policy, 0);








339

        fd = open("/dev/null", O_RDWR);








340

        show_result(fd, 1);








341

        if (fd != EOF)








342

                close(fd);








343

        write_domain_policy(policy, 1);








344

        fd = open("/dev/null", O_RDWR);








345

        show_result(fd, 0);








346

        if (fd != EOF)








347

                close(fd);








348










349

        policy = "allow_create /tmp/open_test 0644 "








350

                "if path1.parent.uid=task.uid";








351

        write_domain_policy(policy, 0);








352

        policy = "allow_write /tmp/open_test if path1.parent.uid=0";








353

        write_domain_policy(policy, 0);








354

        fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);








355

        show_result(fd, 1);








356

        if (fd != EOF)








357

                close(fd);








358

        unlink2("/tmp/open_test");








359

        write_domain_policy(policy, 1);








360

        fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);








361

        show_result(fd, 0);








362

        if (fd != EOF)








363

                close(fd);








364

        unlink2("/tmp/open_test");








365










366

        policy = "allow_create /tmp/open_test 0644 "








367

                "if path1.parent.uid=task.uid";








368

        write_domain_policy(policy, 1);








369










370

        policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";








371

        write_domain_policy(policy, 0);








372

        policy = "allow_create /tmp/open_test 0644 if 0=0";








373

        write_domain_policy(policy, 0);








374

        fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);








375

        show_result(fd, 1);








376

        if (fd != EOF)








377

                close(fd);








378

        unlink2("/tmp/open_test");








379

        write_domain_policy(policy, 1);








380

        fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);








381

        show_result(fd, 0);








382

        if (fd != EOF)








383

                close(fd);








384

        unlink2("/tmp/open_test");








385

        policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";








386

        write_domain_policy(policy, 1);








387










388

        filename = "/tmp/truncate_test";








389

        create2(filename);








390










391

        policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";








392

        write_domain_policy(policy, 0);








393

        policy = "allow_write /tmp/truncate_test if 1!=100-1000000";








394

        write_domain_policy(policy, 0);








395

        fd = open(filename, O_WRONLY | O_TRUNC);








396

        show_result(fd, 1);








397

        if (fd != EOF)








398

                close(fd);








399

        write_domain_policy(policy, 1);








400

        fd = open(filename, O_WRONLY | O_TRUNC);








401

        show_result(fd, 0);








402

        if (fd != EOF)








403

                close(fd);








404

        policy = "allow_truncate /tmp/truncate_test "








405

                "if task.uid=path1.uid";








406

        write_domain_policy(policy, 1);








407










408

        policy = "allow_write /tmp/truncate_test";








409

        write_domain_policy(policy, 0);








410

        policy = "allow_truncate /tmp/truncate_test";








411

        write_domain_policy(policy, 0);








412

        fd = open(filename, O_WRONLY | O_TRUNC);








413

        show_result(fd, 1);








414

        if (fd != EOF)








415

                close(fd);








416

        write_domain_policy(policy, 1);








417

        fd = open(filename, O_WRONLY | O_TRUNC);








418

        show_result(fd, 0);








419

        if (fd != EOF)








420

                close(fd);








421

        policy = "allow_write /tmp/truncate_test";








422

        write_domain_policy(policy, 1);








423










424

        policy = "allow_truncate /tmp/truncate_test";








425

        write_domain_policy(policy, 0);








426

        show_result(truncate(filename, 0), 1);








427

        write_domain_policy(policy, 1);








428

        show_result(truncate(filename, 0), 0);








429










430

        policy = "allow_truncate /tmp/truncate_test";








431

        write_domain_policy(policy, 0);








432

        set_profile(0, "file::open");








433

        fd = open(filename, O_WRONLY);








434

        set_profile(3, "file::open");








435

        show_result(ftruncate(fd, 0), 1);








436

        write_domain_policy(policy, 1);








437

        show_result(ftruncate(fd, 0), 0);








438

        if (fd != EOF)








439

                close(fd);








440










441

        unlink2(filename);








442










443

        policy = "allow_create /tmp/mknod_reg_test 0644";








444

        write_domain_policy(policy, 0);








445

        filename = "/tmp/mknod_reg_test";








446

        show_result(mknod(filename, S_IFREG | 0644, 0), 1);








447

        write_domain_policy(policy, 1);








448

        unlink2(filename);








449

        show_result(mknod(filename, S_IFREG | 0644, 0), 0);








450










451

        policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";








452

        write_domain_policy(policy, 0);








453

        filename = "/tmp/mknod_chr_test";








454

        show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);








455

        write_domain_policy(policy, 1);








456

        unlink2(filename);








457

        show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);








458










459

        policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";








460

        write_domain_policy(policy, 0);








461

        filename = "/tmp/mknod_blk_test";








462

        show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);








463

        write_domain_policy(policy, 1);








464

        unlink2(filename);








465

        show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);








466










467

        policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";








468

        write_domain_policy(policy, 0);








469

        filename = "/tmp/mknod_fifo_test";








470

        show_result(mknod(filename, S_IFIFO | 0644, 0), 1);








471

        write_domain_policy(policy, 1);








472

        unlink2(filename);








473

        show_result(mknod(filename, S_IFIFO | 0644, 0), 0);








474










475

        policy = "allow_mksock /tmp/mknod_sock_test 0644";








476

        write_domain_policy(policy, 0);








477

        filename = "/tmp/mknod_sock_test";








478

        show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);








479

        write_domain_policy(policy, 1);








480

        unlink2(filename);








481

        show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);








482










483

        policy = "allow_mkdir /tmp/mkdir_test/ 0600";








484

        write_domain_policy(policy, 0);








485

        filename = "/tmp/mkdir_test";








486

        show_result(mkdir(filename, 0600), 1);








487

        write_domain_policy(policy, 1);








488

        rmdir2(filename);








489

        show_result(mkdir(filename, 0600), 0);








490










491

        policy = "allow_rmdir /tmp/rmdir_test/";








492

        write_domain_policy(policy, 0);








493

        filename = "/tmp/rmdir_test";








494

        mkdir2(filename);








495

        show_result(rmdir(filename), 1);








496

        write_domain_policy(policy, 1);








497

        mkdir2(filename);








498

        show_result(rmdir(filename), 0);








499

        rmdir2(filename);








500










501

        policy = "allow_unlink /tmp/unlink_test";








502

        write_domain_policy(policy, 0);








503

        filename = "/tmp/unlink_test";








504

        create2(filename);








505

        show_result(unlink(filename), 1);








506

        write_domain_policy(policy, 1);








507

        create2(filename);








508

        show_result(unlink(filename), 0);








509

        unlink2(filename);








510










511

        policy = "allow_symlink /tmp/symlink_source_test";








512

        write_domain_policy(policy, 0);








513

        filename = "/tmp/symlink_source_test";








514

        show_result(symlink("/tmp/symlink_dest_test", filename), 1);








515

        write_domain_policy(policy, 1);








516

        unlink2(filename);








517

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








518










519

        policy = "allow_symlink /tmp/symlink_source_test "








520

                "if symlink.target=\"/tmp/symlink_\\*_test\"";








521

        write_domain_policy(policy, 0);








522

        filename = "/tmp/symlink_source_test";








523

        show_result(symlink("/tmp/symlink_dest_test", filename), 1);








524

        write_domain_policy(policy, 1);








525

        unlink2(filename);








526

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








527










528

        policy = "allow_symlink /tmp/symlink_source_test "








529

                "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";








530

        write_domain_policy(policy, 0);








531

        filename = "/tmp/symlink_source_test";








532

        show_result(symlink("/tmp/symlink_dest_test", filename), 1);








533

        write_domain_policy(policy, 1);








534

        unlink2(filename);








535

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








536










537

        policy = "allow_symlink /tmp/symlink_source_test "








538

                "if symlink.target!=\"\\*\"";








539

        write_domain_policy(policy, 0);








540

        filename = "/tmp/symlink_source_test";








541

        show_result(symlink("/tmp/symlink_dest_test", filename), 1);








542

        write_domain_policy(policy, 1);








543

        unlink2(filename);








544

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








545










546

        policy = "allow_symlink /tmp/symlink_source_test "








547

                "if symlink.target!=\"/tmp/symlink_\\*_test\"";








548

        write_domain_policy(policy, 0);








549

        filename = "/tmp/symlink_source_test";








550

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








551

        write_domain_policy(policy, 1);








552

        unlink2(filename);








553

        show_result(symlink("/tmp/symlink_dest_test", filename), 0);








554










555

        policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";








556

        write_domain_policy(policy, 0);








557

        filename = "/tmp/link_source_test";








558

        create2(filename);








559

        show_result(link(filename, "/tmp/link_dest_test"), 1);








560

        write_domain_policy(policy, 1);








561

        unlink2("/tmp/link_dest_test");








562

        show_result(link(filename, "/tmp/link_dest_test"), 0);








563

        unlink2(filename);








564










565

        policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";








566

        write_domain_policy(policy, 0);








567

        filename = "/tmp/rename_source_test";








568

        create2(filename);








569

        show_result(rename(filename, "/tmp/rename_dest_test"), 1);








570

        write_domain_policy(policy, 1);








571

        unlink2("/tmp/rename_dest_test");








572

        create2(filename);








573

        show_result(rename(filename, "/tmp/rename_dest_test"), 0);








574

        unlink2(filename);








575










576

        policy = "allow_mksock /tmp/socket_test 0755";








577

        write_domain_policy(policy, 0);








578

        filename = "/tmp/socket_test";








579

        memset(&addr, 0, sizeof(addr));








580

        addr.sun_family = AF_UNIX;








581

        strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);








582

        fd = socket(AF_UNIX, SOCK_STREAM, 0);








583

        show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),








584

                    1);








585

        if (fd != EOF)








586

                close(fd);








587

        write_domain_policy(policy, 1);








588

        unlink2(filename);








589

        fd = socket(AF_UNIX, SOCK_STREAM, 0);








590

        show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),








591

                    0);








592

        if (fd != EOF)








593

                close(fd);








594










595

        filename = "/tmp/rewrite_test";








596

        create2(filename);








597

        policy = "allow_read/write /tmp/rewrite_test";








598

        write_domain_policy(policy, 0);








599

        write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);








600

        policy = "allow_truncate /tmp/rewrite_test";








601

        write_domain_policy(policy, 0);








602










603

        fd = open(filename, O_RDONLY);








604

        show_result(fd, 1);








605

        if (fd != EOF)








606

                close(fd);








607










608

        fd = open(filename, O_WRONLY | O_APPEND);








609

        show_result(fd, 1);








610

        if (fd != EOF)








611

                close(fd);








612










613

        fd = open(filename, O_WRONLY);








614

        show_result(fd, 0);








615

        if (fd != EOF)








616

                close(fd);








617










618

        fd = open(filename, O_WRONLY | O_TRUNC);








619

        show_result(fd, 0);








620

        if (fd != EOF)








621

                close(fd);








622










623

        fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);








624

        show_result(fd, 0);








625

        if (fd != EOF)








626

                close(fd);








627










628

        show_result(truncate(filename, 0), 0);








629










630

        set_profile(0, "file::open");








631

        fd = open(filename, O_WRONLY | O_APPEND);








632

        set_profile(3, "file::open");








633

        show_result(ftruncate(fd, 0), 0);








634










635

        show_result(fcntl(fd, F_SETFL,








636

                          fcntl(fd, F_GETFL) & ~O_APPEND), 0);








637

        if (fd != EOF)








638

                close(fd);








639










640

        write_domain_policy(policy, 1);








641










642

        policy = "allow_read/write /tmp/rewrite_test";








643

        write_domain_policy(policy, 1);








644

        write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);








645










646

        unlink2(filename);








647










648

        policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "








649

                "35122-35124 if task.uid=0";








650

        write_domain_policy(policy, 0);








651

        fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);








652

        memset(&ifreq, 0, sizeof(ifreq));








653

        snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1,








654

                 "lo");








655

        show_result(ioctl(fd, 35123, &ifreq), 1);








656

        write_domain_policy(policy, 1);








657

        policy = "allow_ioctl "








658

                "socket:[family=2:type=2:protocol=17] 0-35122";








659

        write_domain_policy(policy, 0);








660

        show_result(ioctl(fd, 35123, &ifreq), 0);








661

        write_domain_policy(policy, 1);








662

        if (fd != EOF)








663

                close(fd);








664

}








665










666

int main(int argc, char *argv[])








667

{








668

        ccs_test_init();








669

        fprintf(domain_fp, "%s /bin/true\n", self_domain);








670

        fprintf(domain_fp, "use_profile 255\n");








671

        fprintf(domain_fp, "select pid=%u\n", pid);








672

        fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");








673

        stage_file_test();








674

        fprintf(domain_fp, "use_profile 0\n");








675

        clear_status();








676

        return 0;








677

}




















Back to OSDN">Back to OSDN

ViewVC Help




Powered by ViewVC 1.1.26
 



















サイト情報





ソフトウェアを探す





ソフトウェアを作る





コミュニティ





ヘルプ