372 |
|
|
373 |
policy = "allow_read/write /dev/null if task.uid=path1.parent.uid"; |
policy = "allow_read/write /dev/null if task.uid=path1.parent.uid"; |
374 |
if (!has_cond) |
if (!has_cond) |
375 |
policy = "allow_read/write /dev/null if task.uid=path1.parent.uid"; |
policy = "allow_read/write /dev/null"; |
376 |
if (write_policy()) { |
if (write_policy()) { |
377 |
int fd = open("/dev/null", O_RDWR); |
int fd = open("/dev/null", O_RDWR); |
378 |
show_result(fd, 1); |
show_result(fd, 1); |
415 |
} |
} |
416 |
|
|
417 |
policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0"; |
policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0"; |
418 |
|
if (!has_cond) |
419 |
|
policy = "allow_write /tmp/open_test"; |
420 |
if (write_policy()) { |
if (write_policy()) { |
421 |
policy = "allow_create /tmp/open_test if 0=0"; |
policy = "allow_create /tmp/open_test if 0=0"; |
422 |
|
if (!has_cond) |
423 |
|
policy = "allow_create /tmp/open_test"; |
424 |
if (write_policy()) { |
if (write_policy()) { |
425 |
int fd = open("/tmp/open_test", |
int fd = open("/tmp/open_test", |
426 |
O_WRONLY | O_CREAT | O_EXCL, 0666); |
O_WRONLY | O_CREAT | O_EXCL, 0666); |
447 |
create2(filename); |
create2(filename); |
448 |
|
|
449 |
policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid"; |
policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid"; |
450 |
|
if (!has_cond) |
451 |
|
policy = "allow_truncate /tmp/truncate_test"; |
452 |
if (write_policy()) { |
if (write_policy()) { |
453 |
policy = "allow_write /tmp/truncate_test if 1!=100-1000000"; |
policy = "allow_write /tmp/truncate_test if 1!=100-1000000"; |
454 |
|
if (!has_cond) |
455 |
|
policy = "allow_write /tmp/truncate_test"; |
456 |
if (write_policy()) { |
if (write_policy()) { |
457 |
int fd = open(filename, O_WRONLY | O_TRUNC); |
int fd = open(filename, O_WRONLY | O_TRUNC); |
458 |
show_result(fd, 1); |
show_result(fd, 1); |
466 |
} |
} |
467 |
policy = "allow_truncate /tmp/truncate_test " |
policy = "allow_truncate /tmp/truncate_test " |
468 |
"if task.uid=path1.uid"; |
"if task.uid=path1.uid"; |
469 |
|
if (!has_cond) |
470 |
|
policy = "allow_truncate /tmp/truncate_test"; |
471 |
delete_policy(); |
delete_policy(); |
472 |
} |
} |
473 |
|
|