Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c




Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c



 Parent Directory

|  Revision Log



|  Patch













trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 2985 by kumaneko,
Thu Sep  3 08:27:32 2009 UTC



trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 4724 by kumaneko,
Tue Mar 15 05:23:03 2011 UTC






#

Line 1 



Line 1 













1
 /*
 /*















2


  * tomoyo_file_test.c


  * ccs_new_file_test.c















3
  *
  *















4


  * Testing program for fs/tomoyo_file.c


  * Copyright (C) 2005-2011  NTT DATA CORPORATION















5
  *
  *















6


  * Copyright (C) 2005-2009  NTT DATA CORPORATION


  * Version: 1.8.0+   2011/03/15















7
  *
  *















8


  * Version: 1.7.0   2009/09/03


  * This program is free software; you can redistribute it and/or modify it













9


 


  * under the terms of the GNU General Public License v2 as published by the













10


 


  * Free Software Foundation.















11
  *
  *












12
 
  * This program is distributed in the hope that it will be useful, but WITHOUT







13
 
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or







14
 
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for







15
 
  * more details.







16
 
  *







17
 
  * You should have received a copy of the GNU General Public License along with







18
 
  * this program; if not, write to the Free Software Foundation, Inc.,







19
 
  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA












20
  */
  */

















21
 #include "include.h"
 #include "include.h"

















22
 
 

















23
 static const char *policy = "";
 static const char *policy = "";

















24
 
 














 #if 0
 










 static int write_policy(void)
 










 {
 










         FILE *fp;
 










         char buffer[8192];
 










         int domain_found = 0;
 










         int policy_found = 0;
 










         memset(buffer, 0, sizeof(buffer));
 










         set_profile(0, "file::open");
 










         fp = fopen(proc_policy_domain_policy, "r");
 










         set_profile(3, "file::open");
 










         fprintf(domain_fp, "%s\n", policy);
 










         if (!fp) {
 










                 printf("%s : BUG: policy read failed\n", policy);
 










                 return 0;
 










         }
 










         while (fgets(buffer, sizeof(buffer) - 1, fp)) {
 










                 char *cp = strchr(buffer, '\n');
 










                 if (cp)
 










                         *cp = '\0';
 










                 if (!strncmp(buffer, "<kernel>", 8))
 










                         domain_found = !strcmp(self_domain, buffer);
 










                 if (!domain_found)
 










                         continue;
 










                 /* printf("<%s>\n", buffer); */
 










                 if (!strcmp(buffer, policy)) {
 










                         policy_found = 1;
 










                         break;
 










                 }
 










         }
 










         fclose(fp);
 










         if (!policy_found) {
 










                 printf("%s : BUG: policy write failed\n", policy);
 










                 return 0;
 










         }
 










         errno = 0;
 










         return 1;
 










 }
 










 #endif
 










 
 













25
 static void show_result(int result, char should_success)
 static void show_result(int result, char should_success)

















26
 {
 {

















27
         int err = errno;
         int err = errno;











#

Line 128 
 static void stage_file_test(void)


Line 98 
 static void stage_file_test(void)












98
         struct sockaddr_un addr;
         struct sockaddr_un addr;

















99
         struct ifreq ifreq;
         struct ifreq ifreq;

















100
         char *filename = "";
         char *filename = "";












101
 
         int ret_ignored;












102
         set_profile(3, "file::execute");
         set_profile(3, "file::execute");

















103
         set_profile(3, "file::open");
         set_profile(3, "file::open");

















104
         set_profile(3, "file::create");
         set_profile(3, "file::create");











#

Line 138 
 static void stage_file_test(void)


Line 109 
 static void stage_file_test(void)












109
         set_profile(3, "file::mksock");
         set_profile(3, "file::mksock");

















110
         set_profile(3, "file::truncate");
         set_profile(3, "file::truncate");

















111
         set_profile(3, "file::symlink");
         set_profile(3, "file::symlink");














         set_profile(3, "file::rewrite");
 













112
         set_profile(3, "file::mkblock");
         set_profile(3, "file::mkblock");

















113
         set_profile(3, "file::mkchar");
         set_profile(3, "file::mkchar");

















114
         set_profile(3, "file::link");
         set_profile(3, "file::link");











#

Line 149 
 static void stage_file_test(void)


Line 119 
 static void stage_file_test(void)












119
         set_profile(3, "file::ioctl");
         set_profile(3, "file::ioctl");

















120
         set_profile(3, "file::chroot");
         set_profile(3, "file::chroot");

















121
         set_profile(3, "file::mount");
         set_profile(3, "file::mount");















122


         set_profile(3, "file::umount");


         set_profile(3, "file::unmount");















123
         set_profile(3, "file::pivot_root");
         set_profile(3, "file::pivot_root");

















124
 
 















125


         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













126


                 "if task.uid=0 task.gid=0";


                 "task.uid=0 task.gid=0";















127
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















128
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);

















129
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















130
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);

















131
 
 















132


         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "













133


                 "if task.euid=0 0=0 1-100=10-1000";


                 "task.euid=0 0=0 1-100=10-1000";















134
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















135
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);

















136
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















137
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);

















138
 
 















139


         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













140


                 "if 1!=10-100";


                 "1!=10-100";













141


 


         write_domain_policy(policy, 0);













142


 


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "













143


 


                 "1!=10-100";















144
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















145
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);












146
 
         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "







147
 
                 "1!=10-100";







148
 
         write_domain_policy(policy, 1);







149
 
         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "







150
 
                 "1!=10-100";












151
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















152
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);

















153
 
 















154


         policy = "allow_read /bin/true "


         policy = "file read /bin/true "













155


                 "if path1.uid=0 path1.parent.uid=0 10=10-100";


                 "path1.uid=0 path1.parent.uid=0 10=10-100";















156
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















157
         show_result(uselib("/bin/true"), 1);
         show_result(uselib("/bin/true"), 1);

















158
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















159
         show_result(uselib("/bin/true"), 0);
         show_result(uselib("/bin/true"), 0);

















160
 
 















161


         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";


         policy = "file execute /bin/true task.uid!=10 path1.parent.uid=0";















162
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















163
         fflush(stdout);
         fflush(stdout);

















164
         fflush(stderr);
         fflush(stderr);















165


         pipe(pipe_fd);


         ret_ignored = pipe(pipe_fd);















166
         if (fork() == 0) {
         if (fork() == 0) {

















167
                 execl("/bin/true", "/bin/true", NULL);
                 execl("/bin/true", "/bin/true", NULL);

















168
                 err = errno;
                 err = errno;















169


                 write(pipe_fd[1], &err, sizeof(err));


                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));















170
                 _exit(0);
                 _exit(0);

















171
         }
         }

















172
         close(pipe_fd[1]);
         close(pipe_fd[1]);















173


         read(pipe_fd[0], &err, sizeof(err));


         ret_ignored = read(pipe_fd[0], &err, sizeof(err));















174
         close(pipe_fd[0]);
         close(pipe_fd[0]);

















175
         wait(NULL);
         wait(NULL);

















176
         errno = err;
         errno = err;











#

Line 200 
 static void stage_file_test(void)


Line 178 
 static void stage_file_test(void)












178
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















179
         fflush(stdout);
         fflush(stdout);

















180
         fflush(stderr);
         fflush(stderr);















181


         pipe(pipe_fd);


         ret_ignored = pipe(pipe_fd);















182
         if (fork() == 0) {
         if (fork() == 0) {

















183
                 execl("/bin/true", "/bin/true", NULL);
                 execl("/bin/true", "/bin/true", NULL);

















184
                 err = errno;
                 err = errno;















185


                 write(pipe_fd[1], &err, sizeof(err));


                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));















186
                 _exit(0);
                 _exit(0);

















187
         }
         }

















188
         close(pipe_fd[1]);
         close(pipe_fd[1]);















189


         read(pipe_fd[0], &err, sizeof(err));


         ret_ignored = read(pipe_fd[0], &err, sizeof(err));















190
         close(pipe_fd[0]);
         close(pipe_fd[0]);

















191
         wait(NULL);
         wait(NULL);

















192
         errno = err;
         errno = err;

















193
         show_result(err ? EOF : 0, 0);
         show_result(err ? EOF : 0, 0);

















194
 
 















195


         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "


         policy = "file read /dev/null path1.type=char path1.dev_major=1 "















196
                 "path1.dev_minor=3";
                 "path1.dev_minor=3";

















197
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















198
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);











#

Line 227 
 static void stage_file_test(void)


Line 205 
 static void stage_file_test(void)












205
         if (fd != EOF)
         if (fd != EOF)

















206
                 close(fd);
                 close(fd);

















207
 
 















208


         policy = "allow_read /dev/null if path1.perm=0666";


         policy = "file read /dev/null path1.perm=0666";















209
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















210
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















211
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 239 
 static void stage_file_test(void)


Line 217 
 static void stage_file_test(void)












217
         if (fd != EOF)
         if (fd != EOF)

















218
                 close(fd);
                 close(fd);

















219
 
 















220


         policy = "allow_read /dev/null if path1.perm!=0777";


         policy = "file read /dev/null path1.perm!=0777";















221
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















222
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















223
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 251 
 static void stage_file_test(void)


Line 229 
 static void stage_file_test(void)












229
         if (fd != EOF)
         if (fd != EOF)

















230
                 close(fd);
                 close(fd);

















231
 
 















232


         policy = "allow_read /dev/null if path1.perm=owner_read "


         policy = "file read /dev/null path1.perm=owner_read "















233
                 "path1.perm=owner_write path1.perm!=owner_execute "
                 "path1.perm=owner_write path1.perm!=owner_execute "

















234
                 "path1.perm=group_read path1.perm=group_write "
                 "path1.perm=group_read path1.perm=group_write "

















235
                 "path1.perm!=group_execute path1.perm=others_read "
                 "path1.perm!=group_execute path1.perm=others_read "











#

Line 269 
 static void stage_file_test(void)


Line 247 
 static void stage_file_test(void)












247
                 close(fd);
                 close(fd);

















248
 
 

















249
         set_profile(3, "file::mkfifo");
         set_profile(3, "file::mkfifo");















250


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "


         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "













251


                 "if path1.parent.perm=01777 path1.parent.perm=sticky "


                 "path1.parent.perm=01777 path1.parent.perm=sticky "















252
                 "path1.parent.uid=0 path1.parent.gid=0";
                 "path1.parent.uid=0 path1.parent.gid=0";

















253
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















254
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";











#

Line 284 
 static void stage_file_test(void)


Line 262 
 static void stage_file_test(void)












262
         filename = "/dev/null";
         filename = "/dev/null";

















263
         stat(filename, &sbuf);
         stat(filename, &sbuf);

















264
         snprintf(pbuffer, sizeof(pbuffer) - 1,
         snprintf(pbuffer, sizeof(pbuffer) - 1,















265


                  "allow_write %s if path1.major=%u path1.minor=%u",


                  "file write %s path1.major=%u path1.minor=%u",















266
                  filename, (unsigned int) MAJOR(sbuf.st_dev),
                  filename, (unsigned int) MAJOR(sbuf.st_dev),

















267
                  (unsigned int) MINOR(sbuf.st_dev));
                  (unsigned int) MINOR(sbuf.st_dev));

















268
         policy = pbuffer;
         policy = pbuffer;











#

Line 299 
 static void stage_file_test(void)


Line 277 
 static void stage_file_test(void)












277
         if (fd != EOF)
         if (fd != EOF)

















278
                 close(fd);
                 close(fd);

















279
 
 















280


         policy = "allow_read/write /tmp/fifo if path1.type=fifo";


         policy = "file read /tmp/fifo path1.type=fifo\t"













281


 


                 "file write /tmp/fifo path1.type=fifo";















282
         mkfifo2("/tmp/fifo");
         mkfifo2("/tmp/fifo");

















283
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















284
         fd = open("/tmp/fifo", O_RDWR);
         fd = open("/tmp/fifo", O_RDWR);











#

Line 312 
 static void stage_file_test(void)


Line 291 
 static void stage_file_test(void)












291
         if (fd != EOF)
         if (fd != EOF)

















292
                 close(fd);
                 close(fd);

















293
 
 















294


         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";


         policy = "file read /dev/null path1.parent.ino=path1.parent.ino";















295
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















296
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















297
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 324 
 static void stage_file_test(void)


Line 303 
 static void stage_file_test(void)












303
         if (fd != EOF)
         if (fd != EOF)

















304
                 close(fd);
                 close(fd);

















305
 
 















306


         policy = "allow_write /dev/null if path1.uid=path1.gid";


         policy = "file write /dev/null path1.uid=path1.gid";















307
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















308
         fd = open("/dev/null", O_WRONLY);
         fd = open("/dev/null", O_WRONLY);

















309
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 336 
 static void stage_file_test(void)


Line 315 
 static void stage_file_test(void)












315
         if (fd != EOF)
         if (fd != EOF)

















316
                 close(fd);
                 close(fd);

















317
 
 















318


         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";


         policy = "file read /dev/null task.uid=path1.parent.uid\t"













319


 


                 "file write /dev/null task.uid=path1.parent.uid";















320
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















321
         fd = open("/dev/null", O_RDWR);
         fd = open("/dev/null", O_RDWR);

















322
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 348 
 static void stage_file_test(void)


Line 328 
 static void stage_file_test(void)












328
         if (fd != EOF)
         if (fd != EOF)

















329
                 close(fd);
                 close(fd);

















330
 
 















331


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "













332


                 "if path1.parent.uid=task.uid";


                 "path1.parent.uid=task.uid";















333
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















334


         policy = "allow_write /tmp/open_test if path1.parent.uid=0";


         policy = "file write /tmp/open_test path1.parent.uid=0";















335
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















336
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















337
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 365 
 static void stage_file_test(void)


Line 345 
 static void stage_file_test(void)












345
                 close(fd);
                 close(fd);

















346
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");

















347
 
 















348


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "













349


                 "if path1.parent.uid=task.uid";


                 "path1.parent.uid=task.uid";















350
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















351
 
 















352


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";















353
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















354


         policy = "allow_create /tmp/open_test 0644 if 0=0";


         policy = "file create /tmp/open_test 0644 0=0";















355
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















356
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















357
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 384 
 static void stage_file_test(void)


Line 364 
 static void stage_file_test(void)












364
         if (fd != EOF)
         if (fd != EOF)

















365
                 close(fd);
                 close(fd);

















366
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");















367


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";















368
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















369
 
 

















370
         filename = "/tmp/truncate_test";
         filename = "/tmp/truncate_test";

















371
         create2(filename);
         create2(filename);

















372
 
 















373


         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";


         policy = "file truncate /tmp/truncate_test task.uid=path1.uid";















374
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















375


         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";


         policy = "file write /tmp/truncate_test 1!=100-1000000";















376
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















377
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















378
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 403 
 static void stage_file_test(void)


Line 383 
 static void stage_file_test(void)












383
         show_result(fd, 0);
         show_result(fd, 0);

















384
         if (fd != EOF)
         if (fd != EOF)

















385
                 close(fd);
                 close(fd);















386


         policy = "allow_truncate /tmp/truncate_test "


         policy = "file truncate /tmp/truncate_test "













387


                 "if task.uid=path1.uid";


                 "task.uid=path1.uid";















388
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















389
 
 















390


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















391
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















392


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















393
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















394
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















395
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 420 
 static void stage_file_test(void)


Line 400 
 static void stage_file_test(void)












400
         show_result(fd, 0);
         show_result(fd, 0);

















401
         if (fd != EOF)
         if (fd != EOF)

















402
                 close(fd);
                 close(fd);















403


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















404
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















405
 
 















406


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















407
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















408
         show_result(truncate(filename, 0), 1);
         show_result(truncate(filename, 0), 1);

















409
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















410
         show_result(truncate(filename, 0), 0);
         show_result(truncate(filename, 0), 0);

















411
 
 















412


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















413
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















414
         set_profile(0, "file::open");
         set_profile(0, "file::open");

















415
         fd = open(filename, O_WRONLY);
         fd = open(filename, O_WRONLY);











#

Line 442 
 static void stage_file_test(void)


Line 422 
 static void stage_file_test(void)












422
 
 

















423
         unlink2(filename);
         unlink2(filename);

















424
 
 















425


         policy = "allow_create /tmp/mknod_reg_test 0644";


         policy = "file create /tmp/mknod_reg_test 0644";















426
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















427
         filename = "/tmp/mknod_reg_test";
         filename = "/tmp/mknod_reg_test";

















428
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);











#

Line 450 
 static void stage_file_test(void)


Line 430 
 static void stage_file_test(void)












430
         unlink2(filename);
         unlink2(filename);

















431
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);

















432
 
 















433


         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";


         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";















434
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















435
         filename = "/tmp/mknod_chr_test";
         filename = "/tmp/mknod_chr_test";

















436
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);











#

Line 458 
 static void stage_file_test(void)


Line 438 
 static void stage_file_test(void)












438
         unlink2(filename);
         unlink2(filename);

















439
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);

















440
 
 















441


         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";


         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";















442
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















443
         filename = "/tmp/mknod_blk_test";
         filename = "/tmp/mknod_blk_test";

















444
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);











#

Line 466 
 static void stage_file_test(void)


Line 446 
 static void stage_file_test(void)












446
         unlink2(filename);
         unlink2(filename);

















447
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);

















448
 
 















449


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";


         policy = "file mkfifo /tmp/mknod_fifo_test 0644";















450
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















451
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";

















452
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);











#

Line 474 
 static void stage_file_test(void)


Line 454 
 static void stage_file_test(void)












454
         unlink2(filename);
         unlink2(filename);

















455
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);

















456
 
 















457


         policy = "allow_mksock /tmp/mknod_sock_test 0644";


         policy = "file mksock /tmp/mknod_sock_test 0644";















458
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















459
         filename = "/tmp/mknod_sock_test";
         filename = "/tmp/mknod_sock_test";

















460
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);











#

Line 482 
 static void stage_file_test(void)


Line 462 
 static void stage_file_test(void)












462
         unlink2(filename);
         unlink2(filename);

















463
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);

















464
 
 















465


         policy = "allow_mkdir /tmp/mkdir_test/ 0600";


         policy = "file mkdir /tmp/mkdir_test/ 0600";















466
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















467
         filename = "/tmp/mkdir_test";
         filename = "/tmp/mkdir_test";

















468
         show_result(mkdir(filename, 0600), 1);
         show_result(mkdir(filename, 0600), 1);











#

Line 490 
 static void stage_file_test(void)


Line 470 
 static void stage_file_test(void)












470
         rmdir2(filename);
         rmdir2(filename);

















471
         show_result(mkdir(filename, 0600), 0);
         show_result(mkdir(filename, 0600), 0);

















472
 
 















473


         policy = "allow_rmdir /tmp/rmdir_test/";


         policy = "file rmdir /tmp/rmdir_test/";















474
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















475
         filename = "/tmp/rmdir_test";
         filename = "/tmp/rmdir_test";

















476
         mkdir2(filename);
         mkdir2(filename);











#

Line 500 
 static void stage_file_test(void)


Line 480 
 static void stage_file_test(void)












480
         show_result(rmdir(filename), 0);
         show_result(rmdir(filename), 0);

















481
         rmdir2(filename);
         rmdir2(filename);

















482
 
 















483


         policy = "allow_unlink /tmp/unlink_test";


         policy = "file unlink /tmp/unlink_test";















484
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















485
         filename = "/tmp/unlink_test";
         filename = "/tmp/unlink_test";

















486
         create2(filename);
         create2(filename);











#

Line 510 
 static void stage_file_test(void)


Line 490 
 static void stage_file_test(void)












490
         show_result(unlink(filename), 0);
         show_result(unlink(filename), 0);

















491
         unlink2(filename);
         unlink2(filename);

















492
 
 















493


         policy = "allow_symlink /tmp/symlink_source_test";


         policy = "file symlink /tmp/symlink_source_test";















494
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















495
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















496
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 518 
 static void stage_file_test(void)


Line 498 
 static void stage_file_test(void)












498
         unlink2(filename);
         unlink2(filename);

















499
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















500
 
 















501


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













502


                 "if symlink.target=\"/tmp/symlink_\\*_test\"";


                 "symlink.target=\"/tmp/symlink_\\*_test\"";















503
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















504
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















505
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 527 
 static void stage_file_test(void)


Line 507 
 static void stage_file_test(void)












507
         unlink2(filename);
         unlink2(filename);

















508
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















509
 
 















510


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













511


                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";


                 "task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";















512
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















513
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















514
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 536 
 static void stage_file_test(void)


Line 516 
 static void stage_file_test(void)












516
         unlink2(filename);
         unlink2(filename);

















517
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















518
 
 















519


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













520


                 "if symlink.target!=\"\\*\"";


                 "symlink.target!=\"\\*\"";















521
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















522
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















523
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 545 
 static void stage_file_test(void)


Line 525 
 static void stage_file_test(void)












525
         unlink2(filename);
         unlink2(filename);

















526
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















527
 
 















528


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













529


                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";


                 "symlink.target!=\"/tmp/symlink_\\*_test\"";















530
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















531
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















532
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);











#

Line 554 
 static void stage_file_test(void)


Line 534 
 static void stage_file_test(void)












534
         unlink2(filename);
         unlink2(filename);

















535
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















536
 
 















537


         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";


         policy = "file link /tmp/link_source_test /tmp/link_dest_test";















538
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















539
         filename = "/tmp/link_source_test";
         filename = "/tmp/link_source_test";

















540
         create2(filename);
         create2(filename);











#

Line 564 
 static void stage_file_test(void)


Line 544 
 static void stage_file_test(void)












544
         show_result(link(filename, "/tmp/link_dest_test"), 0);
         show_result(link(filename, "/tmp/link_dest_test"), 0);

















545
         unlink2(filename);
         unlink2(filename);

















546
 
 















547


         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";


         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";















548
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















549
         filename = "/tmp/rename_source_test";
         filename = "/tmp/rename_source_test";

















550
         create2(filename);
         create2(filename);











#

Line 575 
 static void stage_file_test(void)


Line 555 
 static void stage_file_test(void)












555
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);

















556
         unlink2(filename);
         unlink2(filename);

















557
 
 















558


         policy = "allow_mksock /tmp/socket_test 0755";


         policy = "file mksock /tmp/socket_test 0755";















559
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















560
         filename = "/tmp/socket_test";
         filename = "/tmp/socket_test";

















561
         memset(&addr, 0, sizeof(addr));
         memset(&addr, 0, sizeof(addr));











#

Line 593 
 static void stage_file_test(void)


Line 573 
 static void stage_file_test(void)












573
                     0);
                     0);

















574
         if (fd != EOF)
         if (fd != EOF)

















575
                 close(fd);
                 close(fd);














 
 










         filename = "/tmp/rewrite_test";
 










         create2(filename);
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
 










         policy = "allow_truncate /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










 
 










         fd = open(filename, O_RDONLY);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         show_result(truncate(filename, 0), 0);
 










 
 










         set_profile(0, "file::open");
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         set_profile(3, "file::open");
 










         show_result(ftruncate(fd, 0), 0);
 










 
 










         show_result(fcntl(fd, F_SETFL,
 










                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         write_domain_policy(policy, 1);
 










 
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 1);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
 










 
 













576
         unlink2(filename);
         unlink2(filename);

















577
 
 















578


         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "


         policy = "file ioctl socket:[family=2:type=2:protocol=17] "













579


                 "35122-35124 if task.uid=0";


                 "35122-35124 task.uid=0";















580
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















581
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);

















582
         memset(&ifreq, 0, sizeof(ifreq));
         memset(&ifreq, 0, sizeof(ifreq));











#

Line 656 
 static void stage_file_test(void)


Line 584 
 static void stage_file_test(void)












584
                  "lo");
                  "lo");

















585
         show_result(ioctl(fd, 35123, &ifreq), 1);
         show_result(ioctl(fd, 35123, &ifreq), 1);

















586
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);















587


         policy = "allow_ioctl "


         policy = "file ioctl "















588
                 "socket:[family=2:type=2:protocol=17] 0-35122";
                 "socket:[family=2:type=2:protocol=17] 0-35122";

















589
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















590
         show_result(ioctl(fd, 35123, &ifreq), 0);
         show_result(ioctl(fd, 35123, &ifreq), 0);











#

Line 671 
 int main(int argc, char *argv[])


Line 599 
 int main(int argc, char *argv[])












599
         fprintf(domain_fp, "%s /bin/true\n", self_domain);
         fprintf(domain_fp, "%s /bin/true\n", self_domain);

















600
         fprintf(domain_fp, "use_profile 255\n");
         fprintf(domain_fp, "use_profile 255\n");

















601
         fprintf(domain_fp, "select pid=%u\n", pid);
         fprintf(domain_fp, "select pid=%u\n", pid);















602


         fprintf(profile_fp, "255-MAX_REJECT_LOG=1024\n");


         fprintf(profile_fp, "255-PREFERENCE={ max_reject_log=1024 }\n");















603
         stage_file_test();
         stage_file_test();

















604
         fprintf(domain_fp, "use_profile 0\n");
         fprintf(domain_fp, "use_profile 0\n");

















605
         clear_status();
         clear_status();












606
 
         if (0) /* To suppress "defined but not used" warnings. */







607
 
                 write_exception_policy("", 0);












608
         return 0;
         return 0;

















609
 }
 }





























Legend:



Removed from v.2985
 


changed lines


 
Added in v.4724













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
-trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 2985 by kumaneko,
Thu Sep  3 08:27:32 2009 UTC
+trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 4724 by kumaneko,
Tue Mar 15 05:23:03 2011 UTC
 Line 1
  /*
-  * tomoyo_file_test.c
+  * ccs_new_file_test.c
   *
-  * Testing program for fs/tomoyo_file.c
+  * Copyright (C) 2005-2011  NTT DATA CORPORATION
   *
-  * Copyright (C) 2005-2009  NTT DATA CORPORATION
+  * Version: 1.8.0+   2011/03/15
   *
-  * Version: 1.7.0   2009/09/03
+  * This program is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU General Public License v2 as published by the
+  * Free Software Foundation.
   *
+  * This program is distributed in the hope that it will be useful, but WITHOUT
+  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+  * more details.
+  *
+  * You should have received a copy of the GNU General Public License along with
+  * this program; if not, write to the Free Software Foundation, Inc.,
+  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
   */
  #include "include.h"
  static const char *policy = "";
- #if 0
- static int write_policy(void)
- {
-         FILE *fp;
-         char buffer[8192];
-         int domain_found = 0;
-         int policy_found = 0;
-         memset(buffer, 0, sizeof(buffer));
-         set_profile(0, "file::open");
-         fp = fopen(proc_policy_domain_policy, "r");
-         set_profile(3, "file::open");
-         fprintf(domain_fp, "%s\n", policy);
-         if (!fp) {
-                 printf("%s : BUG: policy read failed\n", policy);
-                 return 0;
-         }
-         while (fgets(buffer, sizeof(buffer) - 1, fp)) {
-                 char *cp = strchr(buffer, '\n');
-                 if (cp)
-                         *cp = '\0';
-                 if (!strncmp(buffer, "<kernel>", 8))
-                         domain_found = !strcmp(self_domain, buffer);
-                 if (!domain_found)
-                         continue;
-                 /* printf("<%s>\n", buffer); */
-                 if (!strcmp(buffer, policy)) {
-                         policy_found = 1;
-                         break;
-                 }
-         }
-         fclose(fp);
-         if (!policy_found) {
-                 printf("%s : BUG: policy write failed\n", policy);
-                 return 0;
-         }
-         errno = 0;
-         return 1;
- }
- #endif
  static void show_result(int result, char should_success)
  {
          int err = errno;
-Line 128 
 static void stage_file_test(void)
+Line 98 
 static void stage_file_test(void)
          struct sockaddr_un addr;
          struct ifreq ifreq;
          char *filename = "";
+         int ret_ignored;
          set_profile(3, "file::execute");
          set_profile(3, "file::open");
          set_profile(3, "file::create");
-Line 138 
 static void stage_file_test(void)
+Line 109 
 static void stage_file_test(void)
          set_profile(3, "file::mksock");
          set_profile(3, "file::truncate");
          set_profile(3, "file::symlink");
-         set_profile(3, "file::rewrite");
          set_profile(3, "file::mkblock");
          set_profile(3, "file::mkchar");
          set_profile(3, "file::link");
-Line 149 
 static void stage_file_test(void)
+Line 119 
 static void stage_file_test(void)
          set_profile(3, "file::ioctl");
          set_profile(3, "file::chroot");
          set_profile(3, "file::mount");
-         set_profile(3, "file::umount");
+         set_profile(3, "file::unmount");
          set_profile(3, "file::pivot_root");
-         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
-                 "if task.uid=0 task.gid=0";
+                 "task.uid=0 task.gid=0";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
-         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
-                 "if task.euid=0 0=0 1-100=10-1000";
+                 "task.euid=0 0=0 1-100=10-1000";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
-         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
-                 "if 1!=10-100";
+                 "1!=10-100";
+         write_domain_policy(policy, 0);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
+         write_domain_policy(policy, 1);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
-         policy = "allow_read /bin/true "
+         policy = "file read /bin/true "
-                 "if path1.uid=0 path1.parent.uid=0 10=10-100";
+                 "path1.uid=0 path1.parent.uid=0 10=10-100";
          write_domain_policy(policy, 0);
          show_result(uselib("/bin/true"), 1);
          write_domain_policy(policy, 1);
          show_result(uselib("/bin/true"), 0);
-         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";
+         policy = "file execute /bin/true task.uid!=10 path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fflush(stdout);
          fflush(stderr);
-         pipe(pipe_fd);
+         ret_ignored = pipe(pipe_fd);
          if (fork() == 0) {
                  execl("/bin/true", "/bin/true", NULL);
                  err = errno;
-                 write(pipe_fd[1], &err, sizeof(err));
+                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));
                  _exit(0);
          }
          close(pipe_fd[1]);
-         read(pipe_fd[0], &err, sizeof(err));
+         ret_ignored = read(pipe_fd[0], &err, sizeof(err));
          close(pipe_fd[0]);
          wait(NULL);
          errno = err;
-Line 200 
 static void stage_file_test(void)
+Line 178 
 static void stage_file_test(void)
          write_domain_policy(policy, 1);
          fflush(stdout);
          fflush(stderr);
-         pipe(pipe_fd);
+         ret_ignored = pipe(pipe_fd);
          if (fork() == 0) {
                  execl("/bin/true", "/bin/true", NULL);
                  err = errno;
-                 write(pipe_fd[1], &err, sizeof(err));
+                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));
                  _exit(0);
          }
          close(pipe_fd[1]);
-         read(pipe_fd[0], &err, sizeof(err));
+         ret_ignored = read(pipe_fd[0], &err, sizeof(err));
          close(pipe_fd[0]);
          wait(NULL);
          errno = err;
          show_result(err ? EOF : 0, 0);
-         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "
+         policy = "file read /dev/null path1.type=char path1.dev_major=1 "
                  "path1.dev_minor=3";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
-Line 227 
 static void stage_file_test(void)
+Line 205 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=0666";
+         policy = "file read /dev/null path1.perm=0666";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 239 
 static void stage_file_test(void)
+Line 217 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm!=0777";
+         policy = "file read /dev/null path1.perm!=0777";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 251 
 static void stage_file_test(void)
+Line 229 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=owner_read "
+         policy = "file read /dev/null path1.perm=owner_read "
                  "path1.perm=owner_write path1.perm!=owner_execute "
                  "path1.perm=group_read path1.perm=group_write "
                  "path1.perm!=group_execute path1.perm=others_read "
-Line 269 
 static void stage_file_test(void)
+Line 247 
 static void stage_file_test(void)
                  close(fd);
          set_profile(3, "file::mkfifo");
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "
-                 "if path1.parent.perm=01777 path1.parent.perm=sticky "
+                 "path1.parent.perm=01777 path1.parent.perm=sticky "
                  "path1.parent.uid=0 path1.parent.gid=0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
-Line 284 
 static void stage_file_test(void)
+Line 262 
 static void stage_file_test(void)
          filename = "/dev/null";
          stat(filename, &sbuf);
          snprintf(pbuffer, sizeof(pbuffer) - 1,
-                  "allow_write %s if path1.major=%u path1.minor=%u",
+                  "file write %s path1.major=%u path1.minor=%u",
                   filename, (unsigned int) MAJOR(sbuf.st_dev),
                   (unsigned int) MINOR(sbuf.st_dev));
          policy = pbuffer;
-Line 299 
 static void stage_file_test(void)
+Line 277 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /tmp/fifo if path1.type=fifo";
+         policy = "file read /tmp/fifo path1.type=fifo\t"
+                 "file write /tmp/fifo path1.type=fifo";
          mkfifo2("/tmp/fifo");
          write_domain_policy(policy, 0);
          fd = open("/tmp/fifo", O_RDWR);
-Line 312 
 static void stage_file_test(void)
+Line 291 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";
+         policy = "file read /dev/null path1.parent.ino=path1.parent.ino";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 324 
 static void stage_file_test(void)
+Line 303 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /dev/null if path1.uid=path1.gid";
+         policy = "file write /dev/null path1.uid=path1.gid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_WRONLY);
          show_result(fd, 1);
-Line 336 
 static void stage_file_test(void)
+Line 315 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";
+         policy = "file read /dev/null task.uid=path1.parent.uid\t"
+                 "file write /dev/null task.uid=path1.parent.uid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDWR);
          show_result(fd, 1);
-Line 348 
 static void stage_file_test(void)
+Line 328 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
-                 "if path1.parent.uid=task.uid";
+                 "path1.parent.uid=task.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/open_test if path1.parent.uid=0";
+         policy = "file write /tmp/open_test path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 365 
 static void stage_file_test(void)
+Line 345 
 static void stage_file_test(void)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
-                 "if path1.parent.uid=task.uid";
+                 "path1.parent.uid=task.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 0);
-         policy = "allow_create /tmp/open_test 0644 if 0=0";
+         policy = "file create /tmp/open_test 0644 0=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 384 
 static void stage_file_test(void)
+Line 364 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 1);
          filename = "/tmp/truncate_test";
          create2(filename);
-         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";
+         policy = "file truncate /tmp/truncate_test task.uid=path1.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";
+         policy = "file write /tmp/truncate_test 1!=100-1000000";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 403 
 static void stage_file_test(void)
+Line 383 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_truncate /tmp/truncate_test "
+         policy = "file truncate /tmp/truncate_test "
-                 "if task.uid=path1.uid";
+                 "task.uid=path1.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 420 
 static void stage_file_test(void)
+Line 400 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 1);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          show_result(truncate(filename, 0), 1);
          write_domain_policy(policy, 1);
          show_result(truncate(filename, 0), 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          set_profile(0, "file::open");
          fd = open(filename, O_WRONLY);
-Line 442 
 static void stage_file_test(void)
+Line 422 
 static void stage_file_test(void)
          unlink2(filename);
-         policy = "allow_create /tmp/mknod_reg_test 0644";
+         policy = "file create /tmp/mknod_reg_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_reg_test";
          show_result(mknod(filename, S_IFREG | 0644, 0), 1);
-Line 450 
 static void stage_file_test(void)
+Line 430 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
+         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_chr_test";
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
-Line 458 
 static void stage_file_test(void)
+Line 438 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
+         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_blk_test";
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
-Line 466 
 static void stage_file_test(void)
+Line 446 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
          show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
-Line 474 
 static void stage_file_test(void)
+Line 454 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-         policy = "allow_mksock /tmp/mknod_sock_test 0644";
+         policy = "file mksock /tmp/mknod_sock_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_sock_test";
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
-Line 482 
 static void stage_file_test(void)
+Line 462 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-         policy = "allow_mkdir /tmp/mkdir_test/ 0600";
+         policy = "file mkdir /tmp/mkdir_test/ 0600";
          write_domain_policy(policy, 0);
          filename = "/tmp/mkdir_test";
          show_result(mkdir(filename, 0600), 1);
-Line 490 
 static void stage_file_test(void)
+Line 470 
 static void stage_file_test(void)
          rmdir2(filename);
          show_result(mkdir(filename, 0600), 0);
-         policy = "allow_rmdir /tmp/rmdir_test/";
+         policy = "file rmdir /tmp/rmdir_test/";
          write_domain_policy(policy, 0);
          filename = "/tmp/rmdir_test";
          mkdir2(filename);
-Line 500 
 static void stage_file_test(void)
+Line 480 
 static void stage_file_test(void)
          show_result(rmdir(filename), 0);
          rmdir2(filename);
-         policy = "allow_unlink /tmp/unlink_test";
+         policy = "file unlink /tmp/unlink_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/unlink_test";
          create2(filename);
-Line 510 
 static void stage_file_test(void)
+Line 490 
 static void stage_file_test(void)
          show_result(unlink(filename), 0);
          unlink2(filename);
-         policy = "allow_symlink /tmp/symlink_source_test";
+         policy = "file symlink /tmp/symlink_source_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 518 
 static void stage_file_test(void)
+Line 498 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target=\"/tmp/symlink_\\*_test\"";
+                 "symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 527 
 static void stage_file_test(void)
+Line 507 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
+                 "task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 536 
 static void stage_file_test(void)
+Line 516 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target!=\"\\*\"";
+                 "symlink.target!=\"\\*\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 545 
 static void stage_file_test(void)
+Line 525 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";
+                 "symlink.target!=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-Line 554 
 static void stage_file_test(void)
+Line 534 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
+         policy = "file link /tmp/link_source_test /tmp/link_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/link_source_test";
          create2(filename);
-Line 564 
 static void stage_file_test(void)
+Line 544 
 static void stage_file_test(void)
          show_result(link(filename, "/tmp/link_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
+         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/rename_source_test";
          create2(filename);
-Line 575 
 static void stage_file_test(void)
+Line 555 
 static void stage_file_test(void)
          show_result(rename(filename, "/tmp/rename_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_mksock /tmp/socket_test 0755";
+         policy = "file mksock /tmp/socket_test 0755";
          write_domain_policy(policy, 0);
          filename = "/tmp/socket_test";
          memset(&addr, 0, sizeof(addr));
-Line 593 
 static void stage_file_test(void)
+Line 573 
 static void stage_file_test(void)
 );
          if (fd != EOF)
                  close(fd);
-         filename = "/tmp/rewrite_test";
-         create2(filename);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
-         policy = "allow_truncate /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         fd = open(filename, O_RDONLY);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_APPEND);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         show_result(truncate(filename, 0), 0);
-         set_profile(0, "file::open");
-         fd = open(filename, O_WRONLY | O_APPEND);
-         set_profile(3, "file::open");
-         show_result(ftruncate(fd, 0), 0);
-         show_result(fcntl(fd, F_SETFL,
-                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-         if (fd != EOF)
-                 close(fd);
-         write_domain_policy(policy, 1);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 1);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
          unlink2(filename);
-         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
+         policy = "file ioctl socket:[family=2:type=2:protocol=17] "
-                 "35122-35124 if task.uid=0";
+                 "35122-35124 task.uid=0";
          write_domain_policy(policy, 0);
          fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
          memset(&ifreq, 0, sizeof(ifreq));
-Line 656 
 static void stage_file_test(void)
+Line 584 
 static void stage_file_test(void)
                   "lo");
          show_result(ioctl(fd, 35123, &ifreq), 1);
          write_domain_policy(policy, 1);
-         policy = "allow_ioctl "
+         policy = "file ioctl "
                  "socket:[family=2:type=2:protocol=17] 0-35122";
          write_domain_policy(policy, 0);
          show_result(ioctl(fd, 35123, &ifreq), 0);
-Line 671 
 int main(int argc, char *argv[])
+Line 599 
 int main(int argc, char *argv[])
          fprintf(domain_fp, "%s /bin/true\n", self_domain);
          fprintf(domain_fp, "use_profile 255\n");
          fprintf(domain_fp, "select pid=%u\n", pid);
-         fprintf(profile_fp, "255-MAX_REJECT_LOG=1024\n");
+         fprintf(profile_fp, "255-PREFERENCE={ max_reject_log=1024 }\n");
          stage_file_test();
          fprintf(domain_fp, "use_profile 0\n");
          clear_status();
+         if (0) /* To suppress "defined but not used" warnings. */
+                 write_exception_policy("", 0);
          return 0;
  }
 Legend:



Removed from v.2985
 


changed lines


 
Added in v.4724
 Legend:



Removed from v.2985
 


changed lines


 
Added in v.4724
-Removed from v.2985
+Added in v.4724
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照