1 |
/* |
/* |
2 |
* tomoyo_file_test.c |
* ccs_new_file_test.c |
|
* |
|
|
* Testing program for fs/tomoyo_file.c |
|
3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.0-pre 2009/08/24 |
* Version: 1.7.1 2009/11/11 |
7 |
* |
* |
8 |
*/ |
*/ |
9 |
#include "include.h" |
#include "include.h" |
149 |
set_profile(3, "file::mount"); |
set_profile(3, "file::mount"); |
150 |
set_profile(3, "file::umount"); |
set_profile(3, "file::umount"); |
151 |
set_profile(3, "file::pivot_root"); |
set_profile(3, "file::pivot_root"); |
152 |
|
|
153 |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range " |
policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range " |
154 |
"if task.uid=0 task.gid=0"; |
"if task.uid=0 task.gid=0"; |
155 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
156 |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 1); |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 1); |
157 |
write_domain_policy(policy, 1); |
write_domain_policy(policy, 1); |
158 |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 0); |
show_result(sysctl(name, 3, buffer, &size, 0, 0), 0); |
159 |
|
|
160 |
policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range " |
policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range " |
161 |
"if task.euid=0 0=0 1-100=10-1000"; |
"if task.euid=0 0=0 1-100=10-1000"; |
162 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
163 |
show_result(sysctl(name, 3, 0, 0, buffer, size), 1); |
show_result(sysctl(name, 3, 0, 0, buffer, size), 1); |
164 |
write_domain_policy(policy, 1); |
write_domain_policy(policy, 1); |
165 |
show_result(sysctl(name, 3, 0, 0, buffer, size), 0); |
show_result(sysctl(name, 3, 0, 0, buffer, size), 0); |
166 |
|
|
167 |
policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range " |
policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range " |
168 |
"if 1!=10-100"; |
"if 1!=10-100"; |
169 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
170 |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 1); |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 1); |
171 |
write_domain_policy(policy, 1); |
write_domain_policy(policy, 1); |
172 |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 0); |
show_result(sysctl(name, 3, buffer, &size, buffer, size), 0); |
173 |
|
|
174 |
policy = "allow_read /bin/true " |
policy = "allow_read /bin/true " |
175 |
"if path1.uid=0 path1.parent.uid=0 10=10-100"; |
"if path1.uid=0 path1.parent.uid=0 10=10-100"; |
176 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
177 |
show_result(uselib("/bin/true"), 1); |
show_result(uselib("/bin/true"), 1); |
178 |
write_domain_policy(policy, 1); |
write_domain_policy(policy, 1); |
179 |
show_result(uselib("/bin/true"), 0); |
show_result(uselib("/bin/true"), 0); |
180 |
|
|
181 |
policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0"; |
policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0"; |
182 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
183 |
fflush(stdout); |
fflush(stdout); |
224 |
show_result(fd, 0); |
show_result(fd, 0); |
225 |
if (fd != EOF) |
if (fd != EOF) |
226 |
close(fd); |
close(fd); |
227 |
|
|
228 |
policy = "allow_read /dev/null if path1.perm=0666"; |
policy = "allow_read /dev/null if path1.perm=0666"; |
229 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
230 |
fd = open("/dev/null", O_RDONLY); |
fd = open("/dev/null", O_RDONLY); |
346 |
if (fd != EOF) |
if (fd != EOF) |
347 |
close(fd); |
close(fd); |
348 |
|
|
349 |
policy = "allow_create /tmp/open_test 0644 if path1.parent.uid=task.uid"; |
policy = "allow_create /tmp/open_test 0644 " |
350 |
|
"if path1.parent.uid=task.uid"; |
351 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
352 |
policy = "allow_write /tmp/open_test if path1.parent.uid=0"; |
policy = "allow_write /tmp/open_test if path1.parent.uid=0"; |
353 |
write_domain_policy(policy, 0); |
write_domain_policy(policy, 0); |
604 |
show_result(fd, 1); |
show_result(fd, 1); |
605 |
if (fd != EOF) |
if (fd != EOF) |
606 |
close(fd); |
close(fd); |
607 |
|
|
608 |
fd = open(filename, O_WRONLY | O_APPEND); |
fd = open(filename, O_WRONLY | O_APPEND); |
609 |
show_result(fd, 1); |
show_result(fd, 1); |
610 |
if (fd != EOF) |
if (fd != EOF) |
611 |
close(fd); |
close(fd); |
612 |
|
|
613 |
fd = open(filename, O_WRONLY); |
fd = open(filename, O_WRONLY); |
614 |
show_result(fd, 0); |
show_result(fd, 0); |
615 |
if (fd != EOF) |
if (fd != EOF) |
616 |
close(fd); |
close(fd); |
617 |
|
|
618 |
fd = open(filename, O_WRONLY | O_TRUNC); |
fd = open(filename, O_WRONLY | O_TRUNC); |
619 |
show_result(fd, 0); |
show_result(fd, 0); |
620 |
if (fd != EOF) |
if (fd != EOF) |
621 |
close(fd); |
close(fd); |
622 |
|
|
623 |
fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND); |
fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND); |
624 |
show_result(fd, 0); |
show_result(fd, 0); |
625 |
if (fd != EOF) |
if (fd != EOF) |
626 |
close(fd); |
close(fd); |
627 |
|
|
628 |
show_result(truncate(filename, 0), 0); |
show_result(truncate(filename, 0), 0); |
629 |
|
|
630 |
set_profile(0, "file::open"); |
set_profile(0, "file::open"); |
631 |
fd = open(filename, O_WRONLY | O_APPEND); |
fd = open(filename, O_WRONLY | O_APPEND); |
632 |
set_profile(3, "file::open"); |
set_profile(3, "file::open"); |
633 |
show_result(ftruncate(fd, 0), 0); |
show_result(ftruncate(fd, 0), 0); |
634 |
|
|
635 |
show_result(fcntl(fd, F_SETFL, |
show_result(fcntl(fd, F_SETFL, |
636 |
fcntl(fd, F_GETFL) & ~O_APPEND), 0); |
fcntl(fd, F_GETFL) & ~O_APPEND), 0); |
637 |
if (fd != EOF) |
if (fd != EOF) |
638 |
close(fd); |
close(fd); |
639 |
|
|
640 |
write_domain_policy(policy, 1); |
write_domain_policy(policy, 1); |
641 |
|
|
642 |
policy = "allow_read/write /tmp/rewrite_test"; |
policy = "allow_read/write /tmp/rewrite_test"; |
669 |
fprintf(domain_fp, "%s /bin/true\n", self_domain); |
fprintf(domain_fp, "%s /bin/true\n", self_domain); |
670 |
fprintf(domain_fp, "use_profile 255\n"); |
fprintf(domain_fp, "use_profile 255\n"); |
671 |
fprintf(domain_fp, "select pid=%u\n", pid); |
fprintf(domain_fp, "select pid=%u\n", pid); |
672 |
fprintf(profile_fp, "255-MAX_REJECT_LOG=1024\n"); |
fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n"); |
673 |
stage_file_test(); |
stage_file_test(); |
674 |
fprintf(domain_fp, "use_profile 0\n"); |
fprintf(domain_fp, "use_profile 0\n"); |
675 |
clear_status(); |
clear_status(); |