Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c




Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c



 Parent Directory

|  Revision Log



|  Patch













trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3171 by kumaneko,
Wed Nov 11 04:43:08 2009 UTC



branches/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3871 by kumaneko,
Sun Aug  1 01:42:05 2010 UTC






#

Line 1 



Line 1 













1
 /*
 /*

















2
  * ccs_new_file_test.c
  * ccs_new_file_test.c

















3
  *
  *















4


  * Copyright (C) 2005-2009  NTT DATA CORPORATION


  * Copyright (C) 2005-2010  NTT DATA CORPORATION















5
  *
  *















6


  * Version: 1.7.1   2009/11/11


  * Version: 1.8.0-pre   2010/08/01















7
  *
  *

















8
  */
  */

















9
 #include "include.h"
 #include "include.h"











#

Line 136 
 static void stage_file_test(void)


Line 136 
 static void stage_file_test(void)












136
         set_profile(3, "file::mksock");
         set_profile(3, "file::mksock");

















137
         set_profile(3, "file::truncate");
         set_profile(3, "file::truncate");

















138
         set_profile(3, "file::symlink");
         set_profile(3, "file::symlink");














         set_profile(3, "file::rewrite");
 













139
         set_profile(3, "file::mkblock");
         set_profile(3, "file::mkblock");

















140
         set_profile(3, "file::mkchar");
         set_profile(3, "file::mkchar");

















141
         set_profile(3, "file::link");
         set_profile(3, "file::link");











#

Line 150 
 static void stage_file_test(void)


Line 149 
 static void stage_file_test(void)












149
         set_profile(3, "file::umount");
         set_profile(3, "file::umount");

















150
         set_profile(3, "file::pivot_root");
         set_profile(3, "file::pivot_root");

















151
 
 















152


         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "















153
                 "if task.uid=0 task.gid=0";
                 "if task.uid=0 task.gid=0";

















154
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















155
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);

















156
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















157
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);

















158
 
 















159


         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "















160
                 "if task.euid=0 0=0 1-100=10-1000";
                 "if task.euid=0 0=0 1-100=10-1000";

















161
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















162
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);

















163
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















164
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);

















165
 
 















166


         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













167


 


                 "if 1!=10-100";













168


 


         write_domain_policy(policy, 0);













169


 


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "















170
                 "if 1!=10-100";
                 "if 1!=10-100";

















171
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















172
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);












173
 
         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "







174
 
                 "if 1!=10-100";







175
 
         write_domain_policy(policy, 1);







176
 
         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "







177
 
                 "if 1!=10-100";












178
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















179
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);

















180
 
 















181


         policy = "allow_read /bin/true "


         policy = "file read /bin/true "















182
                 "if path1.uid=0 path1.parent.uid=0 10=10-100";
                 "if path1.uid=0 path1.parent.uid=0 10=10-100";

















183
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















184
         show_result(uselib("/bin/true"), 1);
         show_result(uselib("/bin/true"), 1);

















185
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















186
         show_result(uselib("/bin/true"), 0);
         show_result(uselib("/bin/true"), 0);

















187
 
 















188


         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";


         policy = "file execute /bin/true if task.uid!=10 path1.parent.uid=0";















189
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















190
         fflush(stdout);
         fflush(stdout);

















191
         fflush(stderr);
         fflush(stderr);











#

Line 212 
 static void stage_file_test(void)


Line 219 
 static void stage_file_test(void)












219
         errno = err;
         errno = err;

















220
         show_result(err ? EOF : 0, 0);
         show_result(err ? EOF : 0, 0);

















221
 
 















222


         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "


         policy = "file read /dev/null if path1.type=char path1.dev_major=1 "















223
                 "path1.dev_minor=3";
                 "path1.dev_minor=3";

















224
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















225
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);











#

Line 225 
 static void stage_file_test(void)


Line 232 
 static void stage_file_test(void)












232
         if (fd != EOF)
         if (fd != EOF)

















233
                 close(fd);
                 close(fd);

















234
 
 















235


         policy = "allow_read /dev/null if path1.perm=0666";


         policy = "file read /dev/null if path1.perm=0666";















236
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















237
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















238
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 237 
 static void stage_file_test(void)


Line 244 
 static void stage_file_test(void)












244
         if (fd != EOF)
         if (fd != EOF)

















245
                 close(fd);
                 close(fd);

















246
 
 















247


         policy = "allow_read /dev/null if path1.perm!=0777";


         policy = "file read /dev/null if path1.perm!=0777";















248
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















249
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















250
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 249 
 static void stage_file_test(void)


Line 256 
 static void stage_file_test(void)












256
         if (fd != EOF)
         if (fd != EOF)

















257
                 close(fd);
                 close(fd);

















258
 
 















259


         policy = "allow_read /dev/null if path1.perm=owner_read "


         policy = "file read /dev/null if path1.perm=owner_read "















260
                 "path1.perm=owner_write path1.perm!=owner_execute "
                 "path1.perm=owner_write path1.perm!=owner_execute "

















261
                 "path1.perm=group_read path1.perm=group_write "
                 "path1.perm=group_read path1.perm=group_write "

















262
                 "path1.perm!=group_execute path1.perm=others_read "
                 "path1.perm!=group_execute path1.perm=others_read "











#

Line 267 
 static void stage_file_test(void)


Line 274 
 static void stage_file_test(void)












274
                 close(fd);
                 close(fd);

















275
 
 

















276
         set_profile(3, "file::mkfifo");
         set_profile(3, "file::mkfifo");















277


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "


         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "















278
                 "if path1.parent.perm=01777 path1.parent.perm=sticky "
                 "if path1.parent.perm=01777 path1.parent.perm=sticky "

















279
                 "path1.parent.uid=0 path1.parent.gid=0";
                 "path1.parent.uid=0 path1.parent.gid=0";

















280
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);











#

Line 282 
 static void stage_file_test(void)


Line 289 
 static void stage_file_test(void)












289
         filename = "/dev/null";
         filename = "/dev/null";

















290
         stat(filename, &sbuf);
         stat(filename, &sbuf);

















291
         snprintf(pbuffer, sizeof(pbuffer) - 1,
         snprintf(pbuffer, sizeof(pbuffer) - 1,















292


                  "allow_write %s if path1.major=%u path1.minor=%u",


                  "file write %s if path1.major=%u path1.minor=%u",















293
                  filename, (unsigned int) MAJOR(sbuf.st_dev),
                  filename, (unsigned int) MAJOR(sbuf.st_dev),

















294
                  (unsigned int) MINOR(sbuf.st_dev));
                  (unsigned int) MINOR(sbuf.st_dev));

















295
         policy = pbuffer;
         policy = pbuffer;











#

Line 297 
 static void stage_file_test(void)


Line 304 
 static void stage_file_test(void)












304
         if (fd != EOF)
         if (fd != EOF)

















305
                 close(fd);
                 close(fd);

















306
 
 















307


         policy = "allow_read/write /tmp/fifo if path1.type=fifo";


         policy = "file read/write /tmp/fifo if path1.type=fifo";















308
         mkfifo2("/tmp/fifo");
         mkfifo2("/tmp/fifo");

















309
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















310
         fd = open("/tmp/fifo", O_RDWR);
         fd = open("/tmp/fifo", O_RDWR);











#

Line 310 
 static void stage_file_test(void)


Line 317 
 static void stage_file_test(void)












317
         if (fd != EOF)
         if (fd != EOF)

















318
                 close(fd);
                 close(fd);

















319
 
 















320


         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";


         policy = "file read /dev/null if path1.parent.ino=path1.parent.ino";















321
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















322
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















323
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 322 
 static void stage_file_test(void)


Line 329 
 static void stage_file_test(void)












329
         if (fd != EOF)
         if (fd != EOF)

















330
                 close(fd);
                 close(fd);

















331
 
 















332


         policy = "allow_write /dev/null if path1.uid=path1.gid";


         policy = "file write /dev/null if path1.uid=path1.gid";















333
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















334
         fd = open("/dev/null", O_WRONLY);
         fd = open("/dev/null", O_WRONLY);

















335
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 334 
 static void stage_file_test(void)


Line 341 
 static void stage_file_test(void)












341
         if (fd != EOF)
         if (fd != EOF)

















342
                 close(fd);
                 close(fd);

















343
 
 















344


         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";


         policy = "file read/write /dev/null if task.uid=path1.parent.uid";















345
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















346
         fd = open("/dev/null", O_RDWR);
         fd = open("/dev/null", O_RDWR);

















347
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 346 
 static void stage_file_test(void)


Line 353 
 static void stage_file_test(void)












353
         if (fd != EOF)
         if (fd != EOF)

















354
                 close(fd);
                 close(fd);

















355
 
 















356


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "















357
                 "if path1.parent.uid=task.uid";
                 "if path1.parent.uid=task.uid";

















358
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















359


         policy = "allow_write /tmp/open_test if path1.parent.uid=0";


         policy = "file write /tmp/open_test if path1.parent.uid=0";















360
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















361
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















362
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 363 
 static void stage_file_test(void)


Line 370 
 static void stage_file_test(void)












370
                 close(fd);
                 close(fd);

















371
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");

















372
 
 















373


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "















374
                 "if path1.parent.uid=task.uid";
                 "if path1.parent.uid=task.uid";

















375
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















376
 
 















377


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";















378
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















379


         policy = "allow_create /tmp/open_test 0644 if 0=0";


         policy = "file create /tmp/open_test 0644 if 0=0";















380
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















381
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















382
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 382 
 static void stage_file_test(void)


Line 389 
 static void stage_file_test(void)












389
         if (fd != EOF)
         if (fd != EOF)

















390
                 close(fd);
                 close(fd);

















391
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");















392


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";















393
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















394
 
 

















395
         filename = "/tmp/truncate_test";
         filename = "/tmp/truncate_test";

















396
         create2(filename);
         create2(filename);

















397
 
 















398


         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";


         policy = "file truncate /tmp/truncate_test if task.uid=path1.uid";















399
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















400


         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";


         policy = "file write /tmp/truncate_test if 1!=100-1000000";















401
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















402
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















403
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 401 
 static void stage_file_test(void)


Line 408 
 static void stage_file_test(void)












408
         show_result(fd, 0);
         show_result(fd, 0);

















409
         if (fd != EOF)
         if (fd != EOF)

















410
                 close(fd);
                 close(fd);















411


         policy = "allow_truncate /tmp/truncate_test "


         policy = "file truncate /tmp/truncate_test "















412
                 "if task.uid=path1.uid";
                 "if task.uid=path1.uid";

















413
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















414
 
 















415


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















416
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















417


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















418
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















419
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















420
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 418 
 static void stage_file_test(void)


Line 425 
 static void stage_file_test(void)












425
         show_result(fd, 0);
         show_result(fd, 0);

















426
         if (fd != EOF)
         if (fd != EOF)

















427
                 close(fd);
                 close(fd);















428


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















429
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















430
 
 















431


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















432
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















433
         show_result(truncate(filename, 0), 1);
         show_result(truncate(filename, 0), 1);

















434
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















435
         show_result(truncate(filename, 0), 0);
         show_result(truncate(filename, 0), 0);

















436
 
 















437


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















438
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















439
         set_profile(0, "file::open");
         set_profile(0, "file::open");

















440
         fd = open(filename, O_WRONLY);
         fd = open(filename, O_WRONLY);











#

Line 440 
 static void stage_file_test(void)


Line 447 
 static void stage_file_test(void)












447
 
 

















448
         unlink2(filename);
         unlink2(filename);

















449
 
 















450


         policy = "allow_create /tmp/mknod_reg_test 0644";


         policy = "file create /tmp/mknod_reg_test 0644";















451
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















452
         filename = "/tmp/mknod_reg_test";
         filename = "/tmp/mknod_reg_test";

















453
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);











#

Line 448 
 static void stage_file_test(void)


Line 455 
 static void stage_file_test(void)












455
         unlink2(filename);
         unlink2(filename);

















456
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);

















457
 
 















458


         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";


         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";















459
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















460
         filename = "/tmp/mknod_chr_test";
         filename = "/tmp/mknod_chr_test";

















461
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);











#

Line 456 
 static void stage_file_test(void)


Line 463 
 static void stage_file_test(void)












463
         unlink2(filename);
         unlink2(filename);

















464
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);

















465
 
 















466


         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";


         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";















467
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















468
         filename = "/tmp/mknod_blk_test";
         filename = "/tmp/mknod_blk_test";

















469
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);











#

Line 464 
 static void stage_file_test(void)


Line 471 
 static void stage_file_test(void)












471
         unlink2(filename);
         unlink2(filename);

















472
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);

















473
 
 















474


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";


         policy = "file mkfifo /tmp/mknod_fifo_test 0644";















475
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















476
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";

















477
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);











#

Line 472 
 static void stage_file_test(void)


Line 479 
 static void stage_file_test(void)












479
         unlink2(filename);
         unlink2(filename);

















480
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);

















481
 
 















482


         policy = "allow_mksock /tmp/mknod_sock_test 0644";


         policy = "file mksock /tmp/mknod_sock_test 0644";















483
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















484
         filename = "/tmp/mknod_sock_test";
         filename = "/tmp/mknod_sock_test";

















485
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);











#

Line 480 
 static void stage_file_test(void)


Line 487 
 static void stage_file_test(void)












487
         unlink2(filename);
         unlink2(filename);

















488
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);

















489
 
 















490


         policy = "allow_mkdir /tmp/mkdir_test/ 0600";


         policy = "file mkdir /tmp/mkdir_test/ 0600";















491
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















492
         filename = "/tmp/mkdir_test";
         filename = "/tmp/mkdir_test";

















493
         show_result(mkdir(filename, 0600), 1);
         show_result(mkdir(filename, 0600), 1);











#

Line 488 
 static void stage_file_test(void)


Line 495 
 static void stage_file_test(void)












495
         rmdir2(filename);
         rmdir2(filename);

















496
         show_result(mkdir(filename, 0600), 0);
         show_result(mkdir(filename, 0600), 0);

















497
 
 















498


         policy = "allow_rmdir /tmp/rmdir_test/";


         policy = "file rmdir /tmp/rmdir_test/";















499
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















500
         filename = "/tmp/rmdir_test";
         filename = "/tmp/rmdir_test";

















501
         mkdir2(filename);
         mkdir2(filename);











#

Line 498 
 static void stage_file_test(void)


Line 505 
 static void stage_file_test(void)












505
         show_result(rmdir(filename), 0);
         show_result(rmdir(filename), 0);

















506
         rmdir2(filename);
         rmdir2(filename);

















507
 
 















508


         policy = "allow_unlink /tmp/unlink_test";


         policy = "file unlink /tmp/unlink_test";















509
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















510
         filename = "/tmp/unlink_test";
         filename = "/tmp/unlink_test";

















511
         create2(filename);
         create2(filename);











#

Line 508 
 static void stage_file_test(void)


Line 515 
 static void stage_file_test(void)












515
         show_result(unlink(filename), 0);
         show_result(unlink(filename), 0);

















516
         unlink2(filename);
         unlink2(filename);

















517
 
 















518


         policy = "allow_symlink /tmp/symlink_source_test";


         policy = "file symlink /tmp/symlink_source_test";















519
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















520
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















521
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 516 
 static void stage_file_test(void)


Line 523 
 static void stage_file_test(void)












523
         unlink2(filename);
         unlink2(filename);

















524
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















525
 
 















526


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















527
                 "if symlink.target=\"/tmp/symlink_\\*_test\"";
                 "if symlink.target=\"/tmp/symlink_\\*_test\"";

















528
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















529
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 525 
 static void stage_file_test(void)


Line 532 
 static void stage_file_test(void)












532
         unlink2(filename);
         unlink2(filename);

















533
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















534
 
 















535


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















536
                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";

















537
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















538
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 534 
 static void stage_file_test(void)


Line 541 
 static void stage_file_test(void)












541
         unlink2(filename);
         unlink2(filename);

















542
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















543
 
 















544


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















545
                 "if symlink.target!=\"\\*\"";
                 "if symlink.target!=\"\\*\"";

















546
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















547
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 543 
 static void stage_file_test(void)


Line 550 
 static void stage_file_test(void)












550
         unlink2(filename);
         unlink2(filename);

















551
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















552
 
 















553


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















554
                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";
                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";

















555
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















556
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 552 
 static void stage_file_test(void)


Line 559 
 static void stage_file_test(void)












559
         unlink2(filename);
         unlink2(filename);

















560
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















561
 
 















562


         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";


         policy = "file link /tmp/link_source_test /tmp/link_dest_test";















563
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















564
         filename = "/tmp/link_source_test";
         filename = "/tmp/link_source_test";

















565
         create2(filename);
         create2(filename);











#

Line 562 
 static void stage_file_test(void)


Line 569 
 static void stage_file_test(void)












569
         show_result(link(filename, "/tmp/link_dest_test"), 0);
         show_result(link(filename, "/tmp/link_dest_test"), 0);

















570
         unlink2(filename);
         unlink2(filename);

















571
 
 















572


         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";


         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";















573
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















574
         filename = "/tmp/rename_source_test";
         filename = "/tmp/rename_source_test";

















575
         create2(filename);
         create2(filename);











#

Line 573 
 static void stage_file_test(void)


Line 580 
 static void stage_file_test(void)












580
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);

















581
         unlink2(filename);
         unlink2(filename);

















582
 
 















583


         policy = "allow_mksock /tmp/socket_test 0755";


         policy = "file mksock /tmp/socket_test 0755";















584
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















585
         filename = "/tmp/socket_test";
         filename = "/tmp/socket_test";

















586
         memset(&addr, 0, sizeof(addr));
         memset(&addr, 0, sizeof(addr));











#

Line 591 
 static void stage_file_test(void)


Line 598 
 static void stage_file_test(void)












598
                     0);
                     0);

















599
         if (fd != EOF)
         if (fd != EOF)

















600
                 close(fd);
                 close(fd);














 
 










         filename = "/tmp/rewrite_test";
 










         create2(filename);
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
 










         policy = "allow_truncate /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










 
 










         fd = open(filename, O_RDONLY);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         show_result(truncate(filename, 0), 0);
 










 
 










         set_profile(0, "file::open");
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         set_profile(3, "file::open");
 










         show_result(ftruncate(fd, 0), 0);
 










 
 










         show_result(fcntl(fd, F_SETFL,
 










                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         write_domain_policy(policy, 1);
 










 
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 1);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
 










 
 













601
         unlink2(filename);
         unlink2(filename);

















602
 
 















603


         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "


         policy = "file ioctl socket:[family=2:type=2:protocol=17] "















604
                 "35122-35124 if task.uid=0";
                 "35122-35124 if task.uid=0";

















605
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















606
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);











#

Line 654 
 static void stage_file_test(void)


Line 609 
 static void stage_file_test(void)












609
                  "lo");
                  "lo");

















610
         show_result(ioctl(fd, 35123, &ifreq), 1);
         show_result(ioctl(fd, 35123, &ifreq), 1);

















611
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);















612


         policy = "allow_ioctl "


         policy = "file ioctl "















613
                 "socket:[family=2:type=2:protocol=17] 0-35122";
                 "socket:[family=2:type=2:protocol=17] 0-35122";

















614
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















615
         show_result(ioctl(fd, 35123, &ifreq), 0);
         show_result(ioctl(fd, 35123, &ifreq), 0);





























Legend:



Removed from v.3171
 


changed lines


 
Added in v.3871













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
-trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3171 by kumaneko,
Wed Nov 11 04:43:08 2009 UTC
+branches/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3871 by kumaneko,
Sun Aug  1 01:42:05 2010 UTC
 Line 1
  /*
   * ccs_new_file_test.c
   *
-  * Copyright (C) 2005-2009  NTT DATA CORPORATION
+  * Copyright (C) 2005-2010  NTT DATA CORPORATION
   *
-  * Version: 1.7.1   2009/11/11
+  * Version: 1.8.0-pre   2010/08/01
   *
   */
  #include "include.h"
 Line 136 
 static void stage_file_test(void)
          set_profile(3, "file::mksock");
          set_profile(3, "file::truncate");
          set_profile(3, "file::symlink");
-         set_profile(3, "file::rewrite");
          set_profile(3, "file::mkblock");
          set_profile(3, "file::mkchar");
          set_profile(3, "file::link");
-Line 150 
 static void stage_file_test(void)
+Line 149 
 static void stage_file_test(void)
          set_profile(3, "file::umount");
          set_profile(3, "file::pivot_root");
-         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
                  "if task.uid=0 task.gid=0";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
-         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
                  "if task.euid=0 0=0 1-100=10-1000";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
-         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
+         write_domain_policy(policy, 0);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
                  "if 1!=10-100";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
+         write_domain_policy(policy, 1);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
-         policy = "allow_read /bin/true "
+         policy = "file read /bin/true "
                  "if path1.uid=0 path1.parent.uid=0 10=10-100";
          write_domain_policy(policy, 0);
          show_result(uselib("/bin/true"), 1);
          write_domain_policy(policy, 1);
          show_result(uselib("/bin/true"), 0);
-         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";
+         policy = "file execute /bin/true if task.uid!=10 path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fflush(stdout);
          fflush(stderr);
-Line 212 
 static void stage_file_test(void)
+Line 219 
 static void stage_file_test(void)
          errno = err;
          show_result(err ? EOF : 0, 0);
-         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "
+         policy = "file read /dev/null if path1.type=char path1.dev_major=1 "
                  "path1.dev_minor=3";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
-Line 225 
 static void stage_file_test(void)
+Line 232 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=0666";
+         policy = "file read /dev/null if path1.perm=0666";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 237 
 static void stage_file_test(void)
+Line 244 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm!=0777";
+         policy = "file read /dev/null if path1.perm!=0777";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 249 
 static void stage_file_test(void)
+Line 256 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=owner_read "
+         policy = "file read /dev/null if path1.perm=owner_read "
                  "path1.perm=owner_write path1.perm!=owner_execute "
                  "path1.perm=group_read path1.perm=group_write "
                  "path1.perm!=group_execute path1.perm=others_read "
-Line 267 
 static void stage_file_test(void)
+Line 274 
 static void stage_file_test(void)
                  close(fd);
          set_profile(3, "file::mkfifo");
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "
                  "if path1.parent.perm=01777 path1.parent.perm=sticky "
                  "path1.parent.uid=0 path1.parent.gid=0";
          write_domain_policy(policy, 0);
-Line 282 
 static void stage_file_test(void)
+Line 289 
 static void stage_file_test(void)
          filename = "/dev/null";
          stat(filename, &sbuf);
          snprintf(pbuffer, sizeof(pbuffer) - 1,
-                  "allow_write %s if path1.major=%u path1.minor=%u",
+                  "file write %s if path1.major=%u path1.minor=%u",
                   filename, (unsigned int) MAJOR(sbuf.st_dev),
                   (unsigned int) MINOR(sbuf.st_dev));
          policy = pbuffer;
-Line 297 
 static void stage_file_test(void)
+Line 304 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /tmp/fifo if path1.type=fifo";
+         policy = "file read/write /tmp/fifo if path1.type=fifo";
          mkfifo2("/tmp/fifo");
          write_domain_policy(policy, 0);
          fd = open("/tmp/fifo", O_RDWR);
-Line 310 
 static void stage_file_test(void)
+Line 317 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";
+         policy = "file read /dev/null if path1.parent.ino=path1.parent.ino";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 322 
 static void stage_file_test(void)
+Line 329 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /dev/null if path1.uid=path1.gid";
+         policy = "file write /dev/null if path1.uid=path1.gid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_WRONLY);
          show_result(fd, 1);
-Line 334 
 static void stage_file_test(void)
+Line 341 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";
+         policy = "file read/write /dev/null if task.uid=path1.parent.uid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDWR);
          show_result(fd, 1);
-Line 346 
 static void stage_file_test(void)
+Line 353 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
                  "if path1.parent.uid=task.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/open_test if path1.parent.uid=0";
+         policy = "file write /tmp/open_test if path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 363 
 static void stage_file_test(void)
+Line 370 
 static void stage_file_test(void)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
                  "if path1.parent.uid=task.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 0);
-         policy = "allow_create /tmp/open_test 0644 if 0=0";
+         policy = "file create /tmp/open_test 0644 if 0=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 382 
 static void stage_file_test(void)
+Line 389 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 1);
          filename = "/tmp/truncate_test";
          create2(filename);
-         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";
+         policy = "file truncate /tmp/truncate_test if task.uid=path1.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";
+         policy = "file write /tmp/truncate_test if 1!=100-1000000";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 401 
 static void stage_file_test(void)
+Line 408 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_truncate /tmp/truncate_test "
+         policy = "file truncate /tmp/truncate_test "
                  "if task.uid=path1.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 418 
 static void stage_file_test(void)
+Line 425 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 1);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          show_result(truncate(filename, 0), 1);
          write_domain_policy(policy, 1);
          show_result(truncate(filename, 0), 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          set_profile(0, "file::open");
          fd = open(filename, O_WRONLY);
-Line 440 
 static void stage_file_test(void)
+Line 447 
 static void stage_file_test(void)
          unlink2(filename);
-         policy = "allow_create /tmp/mknod_reg_test 0644";
+         policy = "file create /tmp/mknod_reg_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_reg_test";
          show_result(mknod(filename, S_IFREG | 0644, 0), 1);
-Line 448 
 static void stage_file_test(void)
+Line 455 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
+         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_chr_test";
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
-Line 456 
 static void stage_file_test(void)
+Line 463 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
+         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_blk_test";
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
-Line 464 
 static void stage_file_test(void)
+Line 471 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
          show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
-Line 472 
 static void stage_file_test(void)
+Line 479 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-         policy = "allow_mksock /tmp/mknod_sock_test 0644";
+         policy = "file mksock /tmp/mknod_sock_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_sock_test";
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
-Line 480 
 static void stage_file_test(void)
+Line 487 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-         policy = "allow_mkdir /tmp/mkdir_test/ 0600";
+         policy = "file mkdir /tmp/mkdir_test/ 0600";
          write_domain_policy(policy, 0);
          filename = "/tmp/mkdir_test";
          show_result(mkdir(filename, 0600), 1);
-Line 488 
 static void stage_file_test(void)
+Line 495 
 static void stage_file_test(void)
          rmdir2(filename);
          show_result(mkdir(filename, 0600), 0);
-         policy = "allow_rmdir /tmp/rmdir_test/";
+         policy = "file rmdir /tmp/rmdir_test/";
          write_domain_policy(policy, 0);
          filename = "/tmp/rmdir_test";
          mkdir2(filename);
-Line 498 
 static void stage_file_test(void)
+Line 505 
 static void stage_file_test(void)
          show_result(rmdir(filename), 0);
          rmdir2(filename);
-         policy = "allow_unlink /tmp/unlink_test";
+         policy = "file unlink /tmp/unlink_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/unlink_test";
          create2(filename);
-Line 508 
 static void stage_file_test(void)
+Line 515 
 static void stage_file_test(void)
          show_result(unlink(filename), 0);
          unlink2(filename);
-         policy = "allow_symlink /tmp/symlink_source_test";
+         policy = "file symlink /tmp/symlink_source_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 516 
 static void stage_file_test(void)
+Line 523 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 525 
 static void stage_file_test(void)
+Line 532 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 534 
 static void stage_file_test(void)
+Line 541 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target!=\"\\*\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 543 
 static void stage_file_test(void)
+Line 550 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target!=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 552 
 static void stage_file_test(void)
+Line 559 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
+         policy = "file link /tmp/link_source_test /tmp/link_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/link_source_test";
          create2(filename);
-Line 562 
 static void stage_file_test(void)
+Line 569 
 static void stage_file_test(void)
          show_result(link(filename, "/tmp/link_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
+         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/rename_source_test";
          create2(filename);
-Line 573 
 static void stage_file_test(void)
+Line 580 
 static void stage_file_test(void)
          show_result(rename(filename, "/tmp/rename_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_mksock /tmp/socket_test 0755";
+         policy = "file mksock /tmp/socket_test 0755";
          write_domain_policy(policy, 0);
          filename = "/tmp/socket_test";
          memset(&addr, 0, sizeof(addr));
-Line 591 
 static void stage_file_test(void)
+Line 598 
 static void stage_file_test(void)
 );
          if (fd != EOF)
                  close(fd);
-         filename = "/tmp/rewrite_test";
-         create2(filename);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
-         policy = "allow_truncate /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         fd = open(filename, O_RDONLY);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_APPEND);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         show_result(truncate(filename, 0), 0);
-         set_profile(0, "file::open");
-         fd = open(filename, O_WRONLY | O_APPEND);
-         set_profile(3, "file::open");
-         show_result(ftruncate(fd, 0), 0);
-         show_result(fcntl(fd, F_SETFL,
-                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-         if (fd != EOF)
-                 close(fd);
-         write_domain_policy(policy, 1);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 1);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
          unlink2(filename);
-         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
+         policy = "file ioctl socket:[family=2:type=2:protocol=17] "
                  "35122-35124 if task.uid=0";
          write_domain_policy(policy, 0);
          fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
-Line 654 
 static void stage_file_test(void)
+Line 609 
 static void stage_file_test(void)
                   "lo");
          show_result(ioctl(fd, 35123, &ifreq), 1);
          write_domain_policy(policy, 1);
-         policy = "allow_ioctl "
+         policy = "file ioctl "
                  "socket:[family=2:type=2:protocol=17] 0-35122";
          write_domain_policy(policy, 0);
          show_result(ioctl(fd, 35123, &ifreq), 0);
 Legend:



Removed from v.3171
 


changed lines


 
Added in v.3871
 Legend:



Removed from v.3171
 


changed lines


 
Added in v.3871
-Removed from v.3171
+Added in v.3871
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照