Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c




Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c



 Parent Directory

|  Revision Log



|  Patch













trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3171 by kumaneko,
Wed Nov 11 04:43:08 2009 UTC



trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3906 by kumaneko,
Fri Aug 20 06:53:46 2010 UTC






#

Line 1 



Line 1 













1
 /*
 /*

















2
  * ccs_new_file_test.c
  * ccs_new_file_test.c

















3
  *
  *















4


  * Copyright (C) 2005-2009  NTT DATA CORPORATION


  * Copyright (C) 2005-2010  NTT DATA CORPORATION















5
  *
  *















6


  * Version: 1.7.1   2009/11/11


  * Version: 1.8.0-pre   2010/08/01















7
  *
  *












8
 
  * This program is free software; you can redistribute it and/or modify it







9
 
  * under the terms of the GNU General Public License v2 as published by the







10
 
  * Free Software Foundation.







11
 
  *







12
 
  * This program is distributed in the hope that it will be useful, but WITHOUT







13
 
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or







14
 
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for







15
 
  * more details.







16
 
  *







17
 
  * You should have received a copy of the GNU General Public License along with







18
 
  * this program; if not, write to the Free Software Foundation, Inc.,







19
 
  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA












20
  */
  */

















21
 #include "include.h"
 #include "include.h"

















22
 
 











#

Line 136 
 static void stage_file_test(void)


Line 148 
 static void stage_file_test(void)












148
         set_profile(3, "file::mksock");
         set_profile(3, "file::mksock");

















149
         set_profile(3, "file::truncate");
         set_profile(3, "file::truncate");

















150
         set_profile(3, "file::symlink");
         set_profile(3, "file::symlink");














         set_profile(3, "file::rewrite");
 













151
         set_profile(3, "file::mkblock");
         set_profile(3, "file::mkblock");

















152
         set_profile(3, "file::mkchar");
         set_profile(3, "file::mkchar");

















153
         set_profile(3, "file::link");
         set_profile(3, "file::link");











#

Line 150 
 static void stage_file_test(void)


Line 161 
 static void stage_file_test(void)












161
         set_profile(3, "file::umount");
         set_profile(3, "file::umount");

















162
         set_profile(3, "file::pivot_root");
         set_profile(3, "file::pivot_root");

















163
 
 















164


         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "















165
                 "if task.uid=0 task.gid=0";
                 "if task.uid=0 task.gid=0";

















166
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















167
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);

















168
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















169
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);

















170
 
 















171


         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "















172
                 "if task.euid=0 0=0 1-100=10-1000";
                 "if task.euid=0 0=0 1-100=10-1000";

















173
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















174
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);

















175
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















176
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);

















177
 
 















178


         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













179


 


                 "if 1!=10-100";













180


 


         write_domain_policy(policy, 0);













181


 


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "















182
                 "if 1!=10-100";
                 "if 1!=10-100";

















183
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















184
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);












185
 
         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "







186
 
                 "if 1!=10-100";







187
 
         write_domain_policy(policy, 1);







188
 
         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "







189
 
                 "if 1!=10-100";












190
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















191
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);

















192
 
 















193


         policy = "allow_read /bin/true "


         policy = "file read /bin/true "















194
                 "if path1.uid=0 path1.parent.uid=0 10=10-100";
                 "if path1.uid=0 path1.parent.uid=0 10=10-100";

















195
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















196
         show_result(uselib("/bin/true"), 1);
         show_result(uselib("/bin/true"), 1);

















197
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















198
         show_result(uselib("/bin/true"), 0);
         show_result(uselib("/bin/true"), 0);

















199
 
 















200


         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";


         policy = "file execute /bin/true if task.uid!=10 path1.parent.uid=0";















201
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















202
         fflush(stdout);
         fflush(stdout);

















203
         fflush(stderr);
         fflush(stderr);











#

Line 212 
 static void stage_file_test(void)


Line 231 
 static void stage_file_test(void)












231
         errno = err;
         errno = err;

















232
         show_result(err ? EOF : 0, 0);
         show_result(err ? EOF : 0, 0);

















233
 
 















234


         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "


         policy = "file read /dev/null if path1.type=char path1.dev_major=1 "















235
                 "path1.dev_minor=3";
                 "path1.dev_minor=3";

















236
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















237
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);











#

Line 225 
 static void stage_file_test(void)


Line 244 
 static void stage_file_test(void)












244
         if (fd != EOF)
         if (fd != EOF)

















245
                 close(fd);
                 close(fd);

















246
 
 















247


         policy = "allow_read /dev/null if path1.perm=0666";


         policy = "file read /dev/null if path1.perm=0666";















248
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















249
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















250
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 237 
 static void stage_file_test(void)


Line 256 
 static void stage_file_test(void)












256
         if (fd != EOF)
         if (fd != EOF)

















257
                 close(fd);
                 close(fd);

















258
 
 















259


         policy = "allow_read /dev/null if path1.perm!=0777";


         policy = "file read /dev/null if path1.perm!=0777";















260
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















261
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















262
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 249 
 static void stage_file_test(void)


Line 268 
 static void stage_file_test(void)












268
         if (fd != EOF)
         if (fd != EOF)

















269
                 close(fd);
                 close(fd);

















270
 
 















271


         policy = "allow_read /dev/null if path1.perm=owner_read "


         policy = "file read /dev/null if path1.perm=owner_read "















272
                 "path1.perm=owner_write path1.perm!=owner_execute "
                 "path1.perm=owner_write path1.perm!=owner_execute "

















273
                 "path1.perm=group_read path1.perm=group_write "
                 "path1.perm=group_read path1.perm=group_write "

















274
                 "path1.perm!=group_execute path1.perm=others_read "
                 "path1.perm!=group_execute path1.perm=others_read "











#

Line 267 
 static void stage_file_test(void)


Line 286 
 static void stage_file_test(void)












286
                 close(fd);
                 close(fd);

















287
 
 

















288
         set_profile(3, "file::mkfifo");
         set_profile(3, "file::mkfifo");















289


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "


         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "















290
                 "if path1.parent.perm=01777 path1.parent.perm=sticky "
                 "if path1.parent.perm=01777 path1.parent.perm=sticky "

















291
                 "path1.parent.uid=0 path1.parent.gid=0";
                 "path1.parent.uid=0 path1.parent.gid=0";

















292
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);











#

Line 282 
 static void stage_file_test(void)


Line 301 
 static void stage_file_test(void)












301
         filename = "/dev/null";
         filename = "/dev/null";

















302
         stat(filename, &sbuf);
         stat(filename, &sbuf);

















303
         snprintf(pbuffer, sizeof(pbuffer) - 1,
         snprintf(pbuffer, sizeof(pbuffer) - 1,















304


                  "allow_write %s if path1.major=%u path1.minor=%u",


                  "file write %s if path1.major=%u path1.minor=%u",















305
                  filename, (unsigned int) MAJOR(sbuf.st_dev),
                  filename, (unsigned int) MAJOR(sbuf.st_dev),

















306
                  (unsigned int) MINOR(sbuf.st_dev));
                  (unsigned int) MINOR(sbuf.st_dev));

















307
         policy = pbuffer;
         policy = pbuffer;











#

Line 297 
 static void stage_file_test(void)


Line 316 
 static void stage_file_test(void)












316
         if (fd != EOF)
         if (fd != EOF)

















317
                 close(fd);
                 close(fd);

















318
 
 















319


         policy = "allow_read/write /tmp/fifo if path1.type=fifo";


         policy = "file read/write /tmp/fifo if path1.type=fifo";















320
         mkfifo2("/tmp/fifo");
         mkfifo2("/tmp/fifo");

















321
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















322
         fd = open("/tmp/fifo", O_RDWR);
         fd = open("/tmp/fifo", O_RDWR);











#

Line 310 
 static void stage_file_test(void)


Line 329 
 static void stage_file_test(void)












329
         if (fd != EOF)
         if (fd != EOF)

















330
                 close(fd);
                 close(fd);

















331
 
 















332


         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";


         policy = "file read /dev/null if path1.parent.ino=path1.parent.ino";















333
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















334
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















335
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 322 
 static void stage_file_test(void)


Line 341 
 static void stage_file_test(void)












341
         if (fd != EOF)
         if (fd != EOF)

















342
                 close(fd);
                 close(fd);

















343
 
 















344


         policy = "allow_write /dev/null if path1.uid=path1.gid";


         policy = "file write /dev/null if path1.uid=path1.gid";















345
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















346
         fd = open("/dev/null", O_WRONLY);
         fd = open("/dev/null", O_WRONLY);

















347
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 334 
 static void stage_file_test(void)


Line 353 
 static void stage_file_test(void)












353
         if (fd != EOF)
         if (fd != EOF)

















354
                 close(fd);
                 close(fd);

















355
 
 















356


         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";


         policy = "file read/write /dev/null if task.uid=path1.parent.uid";















357
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















358
         fd = open("/dev/null", O_RDWR);
         fd = open("/dev/null", O_RDWR);

















359
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 346 
 static void stage_file_test(void)


Line 365 
 static void stage_file_test(void)












365
         if (fd != EOF)
         if (fd != EOF)

















366
                 close(fd);
                 close(fd);

















367
 
 















368


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "















369
                 "if path1.parent.uid=task.uid";
                 "if path1.parent.uid=task.uid";

















370
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















371


         policy = "allow_write /tmp/open_test if path1.parent.uid=0";


         policy = "file write /tmp/open_test if path1.parent.uid=0";















372
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















373
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















374
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 363 
 static void stage_file_test(void)


Line 382 
 static void stage_file_test(void)












382
                 close(fd);
                 close(fd);

















383
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");

















384
 
 















385


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "















386
                 "if path1.parent.uid=task.uid";
                 "if path1.parent.uid=task.uid";

















387
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















388
 
 















389


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";















390
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















391


         policy = "allow_create /tmp/open_test 0644 if 0=0";


         policy = "file create /tmp/open_test 0644 if 0=0";















392
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















393
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















394
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 382 
 static void stage_file_test(void)


Line 401 
 static void stage_file_test(void)












401
         if (fd != EOF)
         if (fd != EOF)

















402
                 close(fd);
                 close(fd);

















403
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");















404


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";















405
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















406
 
 

















407
         filename = "/tmp/truncate_test";
         filename = "/tmp/truncate_test";

















408
         create2(filename);
         create2(filename);

















409
 
 















410


         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";


         policy = "file truncate /tmp/truncate_test if task.uid=path1.uid";















411
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















412


         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";


         policy = "file write /tmp/truncate_test if 1!=100-1000000";















413
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















414
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















415
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 401 
 static void stage_file_test(void)


Line 420 
 static void stage_file_test(void)












420
         show_result(fd, 0);
         show_result(fd, 0);

















421
         if (fd != EOF)
         if (fd != EOF)

















422
                 close(fd);
                 close(fd);















423


         policy = "allow_truncate /tmp/truncate_test "


         policy = "file truncate /tmp/truncate_test "















424
                 "if task.uid=path1.uid";
                 "if task.uid=path1.uid";

















425
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















426
 
 















427


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















428
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















429


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















430
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















431
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















432
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 418 
 static void stage_file_test(void)


Line 437 
 static void stage_file_test(void)












437
         show_result(fd, 0);
         show_result(fd, 0);

















438
         if (fd != EOF)
         if (fd != EOF)

















439
                 close(fd);
                 close(fd);















440


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















441
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















442
 
 















443


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















444
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















445
         show_result(truncate(filename, 0), 1);
         show_result(truncate(filename, 0), 1);

















446
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















447
         show_result(truncate(filename, 0), 0);
         show_result(truncate(filename, 0), 0);

















448
 
 















449


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















450
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















451
         set_profile(0, "file::open");
         set_profile(0, "file::open");

















452
         fd = open(filename, O_WRONLY);
         fd = open(filename, O_WRONLY);











#

Line 440 
 static void stage_file_test(void)


Line 459 
 static void stage_file_test(void)












459
 
 

















460
         unlink2(filename);
         unlink2(filename);

















461
 
 















462


         policy = "allow_create /tmp/mknod_reg_test 0644";


         policy = "file create /tmp/mknod_reg_test 0644";















463
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















464
         filename = "/tmp/mknod_reg_test";
         filename = "/tmp/mknod_reg_test";

















465
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);











#

Line 448 
 static void stage_file_test(void)


Line 467 
 static void stage_file_test(void)












467
         unlink2(filename);
         unlink2(filename);

















468
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);

















469
 
 















470


         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";


         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";















471
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















472
         filename = "/tmp/mknod_chr_test";
         filename = "/tmp/mknod_chr_test";

















473
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);











#

Line 456 
 static void stage_file_test(void)


Line 475 
 static void stage_file_test(void)












475
         unlink2(filename);
         unlink2(filename);

















476
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);

















477
 
 















478


         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";


         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";















479
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















480
         filename = "/tmp/mknod_blk_test";
         filename = "/tmp/mknod_blk_test";

















481
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);











#

Line 464 
 static void stage_file_test(void)


Line 483 
 static void stage_file_test(void)












483
         unlink2(filename);
         unlink2(filename);

















484
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);

















485
 
 















486


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";


         policy = "file mkfifo /tmp/mknod_fifo_test 0644";















487
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















488
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";

















489
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);











#

Line 472 
 static void stage_file_test(void)


Line 491 
 static void stage_file_test(void)












491
         unlink2(filename);
         unlink2(filename);

















492
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);

















493
 
 















494


         policy = "allow_mksock /tmp/mknod_sock_test 0644";


         policy = "file mksock /tmp/mknod_sock_test 0644";















495
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















496
         filename = "/tmp/mknod_sock_test";
         filename = "/tmp/mknod_sock_test";

















497
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);











#

Line 480 
 static void stage_file_test(void)


Line 499 
 static void stage_file_test(void)












499
         unlink2(filename);
         unlink2(filename);

















500
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);

















501
 
 















502


         policy = "allow_mkdir /tmp/mkdir_test/ 0600";


         policy = "file mkdir /tmp/mkdir_test/ 0600";















503
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















504
         filename = "/tmp/mkdir_test";
         filename = "/tmp/mkdir_test";

















505
         show_result(mkdir(filename, 0600), 1);
         show_result(mkdir(filename, 0600), 1);











#

Line 488 
 static void stage_file_test(void)


Line 507 
 static void stage_file_test(void)












507
         rmdir2(filename);
         rmdir2(filename);

















508
         show_result(mkdir(filename, 0600), 0);
         show_result(mkdir(filename, 0600), 0);

















509
 
 















510


         policy = "allow_rmdir /tmp/rmdir_test/";


         policy = "file rmdir /tmp/rmdir_test/";















511
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















512
         filename = "/tmp/rmdir_test";
         filename = "/tmp/rmdir_test";

















513
         mkdir2(filename);
         mkdir2(filename);











#

Line 498 
 static void stage_file_test(void)


Line 517 
 static void stage_file_test(void)












517
         show_result(rmdir(filename), 0);
         show_result(rmdir(filename), 0);

















518
         rmdir2(filename);
         rmdir2(filename);

















519
 
 















520


         policy = "allow_unlink /tmp/unlink_test";


         policy = "file unlink /tmp/unlink_test";















521
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















522
         filename = "/tmp/unlink_test";
         filename = "/tmp/unlink_test";

















523
         create2(filename);
         create2(filename);











#

Line 508 
 static void stage_file_test(void)


Line 527 
 static void stage_file_test(void)












527
         show_result(unlink(filename), 0);
         show_result(unlink(filename), 0);

















528
         unlink2(filename);
         unlink2(filename);

















529
 
 















530


         policy = "allow_symlink /tmp/symlink_source_test";


         policy = "file symlink /tmp/symlink_source_test";















531
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















532
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















533
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 516 
 static void stage_file_test(void)


Line 535 
 static void stage_file_test(void)












535
         unlink2(filename);
         unlink2(filename);

















536
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















537
 
 















538


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















539
                 "if symlink.target=\"/tmp/symlink_\\*_test\"";
                 "if symlink.target=\"/tmp/symlink_\\*_test\"";

















540
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















541
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 525 
 static void stage_file_test(void)


Line 544 
 static void stage_file_test(void)












544
         unlink2(filename);
         unlink2(filename);

















545
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















546
 
 















547


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















548
                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";

















549
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















550
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 534 
 static void stage_file_test(void)


Line 553 
 static void stage_file_test(void)












553
         unlink2(filename);
         unlink2(filename);

















554
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















555
 
 















556


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















557
                 "if symlink.target!=\"\\*\"";
                 "if symlink.target!=\"\\*\"";

















558
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















559
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 543 
 static void stage_file_test(void)


Line 562 
 static void stage_file_test(void)












562
         unlink2(filename);
         unlink2(filename);

















563
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















564
 
 















565


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "















566
                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";
                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";

















567
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















568
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";











#

Line 552 
 static void stage_file_test(void)


Line 571 
 static void stage_file_test(void)












571
         unlink2(filename);
         unlink2(filename);

















572
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















573
 
 















574


         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";


         policy = "file link /tmp/link_source_test /tmp/link_dest_test";















575
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















576
         filename = "/tmp/link_source_test";
         filename = "/tmp/link_source_test";

















577
         create2(filename);
         create2(filename);











#

Line 562 
 static void stage_file_test(void)


Line 581 
 static void stage_file_test(void)












581
         show_result(link(filename, "/tmp/link_dest_test"), 0);
         show_result(link(filename, "/tmp/link_dest_test"), 0);

















582
         unlink2(filename);
         unlink2(filename);

















583
 
 















584


         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";


         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";















585
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















586
         filename = "/tmp/rename_source_test";
         filename = "/tmp/rename_source_test";

















587
         create2(filename);
         create2(filename);











#

Line 573 
 static void stage_file_test(void)


Line 592 
 static void stage_file_test(void)












592
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);

















593
         unlink2(filename);
         unlink2(filename);

















594
 
 















595


         policy = "allow_mksock /tmp/socket_test 0755";


         policy = "file mksock /tmp/socket_test 0755";















596
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















597
         filename = "/tmp/socket_test";
         filename = "/tmp/socket_test";

















598
         memset(&addr, 0, sizeof(addr));
         memset(&addr, 0, sizeof(addr));











#

Line 591 
 static void stage_file_test(void)


Line 610 
 static void stage_file_test(void)












610
                     0);
                     0);

















611
         if (fd != EOF)
         if (fd != EOF)

















612
                 close(fd);
                 close(fd);














 
 










         filename = "/tmp/rewrite_test";
 










         create2(filename);
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
 










         policy = "allow_truncate /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










 
 










         fd = open(filename, O_RDONLY);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         show_result(truncate(filename, 0), 0);
 










 
 










         set_profile(0, "file::open");
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         set_profile(3, "file::open");
 










         show_result(ftruncate(fd, 0), 0);
 










 
 










         show_result(fcntl(fd, F_SETFL,
 










                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         write_domain_policy(policy, 1);
 










 
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 1);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
 










 
 













613
         unlink2(filename);
         unlink2(filename);

















614
 
 















615


         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "


         policy = "file ioctl socket:[family=2:type=2:protocol=17] "















616
                 "35122-35124 if task.uid=0";
                 "35122-35124 if task.uid=0";

















617
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















618
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);











#

Line 654 
 static void stage_file_test(void)


Line 621 
 static void stage_file_test(void)












621
                  "lo");
                  "lo");

















622
         show_result(ioctl(fd, 35123, &ifreq), 1);
         show_result(ioctl(fd, 35123, &ifreq), 1);

















623
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);















624


         policy = "allow_ioctl "


         policy = "file ioctl "















625
                 "socket:[family=2:type=2:protocol=17] 0-35122";
                 "socket:[family=2:type=2:protocol=17] 0-35122";

















626
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















627
         show_result(ioctl(fd, 35123, &ifreq), 0);
         show_result(ioctl(fd, 35123, &ifreq), 0);





























Legend:



Removed from v.3171
 


changed lines


 
Added in v.3906













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
-trunk/1.7.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3171 by kumaneko,
Wed Nov 11 04:43:08 2009 UTC
+trunk/1.8.x/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3906 by kumaneko,
Fri Aug 20 06:53:46 2010 UTC
 Line 1
  /*
   * ccs_new_file_test.c
   *
-  * Copyright (C) 2005-2009  NTT DATA CORPORATION
+  * Copyright (C) 2005-2010  NTT DATA CORPORATION
   *
-  * Version: 1.7.1   2009/11/11
+  * Version: 1.8.0-pre   2010/08/01
   *
+  * This program is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU General Public License v2 as published by the
+  * Free Software Foundation.
+  *
+  * This program is distributed in the hope that it will be useful, but WITHOUT
+  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+  * more details.
+  *
+  * You should have received a copy of the GNU General Public License along with
+  * this program; if not, write to the Free Software Foundation, Inc.,
+  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
   */
  #include "include.h"
-Line 136 
 static void stage_file_test(void)
+Line 148 
 static void stage_file_test(void)
          set_profile(3, "file::mksock");
          set_profile(3, "file::truncate");
          set_profile(3, "file::symlink");
-         set_profile(3, "file::rewrite");
          set_profile(3, "file::mkblock");
          set_profile(3, "file::mkchar");
          set_profile(3, "file::link");
-Line 150 
 static void stage_file_test(void)
+Line 161 
 static void stage_file_test(void)
          set_profile(3, "file::umount");
          set_profile(3, "file::pivot_root");
-         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
                  "if task.uid=0 task.gid=0";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
-         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
                  "if task.euid=0 0=0 1-100=10-1000";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
-         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
+         write_domain_policy(policy, 0);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
                  "if 1!=10-100";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
+         write_domain_policy(policy, 1);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "if 1!=10-100";
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
-         policy = "allow_read /bin/true "
+         policy = "file read /bin/true "
                  "if path1.uid=0 path1.parent.uid=0 10=10-100";
          write_domain_policy(policy, 0);
          show_result(uselib("/bin/true"), 1);
          write_domain_policy(policy, 1);
          show_result(uselib("/bin/true"), 0);
-         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";
+         policy = "file execute /bin/true if task.uid!=10 path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fflush(stdout);
          fflush(stderr);
-Line 212 
 static void stage_file_test(void)
+Line 231 
 static void stage_file_test(void)
          errno = err;
          show_result(err ? EOF : 0, 0);
-         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "
+         policy = "file read /dev/null if path1.type=char path1.dev_major=1 "
                  "path1.dev_minor=3";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
-Line 225 
 static void stage_file_test(void)
+Line 244 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=0666";
+         policy = "file read /dev/null if path1.perm=0666";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 237 
 static void stage_file_test(void)
+Line 256 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm!=0777";
+         policy = "file read /dev/null if path1.perm!=0777";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 249 
 static void stage_file_test(void)
+Line 268 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=owner_read "
+         policy = "file read /dev/null if path1.perm=owner_read "
                  "path1.perm=owner_write path1.perm!=owner_execute "
                  "path1.perm=group_read path1.perm=group_write "
                  "path1.perm!=group_execute path1.perm=others_read "
-Line 267 
 static void stage_file_test(void)
+Line 286 
 static void stage_file_test(void)
                  close(fd);
          set_profile(3, "file::mkfifo");
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "
                  "if path1.parent.perm=01777 path1.parent.perm=sticky "
                  "path1.parent.uid=0 path1.parent.gid=0";
          write_domain_policy(policy, 0);
-Line 282 
 static void stage_file_test(void)
+Line 301 
 static void stage_file_test(void)
          filename = "/dev/null";
          stat(filename, &sbuf);
          snprintf(pbuffer, sizeof(pbuffer) - 1,
-                  "allow_write %s if path1.major=%u path1.minor=%u",
+                  "file write %s if path1.major=%u path1.minor=%u",
                   filename, (unsigned int) MAJOR(sbuf.st_dev),
                   (unsigned int) MINOR(sbuf.st_dev));
          policy = pbuffer;
-Line 297 
 static void stage_file_test(void)
+Line 316 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /tmp/fifo if path1.type=fifo";
+         policy = "file read/write /tmp/fifo if path1.type=fifo";
          mkfifo2("/tmp/fifo");
          write_domain_policy(policy, 0);
          fd = open("/tmp/fifo", O_RDWR);
-Line 310 
 static void stage_file_test(void)
+Line 329 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";
+         policy = "file read /dev/null if path1.parent.ino=path1.parent.ino";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 322 
 static void stage_file_test(void)
+Line 341 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /dev/null if path1.uid=path1.gid";
+         policy = "file write /dev/null if path1.uid=path1.gid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_WRONLY);
          show_result(fd, 1);
-Line 334 
 static void stage_file_test(void)
+Line 353 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";
+         policy = "file read/write /dev/null if task.uid=path1.parent.uid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDWR);
          show_result(fd, 1);
-Line 346 
 static void stage_file_test(void)
+Line 365 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
                  "if path1.parent.uid=task.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/open_test if path1.parent.uid=0";
+         policy = "file write /tmp/open_test if path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 363 
 static void stage_file_test(void)
+Line 382 
 static void stage_file_test(void)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
                  "if path1.parent.uid=task.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 0);
-         policy = "allow_create /tmp/open_test 0644 if 0=0";
+         policy = "file create /tmp/open_test 0644 if 0=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 382 
 static void stage_file_test(void)
+Line 401 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test if task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 1);
          filename = "/tmp/truncate_test";
          create2(filename);
-         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";
+         policy = "file truncate /tmp/truncate_test if task.uid=path1.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";
+         policy = "file write /tmp/truncate_test if 1!=100-1000000";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 401 
 static void stage_file_test(void)
+Line 420 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_truncate /tmp/truncate_test "
+         policy = "file truncate /tmp/truncate_test "
                  "if task.uid=path1.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 418 
 static void stage_file_test(void)
+Line 437 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 1);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          show_result(truncate(filename, 0), 1);
          write_domain_policy(policy, 1);
          show_result(truncate(filename, 0), 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          set_profile(0, "file::open");
          fd = open(filename, O_WRONLY);
-Line 440 
 static void stage_file_test(void)
+Line 459 
 static void stage_file_test(void)
          unlink2(filename);
-         policy = "allow_create /tmp/mknod_reg_test 0644";
+         policy = "file create /tmp/mknod_reg_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_reg_test";
          show_result(mknod(filename, S_IFREG | 0644, 0), 1);
-Line 448 
 static void stage_file_test(void)
+Line 467 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
+         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_chr_test";
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
-Line 456 
 static void stage_file_test(void)
+Line 475 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
+         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_blk_test";
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
-Line 464 
 static void stage_file_test(void)
+Line 483 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
          show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
-Line 472 
 static void stage_file_test(void)
+Line 491 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-         policy = "allow_mksock /tmp/mknod_sock_test 0644";
+         policy = "file mksock /tmp/mknod_sock_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_sock_test";
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
-Line 480 
 static void stage_file_test(void)
+Line 499 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-         policy = "allow_mkdir /tmp/mkdir_test/ 0600";
+         policy = "file mkdir /tmp/mkdir_test/ 0600";
          write_domain_policy(policy, 0);
          filename = "/tmp/mkdir_test";
          show_result(mkdir(filename, 0600), 1);
-Line 488 
 static void stage_file_test(void)
+Line 507 
 static void stage_file_test(void)
          rmdir2(filename);
          show_result(mkdir(filename, 0600), 0);
-         policy = "allow_rmdir /tmp/rmdir_test/";
+         policy = "file rmdir /tmp/rmdir_test/";
          write_domain_policy(policy, 0);
          filename = "/tmp/rmdir_test";
          mkdir2(filename);
-Line 498 
 static void stage_file_test(void)
+Line 517 
 static void stage_file_test(void)
          show_result(rmdir(filename), 0);
          rmdir2(filename);
-         policy = "allow_unlink /tmp/unlink_test";
+         policy = "file unlink /tmp/unlink_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/unlink_test";
          create2(filename);
-Line 508 
 static void stage_file_test(void)
+Line 527 
 static void stage_file_test(void)
          show_result(unlink(filename), 0);
          unlink2(filename);
-         policy = "allow_symlink /tmp/symlink_source_test";
+         policy = "file symlink /tmp/symlink_source_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 516 
 static void stage_file_test(void)
+Line 535 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 525 
 static void stage_file_test(void)
+Line 544 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 534 
 static void stage_file_test(void)
+Line 553 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target!=\"\\*\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 543 
 static void stage_file_test(void)
+Line 562 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
                  "if symlink.target!=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
-Line 552 
 static void stage_file_test(void)
+Line 571 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
+         policy = "file link /tmp/link_source_test /tmp/link_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/link_source_test";
          create2(filename);
-Line 562 
 static void stage_file_test(void)
+Line 581 
 static void stage_file_test(void)
          show_result(link(filename, "/tmp/link_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
+         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/rename_source_test";
          create2(filename);
-Line 573 
 static void stage_file_test(void)
+Line 592 
 static void stage_file_test(void)
          show_result(rename(filename, "/tmp/rename_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_mksock /tmp/socket_test 0755";
+         policy = "file mksock /tmp/socket_test 0755";
          write_domain_policy(policy, 0);
          filename = "/tmp/socket_test";
          memset(&addr, 0, sizeof(addr));
-Line 591 
 static void stage_file_test(void)
+Line 610 
 static void stage_file_test(void)
 );
          if (fd != EOF)
                  close(fd);
-         filename = "/tmp/rewrite_test";
-         create2(filename);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
-         policy = "allow_truncate /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         fd = open(filename, O_RDONLY);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_APPEND);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         show_result(truncate(filename, 0), 0);
-         set_profile(0, "file::open");
-         fd = open(filename, O_WRONLY | O_APPEND);
-         set_profile(3, "file::open");
-         show_result(ftruncate(fd, 0), 0);
-         show_result(fcntl(fd, F_SETFL,
-                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-         if (fd != EOF)
-                 close(fd);
-         write_domain_policy(policy, 1);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 1);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
          unlink2(filename);
-         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
+         policy = "file ioctl socket:[family=2:type=2:protocol=17] "
                  "35122-35124 if task.uid=0";
          write_domain_policy(policy, 0);
          fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
-Line 654 
 static void stage_file_test(void)
+Line 621 
 static void stage_file_test(void)
                   "lo");
          show_result(ioctl(fd, 35123, &ifreq), 1);
          write_domain_policy(policy, 1);
-         policy = "allow_ioctl "
+         policy = "file ioctl "
                  "socket:[family=2:type=2:protocol=17] 0-35122";
          write_domain_policy(policy, 0);
          show_result(ioctl(fd, 35123, &ifreq), 0);
 Legend:



Removed from v.3171
 


changed lines


 
Added in v.3906
 Legend:



Removed from v.3171
 


changed lines


 
Added in v.3906
-Removed from v.3171
+Added in v.3906
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照