Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c




Diff of /trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c



 Parent Directory

|  Revision Log



|  Patch













branches/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3751 by kumaneko,
Fri Jun 11 02:26:44 2010 UTC



trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
revision 5495 by kumaneko,
Wed Sep 28 11:34:40 2011 UTC






#

Line 1 



Line 1 













1
 /*
 /*

















2
  * ccs_new_file_test.c
  * ccs_new_file_test.c

















3
  *
  *















4


  * Copyright (C) 2005-2009  NTT DATA CORPORATION


  * Copyright (C) 2005-2011  NTT DATA CORPORATION















5
  *
  *















6


  * Version: 1.7.1   2009/11/11


  * Version: 2.4.0+   2011/09/29















7
  *
  *












8
 
  * This program is free software; you can redistribute it and/or modify it







9
 
  * under the terms of the GNU General Public License v2 as published by the







10
 
  * Free Software Foundation.







11
 
  *







12
 
  * This program is distributed in the hope that it will be useful, but WITHOUT







13
 
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or







14
 
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for







15
 
  * more details.







16
 
  *







17
 
  * You should have received a copy of the GNU General Public License along with







18
 
  * this program; if not, write to the Free Software Foundation, Inc.,







19
 
  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA












20
  */
  */

















21
 #include "include.h"
 #include "include.h"












22
 
 #include <linux/elf.h>












23
 
 















24


 static const char *policy = "";


 static void make_elf_lib(void)
















 


 
















 #if 0


 
















 static int write_policy(void)


 















25
 {
 {















26


         FILE *fp;


         static const struct elf32_phdr eph = {













27


         char buffer[8192];


                 .p_type = PT_LOAD,













28


         int domain_found = 0;


                 .p_offset = 4096,













29


         int policy_found = 0;


                 .p_filesz = 1,













30


         memset(buffer, 0, sizeof(buffer));


         };













31


         set_profile(0, "file::open");


         static const struct elf32_hdr eh = {













32


         fp = fopen(proc_policy_domain_policy, "r");


                 .e_ident = ELFMAG,













33


         set_profile(3, "file::open");


                 .e_type = ET_EXEC,













34


         fprintf(domain_fp, "%s\n", policy);


                 .e_machine = EM_386,













35


         if (!fp) {


                 .e_phoff = sizeof(eh),













36


                 printf("%s : BUG: policy read failed\n", policy);


                 .e_phentsize = sizeof(eph),













37


                 return 0;


                 .e_phnum = 1,













38


         }


         };













39


         while (fgets(buffer, sizeof(buffer) - 1, fp)) {


         const int fd = open("/tmp/uselib", O_WRONLY | O_CREAT | O_TRUNC, 0755);













40


                 char *cp = strchr(buffer, '\n');


         if (fd != EOF) {













41


                 if (cp)


                 write(fd, &eh, sizeof(eh));













42


                         *cp = '\0';


                 write(fd, &eph, sizeof(eph));













43


                 if (!strncmp(buffer, "<kernel>", 8))


                 lseek(fd, 4096, SEEK_SET);













44


                         domain_found = !strcmp(self_domain, buffer);


                 write(fd, "", 1);













45


                 if (!domain_found)


                 close(fd);
















                         continue;


 
















                 /* printf("<%s>\n", buffer); */


 
















                 if (!strcmp(buffer, policy)) {


 
















                         policy_found = 1;


 
















                         break;


 
















                 }


 
















         }


 
















         fclose(fp);


 
















         if (!policy_found) {


 
















                 printf("%s : BUG: policy write failed\n", policy);


 
















                 return 0;


 















46
         }
         }














         errno = 0;
 










         return 1;
 













47
 }
 }















48


 #endif


 













49


 


 static const char *policy = "";















50
 
 

















51
 static void show_result(int result, char should_success)
 static void show_result(int result, char should_success)

















52
 {
 {











#

Line 126 
 static void stage_file_test(void)


Line 124 
 static void stage_file_test(void)












124
         struct sockaddr_un addr;
         struct sockaddr_un addr;

















125
         struct ifreq ifreq;
         struct ifreq ifreq;

















126
         char *filename = "";
         char *filename = "";












127
 
         int ret_ignored;












128
         set_profile(3, "file::execute");
         set_profile(3, "file::execute");

















129
         set_profile(3, "file::open");
         set_profile(3, "file::open");

















130
         set_profile(3, "file::create");
         set_profile(3, "file::create");











#

Line 136 
 static void stage_file_test(void)


Line 135 
 static void stage_file_test(void)












135
         set_profile(3, "file::mksock");
         set_profile(3, "file::mksock");

















136
         set_profile(3, "file::truncate");
         set_profile(3, "file::truncate");

















137
         set_profile(3, "file::symlink");
         set_profile(3, "file::symlink");














         set_profile(3, "file::rewrite");
 













138
         set_profile(3, "file::mkblock");
         set_profile(3, "file::mkblock");

















139
         set_profile(3, "file::mkchar");
         set_profile(3, "file::mkchar");

















140
         set_profile(3, "file::link");
         set_profile(3, "file::link");











#

Line 147 
 static void stage_file_test(void)


Line 145 
 static void stage_file_test(void)












145
         set_profile(3, "file::ioctl");
         set_profile(3, "file::ioctl");

















146
         set_profile(3, "file::chroot");
         set_profile(3, "file::chroot");

















147
         set_profile(3, "file::mount");
         set_profile(3, "file::mount");















148


         set_profile(3, "file::umount");


         set_profile(3, "file::unmount");















149
         set_profile(3, "file::pivot_root");
         set_profile(3, "file::pivot_root");

















150
 
 















151


         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













152


                 "if task.uid=0 task.gid=0";


                 "task.uid=0 task.gid=0";















153
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















154
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);

















155
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















156
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
         show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);

















157
 
 















158


         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "













159


                 "if task.euid=0 0=0 1-100=10-1000";


                 "task.euid=0 0=0 1-100=10-1000";















160
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















161
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 1);

















162
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















163
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
         show_result(sysctl(name, 3, 0, 0, buffer, size), 0);

















164
 
 















165


         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "


         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "













166


                 "if 1!=10-100";


                 "1!=10-100";













167


 


         write_domain_policy(policy, 0);













168


 


         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "













169


 


                 "1!=10-100";















170
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















171
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);












172
 
         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "







173
 
                 "1!=10-100";







174
 
         write_domain_policy(policy, 1);







175
 
         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "







176
 
                 "1!=10-100";












177
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















178
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
         show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);

















179
 
 















180


         policy = "allow_read /bin/true "


         policy = "file read /tmp/uselib "













181


                 "if path1.uid=0 path1.parent.uid=0 10=10-100";


                 "path1.uid=0 path1.parent.uid=0 10=10-100";















182
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















183


         show_result(uselib("/bin/true"), 1);


         show_result(uselib("/tmp/uselib"), 1);















184
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);















185


         show_result(uselib("/bin/true"), 0);


         show_result(uselib("/tmp/uselib"), 0);















186
 
 















187


         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";


         policy = "file execute /bin/true task.uid!=10 path1.parent.uid=0";















188
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















189
         fflush(stdout);
         fflush(stdout);

















190
         fflush(stderr);
         fflush(stderr);















191


         pipe(pipe_fd);


         ret_ignored = pipe(pipe_fd);















192
         if (fork() == 0) {
         if (fork() == 0) {

















193
                 execl("/bin/true", "/bin/true", NULL);
                 execl("/bin/true", "/bin/true", NULL);

















194
                 err = errno;
                 err = errno;















195


                 write(pipe_fd[1], &err, sizeof(err));


                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));















196
                 _exit(0);
                 _exit(0);

















197
         }
         }

















198
         close(pipe_fd[1]);
         close(pipe_fd[1]);















199


         read(pipe_fd[0], &err, sizeof(err));


         ret_ignored = read(pipe_fd[0], &err, sizeof(err));















200
         close(pipe_fd[0]);
         close(pipe_fd[0]);

















201
         wait(NULL);
         wait(NULL);

















202
         errno = err;
         errno = err;











#

Line 198 
 static void stage_file_test(void)


Line 204 
 static void stage_file_test(void)












204
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















205
         fflush(stdout);
         fflush(stdout);

















206
         fflush(stderr);
         fflush(stderr);















207


         pipe(pipe_fd);


         ret_ignored = pipe(pipe_fd);















208
         if (fork() == 0) {
         if (fork() == 0) {

















209
                 execl("/bin/true", "/bin/true", NULL);
                 execl("/bin/true", "/bin/true", NULL);

















210
                 err = errno;
                 err = errno;















211


                 write(pipe_fd[1], &err, sizeof(err));


                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));















212
                 _exit(0);
                 _exit(0);

















213
         }
         }

















214
         close(pipe_fd[1]);
         close(pipe_fd[1]);















215


         read(pipe_fd[0], &err, sizeof(err));


         ret_ignored = read(pipe_fd[0], &err, sizeof(err));















216
         close(pipe_fd[0]);
         close(pipe_fd[0]);

















217
         wait(NULL);
         wait(NULL);

















218
         errno = err;
         errno = err;

















219
         show_result(err ? EOF : 0, 0);
         show_result(err ? EOF : 0, 0);

















220
 
 















221


         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "


         policy = "file read /dev/null path1.type=char path1.dev_major=1 "















222
                 "path1.dev_minor=3";
                 "path1.dev_minor=3";

















223
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















224
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);











#

Line 225 
 static void stage_file_test(void)


Line 231 
 static void stage_file_test(void)












231
         if (fd != EOF)
         if (fd != EOF)

















232
                 close(fd);
                 close(fd);

















233
 
 















234


         policy = "allow_read /dev/null if path1.perm=0666";


         policy = "file read /dev/null path1.perm=0666";















235
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















236
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















237
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 237 
 static void stage_file_test(void)


Line 243 
 static void stage_file_test(void)












243
         if (fd != EOF)
         if (fd != EOF)

















244
                 close(fd);
                 close(fd);

















245
 
 















246


         policy = "allow_read /dev/null if path1.perm!=0777";


         policy = "file read /dev/null path1.perm!=0777";















247
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















248
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















249
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 249 
 static void stage_file_test(void)


Line 255 
 static void stage_file_test(void)












255
         if (fd != EOF)
         if (fd != EOF)

















256
                 close(fd);
                 close(fd);

















257
 
 















258


         policy = "allow_read /dev/null if path1.perm=owner_read "


         policy = "file read /dev/null path1.perm=owner_read "















259
                 "path1.perm=owner_write path1.perm!=owner_execute "
                 "path1.perm=owner_write path1.perm!=owner_execute "

















260
                 "path1.perm=group_read path1.perm=group_write "
                 "path1.perm=group_read path1.perm=group_write "

















261
                 "path1.perm!=group_execute path1.perm=others_read "
                 "path1.perm!=group_execute path1.perm=others_read "











#

Line 267 
 static void stage_file_test(void)


Line 273 
 static void stage_file_test(void)












273
                 close(fd);
                 close(fd);

















274
 
 

















275
         set_profile(3, "file::mkfifo");
         set_profile(3, "file::mkfifo");















276


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "


         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "













277


                 "if path1.parent.perm=01777 path1.parent.perm=sticky "


                 "path1.parent.perm=01777 path1.parent.perm=sticky "















278
                 "path1.parent.uid=0 path1.parent.gid=0";
                 "path1.parent.uid=0 path1.parent.gid=0";

















279
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















280
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";











#

Line 282 
 static void stage_file_test(void)


Line 288 
 static void stage_file_test(void)












288
         filename = "/dev/null";
         filename = "/dev/null";

















289
         stat(filename, &sbuf);
         stat(filename, &sbuf);

















290
         snprintf(pbuffer, sizeof(pbuffer) - 1,
         snprintf(pbuffer, sizeof(pbuffer) - 1,















291


                  "allow_write %s if path1.major=%u path1.minor=%u",


                  "file write %s path1.major=%u path1.minor=%u",















292
                  filename, (unsigned int) MAJOR(sbuf.st_dev),
                  filename, (unsigned int) MAJOR(sbuf.st_dev),

















293
                  (unsigned int) MINOR(sbuf.st_dev));
                  (unsigned int) MINOR(sbuf.st_dev));

















294
         policy = pbuffer;
         policy = pbuffer;











#

Line 297 
 static void stage_file_test(void)


Line 303 
 static void stage_file_test(void)












303
         if (fd != EOF)
         if (fd != EOF)

















304
                 close(fd);
                 close(fd);

















305
 
 















306


         policy = "allow_read/write /tmp/fifo if path1.type=fifo";


         policy = "file read /tmp/fifo path1.type=fifo\t"













307


 


                 "file write /tmp/fifo path1.type=fifo";















308
         mkfifo2("/tmp/fifo");
         mkfifo2("/tmp/fifo");

















309
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















310
         fd = open("/tmp/fifo", O_RDWR);
         fd = open("/tmp/fifo", O_RDWR);











#

Line 310 
 static void stage_file_test(void)


Line 317 
 static void stage_file_test(void)












317
         if (fd != EOF)
         if (fd != EOF)

















318
                 close(fd);
                 close(fd);

















319
 
 















320


         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";


         policy = "file read /dev/null path1.parent.ino=path1.parent.ino";















321
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















322
         fd = open("/dev/null", O_RDONLY);
         fd = open("/dev/null", O_RDONLY);

















323
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 322 
 static void stage_file_test(void)


Line 329 
 static void stage_file_test(void)












329
         if (fd != EOF)
         if (fd != EOF)

















330
                 close(fd);
                 close(fd);

















331
 
 















332


         policy = "allow_write /dev/null if path1.uid=path1.gid";


         policy = "file write /dev/null path1.uid=path1.gid";















333
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















334
         fd = open("/dev/null", O_WRONLY);
         fd = open("/dev/null", O_WRONLY);

















335
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 334 
 static void stage_file_test(void)


Line 341 
 static void stage_file_test(void)












341
         if (fd != EOF)
         if (fd != EOF)

















342
                 close(fd);
                 close(fd);

















343
 
 















344


         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";


         policy = "file read /dev/null task.uid=path1.parent.uid\t"













345


 


                 "file write /dev/null task.uid=path1.parent.uid";















346
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















347
         fd = open("/dev/null", O_RDWR);
         fd = open("/dev/null", O_RDWR);

















348
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 346 
 static void stage_file_test(void)


Line 354 
 static void stage_file_test(void)












354
         if (fd != EOF)
         if (fd != EOF)

















355
                 close(fd);
                 close(fd);

















356
 
 















357


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "













358


                 "if path1.parent.uid=task.uid";


                 "path1.parent.uid=task.uid";















359
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















360


         policy = "allow_write /tmp/open_test if path1.parent.uid=0";


         policy = "file write /tmp/open_test path1.parent.uid=0";















361
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















362
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















363
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 363 
 static void stage_file_test(void)


Line 371 
 static void stage_file_test(void)












371
                 close(fd);
                 close(fd);

















372
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");

















373
 
 















374


         policy = "allow_create /tmp/open_test 0644 "


         policy = "file create /tmp/open_test 0644 "













375


                 "if path1.parent.uid=task.uid";


                 "path1.parent.uid=task.uid";















376
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















377
 
 















378


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";















379
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















380


         policy = "allow_create /tmp/open_test 0644 if 0=0";


         policy = "file create /tmp/open_test 0644 0=0";















381
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















382
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
         fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);

















383
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 382 
 static void stage_file_test(void)


Line 390 
 static void stage_file_test(void)












390
         if (fd != EOF)
         if (fd != EOF)

















391
                 close(fd);
                 close(fd);

















392
         unlink2("/tmp/open_test");
         unlink2("/tmp/open_test");















393


         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";


         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";















394
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















395
 
 

















396
         filename = "/tmp/truncate_test";
         filename = "/tmp/truncate_test";

















397
         create2(filename);
         create2(filename);

















398
 
 















399


         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";


         policy = "file truncate /tmp/truncate_test task.uid=path1.uid";















400
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















401


         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";


         policy = "file write /tmp/truncate_test 1!=100-1000000";















402
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















403
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















404
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 401 
 static void stage_file_test(void)


Line 409 
 static void stage_file_test(void)












409
         show_result(fd, 0);
         show_result(fd, 0);

















410
         if (fd != EOF)
         if (fd != EOF)

















411
                 close(fd);
                 close(fd);















412


         policy = "allow_truncate /tmp/truncate_test "


         policy = "file truncate /tmp/truncate_test "













413


                 "if task.uid=path1.uid";


                 "task.uid=path1.uid";















414
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















415
 
 















416


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















417
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);















418


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















419
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















420
         fd = open(filename, O_WRONLY | O_TRUNC);
         fd = open(filename, O_WRONLY | O_TRUNC);

















421
         show_result(fd, 1);
         show_result(fd, 1);











#

Line 418 
 static void stage_file_test(void)


Line 426 
 static void stage_file_test(void)












426
         show_result(fd, 0);
         show_result(fd, 0);

















427
         if (fd != EOF)
         if (fd != EOF)

















428
                 close(fd);
                 close(fd);















429


         policy = "allow_write /tmp/truncate_test";


         policy = "file write /tmp/truncate_test";















430
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















431
 
 















432


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















433
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















434
         show_result(truncate(filename, 0), 1);
         show_result(truncate(filename, 0), 1);

















435
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);

















436
         show_result(truncate(filename, 0), 0);
         show_result(truncate(filename, 0), 0);

















437
 
 















438


         policy = "allow_truncate /tmp/truncate_test";


         policy = "file truncate /tmp/truncate_test";















439
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















440
         set_profile(0, "file::open");
         set_profile(0, "file::open");

















441
         fd = open(filename, O_WRONLY);
         fd = open(filename, O_WRONLY);











#

Line 440 
 static void stage_file_test(void)


Line 448 
 static void stage_file_test(void)












448
 
 

















449
         unlink2(filename);
         unlink2(filename);

















450
 
 















451


         policy = "allow_create /tmp/mknod_reg_test 0644";


         policy = "file create /tmp/mknod_reg_test 0644";















452
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















453
         filename = "/tmp/mknod_reg_test";
         filename = "/tmp/mknod_reg_test";

















454
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);
         show_result(mknod(filename, S_IFREG | 0644, 0), 1);











#

Line 448 
 static void stage_file_test(void)


Line 456 
 static void stage_file_test(void)












456
         unlink2(filename);
         unlink2(filename);

















457
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);
         show_result(mknod(filename, S_IFREG | 0644, 0), 0);

















458
 
 















459


         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";


         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";















460
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















461
         filename = "/tmp/mknod_chr_test";
         filename = "/tmp/mknod_chr_test";

















462
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);











#

Line 456 
 static void stage_file_test(void)


Line 464 
 static void stage_file_test(void)












464
         unlink2(filename);
         unlink2(filename);

















465
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
         show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);

















466
 
 















467


         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";


         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";















468
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















469
         filename = "/tmp/mknod_blk_test";
         filename = "/tmp/mknod_blk_test";

















470
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);











#

Line 464 
 static void stage_file_test(void)


Line 472 
 static void stage_file_test(void)












472
         unlink2(filename);
         unlink2(filename);

















473
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
         show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);

















474
 
 















475


         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";


         policy = "file mkfifo /tmp/mknod_fifo_test 0644";















476
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















477
         filename = "/tmp/mknod_fifo_test";
         filename = "/tmp/mknod_fifo_test";

















478
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 1);











#

Line 472 
 static void stage_file_test(void)


Line 480 
 static void stage_file_test(void)












480
         unlink2(filename);
         unlink2(filename);

















481
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
         show_result(mknod(filename, S_IFIFO | 0644, 0), 0);

















482
 
 















483


         policy = "allow_mksock /tmp/mknod_sock_test 0644";


         policy = "file mksock /tmp/mknod_sock_test 0644";















484
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















485
         filename = "/tmp/mknod_sock_test";
         filename = "/tmp/mknod_sock_test";

















486
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);











#

Line 480 
 static void stage_file_test(void)


Line 488 
 static void stage_file_test(void)












488
         unlink2(filename);
         unlink2(filename);

















489
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
         show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);

















490
 
 















491


         policy = "allow_mkdir /tmp/mkdir_test/ 0600";


         policy = "file mkdir /tmp/mkdir_test/ 0600";















492
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















493
         filename = "/tmp/mkdir_test";
         filename = "/tmp/mkdir_test";

















494
         show_result(mkdir(filename, 0600), 1);
         show_result(mkdir(filename, 0600), 1);











#

Line 488 
 static void stage_file_test(void)


Line 496 
 static void stage_file_test(void)












496
         rmdir2(filename);
         rmdir2(filename);

















497
         show_result(mkdir(filename, 0600), 0);
         show_result(mkdir(filename, 0600), 0);

















498
 
 















499


         policy = "allow_rmdir /tmp/rmdir_test/";


         policy = "file rmdir /tmp/rmdir_test/";















500
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















501
         filename = "/tmp/rmdir_test";
         filename = "/tmp/rmdir_test";

















502
         mkdir2(filename);
         mkdir2(filename);











#

Line 498 
 static void stage_file_test(void)


Line 506 
 static void stage_file_test(void)












506
         show_result(rmdir(filename), 0);
         show_result(rmdir(filename), 0);

















507
         rmdir2(filename);
         rmdir2(filename);

















508
 
 















509


         policy = "allow_unlink /tmp/unlink_test";


         policy = "file unlink /tmp/unlink_test";















510
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















511
         filename = "/tmp/unlink_test";
         filename = "/tmp/unlink_test";

















512
         create2(filename);
         create2(filename);











#

Line 508 
 static void stage_file_test(void)


Line 516 
 static void stage_file_test(void)












516
         show_result(unlink(filename), 0);
         show_result(unlink(filename), 0);

















517
         unlink2(filename);
         unlink2(filename);

















518
 
 















519


         policy = "allow_symlink /tmp/symlink_source_test";


         policy = "file symlink /tmp/symlink_source_test";















520
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















521
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















522
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 516 
 static void stage_file_test(void)


Line 524 
 static void stage_file_test(void)












524
         unlink2(filename);
         unlink2(filename);

















525
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















526
 
 















527


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













528


                 "if symlink.target=\"/tmp/symlink_\\*_test\"";


                 "symlink.target=\"/tmp/symlink_\\*_test\"";















529
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















530
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















531
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 525 
 static void stage_file_test(void)


Line 533 
 static void stage_file_test(void)












533
         unlink2(filename);
         unlink2(filename);

















534
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















535
 
 















536


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













537


                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";


                 "task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";















538
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















539
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















540
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 534 
 static void stage_file_test(void)


Line 542 
 static void stage_file_test(void)












542
         unlink2(filename);
         unlink2(filename);

















543
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















544
 
 















545


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













546


                 "if symlink.target!=\"\\*\"";


                 "symlink.target!=\"\\*\"";















547
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















548
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















549
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);
         show_result(symlink("/tmp/symlink_dest_test", filename), 1);











#

Line 543 
 static void stage_file_test(void)


Line 551 
 static void stage_file_test(void)












551
         unlink2(filename);
         unlink2(filename);

















552
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















553
 
 















554


         policy = "allow_symlink /tmp/symlink_source_test "


         policy = "file symlink /tmp/symlink_source_test "













555


                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";


                 "symlink.target!=\"/tmp/symlink_\\*_test\"";















556
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















557
         filename = "/tmp/symlink_source_test";
         filename = "/tmp/symlink_source_test";

















558
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);











#

Line 552 
 static void stage_file_test(void)


Line 560 
 static void stage_file_test(void)












560
         unlink2(filename);
         unlink2(filename);

















561
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);
         show_result(symlink("/tmp/symlink_dest_test", filename), 0);

















562
 
 















563


         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";


         policy = "file link /tmp/link_source_test /tmp/link_dest_test";















564
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















565
         filename = "/tmp/link_source_test";
         filename = "/tmp/link_source_test";

















566
         create2(filename);
         create2(filename);











#

Line 562 
 static void stage_file_test(void)


Line 570 
 static void stage_file_test(void)












570
         show_result(link(filename, "/tmp/link_dest_test"), 0);
         show_result(link(filename, "/tmp/link_dest_test"), 0);

















571
         unlink2(filename);
         unlink2(filename);

















572
 
 















573


         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";


         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";















574
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















575
         filename = "/tmp/rename_source_test";
         filename = "/tmp/rename_source_test";

















576
         create2(filename);
         create2(filename);











#

Line 573 
 static void stage_file_test(void)


Line 581 
 static void stage_file_test(void)












581
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);
         show_result(rename(filename, "/tmp/rename_dest_test"), 0);

















582
         unlink2(filename);
         unlink2(filename);

















583
 
 















584


         policy = "allow_mksock /tmp/socket_test 0755";


         policy = "file mksock /tmp/socket_test 0755";















585
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















586
         filename = "/tmp/socket_test";
         filename = "/tmp/socket_test";

















587
         memset(&addr, 0, sizeof(addr));
         memset(&addr, 0, sizeof(addr));











#

Line 591 
 static void stage_file_test(void)


Line 599 
 static void stage_file_test(void)












599
                     0);
                     0);

















600
         if (fd != EOF)
         if (fd != EOF)

















601
                 close(fd);
                 close(fd);














 
 










         filename = "/tmp/rewrite_test";
 










         create2(filename);
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
 










         policy = "allow_truncate /tmp/rewrite_test";
 










         write_domain_policy(policy, 0);
 










 
 










         fd = open(filename, O_RDONLY);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         show_result(fd, 1);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
 










         show_result(fd, 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         show_result(truncate(filename, 0), 0);
 










 
 










         set_profile(0, "file::open");
 










         fd = open(filename, O_WRONLY | O_APPEND);
 










         set_profile(3, "file::open");
 










         show_result(ftruncate(fd, 0), 0);
 










 
 










         show_result(fcntl(fd, F_SETFL,
 










                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
 










         if (fd != EOF)
 










                 close(fd);
 










 
 










         write_domain_policy(policy, 1);
 










 
 










         policy = "allow_read/write /tmp/rewrite_test";
 










         write_domain_policy(policy, 1);
 










         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
 










 
 













602
         unlink2(filename);
         unlink2(filename);

















603
 
 















604


         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "


         policy = "file ioctl socket:[family=2:type=2:protocol=17] "













605


                 "35122-35124 if task.uid=0";


                 "35122-35124 task.uid=0";















606
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















607
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
         fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);

















608
         memset(&ifreq, 0, sizeof(ifreq));
         memset(&ifreq, 0, sizeof(ifreq));











#

Line 654 
 static void stage_file_test(void)


Line 610 
 static void stage_file_test(void)












610
                  "lo");
                  "lo");

















611
         show_result(ioctl(fd, 35123, &ifreq), 1);
         show_result(ioctl(fd, 35123, &ifreq), 1);

















612
         write_domain_policy(policy, 1);
         write_domain_policy(policy, 1);















613


         policy = "allow_ioctl "


         policy = "file ioctl "















614
                 "socket:[family=2:type=2:protocol=17] 0-35122";
                 "socket:[family=2:type=2:protocol=17] 0-35122";

















615
         write_domain_policy(policy, 0);
         write_domain_policy(policy, 0);

















616
         show_result(ioctl(fd, 35123, &ifreq), 0);
         show_result(ioctl(fd, 35123, &ifreq), 0);











#

Line 666 
 static void stage_file_test(void)


Line 622 
 static void stage_file_test(void)












622
 int main(int argc, char *argv[])
 int main(int argc, char *argv[])

















623
 {
 {

















624
         ccs_test_init();
         ccs_test_init();












625
 
         make_elf_lib();












626
         fprintf(domain_fp, "%s /bin/true\n", self_domain);
         fprintf(domain_fp, "%s /bin/true\n", self_domain);

















627
         fprintf(domain_fp, "use_profile 255\n");
         fprintf(domain_fp, "use_profile 255\n");

















628
         fprintf(domain_fp, "select pid=%u\n", pid);
         fprintf(domain_fp, "select pid=%u\n", pid);















629


         fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");


         fprintf(profile_fp, "255-PREFERENCE={ max_reject_log=1024 }\n");















630
         stage_file_test();
         stage_file_test();

















631
         fprintf(domain_fp, "use_profile 0\n");
         fprintf(domain_fp, "use_profile 0\n");

















632
         clear_status();
         clear_status();












633
 
         if (0) /* To suppress "defined but not used" warnings. */







634
 
                 write_exception_policy("", 0);












635
         return 0;
         return 0;

















636
 }
 }





























Legend:



Removed from v.3751
 


changed lines


 
Added in v.5495













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
-branches/ccs-tools/ccstools/kernel_test/ccs_new_file_test.c
revision 3751 by kumaneko,
Fri Jun 11 02:26:44 2010 UTC
+trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo_new_file_test.c
revision 5495 by kumaneko,
Wed Sep 28 11:34:40 2011 UTC
 Line 1
  /*
   * ccs_new_file_test.c
   *
-  * Copyright (C) 2005-2009  NTT DATA CORPORATION
+  * Copyright (C) 2005-2011  NTT DATA CORPORATION
   *
-  * Version: 1.7.1   2009/11/11
+  * Version: 2.4.0+   2011/09/29
   *
+  * This program is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU General Public License v2 as published by the
+  * Free Software Foundation.
+  *
+  * This program is distributed in the hope that it will be useful, but WITHOUT
+  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+  * more details.
+  *
+  * You should have received a copy of the GNU General Public License along with
+  * this program; if not, write to the Free Software Foundation, Inc.,
+  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
   */
  #include "include.h"
+ #include <linux/elf.h>
- static const char *policy = "";
+ static void make_elf_lib(void)
- #if 0
- static int write_policy(void)
  {
-         FILE *fp;
+         static const struct elf32_phdr eph = {
-         char buffer[8192];
+                 .p_type = PT_LOAD,
-         int domain_found = 0;
+                 .p_offset = 4096,
-         int policy_found = 0;
+                 .p_filesz = 1,
-         memset(buffer, 0, sizeof(buffer));
+         };
-         set_profile(0, "file::open");
+         static const struct elf32_hdr eh = {
-         fp = fopen(proc_policy_domain_policy, "r");
+                 .e_ident = ELFMAG,
-         set_profile(3, "file::open");
+                 .e_type = ET_EXEC,
-         fprintf(domain_fp, "%s\n", policy);
+                 .e_machine = EM_386,
-         if (!fp) {
+                 .e_phoff = sizeof(eh),
-                 printf("%s : BUG: policy read failed\n", policy);
+                 .e_phentsize = sizeof(eph),
-                 return 0;
+                 .e_phnum = 1,
-         }
+         };
-         while (fgets(buffer, sizeof(buffer) - 1, fp)) {
+         const int fd = open("/tmp/uselib", O_WRONLY | O_CREAT | O_TRUNC, 0755);
-                 char *cp = strchr(buffer, '\n');
+         if (fd != EOF) {
-                 if (cp)
+                 write(fd, &eh, sizeof(eh));
-                         *cp = '\0';
+                 write(fd, &eph, sizeof(eph));
-                 if (!strncmp(buffer, "<kernel>", 8))
+                 lseek(fd, 4096, SEEK_SET);
-                         domain_found = !strcmp(self_domain, buffer);
+                 write(fd, "", 1);
-                 if (!domain_found)
+                 close(fd);
-                         continue;
-                 /* printf("<%s>\n", buffer); */
-                 if (!strcmp(buffer, policy)) {
-                         policy_found = 1;
-                         break;
-                 }
-         }
-         fclose(fp);
-         if (!policy_found) {
-                 printf("%s : BUG: policy write failed\n", policy);
-                 return 0;
          }
-         errno = 0;
-         return 1;
  }
- #endif
+ static const char *policy = "";
  static void show_result(int result, char should_success)
  {
-Line 126 
 static void stage_file_test(void)
+Line 124 
 static void stage_file_test(void)
          struct sockaddr_un addr;
          struct ifreq ifreq;
          char *filename = "";
+         int ret_ignored;
          set_profile(3, "file::execute");
          set_profile(3, "file::open");
          set_profile(3, "file::create");
-Line 136 
 static void stage_file_test(void)
+Line 135 
 static void stage_file_test(void)
          set_profile(3, "file::mksock");
          set_profile(3, "file::truncate");
          set_profile(3, "file::symlink");
-         set_profile(3, "file::rewrite");
          set_profile(3, "file::mkblock");
          set_profile(3, "file::mkchar");
          set_profile(3, "file::link");
-Line 147 
 static void stage_file_test(void)
+Line 145 
 static void stage_file_test(void)
          set_profile(3, "file::ioctl");
          set_profile(3, "file::chroot");
          set_profile(3, "file::mount");
-         set_profile(3, "file::umount");
+         set_profile(3, "file::unmount");
          set_profile(3, "file::pivot_root");
-         policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
-                 "if task.uid=0 task.gid=0";
+                 "task.uid=0 task.gid=0";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
-         policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
-                 "if task.euid=0 0=0 1-100=10-1000";
+                 "task.euid=0 0=0 1-100=10-1000";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
-         policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range "
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
-                 "if 1!=10-100";
+                 "1!=10-100";
+         write_domain_policy(policy, 0);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
          write_domain_policy(policy, 0);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
+         policy = "file read proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
+         write_domain_policy(policy, 1);
+         policy = "file write proc:/sys/net/ipv4/ip_local_port_range "
+                 "1!=10-100";
          write_domain_policy(policy, 1);
          show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
-         policy = "allow_read /bin/true "
+         policy = "file read /tmp/uselib "
-                 "if path1.uid=0 path1.parent.uid=0 10=10-100";
+                 "path1.uid=0 path1.parent.uid=0 10=10-100";
          write_domain_policy(policy, 0);
-         show_result(uselib("/bin/true"), 1);
+         show_result(uselib("/tmp/uselib"), 1);
          write_domain_policy(policy, 1);
-         show_result(uselib("/bin/true"), 0);
+         show_result(uselib("/tmp/uselib"), 0);
-         policy = "allow_execute /bin/true if task.uid!=10 path1.parent.uid=0";
+         policy = "file execute /bin/true task.uid!=10 path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fflush(stdout);
          fflush(stderr);
-         pipe(pipe_fd);
+         ret_ignored = pipe(pipe_fd);
          if (fork() == 0) {
                  execl("/bin/true", "/bin/true", NULL);
                  err = errno;
-                 write(pipe_fd[1], &err, sizeof(err));
+                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));
                  _exit(0);
          }
          close(pipe_fd[1]);
-         read(pipe_fd[0], &err, sizeof(err));
+         ret_ignored = read(pipe_fd[0], &err, sizeof(err));
          close(pipe_fd[0]);
          wait(NULL);
          errno = err;
-Line 198 
 static void stage_file_test(void)
+Line 204 
 static void stage_file_test(void)
          write_domain_policy(policy, 1);
          fflush(stdout);
          fflush(stderr);
-         pipe(pipe_fd);
+         ret_ignored = pipe(pipe_fd);
          if (fork() == 0) {
                  execl("/bin/true", "/bin/true", NULL);
                  err = errno;
-                 write(pipe_fd[1], &err, sizeof(err));
+                 ret_ignored = write(pipe_fd[1], &err, sizeof(err));
                  _exit(0);
          }
          close(pipe_fd[1]);
-         read(pipe_fd[0], &err, sizeof(err));
+         ret_ignored = read(pipe_fd[0], &err, sizeof(err));
          close(pipe_fd[0]);
          wait(NULL);
          errno = err;
          show_result(err ? EOF : 0, 0);
-         policy = "allow_read /dev/null if path1.type=char path1.dev_major=1 "
+         policy = "file read /dev/null path1.type=char path1.dev_major=1 "
                  "path1.dev_minor=3";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
-Line 225 
 static void stage_file_test(void)
+Line 231 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=0666";
+         policy = "file read /dev/null path1.perm=0666";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 237 
 static void stage_file_test(void)
+Line 243 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm!=0777";
+         policy = "file read /dev/null path1.perm!=0777";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 249 
 static void stage_file_test(void)
+Line 255 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.perm=owner_read "
+         policy = "file read /dev/null path1.perm=owner_read "
                  "path1.perm=owner_write path1.perm!=owner_execute "
                  "path1.perm=group_read path1.perm=group_write "
                  "path1.perm!=group_execute path1.perm=others_read "
-Line 267 
 static void stage_file_test(void)
+Line 273 
 static void stage_file_test(void)
                  close(fd);
          set_profile(3, "file::mkfifo");
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644 "
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644 "
-                 "if path1.parent.perm=01777 path1.parent.perm=sticky "
+                 "path1.parent.perm=01777 path1.parent.perm=sticky "
                  "path1.parent.uid=0 path1.parent.gid=0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
-Line 282 
 static void stage_file_test(void)
+Line 288 
 static void stage_file_test(void)
          filename = "/dev/null";
          stat(filename, &sbuf);
          snprintf(pbuffer, sizeof(pbuffer) - 1,
-                  "allow_write %s if path1.major=%u path1.minor=%u",
+                  "file write %s path1.major=%u path1.minor=%u",
                   filename, (unsigned int) MAJOR(sbuf.st_dev),
                   (unsigned int) MINOR(sbuf.st_dev));
          policy = pbuffer;
-Line 297 
 static void stage_file_test(void)
+Line 303 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /tmp/fifo if path1.type=fifo";
+         policy = "file read /tmp/fifo path1.type=fifo\t"
+                 "file write /tmp/fifo path1.type=fifo";
          mkfifo2("/tmp/fifo");
          write_domain_policy(policy, 0);
          fd = open("/tmp/fifo", O_RDWR);
-Line 310 
 static void stage_file_test(void)
+Line 317 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read /dev/null if path1.parent.ino=path1.parent.ino";
+         policy = "file read /dev/null path1.parent.ino=path1.parent.ino";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDONLY);
          show_result(fd, 1);
-Line 322 
 static void stage_file_test(void)
+Line 329 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /dev/null if path1.uid=path1.gid";
+         policy = "file write /dev/null path1.uid=path1.gid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_WRONLY);
          show_result(fd, 1);
-Line 334 
 static void stage_file_test(void)
+Line 341 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_read/write /dev/null if task.uid=path1.parent.uid";
+         policy = "file read /dev/null task.uid=path1.parent.uid\t"
+                 "file write /dev/null task.uid=path1.parent.uid";
          write_domain_policy(policy, 0);
          fd = open("/dev/null", O_RDWR);
          show_result(fd, 1);
-Line 346 
 static void stage_file_test(void)
+Line 354 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
-                 "if path1.parent.uid=task.uid";
+                 "path1.parent.uid=task.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/open_test if path1.parent.uid=0";
+         policy = "file write /tmp/open_test path1.parent.uid=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 363 
 static void stage_file_test(void)
+Line 371 
 static void stage_file_test(void)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_create /tmp/open_test 0644 "
+         policy = "file create /tmp/open_test 0644 "
-                 "if path1.parent.uid=task.uid";
+                 "path1.parent.uid=task.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 0);
-         policy = "allow_create /tmp/open_test 0644 if 0=0";
+         policy = "file create /tmp/open_test 0644 0=0";
          write_domain_policy(policy, 0);
          fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
          show_result(fd, 1);
-Line 382 
 static void stage_file_test(void)
+Line 390 
 static void stage_file_test(void)
          if (fd != EOF)
                  close(fd);
          unlink2("/tmp/open_test");
-         policy = "allow_write /tmp/open_test if task.uid=0 path1.ino!=0";
+         policy = "file write /tmp/open_test task.uid=0 path1.ino!=0";
          write_domain_policy(policy, 1);
          filename = "/tmp/truncate_test";
          create2(filename);
-         policy = "allow_truncate /tmp/truncate_test if task.uid=path1.uid";
+         policy = "file truncate /tmp/truncate_test task.uid=path1.uid";
          write_domain_policy(policy, 0);
-         policy = "allow_write /tmp/truncate_test if 1!=100-1000000";
+         policy = "file write /tmp/truncate_test 1!=100-1000000";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 401 
 static void stage_file_test(void)
+Line 409 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_truncate /tmp/truncate_test "
+         policy = "file truncate /tmp/truncate_test "
-                 "if task.uid=path1.uid";
+                 "task.uid=path1.uid";
          write_domain_policy(policy, 1);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          fd = open(filename, O_WRONLY | O_TRUNC);
          show_result(fd, 1);
-Line 418 
 static void stage_file_test(void)
+Line 426 
 static void stage_file_test(void)
          show_result(fd, 0);
          if (fd != EOF)
                  close(fd);
-         policy = "allow_write /tmp/truncate_test";
+         policy = "file write /tmp/truncate_test";
          write_domain_policy(policy, 1);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          show_result(truncate(filename, 0), 1);
          write_domain_policy(policy, 1);
          show_result(truncate(filename, 0), 0);
-         policy = "allow_truncate /tmp/truncate_test";
+         policy = "file truncate /tmp/truncate_test";
          write_domain_policy(policy, 0);
          set_profile(0, "file::open");
          fd = open(filename, O_WRONLY);
-Line 440 
 static void stage_file_test(void)
+Line 448 
 static void stage_file_test(void)
          unlink2(filename);
-         policy = "allow_create /tmp/mknod_reg_test 0644";
+         policy = "file create /tmp/mknod_reg_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_reg_test";
          show_result(mknod(filename, S_IFREG | 0644, 0), 1);
-Line 448 
 static void stage_file_test(void)
+Line 456 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-         policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
+         policy = "file mkchar /tmp/mknod_chr_test 0644 1 3";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_chr_test";
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
-Line 456 
 static void stage_file_test(void)
+Line 464 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-         policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
+         policy = "file mkblock /tmp/mknod_blk_test 0644 1 0";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_blk_test";
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
-Line 464 
 static void stage_file_test(void)
+Line 472 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-         policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+         policy = "file mkfifo /tmp/mknod_fifo_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_fifo_test";
          show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
-Line 472 
 static void stage_file_test(void)
+Line 480 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-         policy = "allow_mksock /tmp/mknod_sock_test 0644";
+         policy = "file mksock /tmp/mknod_sock_test 0644";
          write_domain_policy(policy, 0);
          filename = "/tmp/mknod_sock_test";
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
-Line 480 
 static void stage_file_test(void)
+Line 488 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-         policy = "allow_mkdir /tmp/mkdir_test/ 0600";
+         policy = "file mkdir /tmp/mkdir_test/ 0600";
          write_domain_policy(policy, 0);
          filename = "/tmp/mkdir_test";
          show_result(mkdir(filename, 0600), 1);
-Line 488 
 static void stage_file_test(void)
+Line 496 
 static void stage_file_test(void)
          rmdir2(filename);
          show_result(mkdir(filename, 0600), 0);
-         policy = "allow_rmdir /tmp/rmdir_test/";
+         policy = "file rmdir /tmp/rmdir_test/";
          write_domain_policy(policy, 0);
          filename = "/tmp/rmdir_test";
          mkdir2(filename);
-Line 498 
 static void stage_file_test(void)
+Line 506 
 static void stage_file_test(void)
          show_result(rmdir(filename), 0);
          rmdir2(filename);
-         policy = "allow_unlink /tmp/unlink_test";
+         policy = "file unlink /tmp/unlink_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/unlink_test";
          create2(filename);
-Line 508 
 static void stage_file_test(void)
+Line 516 
 static void stage_file_test(void)
          show_result(unlink(filename), 0);
          unlink2(filename);
-         policy = "allow_symlink /tmp/symlink_source_test";
+         policy = "file symlink /tmp/symlink_source_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 516 
 static void stage_file_test(void)
+Line 524 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target=\"/tmp/symlink_\\*_test\"";
+                 "symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 525 
 static void stage_file_test(void)
+Line 533 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
+                 "task.uid=0 symlink.target=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 534 
 static void stage_file_test(void)
+Line 542 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target!=\"\\*\"";
+                 "symlink.target!=\"\\*\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 1);
-Line 543 
 static void stage_file_test(void)
+Line 551 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_symlink /tmp/symlink_source_test "
+         policy = "file symlink /tmp/symlink_source_test "
-                 "if symlink.target!=\"/tmp/symlink_\\*_test\"";
+                 "symlink.target!=\"/tmp/symlink_\\*_test\"";
          write_domain_policy(policy, 0);
          filename = "/tmp/symlink_source_test";
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-Line 552 
 static void stage_file_test(void)
+Line 560 
 static void stage_file_test(void)
          unlink2(filename);
          show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-         policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
+         policy = "file link /tmp/link_source_test /tmp/link_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/link_source_test";
          create2(filename);
-Line 562 
 static void stage_file_test(void)
+Line 570 
 static void stage_file_test(void)
          show_result(link(filename, "/tmp/link_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
+         policy = "file rename /tmp/rename_source_test /tmp/rename_dest_test";
          write_domain_policy(policy, 0);
          filename = "/tmp/rename_source_test";
          create2(filename);
-Line 573 
 static void stage_file_test(void)
+Line 581 
 static void stage_file_test(void)
          show_result(rename(filename, "/tmp/rename_dest_test"), 0);
          unlink2(filename);
-         policy = "allow_mksock /tmp/socket_test 0755";
+         policy = "file mksock /tmp/socket_test 0755";
          write_domain_policy(policy, 0);
          filename = "/tmp/socket_test";
          memset(&addr, 0, sizeof(addr));
-Line 591 
 static void stage_file_test(void)
+Line 599 
 static void stage_file_test(void)
 );
          if (fd != EOF)
                  close(fd);
-         filename = "/tmp/rewrite_test";
-         create2(filename);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
-         policy = "allow_truncate /tmp/rewrite_test";
-         write_domain_policy(policy, 0);
-         fd = open(filename, O_RDONLY);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_APPEND);
-         show_result(fd, 1);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
-         show_result(fd, 0);
-         if (fd != EOF)
-                 close(fd);
-         show_result(truncate(filename, 0), 0);
-         set_profile(0, "file::open");
-         fd = open(filename, O_WRONLY | O_APPEND);
-         set_profile(3, "file::open");
-         show_result(ftruncate(fd, 0), 0);
-         show_result(fcntl(fd, F_SETFL,
-                           fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-         if (fd != EOF)
-                 close(fd);
-         write_domain_policy(policy, 1);
-         policy = "allow_read/write /tmp/rewrite_test";
-         write_domain_policy(policy, 1);
-         write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
          unlink2(filename);
-         policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
+         policy = "file ioctl socket:[family=2:type=2:protocol=17] "
-                 "35122-35124 if task.uid=0";
+                 "35122-35124 task.uid=0";
          write_domain_policy(policy, 0);
          fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
          memset(&ifreq, 0, sizeof(ifreq));
-Line 654 
 static void stage_file_test(void)
+Line 610 
 static void stage_file_test(void)
                   "lo");
          show_result(ioctl(fd, 35123, &ifreq), 1);
          write_domain_policy(policy, 1);
-         policy = "allow_ioctl "
+         policy = "file ioctl "
                  "socket:[family=2:type=2:protocol=17] 0-35122";
          write_domain_policy(policy, 0);
          show_result(ioctl(fd, 35123, &ifreq), 0);
-Line 666 
 static void stage_file_test(void)
+Line 622 
 static void stage_file_test(void)
  int main(int argc, char *argv[])
  {
          ccs_test_init();
+         make_elf_lib();
          fprintf(domain_fp, "%s /bin/true\n", self_domain);
          fprintf(domain_fp, "use_profile 255\n");
          fprintf(domain_fp, "select pid=%u\n", pid);
-         fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
+         fprintf(profile_fp, "255-PREFERENCE={ max_reject_log=1024 }\n");
          stage_file_test();
          fprintf(domain_fp, "use_profile 0\n");
          clear_status();
+         if (0) /* To suppress "defined but not used" warnings. */
+                 write_exception_policy("", 0);
          return 0;
  }
 Legend:



Removed from v.3751
 


changed lines


 
Added in v.5495
 Legend:



Removed from v.3751
 


changed lines


 
Added in v.5495
-Removed from v.3751
+Added in v.5495
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照