| 1 |
/* |
| 2 |
* tomoyo_cond_test.c |
| 3 |
* |
| 4 |
* Testing program for fs/tomoyo_cond.c |
| 5 |
* |
| 6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
| 7 |
* |
| 8 |
* Version: 1.6.0-pre 2008/03/24 |
| 9 |
* |
| 10 |
*/ |
| 11 |
#include "include.h" |
| 12 |
|
| 13 |
static int domain_fd = EOF; |
| 14 |
static char self_domain[4096]; |
| 15 |
|
| 16 |
static void try_open(const char *policy, const char *file, const int mode, const char should_success) { |
| 17 |
FILE *fp = fopen(proc_policy_domain_policy, "r"); |
| 18 |
char buffer[8192]; |
| 19 |
char *cp; |
| 20 |
int domain_found = 0; |
| 21 |
int policy_found = 0; |
| 22 |
int err = 0; |
| 23 |
int fd; |
| 24 |
memset(buffer, 0, sizeof(buffer)); |
| 25 |
printf("%s: ", policy); |
| 26 |
fflush(stdout); |
| 27 |
write(domain_fd, policy, strlen(policy)); |
| 28 |
write(domain_fd, "\n", 1); |
| 29 |
if (!fp) { |
| 30 |
printf("BUG: policy read failed\n"); |
| 31 |
return; |
| 32 |
} |
| 33 |
while (fgets(buffer, sizeof(buffer) - 1, fp)) { |
| 34 |
cp = strchr(buffer, '\n'); |
| 35 |
if (cp) *cp = '\0'; |
| 36 |
if (!strncmp(buffer, "<kernel>", 8)) domain_found = !strcmp(self_domain, buffer); |
| 37 |
if (domain_found) { |
| 38 |
//printf("<%s>\n", buffer); |
| 39 |
if (!strcmp(buffer, policy)) { |
| 40 |
policy_found = 1; |
| 41 |
break; |
| 42 |
} |
| 43 |
} |
| 44 |
} |
| 45 |
fclose(fp); |
| 46 |
if (!policy_found) { |
| 47 |
printf("BUG: policy write failed\n"); |
| 48 |
return; |
| 49 |
} |
| 50 |
errno = 0; |
| 51 |
fd = open(file, mode, 0); |
| 52 |
err = errno; |
| 53 |
if (fd != EOF) close(fd); |
| 54 |
write(domain_fd, "delete ", 7); |
| 55 |
write(domain_fd, policy, strlen(policy)); |
| 56 |
write(domain_fd, "\n", 1); |
| 57 |
if (should_success) { |
| 58 |
if (!err) printf("OK\n"); |
| 59 |
else printf("BUG: failed (%d)\n", err); |
| 60 |
} else { |
| 61 |
if (err == EPERM) printf("OK: Permission denied.\n"); |
| 62 |
else printf("BUG: failed (%d)\n", err); |
| 63 |
} |
| 64 |
} |
| 65 |
|
| 66 |
static void StageOpenTest(void) { |
| 67 |
const pid_t pid = getppid(); |
| 68 |
char buffer[128]; |
| 69 |
memset(buffer, 0, sizeof(buffer)); |
| 70 |
snprintf(buffer, sizeof(buffer) - 1, "/proc/%u/mounts", pid); |
| 71 |
try_open("allow_read /etc/fstab", "/etc/fstab", O_RDONLY, 1); |
| 72 |
try_open("allow_write /etc/fstab", "/etc/fstab", O_WRONLY, 1); |
| 73 |
try_open("allow_write /etc/fstab", "/etc/fstab", O_RDONLY, 0); |
| 74 |
try_open("allow_read /etc/fstab", "/etc/fstab", O_WRONLY, 0); |
| 75 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_RDWR, 1); |
| 76 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_RDONLY, 1); |
| 77 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_WRONLY, 1); |
| 78 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid=0", "/etc/fstab", O_RDONLY, 1); |
| 79 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid=0-4294967295", "/etc/fstab", O_RDONLY, 1); |
| 80 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid!=0-4294967295", "/etc/fstab", O_RDONLY, 0); |
| 81 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid!=0", "/etc/fstab", O_RDONLY, 0); |
| 82 |
try_open("allow_read /etc/fstab if exec.argc=0", "/etc/fstab", O_RDONLY, 0); |
| 83 |
try_open("allow_read /etc/fstab if exec.envc=0", "/etc/fstab", O_RDONLY, 0); |
| 84 |
try_open("allow_read /etc/fstab if exec.argv[0]=\"\"", "/etc/fstab", O_RDONLY, 0); |
| 85 |
try_open("allow_read /etc/fstab if exec.argv[0]!=\"\"", "/etc/fstab", O_RDONLY, 0); |
| 86 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]=\"\"", "/etc/fstab", O_RDONLY, 0); |
| 87 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]!=\"\"", "/etc/fstab", O_RDONLY, 0); |
| 88 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]=NULL", "/etc/fstab", O_RDONLY, 0); |
| 89 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]!=NULL", "/etc/fstab", O_RDONLY, 0); |
| 90 |
|
| 91 |
try_open("allow_read /proc/\\*/mounts", buffer, O_RDONLY, 1); |
| 92 |
try_open("allow_read /proc/\\@/mounts", buffer, O_RDONLY, 1); |
| 93 |
try_open("allow_read /proc/\\$/mounts", buffer, O_RDONLY, 1); |
| 94 |
try_open("allow_read /proc/\\X/mounts", buffer, O_RDONLY, 1); |
| 95 |
try_open("allow_read /proc/\\+/mounts", buffer, O_RDONLY, pid >= 0 && pid < 10); |
| 96 |
try_open("allow_read /proc/\\+\\+/mounts", buffer, O_RDONLY, pid >= 10 && pid < 100); |
| 97 |
try_open("allow_read /proc/\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 100 && pid < 1000); |
| 98 |
try_open("allow_read /proc/\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 1000 && pid < 10000); |
| 99 |
try_open("allow_read /proc/\\+\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 10000 && pid < 100000); |
| 100 |
try_open("allow_read /proc/\\+\\+\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 100000 && pid < 1000000); |
| 101 |
|
| 102 |
try_open("allow_read /proc/\\x/mounts", buffer, O_RDONLY, pid < 10); |
| 103 |
try_open("allow_read /proc/\\x\\x/mounts", buffer, O_RDONLY, pid >= 10 && pid < 100); |
| 104 |
try_open("allow_read /proc/\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 100 && pid < 1000); |
| 105 |
try_open("allow_read /proc/\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 1000 && pid < 10000); |
| 106 |
try_open("allow_read /proc/\\x\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 10000 && pid < 100000); |
| 107 |
try_open("allow_read /proc/\\x\\x\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 100000 && pid < 1000000); |
| 108 |
|
| 109 |
try_open("allow_read /proc/\\$\\*/mounts", buffer, O_RDONLY, 1); |
| 110 |
try_open("allow_read /proc/\\$\\@/mounts", buffer, O_RDONLY, 1); |
| 111 |
try_open("allow_read /proc/\\$\\*\\*/mounts", buffer, O_RDONLY, 1); |
| 112 |
try_open("allow_read /proc/\\$\\@\\@/mounts", buffer, O_RDONLY, 1); |
| 113 |
try_open("allow_read /proc/\\$\\*\\@/mounts", buffer, O_RDONLY, 1); |
| 114 |
try_open("allow_read /proc/\\$\\@\\*/mounts", buffer, O_RDONLY, 1); |
| 115 |
try_open("allow_read /proc/\\$\\*/mounts\\*", buffer, O_RDONLY, 1); |
| 116 |
try_open("allow_read /proc/\\$\\@/mounts\\@", buffer, O_RDONLY, 1); |
| 117 |
try_open("allow_read /proc/\\$\\*\\*/mounts\\*\\*", buffer, O_RDONLY, 1); |
| 118 |
try_open("allow_read /proc/\\$\\@\\@/mounts\\@\\@", buffer, O_RDONLY, 1); |
| 119 |
try_open("allow_read /proc/\\$\\*\\@/mounts\\*\\@", buffer, O_RDONLY, 1); |
| 120 |
try_open("allow_read /proc/\\$\\@\\*/mounts\\@\\*", buffer, O_RDONLY, 1); |
| 121 |
|
| 122 |
try_open("allow_read /proc/\\*\\$/mounts", buffer, O_RDONLY, 1); |
| 123 |
try_open("allow_read /proc/\\@\\$/mounts", buffer, O_RDONLY, 1); |
| 124 |
try_open("allow_read /proc/\\*\\*\\$/mounts", buffer, O_RDONLY, 1); |
| 125 |
try_open("allow_read /proc/\\@\\@\\$/mounts", buffer, O_RDONLY, 1); |
| 126 |
try_open("allow_read /proc/\\*\\@\\$/mounts", buffer, O_RDONLY, 1); |
| 127 |
try_open("allow_read /proc/\\@\\*\\$/mounts", buffer, O_RDONLY, 1); |
| 128 |
try_open("allow_read /proc/\\*\\$/\\*mounts", buffer, O_RDONLY, 1); |
| 129 |
try_open("allow_read /proc/\\@\\$/\\@mounts", buffer, O_RDONLY, 1); |
| 130 |
try_open("allow_read /proc/\\*\\*\\$/\\*\\*mounts", buffer, O_RDONLY, 1); |
| 131 |
try_open("allow_read /proc/\\@\\@\\$/\\@\\@mounts", buffer, O_RDONLY, 1); |
| 132 |
try_open("allow_read /proc/\\*\\@\\$/\\*\\@mounts", buffer, O_RDONLY, 1); |
| 133 |
try_open("allow_read /proc/\\@\\*\\$/\\@\\*mounts", buffer, O_RDONLY, 1); |
| 134 |
|
| 135 |
try_open("allow_read /proc/\\*\\$\\*/mounts", buffer, O_RDONLY, 1); |
| 136 |
try_open("allow_read /proc/\\@\\$\\@/mounts", buffer, O_RDONLY, 1); |
| 137 |
try_open("allow_read /proc/\\*\\*\\$\\*\\*/mounts", buffer, O_RDONLY, 1); |
| 138 |
try_open("allow_read /proc/\\@\\@\\$\\@\\@/mounts", buffer, O_RDONLY, 1); |
| 139 |
try_open("allow_read /proc/\\*\\@\\$\\*\\@/mounts", buffer, O_RDONLY, 1); |
| 140 |
try_open("allow_read /proc/\\@\\*\\$\\@\\*/mounts", buffer, O_RDONLY, 1); |
| 141 |
try_open("allow_read /proc/\\*\\$\\*/\\*mounts\\*", buffer, O_RDONLY, 1); |
| 142 |
try_open("allow_read /proc/\\@\\$\\@/\\@mounts\\@", buffer, O_RDONLY, 1); |
| 143 |
try_open("allow_read /proc/\\*\\*\\$\\*\\*/\\*\\*mounts\\*\\*", buffer, O_RDONLY, 1); |
| 144 |
try_open("allow_read /proc/\\@\\@\\$\\@\\@/\\@\\@mounts\\@\\@", buffer, O_RDONLY, 1); |
| 145 |
try_open("allow_read /proc/\\*\\@\\$\\*\\@/\\*\\@mounts\\*\\@", buffer, O_RDONLY, 1); |
| 146 |
try_open("allow_read /proc/\\@\\*\\$\\@\\*/\\@\\*mounts\\@\\*", buffer, O_RDONLY, 1); |
| 147 |
} |
| 148 |
|
| 149 |
int main(int argc, char *argv[]) { |
| 150 |
const char *cp; |
| 151 |
int profile_fd; |
| 152 |
int self_fd; |
| 153 |
Init(); |
| 154 |
profile_fd = open(proc_policy_profile, O_WRONLY); |
| 155 |
self_fd = open(proc_policy_self_domain, O_RDONLY); |
| 156 |
domain_fd = open(proc_policy_domain_policy, O_WRONLY); |
| 157 |
memset(self_domain, 0, sizeof(self_domain)); |
| 158 |
read(self_fd, self_domain, sizeof(self_domain) - 1); |
| 159 |
close(self_fd); |
| 160 |
write(domain_fd, self_domain, strlen(self_domain)); |
| 161 |
write(domain_fd, "\n", 1); |
| 162 |
cp = "use_profile 255\n"; |
| 163 |
write(domain_fd, cp, strlen(cp)); |
| 164 |
cp = "ignore_global_allow_read\n"; |
| 165 |
write(domain_fd, cp, strlen(cp)); |
| 166 |
cp = "allow_read/write "; |
| 167 |
write(domain_fd, cp, strlen(cp)); |
| 168 |
cp = proc_policy_domain_policy; |
| 169 |
write(domain_fd, cp, strlen(cp)); |
| 170 |
write(domain_fd, "\n", 1); |
| 171 |
cp = "255-MAC_FOR_FILE=enforcing\n"; |
| 172 |
write(profile_fd, cp, strlen(cp)); |
| 173 |
StageOpenTest(); |
| 174 |
cp = "255-MAC_FOR_FILE=disabled\n"; |
| 175 |
write(profile_fd, cp, strlen(cp)); |
| 176 |
ClearStatus(); |
| 177 |
return 0; |
| 178 |
} |
TOMOYO
Parent Directory
Revision Log