1 |
/* |
2 |
* tomoyo_cond_test.c |
3 |
* |
4 |
* Testing program for fs/tomoyo_cond.c |
5 |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.6.0-pre 2008/03/24 |
9 |
* |
10 |
*/ |
11 |
#include "include.h" |
12 |
|
13 |
static int domain_fd = EOF; |
14 |
static char self_domain[4096]; |
15 |
|
16 |
static void try_open(const char *policy, const char *file, const int mode, const char should_success) { |
17 |
FILE *fp = fopen(proc_policy_domain_policy, "r"); |
18 |
char buffer[8192]; |
19 |
char *cp; |
20 |
int domain_found = 0; |
21 |
int policy_found = 0; |
22 |
int err = 0; |
23 |
int fd; |
24 |
memset(buffer, 0, sizeof(buffer)); |
25 |
printf("%s: ", policy); |
26 |
fflush(stdout); |
27 |
write(domain_fd, policy, strlen(policy)); |
28 |
write(domain_fd, "\n", 1); |
29 |
if (!fp) { |
30 |
printf("BUG: policy read failed\n"); |
31 |
return; |
32 |
} |
33 |
while (fgets(buffer, sizeof(buffer) - 1, fp)) { |
34 |
cp = strchr(buffer, '\n'); |
35 |
if (cp) *cp = '\0'; |
36 |
if (!strncmp(buffer, "<kernel>", 8)) domain_found = !strcmp(self_domain, buffer); |
37 |
if (domain_found) { |
38 |
//printf("<%s>\n", buffer); |
39 |
if (!strcmp(buffer, policy)) { |
40 |
policy_found = 1; |
41 |
break; |
42 |
} |
43 |
} |
44 |
} |
45 |
fclose(fp); |
46 |
if (!policy_found) { |
47 |
printf("BUG: policy write failed\n"); |
48 |
return; |
49 |
} |
50 |
errno = 0; |
51 |
fd = open(file, mode, 0); |
52 |
err = errno; |
53 |
if (fd != EOF) close(fd); |
54 |
write(domain_fd, "delete ", 7); |
55 |
write(domain_fd, policy, strlen(policy)); |
56 |
write(domain_fd, "\n", 1); |
57 |
if (should_success) { |
58 |
if (!err) printf("OK\n"); |
59 |
else printf("BUG: failed (%d)\n", err); |
60 |
} else { |
61 |
if (err == EPERM) printf("OK: Permission denied.\n"); |
62 |
else printf("BUG: failed (%d)\n", err); |
63 |
} |
64 |
} |
65 |
|
66 |
static void StageOpenTest(void) { |
67 |
const pid_t pid = getppid(); |
68 |
char buffer[128]; |
69 |
memset(buffer, 0, sizeof(buffer)); |
70 |
snprintf(buffer, sizeof(buffer) - 1, "/proc/%u/mounts", pid); |
71 |
try_open("allow_read /etc/fstab", "/etc/fstab", O_RDONLY, 1); |
72 |
try_open("allow_write /etc/fstab", "/etc/fstab", O_WRONLY, 1); |
73 |
try_open("allow_write /etc/fstab", "/etc/fstab", O_RDONLY, 0); |
74 |
try_open("allow_read /etc/fstab", "/etc/fstab", O_WRONLY, 0); |
75 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_RDWR, 1); |
76 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_RDONLY, 1); |
77 |
try_open("allow_read/write /etc/fstab", "/etc/fstab", O_WRONLY, 1); |
78 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid=0", "/etc/fstab", O_RDONLY, 1); |
79 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid=0-4294967295", "/etc/fstab", O_RDONLY, 1); |
80 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid!=0-4294967295", "/etc/fstab", O_RDONLY, 0); |
81 |
try_open("allow_read /etc/fstab if task.uid=0 task.euid!=0", "/etc/fstab", O_RDONLY, 0); |
82 |
try_open("allow_read /etc/fstab if exec.argc=0", "/etc/fstab", O_RDONLY, 0); |
83 |
try_open("allow_read /etc/fstab if exec.envc=0", "/etc/fstab", O_RDONLY, 0); |
84 |
try_open("allow_read /etc/fstab if exec.argv[0]=\"\"", "/etc/fstab", O_RDONLY, 0); |
85 |
try_open("allow_read /etc/fstab if exec.argv[0]!=\"\"", "/etc/fstab", O_RDONLY, 0); |
86 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]=\"\"", "/etc/fstab", O_RDONLY, 0); |
87 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]!=\"\"", "/etc/fstab", O_RDONLY, 0); |
88 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]=NULL", "/etc/fstab", O_RDONLY, 0); |
89 |
try_open("allow_read /etc/fstab if exec.envp[\"HOME\"]!=NULL", "/etc/fstab", O_RDONLY, 0); |
90 |
|
91 |
try_open("allow_read /proc/\\*/mounts", buffer, O_RDONLY, 1); |
92 |
try_open("allow_read /proc/\\@/mounts", buffer, O_RDONLY, 1); |
93 |
try_open("allow_read /proc/\\$/mounts", buffer, O_RDONLY, 1); |
94 |
try_open("allow_read /proc/\\X/mounts", buffer, O_RDONLY, 1); |
95 |
try_open("allow_read /proc/\\+/mounts", buffer, O_RDONLY, pid >= 0 && pid < 10); |
96 |
try_open("allow_read /proc/\\+\\+/mounts", buffer, O_RDONLY, pid >= 10 && pid < 100); |
97 |
try_open("allow_read /proc/\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 100 && pid < 1000); |
98 |
try_open("allow_read /proc/\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 1000 && pid < 10000); |
99 |
try_open("allow_read /proc/\\+\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 10000 && pid < 100000); |
100 |
try_open("allow_read /proc/\\+\\+\\+\\+\\+\\+/mounts", buffer, O_RDONLY, pid >= 100000 && pid < 1000000); |
101 |
|
102 |
try_open("allow_read /proc/\\x/mounts", buffer, O_RDONLY, pid < 10); |
103 |
try_open("allow_read /proc/\\x\\x/mounts", buffer, O_RDONLY, pid >= 10 && pid < 100); |
104 |
try_open("allow_read /proc/\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 100 && pid < 1000); |
105 |
try_open("allow_read /proc/\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 1000 && pid < 10000); |
106 |
try_open("allow_read /proc/\\x\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 10000 && pid < 100000); |
107 |
try_open("allow_read /proc/\\x\\x\\x\\x\\x\\x/mounts", buffer, O_RDONLY, pid >= 100000 && pid < 1000000); |
108 |
|
109 |
try_open("allow_read /proc/\\$\\*/mounts", buffer, O_RDONLY, 1); |
110 |
try_open("allow_read /proc/\\$\\@/mounts", buffer, O_RDONLY, 1); |
111 |
try_open("allow_read /proc/\\$\\*\\*/mounts", buffer, O_RDONLY, 1); |
112 |
try_open("allow_read /proc/\\$\\@\\@/mounts", buffer, O_RDONLY, 1); |
113 |
try_open("allow_read /proc/\\$\\*\\@/mounts", buffer, O_RDONLY, 1); |
114 |
try_open("allow_read /proc/\\$\\@\\*/mounts", buffer, O_RDONLY, 1); |
115 |
try_open("allow_read /proc/\\$\\*/mounts\\*", buffer, O_RDONLY, 1); |
116 |
try_open("allow_read /proc/\\$\\@/mounts\\@", buffer, O_RDONLY, 1); |
117 |
try_open("allow_read /proc/\\$\\*\\*/mounts\\*\\*", buffer, O_RDONLY, 1); |
118 |
try_open("allow_read /proc/\\$\\@\\@/mounts\\@\\@", buffer, O_RDONLY, 1); |
119 |
try_open("allow_read /proc/\\$\\*\\@/mounts\\*\\@", buffer, O_RDONLY, 1); |
120 |
try_open("allow_read /proc/\\$\\@\\*/mounts\\@\\*", buffer, O_RDONLY, 1); |
121 |
|
122 |
try_open("allow_read /proc/\\*\\$/mounts", buffer, O_RDONLY, 1); |
123 |
try_open("allow_read /proc/\\@\\$/mounts", buffer, O_RDONLY, 1); |
124 |
try_open("allow_read /proc/\\*\\*\\$/mounts", buffer, O_RDONLY, 1); |
125 |
try_open("allow_read /proc/\\@\\@\\$/mounts", buffer, O_RDONLY, 1); |
126 |
try_open("allow_read /proc/\\*\\@\\$/mounts", buffer, O_RDONLY, 1); |
127 |
try_open("allow_read /proc/\\@\\*\\$/mounts", buffer, O_RDONLY, 1); |
128 |
try_open("allow_read /proc/\\*\\$/\\*mounts", buffer, O_RDONLY, 1); |
129 |
try_open("allow_read /proc/\\@\\$/\\@mounts", buffer, O_RDONLY, 1); |
130 |
try_open("allow_read /proc/\\*\\*\\$/\\*\\*mounts", buffer, O_RDONLY, 1); |
131 |
try_open("allow_read /proc/\\@\\@\\$/\\@\\@mounts", buffer, O_RDONLY, 1); |
132 |
try_open("allow_read /proc/\\*\\@\\$/\\*\\@mounts", buffer, O_RDONLY, 1); |
133 |
try_open("allow_read /proc/\\@\\*\\$/\\@\\*mounts", buffer, O_RDONLY, 1); |
134 |
|
135 |
try_open("allow_read /proc/\\*\\$\\*/mounts", buffer, O_RDONLY, 1); |
136 |
try_open("allow_read /proc/\\@\\$\\@/mounts", buffer, O_RDONLY, 1); |
137 |
try_open("allow_read /proc/\\*\\*\\$\\*\\*/mounts", buffer, O_RDONLY, 1); |
138 |
try_open("allow_read /proc/\\@\\@\\$\\@\\@/mounts", buffer, O_RDONLY, 1); |
139 |
try_open("allow_read /proc/\\*\\@\\$\\*\\@/mounts", buffer, O_RDONLY, 1); |
140 |
try_open("allow_read /proc/\\@\\*\\$\\@\\*/mounts", buffer, O_RDONLY, 1); |
141 |
try_open("allow_read /proc/\\*\\$\\*/\\*mounts\\*", buffer, O_RDONLY, 1); |
142 |
try_open("allow_read /proc/\\@\\$\\@/\\@mounts\\@", buffer, O_RDONLY, 1); |
143 |
try_open("allow_read /proc/\\*\\*\\$\\*\\*/\\*\\*mounts\\*\\*", buffer, O_RDONLY, 1); |
144 |
try_open("allow_read /proc/\\@\\@\\$\\@\\@/\\@\\@mounts\\@\\@", buffer, O_RDONLY, 1); |
145 |
try_open("allow_read /proc/\\*\\@\\$\\*\\@/\\*\\@mounts\\*\\@", buffer, O_RDONLY, 1); |
146 |
try_open("allow_read /proc/\\@\\*\\$\\@\\*/\\@\\*mounts\\@\\*", buffer, O_RDONLY, 1); |
147 |
} |
148 |
|
149 |
int main(int argc, char *argv[]) { |
150 |
const char *cp; |
151 |
int profile_fd; |
152 |
int self_fd; |
153 |
Init(); |
154 |
profile_fd = open(proc_policy_profile, O_WRONLY); |
155 |
self_fd = open(proc_policy_self_domain, O_RDONLY); |
156 |
domain_fd = open(proc_policy_domain_policy, O_WRONLY); |
157 |
memset(self_domain, 0, sizeof(self_domain)); |
158 |
read(self_fd, self_domain, sizeof(self_domain) - 1); |
159 |
close(self_fd); |
160 |
write(domain_fd, self_domain, strlen(self_domain)); |
161 |
write(domain_fd, "\n", 1); |
162 |
cp = "use_profile 255\n"; |
163 |
write(domain_fd, cp, strlen(cp)); |
164 |
cp = "ignore_global_allow_read\n"; |
165 |
write(domain_fd, cp, strlen(cp)); |
166 |
cp = "allow_read/write "; |
167 |
write(domain_fd, cp, strlen(cp)); |
168 |
cp = proc_policy_domain_policy; |
169 |
write(domain_fd, cp, strlen(cp)); |
170 |
write(domain_fd, "\n", 1); |
171 |
cp = "255-MAC_FOR_FILE=enforcing\n"; |
172 |
write(profile_fd, cp, strlen(cp)); |
173 |
StageOpenTest(); |
174 |
cp = "255-MAC_FOR_FILE=disabled\n"; |
175 |
write(profile_fd, cp, strlen(cp)); |
176 |
ClearStatus(); |
177 |
return 0; |
178 |
} |