[LTP] [PATCH v1] [RFC] Remove tomoyo testing suite
Andrea Cervesato
andrea.cervesato@suse.com
Thu Mar 2 10:34:06 CET 2023
The tomoyo testing suite is built and installed inside the LTP testcases
folder, but it's not used by any runtest file. It seems an old and
unmaintained testing suite that uses old LTP API and ltp_clone_quick
that is going to be deprecated.
We suppose to update it using new LTP API, cleaning up the code and
removing deprecated functions, but nowadays the whole Tomoyo linux
functionality seems replaced by SELinux or AppArmor and not maintained
anymore in years of development.
For this reason, this patch is going to remove it from LTP installation.
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
testcases/kernel/security/tomoyo/.gitignore | 9 -
testcases/kernel/security/tomoyo/Makefile | 29 -
testcases/kernel/security/tomoyo/README | 58 --
testcases/kernel/security/tomoyo/include.h | 379 ----------
testcases/kernel/security/tomoyo/newns.c | 49 --
testcases/kernel/security/tomoyo/testall.sh | 46 --
.../security/tomoyo/tomoyo_accept_test.c | 146 ----
.../kernel/security/tomoyo/tomoyo_file_test.c | 304 --------
.../security/tomoyo/tomoyo_filesystem_test.c | 633 -----------------
.../security/tomoyo/tomoyo_new_file_test.c | 627 -----------------
.../kernel/security/tomoyo/tomoyo_new_test.c | 652 ------------------
.../security/tomoyo/tomoyo_policy_io_test.c | 195 ------
.../tomoyo/tomoyo_policy_memory_test.c | 358 ----------
.../security/tomoyo/tomoyo_rewrite_test.c | 169 -----
14 files changed, 3654 deletions(-)
delete mode 100644 testcases/kernel/security/tomoyo/.gitignore
delete mode 100644 testcases/kernel/security/tomoyo/Makefile
delete mode 100644 testcases/kernel/security/tomoyo/README
delete mode 100644 testcases/kernel/security/tomoyo/include.h
delete mode 100644 testcases/kernel/security/tomoyo/newns.c
delete mode 100644 testcases/kernel/security/tomoyo/testall.sh
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_accept_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_file_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
diff --git a/testcases/kernel/security/tomoyo/.gitignore b/testcases/kernel/security/tomoyo/.gitignore
deleted file mode 100644
index 698646d93..000000000
--- a/testcases/kernel/security/tomoyo/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-/newns
-/tomoyo_accept_test
-/tomoyo_file_test
-/tomoyo_filesystem_test
-/tomoyo_new_file_test
-/tomoyo_new_test
-/tomoyo_policy_io_test
-/tomoyo_policy_memory_test
-/tomoyo_rewrite_test
diff --git a/testcases/kernel/security/tomoyo/Makefile b/testcases/kernel/security/tomoyo/Makefile
deleted file mode 100644
index 00e4cc3ed..000000000
--- a/testcases/kernel/security/tomoyo/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# kernel/security/smack testcase Makefile
-#
-# Copyright (C) 2009, Cisco Systems Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Ngie Cooper, July 2009
-#
-
-top_srcdir ?= ../../../..
-
-include $(top_srcdir)/include/mk/testcases.mk
-
-INSTALL_TARGETS := testall.sh
-
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/tomoyo/README b/testcases/kernel/security/tomoyo/README
deleted file mode 100644
index 0cb538868..000000000
--- a/testcases/kernel/security/tomoyo/README
+++ /dev/null
@@ -1,58 +0,0 @@
-Always look here for latest version of these tests:
-http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/?root=tomoyo
-
-These testcases test the TOMOYO Security Module. And they are not part of
-default LTP build/install/run.
-
-A kernel with TOMOYO configured is required to run the TOMOYO testsuite.
-The securityfs filesystem must be mounted at /sys/kernel/security .
-
-Preparation steps are:
-
-1) Download tomoyo-tools package and extract and build and install.
-
- # wget -O tomoyo-tools.tar.gz 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar'
- # tar -zxf tomoyo-tools.tar.gz
- # make -C tomoyo-tools/ install
-
- Programs are installed in /usr/sbin/ with prefix "tomoyo-" and
- /usr/lib/tomoyo/ directory without prefix "tomoyo-".
-
- You can make a RPM package by "rpmbuild -bb tomoyo-tools/tomoyo-tools.spec" and
- a DEB package by "alien -k" after "rpmbuild -bb".
-
-2) Run /usr/lib/tomoyo/init_policy .
-
- This will take several minutes.
-
- Hiding kernel source directory by "mount -t tmpfs none /usr/src/linux/"
- would save some time.
-
- Configuration files are saved in /etc/tomoyo/ directory.
- You can do "rm -fR /etc/tomoyo/" if you want to uninstall.
-
-3) Reboot the system with TOMOYO enabled kernel.
-
- To make sure TOMOYO is selected, you can add security=tomoyo to kernel's
- command line.
-
-4) Build the tests.
-
- # (extract the tar ball containing the tests.)
- # make autotools
- # ./configure
- # cd testcases/kernel/security/tomoyo/
- # make
- # find `/bin/pwd` -type f -perm +100 >> /etc/tomoyo/manager.conf
- # /usr/sbin/tomoyo-loadpolicy m
-
-Test steps are:
-
-1) Run the tests from the directory you ran "make".
-
- # ./testall.sh
-
- Please don't run the tests inside /tmp/ directory, for /tmp/ directory is
- hidden by "newns" (a wrapper program to run the test in a new namespace).
-
- You can use "| grep -vF OK" to pick up only failed tests as testall.sh does.
diff --git a/testcases/kernel/security/tomoyo/include.h b/testcases/kernel/security/tomoyo/include.h
deleted file mode 100644
index edaf1170f..000000000
--- a/testcases/kernel/security/tomoyo/include.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/******************************************************************************/
-/* */
-/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
-/* */
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * include.h
- *
- * Common functions for testing TOMOYO Linux's kernel.
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/kdev_t.h>
-#include <linux/unistd.h>
-#include <pty.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <sys/time.h>
-#include <sys/timex.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-#include <time.h>
-#include <unistd.h>
-#include <utime.h>
-#include <sched.h>
-#include <stdarg.h>
-#include <sys/mount.h>
-#include <arpa/inet.h>
-#include <net/if.h>
-#include <linux/ip.h>
-#include <err.h>
-#include "test.h"
-
-/*
- * Some architectures like mips n32 don't have __NR_uselib defined in the
- * system headers.
- */
-#ifdef __NR_uselib
-static inline int uselib(const char *library)
-{
- return syscall(__NR_uselib, library);
-}
-#else
-static inline int uselib(const char *library)
-{
- errno = ENOSYS;
- return -1;
-}
-#endif
-
-/* Is there an architecture without __NR_pivot_root defined? */
-#ifdef __NR_pivot_root
-static inline int pivot_root(const char *new_root, const char *put_old)
-{
- return syscall(__NR_pivot_root, new_root, put_old);
-}
-#else
-static inline int pivot_root(const char *new_root, const char *put_old)
-{
- errno = ENOSYS;
- return -1;
-}
-#endif
-
-/* The sysctl() wrapper is dead and newer arches omit it now. */
-static inline int write_sysctl(const char *path, const char *value)
-{
- FILE *fp = fopen(path, "w");
- if (!fp)
- return 1;
- fputs(value, fp);
- fclose(fp);
- return 0;
-}
-
-static inline int read_sysctl(const char *path, char *value, int len)
-{
- char scratch[100];
- FILE *fp = fopen(path, "r");
- if (!fp)
- return 1;
- if (!value) {
- value = scratch;
- len = sizeof(scratch);
- }
- if (fgets(value, len, fp))
- /* ignore */;
- fclose(fp);
- return 0;
-}
-
-/* Should be a fairly benign path to bang on. */
-#define TEST_SYSCTL_PATH "/proc/sys/net/ipv4/ip_local_port_range"
-
-#define proc_policy_dir "/sys/kernel/security/tomoyo/"
-#define proc_policy_domain_policy "/sys/kernel/security/tomoyo/domain_policy"
-#define proc_policy_exception_policy "/sys/kernel/security/tomoyo/exception_policy"
-#define proc_policy_profile "/sys/kernel/security/tomoyo/profile"
-#define proc_policy_manager "/sys/kernel/security/tomoyo/manager"
-#define proc_policy_query "/sys/kernel/security/tomoyo/query"
-#define proc_policy_grant_log "/sys/kernel/security/tomoyo/grant_log"
-#define proc_policy_reject_log "/sys/kernel/security/tomoyo/reject_log"
-#define proc_policy_domain_status "/sys/kernel/security/tomoyo/.domain_status"
-#define proc_policy_process_status "/sys/kernel/security/tomoyo/.process_status"
-#define proc_policy_self_domain "/sys/kernel/security/tomoyo/self_domain"
-
-static FILE *profile_fp = NULL;
-static FILE *domain_fp = NULL;
-static FILE *exception_fp = NULL;
-static char self_domain[4096] = "";
-static pid_t pid = 0;
-
-static void clear_status(void)
-{
- static const char *keywords[] = {
- "file::execute",
- "file::open",
- "file::create",
- "file::unlink",
- "file::mkdir",
- "file::rmdir",
- "file::mkfifo",
- "file::mksock",
- "file::truncate",
- "file::symlink",
- "file::rewrite",
- "file::mkblock",
- "file::mkchar",
- "file::link",
- "file::rename",
- "file::chmod",
- "file::chown",
- "file::chgrp",
- "file::ioctl",
- "file::chroot",
- "file::mount",
- "file::umount",
- "file::pivot_root",
- NULL
- };
- int i;
- FILE *fp = fopen(proc_policy_profile, "r");
- static char buffer[4096];
- if (!fp) {
- fprintf(stderr, "Can't open %s\n", proc_policy_profile);
- exit(1);
- }
- for (i = 0; keywords[i]; i++)
- fprintf(profile_fp,
- "255-CONFIG::%s={ mode=disabled }\n",
- keywords[i]);
- while (memset(buffer, 0, sizeof(buffer)),
- fgets(buffer, sizeof(buffer) - 10, fp)) {
- const char *mode;
- char *cp = strchr(buffer, '=');
- if (!cp)
- continue;
- *cp = '\0';
- mode = cp + 1;
- cp = strchr(buffer, '-');
- if (!cp)
- continue;
- *cp++ = '\0';
- if (strcmp(buffer, "0"))
- continue;
- fprintf(profile_fp, "255-%s", cp);
- if (!strcmp(cp, "COMMENT"))
- mode = "Profile for kernel test\n";
- else
- mode = "{ mode=disabled verbose=no }\n";
- fprintf(profile_fp, "255-%s=%s", cp, mode);
- }
- fprintf(profile_fp, "255-PREFERENCE::learning= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::enforcing= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::permissive= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::disabled= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::learning= max_entry=2048\n");
- fflush(profile_fp);
- fclose(fp);
-}
-
-static void tomoyo_test_init(void)
-{
- pid = getpid();
- if (access(proc_policy_dir, F_OK)) {
- fprintf(stderr, "You can't use this program for this kernel."
- "\n");
- exit(1);
- }
- profile_fp = fopen(proc_policy_profile, "w");
- if (!profile_fp) {
- fprintf(stderr, "Can't open %s .\n", proc_policy_profile);
- exit(1);
- }
- setlinebuf(profile_fp);
- domain_fp = fopen(proc_policy_domain_policy, "w");
- if (!domain_fp) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_domain_policy);
- exit(1);
- }
- setlinebuf(domain_fp);
- exception_fp = fopen(proc_policy_exception_policy, "w");
- if (!exception_fp) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_exception_policy);
- exit(1);
- }
- setlinebuf(exception_fp);
- if (fputc('\n', profile_fp) != '\n' || fflush(profile_fp)) {
- fprintf(stderr, "You need to register this program to %s to "
- "run this program.\n", proc_policy_manager);
- exit(1);
- }
- clear_status();
- {
- FILE *fp = fopen(proc_policy_self_domain, "r");
- memset(self_domain, 0, sizeof(self_domain));
- if (!fp || !fgets(self_domain, sizeof(self_domain) - 1, fp) ||
- fclose(fp)) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_self_domain);
- exit(1);
- }
- }
- fprintf(domain_fp, "select pid=%u\n", pid);
- fprintf(domain_fp, "use_profile 255\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/domain_policy\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/domain_policy\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/exception_policy\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/exception_policy\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/profile\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/profile\n");
-}
-
-static void BUG(const char *fmt, ...)
- __attribute__ ((format(printf, 1, 2)));
-
-static void BUG(const char *fmt, ...)
-{
- va_list args;
- printf("BUG: ");
- va_start(args, fmt);
- vprintf(fmt, args);
- va_end(args);
- putchar('\n');
- fflush(stdout);
- while (1)
- sleep(100);
-}
-
-int write_domain_policy(const char *policy, int is_delete)
-{
- FILE *fp = fopen(proc_policy_domain_policy, "r");
- char buffer[8192];
- int domain_found = 0;
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp) {
- BUG("Can't read %s", proc_policy_domain_policy);
- return 0;
- }
- if (is_delete)
- fprintf(domain_fp, "delete ");
- fprintf(domain_fp, "%s\n", policy);
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (!strncmp(buffer, "<kernel>", 8))
- domain_found = !strcmp(self_domain, buffer);
- if (!domain_found)
- continue;
- /* printf("<%s>\n", buffer); */
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found == is_delete) {
- BUG("Can't %s %s", is_delete ? "delete" : "append",
- policy);
- return 0;
- }
- errno = 0;
- return 1;
-
-}
-
-int write_exception_policy(const char *policy, int is_delete)
-{
- FILE *fp = fopen(proc_policy_exception_policy, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp) {
- BUG("Can't read %s", proc_policy_exception_policy);
- return 0;
- }
- if (is_delete)
- fprintf(exception_fp, "delete ");
- fprintf(exception_fp, "%s\n", policy);
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found == is_delete) {
- BUG("Can't %s %s", is_delete ? "delete" : "append",
- policy);
- return 0;
- }
- errno = 0;
- return 1;
-
-}
-
-int set_profile(const int mode, const char *name)
-{
- static const char *modes[4] = { "disabled", "learning", "permissive",
- "enforcing" };
- FILE *fp = fopen(proc_policy_profile, "r");
- char buffer[8192];
- int policy_found = 0;
- const int len = strlen(name);
- if (!fp) {
- BUG("Can't read %s", proc_policy_profile);
- return 0;
- }
- fprintf(profile_fp, "255-CONFIG::%s=%s\n", name, modes[mode]);
- while (memset(buffer, 0, sizeof(buffer)),
- fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strncmp(buffer, "255-CONFIG::", 12) ||
- strncmp(buffer + 12, name, len) ||
- buffer[12 + len] != '=')
- continue;
- if (strstr(buffer + 13 + len, modes[mode]))
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (!policy_found) {
- BUG("Can't change profile to 255-CONFIG::%s=%s",
- name, modes[mode]);
- return 0;
- }
- errno = 0;
- return 1;
-}
diff --git a/testcases/kernel/security/tomoyo/newns.c b/testcases/kernel/security/tomoyo/newns.c
deleted file mode 100644
index f888ca31f..000000000
--- a/testcases/kernel/security/tomoyo/newns.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/******************************************************************************/
-/* */
-/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
-/* */
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/mount.h>
-#include <unistd.h>
-#include <sched.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "test.h"
-
-static int child(void *arg)
-{
- char **argv = (char **)arg;
- argv++;
- mount("/tmp/", "/tmp/", "tmpfs", 0, NULL);
- execvp(argv[0], argv);
- _exit(1);
-}
-
-int main(int argc, char *argv[])
-{
- char c = 0;
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, (void *)argv);
- while (waitpid(pid, NULL, __WALL) == EOF && errno == EINTR)
- c++; /* Dummy. */
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/testall.sh b/testcases/kernel/security/tomoyo/testall.sh
deleted file mode 100644
index b103be6c6..000000000
--- a/testcases/kernel/security/tomoyo/testall.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#! /bin/sh
-################################################################################
-## ##
-## Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 ##
-## ##
-## This program is free software; you can redistribute it and#or modify ##
-## it under the terms of the GNU General Public License as published by ##
-## the Free Software Foundation; either version 2 of the License, or ##
-## (at your option) any later version. ##
-## ##
-## This program is distributed in the hope that it will be useful, but ##
-## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
-## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
-## for more details. ##
-## ##
-## You should have received a copy of the GNU General Public License ##
-## along with this program; if not, write to the Free Software ##
-## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ##
-## ##
-################################################################################
-
-cd ${0%/*}
-export PATH=$PWD:${PATH}
-
-echo "Testing all. (All results are reported)"
-newns tomoyo_accept_test
-newns tomoyo_filesystem_test
-newns tomoyo_file_test
-newns tomoyo_rewrite_test
-newns tomoyo_new_file_test
-newns tomoyo_new_test
-echo
-echo
-echo
-echo "Testing all. (Only ERRORS are reported)"
-newns tomoyo_accept_test | grep -vF Done
-newns tomoyo_filesystem_test | grep -vF OK | grep -F '('
-newns tomoyo_file_test | grep -vF OK | grep -F '('
-newns tomoyo_rewrite_test | grep -vF OK | grep -F '('
-newns tomoyo_new_test | grep -vF OK
-echo
-echo
-echo
-echo "Testing policy I/O. (Only ERRORS are reported)"
-newns tomoyo_policy_io_test | grep -vF OK
-newns tomoyo_new_file_test | grep -vF OK
diff --git a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c b/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
deleted file mode 100644
index 335818a25..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_accept_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static void set_level(const int i)
-{
- set_profile(i, "file::execute");
- set_profile(i, "file::open");
- set_profile(i, "file::create");
- set_profile(i, "file::unlink");
- set_profile(i, "file::mkdir");
- set_profile(i, "file::rmdir");
- set_profile(i, "file::mkfifo");
- set_profile(i, "file::mksock");
- set_profile(i, "file::truncate");
- set_profile(i, "file::symlink");
- set_profile(i, "file::rewrite");
- set_profile(i, "file::mkblock");
- set_profile(i, "file::mkchar");
- set_profile(i, "file::link");
- set_profile(i, "file::rename");
- set_profile(i, "file::chmod");
- set_profile(i, "file::chown");
- set_profile(i, "file::chgrp");
- set_profile(i, "file::ioctl");
- set_profile(i, "file::chroot");
- set_profile(i, "file::mount");
- set_profile(i, "file::umount");
- set_profile(i, "file::pivot_root");
-}
-
-static void test(int rw_loop, int truncate_loop, int append_loop,
- int create_loop)
-{
- static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
- static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ ,
- O_CREAT /* existent */
- };
- static const int truncate_flags[2] = { 0, O_TRUNC };
- static const int append_flags[2] = { 0, O_APPEND };
- int level;
- int flags;
- int i;
- int fd;
- static char buffer[1024];
- memset(buffer, 0, sizeof(buffer));
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
- append_loop, truncate_loop, create_loop, rw_loop);
- fprintf(exception_fp, "deny_rewrite %s\n", buffer);
- flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
- append_flags[append_loop] | create_flags[create_loop];
- for (i = 1; i < 8; i++)
- fprintf(domain_fp, "delete %d %s\n", i, buffer);
- for (level = 0; level < 4; level++) {
- set_level(0);
- if (create_loop == 1)
- unlink(buffer);
- else
- close(open(buffer, O_CREAT, 0644));
- set_level(level);
- fd = open(buffer, flags, 0644);
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level,
- flags);
- /*
- fd = open(buffer, flags, 0644)
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
- */
- /*
- fd = open(buffer, flags, 0644);
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
- */
- }
- for (i = 1; i < 8; i++)
- fprintf(domain_fp, "delete %d %s\n", i, buffer);
- fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
- fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
- fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
- fd = open(buffer, flags, 0644);
- if (fd != EOF) {
- close(fd);
- fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
- fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
- set_profile(0, "file");
- fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
- {
- int append_loop;
- for (append_loop = 0; append_loop < 2; append_loop++) {
- int truncate_loop;
- for (truncate_loop = 0; truncate_loop < 2;
- truncate_loop++) {
- int create_loop;
- for (create_loop = 0; create_loop < 3;
- create_loop++) {
- int rw_loop;
- for (rw_loop = 0; rw_loop < 4;
- rw_loop++)
- test(rw_loop, truncate_loop,
- append_loop, create_loop);
- }
- }
- }
- }
- fprintf(profile_fp, "255-CONFIG::file=disabled\n");
- printf("Done\n");
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_file_test.c
deleted file mode 100644
index 003f47720..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_file_test.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_file_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int should_fail = 0;
-
-static void show_prompt(const char *str)
-{
- printf("Testing %35s: (%s) ", str,
- should_fail ? "must fail" : "should success");
- errno = 0;
-}
-
-static void show_result(int result)
-{
- if (should_fail) {
- if (result == EOF) {
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- } else {
- printf("BUG!\n");
- }
- } else {
- if (result != EOF)
- printf("OK\n");
- else
- printf("%s\n", strerror(errno));
- }
-}
-
-static const char *dev_null_path = "/dev/null";
-static const char *truncate_path = "/tmp/truncate_test";
-static const char *ftruncate_path = "/tmp/ftruncate_test";
-static const char *open_creat_path = "/tmp/open_test";
-static const char *mknod_reg_path = "/tmp/mknod_reg_test";
-static const char *mknod_chr_path = "/tmp/mknod_chr_test";
-static const char *mknod_blk_path = "/tmp/mknod_blk_test";
-static const char *mknod_fifo_path = "/tmp/mknod_fifo_test";
-static const char *mknod_sock_path = "/tmp/mknod_sock_test";
-static const char *unlink_path = "/tmp/unlink_test";
-static const char *mkdir_path = "/tmp/mkdir_test";
-static const char *rmdir_path = "/tmp/rmdir_test";
-static const char *link_source_path = "/tmp/link_source_test";
-static const char *link_dest_path = "/tmp/link_dest_test";
-static const char *symlink_source_path = "/tmp/symlink_source_test";
-static const char *symlink_dest_path = "/tmp/symlink_dest_test";
-static const char *rename_source_path = "/tmp/rename_source_test";
-static const char *rename_dest_path = "/tmp/rename_dest_test";
-static const char *socket_path = "/tmp/socket_test";
-
-static int ftruncate_fd = EOF;
-
-static void stage_file_test(void)
-{
- int fd;
- {
- const char buffer[] = "32768 61000";
- show_prompt("sysctl(READ)");
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0));
- show_prompt("sysctl(WRITE)");
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer));
- }
-
- /* QUESTION: Is there a file which can be passed to uselib()? */
- show_prompt("uselib()");
- show_result(uselib("/bin/true"));
-
- {
- int pipe_fd[2] = { EOF, EOF };
- int error = 0;
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- _exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- show_prompt("execve()");
- errno = error;
- show_result(error ? EOF : 0);
- }
-
- show_prompt("open(O_RDONLY)");
- fd = open(dev_null_path, O_RDONLY);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_WRONLY)");
- fd = open(dev_null_path, O_WRONLY);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_RDWR)");
- fd = open(dev_null_path, O_RDWR);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_CREAT | O_EXCL)");
- fd = open(open_creat_path, O_CREAT | O_EXCL, 0666);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_TRUNC)");
- fd = open(truncate_path, O_TRUNC);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(truncate_path, 0));
-
- show_prompt("ftruncate()");
- show_result(ftruncate(ftruncate_fd, 0));
-
- show_prompt("mknod(S_IFREG)");
- show_result(mknod(mknod_reg_path, S_IFREG, 0));
-
- show_prompt("mknod(S_IFCHR)");
- show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3)));
-
- show_prompt("mknod(S_IFBLK)");
- show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0)));
-
- show_prompt("mknod(S_IFIFO)");
- show_result(mknod(mknod_fifo_path, S_IFIFO, 0));
-
- show_prompt("mknod(S_IFSOCK)");
- show_result(mknod(mknod_sock_path, S_IFSOCK, 0));
-
- show_prompt("mkdir()");
- show_result(mkdir(mkdir_path, 0600));
-
- show_prompt("rmdir()");
- show_result(rmdir(rmdir_path));
-
- show_prompt("unlink()");
- show_result(unlink(unlink_path));
-
- show_prompt("symlink()");
- show_result(symlink(symlink_dest_path, symlink_source_path));
-
- show_prompt("link()");
- show_result(link(link_source_path, link_dest_path));
-
- show_prompt("rename()");
- show_result(rename(rename_source_path, rename_dest_path));
-
- {
- struct sockaddr_un addr;
- int fd;
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_prompt("unix_bind()");
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)));
- if (fd != EOF)
- close(fd);
- }
-
- printf("\n\n");
-}
-
-static void create_files(void)
-{
- mkdir(rmdir_path, 0700);
- close(creat(link_source_path, 0600));
- close(creat(rename_source_path, 0600));
- close(creat(truncate_path, 0600));
- close(creat(unlink_path, 0600));
- ftruncate_fd = open(ftruncate_path, O_WRONLY | O_CREAT, 0600);
-}
-
-static void creanup_files(void)
-{
- if (ftruncate_fd != EOF)
- close(ftruncate_fd);
- ftruncate_fd = EOF;
- unlink(open_creat_path);
- unlink(mknod_reg_path);
- unlink(mknod_chr_path);
- unlink(mknod_blk_path);
- unlink(mknod_fifo_path);
- unlink(mknod_sock_path);
- rmdir(mkdir_path);
- unlink(symlink_source_path);
- unlink(symlink_dest_path);
- unlink(link_source_path);
- unlink(link_dest_path);
- unlink(rename_source_path);
- unlink(rename_dest_path);
- unlink(truncate_path);
- unlink(ftruncate_path);
- unlink(socket_path);
-}
-
-static void set_file_enforce(int enforce)
-{
- if (enforce) {
- set_profile(3, "file::execute");
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::unlink");
- set_profile(3, "file::mkdir");
- set_profile(3, "file::rmdir");
- set_profile(3, "file::mkfifo");
- set_profile(3, "file::mksock");
- set_profile(3, "file::truncate");
- set_profile(3, "file::symlink");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::mkblock");
- set_profile(3, "file::mkchar");
- set_profile(3, "file::link");
- set_profile(3, "file::rename");
- set_profile(3, "file::chmod");
- set_profile(3, "file::chown");
- set_profile(3, "file::chgrp");
- set_profile(3, "file::ioctl");
- set_profile(3, "file::chroot");
- set_profile(3, "file::mount");
- set_profile(3, "file::umount");
- set_profile(3, "file::pivot_root");
- } else {
- set_profile(0, "file::execute");
- set_profile(0, "file::open");
- set_profile(0, "file::create");
- set_profile(0, "file::unlink");
- set_profile(0, "file::mkdir");
- set_profile(0, "file::rmdir");
- set_profile(0, "file::mkfifo");
- set_profile(0, "file::mksock");
- set_profile(0, "file::truncate");
- set_profile(0, "file::symlink");
- set_profile(0, "file::rewrite");
- set_profile(0, "file::mkblock");
- set_profile(0, "file::mkchar");
- set_profile(0, "file::link");
- set_profile(0, "file::rename");
- set_profile(0, "file::chmod");
- set_profile(0, "file::chown");
- set_profile(0, "file::chgrp");
- set_profile(0, "file::ioctl");
- set_profile(0, "file::chroot");
- set_profile(0, "file::mount");
- set_profile(0, "file::umount");
- set_profile(0, "file::pivot_root");
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
-
- printf("***** Testing file hooks in enforce mode. *****\n");
- create_files();
- should_fail = 1;
- set_file_enforce(1);
- stage_file_test();
- set_file_enforce(0);
- clear_status();
- creanup_files();
-
- printf("***** Testing file hooks in permissive mode. *****\n");
- should_fail = 0;
- create_files();
- set_file_enforce(0);
- stage_file_test();
- creanup_files();
-
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c b/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
deleted file mode 100644
index e6e3bb087..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
+++ /dev/null
@@ -1,633 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_filesystem_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#define _GNU_SOURCE
-#include "include.h"
-
-static void show_prompt(const char *str, const int should_fail)
-{
- printf("Testing %60s: (%s) ", str,
- should_fail ? "must fail" : "should success");
- errno = 0;
-}
-
-#ifndef MS_MOVE
-#define MS_MOVE 8192
-#endif
-
-static const char *pivot_root_dir = "/sys/kernel/security/";
-
-static int child(void *arg)
-{
- errno = 0;
- pivot_root(pivot_root_dir, proc_policy_dir);
- return errno;
-}
-
-static void mount2(const char *source, const char *target,
- const char *filesystemtype)
-{
- if (mount(source, target, filesystemtype, 0, NULL)) {
- printf("BUG: mount() failed\n");
- fflush(stdout);
- }
-}
-
-static const unsigned char compressed_ext2_image_sample[1350] = {
- 0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
- 0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
- 0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
- 0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
- 0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
- 0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
- 0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
- 0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
- 0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
- 0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
- 0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
- 0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
- 0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
- 0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
- 0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
- 0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
- 0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
- 0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
- 0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
- 0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
- 0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
- 0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
- 0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
- 0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
- 0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
- 0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
- 0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
- 0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
- 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
- 0x14, 0x08, 0x00, 0x00, 0x10, 0x00
-};
-
-int main(void)
-{
- char c = 0;
- tomoyo_test_init();
-
- /* Test mount(). */
- {
- set_profile(3, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(1, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == ENOMEM)
- printf("OK: Out of memory.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(3, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == ENOMEM)
- printf("OK: Out of memory.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount dev\\011name / "
- "fs\\011name 0\n");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(1, "file::mount");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- set_profile(3, "file::mount");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
- if (mount("anydev", "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
- fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
- set_profile(2, "file::mount");
- show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
- if (mount(NULL, NULL, "tmpfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount(NULL, NULL, NULL) ", 1);
- if (mount(NULL, NULL, NULL, 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', NULL, NULL) ", 1);
- if (mount("/", NULL, NULL, 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', NULL, 'tmpfs') ", 1);
- if (mount("/", NULL, "tmpfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
- if (mount("/", "/", "nonexistentfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- set_profile(0, "file::mount");
- }
-
- mkdir("/tmp/mount/", 0755);
- mkdir("/tmp/mount_bind/", 0755);
- mkdir("/tmp/mount_move/", 0755);
-
- /* Test mount(). */
- {
- static char buf[4096];
- char *dev_ram_path = realpath("/dev/ram0", NULL);
- if (!dev_ram_path)
- dev_ram_path = realpath("/dev/ram", NULL);
- if (!dev_ram_path) {
- dev_ram_path = "/dev/ram0";
- mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
- }
- memset(buf, 0, sizeof(buf));
- {
- struct stat sbuf;
- FILE *fp = NULL;
- snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
- dev_ram_path);
- if (lstat(dev_ram_path, &sbuf) == 0 &&
- S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
- fp = popen(buf, "w");
- if (fp) {
- if (fwrite(compressed_ext2_image_sample, 1,
- sizeof(compressed_ext2_image_sample),
- fp) !=
- sizeof(compressed_ext2_image_sample))
- err(1, "fwrite");
- pclose(fp);
- } else
- fprintf(stderr, "Can't write to %s .\n",
- dev_ram_path);
- }
- set_profile(3, "file::mount");
-
- /* Test standard case */
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/mount/'", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test device_name with pattern */
- snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
- "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
- show_prompt(buf, 1);
- if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
- == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test dir_name with pattern */
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test standard case */
- fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/mount/'", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp,
- "delete allow_mount none /tmp/mount/ tmpfs 0\n");
-
- /* Test device_name with pattern */
- fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
- dev_ram_path);
- snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
- "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
- show_prompt(buf, 0);
- if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
- == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount %s\\* "
- "/tmp/mount/ ext2 1\n", dev_ram_path);
-
- /* Test dir_name with pattern */
- fprintf(domain_fp,
- "allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount none "
- "/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
-
- set_profile(0, "file::mount");
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test mount(). */
- {
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::mount");
-
- /* Test remount case */
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
- == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
- if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
- && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "allow_mount something /tmp/mount/ "
- "--remount 0\n");
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
- if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success.\n");
- fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
- "--remount 0\n");
-
- /* Test bind case */
- show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
- "MS_BIND)", 1);
- if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
- NULL) == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test move case */
- show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
- "MS_MOVE)", 1);
- if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
- NULL) == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test remount case */
- fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n");
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
- == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
- "--remount 0\n");
-
- /* Test bind case */
- fprintf(domain_fp,
- "allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
- show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
- 0);
- if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
- NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- set_profile(0, "file::mount");
- umount("/tmp/mount_bind/");
- fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
- "/tmp/mount_bind/ --bind 0\n");
-
- /* Test move case */
- set_profile(3, "file::mount");
- fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
- fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
- "--move 0\n");
- show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
- "MS_MOVE)", 0);
- if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
- NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- set_profile(0, "file::mount");
- umount("/tmp/mount_move/");
- fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
- fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
- "/tmp/mount_move/ --move 0\n");
-
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test umount(). */
- {
- /* Test standard case */
- fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
-
- set_profile(0, "file::umount");
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
- if (umount("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
-
- set_profile(0, "file::umount");
-
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
- if (umount("/tmp/mount/") == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- /* Test pattern */
- fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
- set_profile(0, "file::umount");
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 1);
- if (umount("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp,
- "delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
-
- set_profile(0, "file::umount");
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test chroot(). */
- {
- set_profile(3, "file::chroot");
-
- /* Test standard case */
- fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
- show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
- fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
-
- show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
-
- /* Test pattern */
- fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
- show_prompt("chroot('/tmp/mount/') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 0);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
- fprintf(domain_fp,
- "delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
-
- set_profile(0, "file::chroot");
- }
-
- /* Test pivot_root(). */
- {
- int error;
- static char stack[8192];
- set_profile(3, "file::pivot_root");
- fprintf(domain_fp, "allow_pivot_root %s %s\n",
- pivot_root_dir, proc_policy_dir);
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 0);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
- pivot_root_dir, proc_policy_dir);
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 1);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- set_profile(2, "file::pivot_root");
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 0);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- set_profile(0, "file::pivot_root");
-
- }
-
- rmdir("/tmp/mount_move/");
- rmdir("/tmp/mount_bind/");
- rmdir("/tmp/mount/");
-
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
deleted file mode 100644
index eb912d726..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
+++ /dev/null
@@ -1,627 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_new_file_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static const char *policy = "";
-
-static void show_result(int result, char should_success)
-{
- int error = errno;
- printf("%s : ", policy);
- if (should_success) {
- if (result != EOF)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- if (result == EOF) {
- if (error == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- printf("BUG: didn't fail.\n");
- }
- }
-}
-
-static void create2(const char *pathname)
-{
- set_profile(0, "file::create");
- set_profile(0, "file::open");
- close(creat(pathname, 0600));
- set_profile(3, "file::create");
- set_profile(3, "file::open");
- errno = 0;
-}
-
-static void mkdir2(const char *pathname)
-{
- set_profile(0, "file::mkdir");
- mkdir(pathname, 0600);
- set_profile(3, "file::mkdir");
- errno = 0;
-}
-
-static void unlink2(const char *pathname)
-{
- set_profile(0, "file::unlink");
- unlink(pathname);
- set_profile(3, "file::unlink");
- errno = 0;
-}
-
-static void rmdir2(const char *pathname)
-{
- set_profile(0, "file::rmdir");
- rmdir(pathname);
- set_profile(3, "file::rmdir");
- errno = 0;
-}
-
-static void mkfifo2(const char *pathname)
-{
- set_profile(0, "file::mkfifo");
- mkfifo(pathname, 0600);
- set_profile(3, "file::mkfifo");
- errno = 0;
-}
-
-static void stage_file_test(void)
-{
- const char buffer[] = "32768 61000";
- int pipe_fd[2] = { EOF, EOF };
- int error = 0;
- int fd;
- char pbuffer[1024];
- struct stat sbuf;
- struct sockaddr_un addr;
- struct ifreq ifreq;
- char *filename = "";
- set_profile(3, "file::execute");
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::unlink");
- set_profile(3, "file::mkdir");
- set_profile(3, "file::rmdir");
- set_profile(3, "file::mkfifo");
- set_profile(3, "file::mksock");
- set_profile(3, "file::truncate");
- set_profile(3, "file::symlink");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::mkblock");
- set_profile(3, "file::mkchar");
- set_profile(3, "file::link");
- set_profile(3, "file::rename");
- set_profile(3, "file::chmod");
- set_profile(3, "file::chown");
- set_profile(3, "file::chgrp");
- set_profile(3, "file::ioctl");
- set_profile(3, "file::chroot");
- set_profile(3, "file::mount");
- set_profile(3, "file::umount");
- set_profile(3, "file::pivot_root");
-
- policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 1);
- write_domain_policy(policy, 1);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 0);
-
- policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
- write_domain_policy(policy, 1);
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
-
- policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
- write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
- write_domain_policy(policy, 1);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
- write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
-
- policy = "allow_read /bin/true";
- write_domain_policy(policy, 0);
- show_result(uselib("/bin/true"), 1);
- write_domain_policy(policy, 1);
- show_result(uselib("/bin/true"), 0);
-
- policy = "allow_execute /bin/true";
- write_domain_policy(policy, 0);
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- wait(NULL);
- errno = error;
- show_result(error ? EOF : 0, 1);
- write_domain_policy(policy, 1);
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- _exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- wait(NULL);
- errno = error;
- show_result(errno ? EOF : 0, 0);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- set_profile(3, "file::mkfifo");
- policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_fifo_test";
- show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-
- memset(pbuffer, 0, sizeof(pbuffer));
- memset(&sbuf, 0, sizeof(sbuf));
- filename = "/dev/null";
- stat(filename, &sbuf);
- snprintf(pbuffer, sizeof(pbuffer) - 1, "allow_write %s", filename);
- policy = pbuffer;
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read/write /tmp/fifo";
- mkfifo2("/tmp/fifo");
- write_domain_policy(policy, 0);
- fd = open("/tmp/fifo", O_RDWR);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/tmp/fifo", O_RDWR);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_write /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_WRONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read/write /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDWR);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDWR);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 0);
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 0);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- write_domain_policy(policy, 1);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
-
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 1);
-
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 0);
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 0);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- write_domain_policy(policy, 1);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 1);
-
- filename = "/tmp/truncate_test";
- create2(filename);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 1);
-
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 0);
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 1);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- show_result(truncate(filename, 0), 1);
- write_domain_policy(policy, 1);
- show_result(truncate(filename, 0), 0);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- set_profile(0, "file::open");
- fd = open(filename, O_WRONLY);
- set_profile(3, "file::open");
- show_result(ftruncate(fd, 0), 1);
- write_domain_policy(policy, 1);
- show_result(ftruncate(fd, 0), 0);
- if (fd != EOF)
- close(fd);
-
- unlink2(filename);
-
- policy = "allow_create /tmp/mknod_reg_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_reg_test";
- show_result(mknod(filename, S_IFREG | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-
- policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_chr_test";
- show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-
- policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_blk_test";
- show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-
- policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_fifo_test";
- show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-
- policy = "allow_mksock /tmp/mknod_sock_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_sock_test";
- show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-
- policy = "allow_mkdir /tmp/mkdir_test/ 0600";
- write_domain_policy(policy, 0);
- filename = "/tmp/mkdir_test";
- show_result(mkdir(filename, 0600), 1);
- write_domain_policy(policy, 1);
- rmdir2(filename);
- show_result(mkdir(filename, 0600), 0);
-
- policy = "allow_rmdir /tmp/rmdir_test/";
- write_domain_policy(policy, 0);
- filename = "/tmp/rmdir_test";
- mkdir2(filename);
- show_result(rmdir(filename), 1);
- write_domain_policy(policy, 1);
- mkdir2(filename);
- show_result(rmdir(filename), 0);
- rmdir2(filename);
-
- policy = "allow_unlink /tmp/unlink_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/unlink_test";
- create2(filename);
- show_result(unlink(filename), 1);
- write_domain_policy(policy, 1);
- create2(filename);
- show_result(unlink(filename), 0);
- unlink2(filename);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/link_source_test";
- create2(filename);
- show_result(link(filename, "/tmp/link_dest_test"), 1);
- write_domain_policy(policy, 1);
- unlink2("/tmp/link_dest_test");
- show_result(link(filename, "/tmp/link_dest_test"), 0);
- unlink2(filename);
-
- policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/rename_source_test";
- create2(filename);
- show_result(rename(filename, "/tmp/rename_dest_test"), 1);
- write_domain_policy(policy, 1);
- unlink2("/tmp/rename_dest_test");
- create2(filename);
- show_result(rename(filename, "/tmp/rename_dest_test"), 0);
- unlink2(filename);
-
- policy = "allow_mksock /tmp/socket_test 0755";
- write_domain_policy(policy, 0);
- filename = "/tmp/socket_test";
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- unlink2(filename);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 0);
- if (fd != EOF)
- close(fd);
-
- filename = "/tmp/rewrite_test";
- create2(filename);
- policy = "allow_read/write /tmp/rewrite_test";
- write_domain_policy(policy, 0);
- write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
- policy = "allow_truncate /tmp/rewrite_test";
- write_domain_policy(policy, 0);
-
- fd = open(filename, O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_APPEND);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- show_result(truncate(filename, 0), 0);
-
- set_profile(0, "file::open");
- fd = open(filename, O_WRONLY | O_APPEND);
- set_profile(3, "file::open");
- show_result(ftruncate(fd, 0), 0);
-
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0);
- if (fd != EOF)
- close(fd);
-
- write_domain_policy(policy, 1);
-
- policy = "allow_read/write /tmp/rewrite_test";
- write_domain_policy(policy, 1);
- write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
-
- unlink2(filename);
-
- policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
- "35122-35124";
- write_domain_policy(policy, 0);
- fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
- memset(&ifreq, 0, sizeof(ifreq));
- snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
- show_result(ioctl(fd, 35123, &ifreq), 1);
- write_domain_policy(policy, 1);
- policy = "allow_ioctl " "socket:[family=2:type=2:protocol=17] 0-35122";
- write_domain_policy(policy, 0);
- show_result(ioctl(fd, 35123, &ifreq), 0);
- write_domain_policy(policy, 1);
- if (fd != EOF)
- close(fd);
-}
-
-int main(void)
-{
- tomoyo_test_init();
- fprintf(domain_fp, "%s /bin/true\n", self_domain);
- fprintf(domain_fp, "use_profile 255\n");
- fprintf(domain_fp, "select pid=%u\n", pid);
- fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
- stage_file_test();
- fprintf(domain_fp, "use_profile 0\n");
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_test.c
deleted file mode 100644
index a1ab259e5..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_new_test.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_new_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int result;
-static int error;
-
-static void show_result(const char *test, int should_success)
-{
- error = errno;
- printf("%s : ", test);
- if (should_success) {
- if (error == 0)
- printf("OK (%d)\n", result);
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- if (error == 0)
- printf("BUG: Didn't fail (%d)\n", result);
- else if (error == EPERM)
- printf("OK: permission denied\n");
- else
- printf("FAILED: %s\n", strerror(error));
- }
-}
-
-static void test_read_etc_fstab(void)
-{
- result = open("/etc/fstab", O_RDONLY);
-}
-
-static void test_write_dev_null(void)
-{
- result = open("/dev/null", O_WRONLY);
-}
-
-static void cleanup_file_open(void)
-{
- if (result != EOF)
- close(result);
-}
-
-static void test_mkdir_testdir(void)
-{
- result = mkdir("/tmp/testdir", 0755);
-}
-
-static void cleanup_mkdir_testdir(void)
-{
- rmdir("/tmp/testdir");
-}
-
-static void setup_mkdir_testdir(void)
-{
- mkdir("/tmp/testdir", 0755);
-}
-
-static void test_rmdir_testdir(void)
-{
- result = rmdir("/tmp/testdir");
-}
-
-static void setup_execute_bin_true(void)
-{
- fprintf(domain_fp, "%s /bin/true\n", self_domain);
- fprintf(domain_fp, "use_profile 0\n");
- fprintf(domain_fp, "select pid=%u\n", pid);
-}
-
-static void cleanup_execute_bin_true(void)
-{
- wait(NULL);
- fprintf(domain_fp, "delete %s /bin/true\n", self_domain);
- fprintf(domain_fp, "select pid=%u\n", pid);
-}
-
-static void test_execute_bin_true(void)
-{
- char *argv[] = { "/bin/true", NULL };
- char *envp[] = { "HOME=/", NULL };
- int pipe_fd[2] = { EOF, EOF };
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- switch (fork()) {
- case 0:
- execve("/bin/true", argv, envp);
- error = errno;
- if (write(pipe_fd[1], &error, sizeof(error)) == -1)
- err(1, "write");
- _exit(0);
- break;
- case -1:
- error = ENOMEM;
- break;
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- result = error ? EOF : 0;
- errno = error;
-}
-
-static void test_chmod_dev_null(void)
-{
- result = chmod("/dev/null", 0666);
-}
-
-static void test_chown_dev_null(void)
-{
- result = chown("/dev/null", 0, -1);
-}
-
-static void test_chgrp_dev_null(void)
-{
- result = chown("/dev/null", -1, 0);
-}
-
-static void test_ioctl_dev_null(void)
-{
- int fd = open("/dev/null", O_RDWR);
- errno = 0;
- result = ioctl(fd, 0x5451, NULL);
- error = errno;
- close(fd);
- errno = error;
-}
-
-static void setup_chmod_group(void)
-{
- write_exception_policy("path_group CHMOD_TARGET /dev/null", 0);
- write_exception_policy("number_group CHMOD_MODES 0666", 0);
-}
-
-static void cleanup_chmod_group(void)
-{
- write_exception_policy("path_group CHMOD_TARGET /dev/null", 1);
- write_exception_policy("number_group CHMOD_MODES 0666", 1);
-}
-
-static void setup_chown_group(void)
-{
- write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 0);
- write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 0);
-}
-
-static void cleanup_chown_group(void)
-{
- write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 1);
- write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 1);
-}
-
-static void setup_ioctl_group(void)
-{
- write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 0);
- write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 0);
-}
-
-static void cleanup_ioctl_group(void)
-{
- write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 1);
- write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 1);
-}
-
-static void setup_open_group(void)
-{
- write_exception_policy("path_group READABLE /etc/\\*", 0);
- write_exception_policy("number_group READABLE_IDS 0-0xFFF", 0);
-}
-
-static void cleanup_open_group(void)
-{
- cleanup_file_open();
- write_exception_policy("path_group READABLE /etc/\\*", 1);
- write_exception_policy("number_group READABLE_IDS 0-0xFFF", 1);
-}
-
-static void test_file_open_0(void)
-{
- result = open("/tmp/testfile0", O_RDONLY, 0600);
-}
-
-static void test_file_open_1(void)
-{
- result = open("/tmp/testfile1", O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_2(void)
-{
- result = open("/tmp/testfile2", O_TRUNC | O_RDONLY, 0600);
-}
-
-static void test_file_open_3(void)
-{
- result = open("/tmp/testfile3", O_TRUNC | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_4(void)
-{
- result = open("/tmp/testfile4", O_APPEND | O_RDONLY, 0600);
-}
-
-static void test_file_open_5(void)
-{
- result = open("/tmp/testfile5", O_APPEND | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_6(void)
-{
- result = open("/tmp/testfile6", O_APPEND | O_TRUNC | O_RDONLY, 0600);
-}
-
-static void test_file_open_7(void)
-{
- result = open("/tmp/testfile7",
- O_APPEND | O_TRUNC | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_8(void)
-{
- result = open("/tmp/testfile8", O_WRONLY, 0600);
-}
-
-static void test_file_open_9(void)
-{
- result = open("/tmp/testfile9", O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_10(void)
-{
- result = open("/tmp/testfile10", O_TRUNC | O_WRONLY, 0600);
-}
-
-static void test_file_open_11(void)
-{
- result = open("/tmp/testfile11", O_TRUNC | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_12(void)
-{
- result = open("/tmp/testfile12", O_APPEND | O_WRONLY, 0600);
-}
-
-static void test_file_open_13(void)
-{
- result = open("/tmp/testfile13", O_APPEND | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_14(void)
-{
- result = open("/tmp/testfile14", O_APPEND | O_TRUNC | O_WRONLY, 0600);
-}
-
-static void test_file_open_15(void)
-{
- result = open("/tmp/testfile15",
- O_APPEND | O_TRUNC | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_16(void)
-{
- result = open("/tmp/testfile16", O_RDWR, 0600);
-}
-
-static void test_file_open_17(void)
-{
- result = open("/tmp/testfile17", O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_18(void)
-{
- result = open("/tmp/testfile18", O_TRUNC | O_RDWR, 0600);
-}
-
-static void test_file_open_19(void)
-{
- result = open("/tmp/testfile19", O_TRUNC | O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_20(void)
-{
- result = open("/tmp/testfile20", O_APPEND | O_RDWR, 0600);
-}
-
-static void test_file_open_21(void)
-{
- result = open("/tmp/testfile21", O_APPEND | O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_22(void)
-{
- result = open("/tmp/testfile22", O_APPEND | O_TRUNC | O_RDWR, 0600);
-}
-
-static void test_file_open_23(void)
-{
- result = open("/tmp/testfile23", O_APPEND | O_TRUNC | O_CREAT | O_RDWR,
- 0600);
-}
-
-static void setup_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i += 2) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- close(open(buffer, O_WRONLY | O_CREAT, 0600));
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
-}
-
-static void setup_test_file_truncate(void)
-{
- setup_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
- set_profile(3, "file::truncate");
-}
-
-static void setup_all_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i++) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- close(open(buffer, O_WRONLY | O_CREAT, 0600));
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
-}
-
-static void setup_all_test_file_truncate(void)
-{
- setup_all_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
- set_profile(3, "file::truncate");
-}
-
-static void cleanup_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i++) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- unlink(buffer);
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 1);
- cleanup_file_open();
-}
-
-static void cleanup_test_file_truncate(void)
-{
- cleanup_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 1);
- set_profile(0, "file::truncate");
-}
-
-static struct test_struct {
- void (*do_setup) (void);
- void (*do_test) (void);
- void (*do_cleanup) (void);
- const char *name;
- const char *policy;
-} tests[] = {
- {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- setup_open_group, test_read_etc_fstab, cleanup_open_group,
- "file::open", "allow_read @READABLE"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- NULL, test_chmod_dev_null, NULL, "file::chmod",
- "allow_chmod /dev/null 0666"}, {
- NULL, test_chown_dev_null, NULL, "file::chown",
- "allow_chown /dev/null 0"}, {
- NULL, test_chgrp_dev_null, NULL, "file::chgrp",
- "allow_chgrp /dev/null 0"}, {
- NULL, test_ioctl_dev_null, NULL, "file::ioctl",
- "allow_ioctl /dev/null 0x5451"}, {
- setup_chmod_group, test_chmod_dev_null, cleanup_chmod_group,
- "file::chmod", "allow_chmod @CHMOD_TARGET @CHMOD_MODES"}, {
- setup_chown_group, test_chown_dev_null, cleanup_chown_group,
- "file::chown", "allow_chown @CHOWN_TARGET @CHOWN_IDS"}, {
- setup_chown_group, test_chgrp_dev_null, cleanup_chown_group,
- "file::chgrp", "allow_chgrp @CHOWN_TARGET @CHOWN_IDS"}, {
- setup_ioctl_group, test_ioctl_dev_null, cleanup_ioctl_group,
- "file::ioctl", "allow_ioctl @IOCTL_TARGET @IOCTL_NUMBERS"},
- {
- setup_test_file, test_file_open_0, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile0"}, {
- setup_test_file, test_file_open_1, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile1"}, {
- setup_test_file, test_file_open_1, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile1 0600"}, {
- setup_test_file, test_file_open_2, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile2"}, {
- setup_test_file, test_file_open_2, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile2"}, {
- setup_test_file_truncate, test_file_open_2,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile2"}, {
- setup_test_file, test_file_open_3, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile3"}, {
- setup_test_file, test_file_open_3, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile3 0600"}, {
- setup_test_file, test_file_open_4, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile4"}, {
- setup_test_file, test_file_open_5, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile5"}, {
- setup_test_file, test_file_open_5, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile5 0600"}, {
- setup_test_file, test_file_open_6, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile6"}, {
- setup_test_file, test_file_open_6, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile6"}, {
- setup_test_file_truncate, test_file_open_6,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile6"}, {
- setup_test_file, test_file_open_7, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile7"}, {
- setup_test_file, test_file_open_7, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile7 0600"}, {
- setup_test_file, test_file_open_8, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile8"}, {
- setup_test_file, test_file_open_8, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile9"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile9 0600"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile9"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile10"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile10"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile11"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile11 0600"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile11"}, {
- setup_test_file, test_file_open_12, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile12"}, {
- setup_test_file, test_file_open_13, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile13"}, {
- setup_test_file, test_file_open_13, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile13 0600"}, {
- setup_test_file, test_file_open_14, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile14"}, {
- setup_test_file, test_file_open_14, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile14"}, {
- setup_test_file_truncate, test_file_open_14,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile14"}, {
- setup_test_file, test_file_open_15, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile15"}, {
- setup_test_file, test_file_open_15, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile15 0600"}, {
- setup_test_file, test_file_open_16, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile16"}, {
- setup_test_file, test_file_open_16, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile17"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile17 0600"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile17"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile18"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile18"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile19"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile19 0600"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile19"}, {
- setup_test_file, test_file_open_20, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile20"}, {
- setup_test_file, test_file_open_21, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile21"}, {
- setup_test_file, test_file_open_21, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile21 0600"}, {
- setup_test_file, test_file_open_22, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile22"}, {
- setup_test_file, test_file_open_22, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile22"}, {
- setup_test_file_truncate, test_file_open_22,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile22"}, {
- setup_test_file, test_file_open_23, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile23"}, {
- setup_test_file, test_file_open_23, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile23 0600"}, {
- setup_all_test_file, test_file_open_0, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile0"}, {
- setup_all_test_file, test_file_open_2, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile2"}, {
- setup_all_test_file, test_file_open_2, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile2"}, {
- setup_all_test_file_truncate, test_file_open_2,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile2"}, {
- setup_all_test_file, test_file_open_4, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile4"}, {
- setup_all_test_file, test_file_open_6, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile6"}, {
- setup_all_test_file, test_file_open_6, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile6"}, {
- setup_all_test_file_truncate, test_file_open_6,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile6"}, {
- setup_all_test_file, test_file_open_8, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile8"}, {
- setup_all_test_file, test_file_open_8, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_12, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile12"}, {
- setup_all_test_file, test_file_open_14, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile14"}, {
- setup_all_test_file, test_file_open_14, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile14"}, {
- setup_all_test_file_truncate, test_file_open_14,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile14"}, {
- setup_all_test_file, test_file_open_16, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile16"}, {
- setup_all_test_file, test_file_open_16, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_20, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile20"}, {
- setup_all_test_file, test_file_open_22, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile22"}, {
- setup_all_test_file, test_file_open_22, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile22"}, {
- setup_all_test_file_truncate, test_file_open_22,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile22"}, {
- NULL}
-};
-
-int main(void)
-{
- int i;
- tomoyo_test_init();
- for (i = 0; tests[i].do_test; i++) {
- int trial;
- for (trial = 0; trial < 2; trial++) {
- int should_fail;
- for (should_fail = 0; should_fail < 2; should_fail++) {
- if (tests[i].do_setup)
- tests[i].do_setup();
- if (!should_fail)
- write_domain_policy(tests[i].policy, 0);
- set_profile(3, tests[i].name);
- tests[i].do_test();
- show_result(tests[i].policy, !should_fail);
- set_profile(0, tests[i].name);
- if (tests[i].do_cleanup)
- tests[i].do_cleanup();
- if (!should_fail)
- write_domain_policy(tests[i].policy, 1);
- }
- }
- }
- for (i = 0; tests[i].do_test; i++) {
- int mode;
- for (mode = 0; mode < 4; mode++) {
- if (tests[i].do_setup)
- tests[i].do_setup();
- set_profile(mode, tests[i].name);
- tests[i].do_test();
- show_result(tests[i].name, 1);
- set_profile(0, tests[i].name);
- if (tests[i].do_cleanup)
- tests[i].do_cleanup();
- }
- }
- fprintf(domain_fp, "delete %s\n", self_domain);
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
deleted file mode 100644
index b1897a0fc..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_policy_io_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static FILE *policy_fp = NULL;
-static const char *policy_file = "";
-
-static void try_io(const char *policy, const char should_success)
-{
- FILE *fp = fopen(policy_file, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- printf("%s: ", policy);
- fprintf(policy_fp, "%s\n", policy);
- if (!fp) {
- printf("BUG: policy read failed\n");
- return;
- }
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (!strcmp(buffer, policy)) {
- policy_found = 1;
- break;
- }
- }
- fclose(fp);
- if (should_success) {
- if (policy_found)
- printf("OK\n");
- else
- printf("BUG: policy write failed\n");
- } else {
- if (!policy_found)
- printf("OK : write rejected.\n");
- else
- printf("BUG: policy write not rejected.\n");
- }
- fprintf(policy_fp, "delete %s\n", policy);
-}
-
-static void stage_policy_io_test(void)
-{
- int i;
- policy_file = proc_policy_domain_policy;
- policy_fp = domain_fp;
- for (i = 0; i < 3; i++) {
- try_io("allow_chroot /", 1);
- try_io("allow_chroot ", 0);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /var1/chroot2/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt\\?\\*/", 1);
- try_io("allow_chroot /mnt\\?\\*/", 1);
- try_io("allow_unmount /", 1);
- try_io("allow_unmount /sys1/", 1);
- try_io("allow_unmount /initrd2/", 1);
- try_io("allow_unmount /initrd/dev3/", 1);
- try_io("allow_unmount /initrd/\\*\\+/", 1);
- try_io("allow_unmount /initrd/\\@\\*/", 1);
- try_io("allow_unmount /initrd2/", 1);
- try_io("allow_pivot_root / /proc3/", 1);
- try_io("allow_pivot_root /sys5/ /proc3/", 1);
- try_io("allow_pivot_root /sys/", 0);
- try_io("allow_pivot_root *", 0);
- try_io("allow_pivot_root /sys5/ /proc3/", 1);
- try_io("allow_mount / / --bind 0xD", 1);
- try_io("allow_mount / / --move 0xF", 1);
- try_io("allow_mount / --remount", 0);
- try_io("allow_mount /", 0);
- try_io("allow_mount none /tmp/ tmpfs 0x1", 1);
- try_io("allow_mount none /tmp/ tmpfs", 0);
- try_io("allow_mount none /tmp/ nonexistent 0x0", 1);
- try_io("allow_mount none /proc/ proc 0x0", 1);
- try_io("allow_mount none /selinux/ selinuxfs 0x0", 1);
- try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
- try_io("allow_mount none /dev/pts/ devpts 0x0", 1);
- try_io("allow_mount any / --remount 0xC00", 1);
- try_io("allow_mount /dev/sda1 /boot/ ext3 0xC00", 1);
- try_io("allow_mount none /dev/shm/ tmpfs 0x0", 1);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
- "0x0", 1);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
- "0x0 0x1", 0);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ tmpfs "
- "binfmt_misc 0x0", 0);
- try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
- }
- policy_file = proc_policy_exception_policy;
- policy_fp = exception_fp;
- for (i = 0; i < 3; i++) {
- try_io("allow_read /tmp/abc", 1);
- try_io("allow_read /tmp/abc\\*", 1);
- try_io("allow_read abc", 1);
- try_io("allow_read /tmp/abc/", 1);
- try_io("allow_read", 0);
- try_io("allow_read *", 1);
- try_io("file_pattern /\\*\\*\\*", 1);
- try_io("file_pattern /abc", 1);
- try_io("file_pattern /abc /def", 0);
- try_io("file_pattern abcdef", 1);
- try_io("path_group TEST /", 1);
- try_io("path_group TEST /boo", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST /\\*", 1);
- try_io("path_group TEST / /", 0);
- try_io("path_group TEST /boo", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST boo", 1);
- try_io("path_group TEST boo/", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST3 /\\*", 1);
- try_io("path_group TEST3 / /", 0);
- try_io("path_group TEST3 /boo", 1);
- try_io("path_group TEST3 /bar", 1);
- try_io("path_group TEST3 boo", 1);
- try_io("path_group TEST3 boo/", 1);
- try_io("deny_rewrite /", 1);
- try_io("deny_rewrite /foo", 1);
- try_io("deny_rewrite /\\*", 1);
- try_io("deny_rewrite /\\:", 0);
- try_io("deny_rewrite / /", 0);
- try_io("deny_rewrite @/TEST", 1);
- try_io("aggregator /boo/\\* /BOO", 1);
- try_io("aggregator /boo/\\* /BOO\\*", 0);
- try_io("aggregator /boo/\\*/ /BOO", 1);
- try_io("aggregator /boo/\\* /BOO/", 1);
- try_io("keep_domain <kernel>", 1);
- try_io("keep_domain <kernel> /sbin/init", 1);
- try_io("keep_domain <kernel> foo", 0);
- try_io("keep_domain <kernel> \\*", 0);
- try_io("keep_domain /ssh", 1);
- try_io("keep_domain /ssh /foo", 0);
- try_io("keep_domain /foo from <kernel>", 1);
- try_io("keep_domain /foo from <kernel> /sbin/init", 1);
- try_io("keep_domain from <kernel> /sbin/init", 0);
- try_io("keep_domain \\* from <kernel> /sbin/init", 0);
- try_io("no_keep_domain <kernel>", 1);
- try_io("no_keep_domain <kernel> /sbin/init", 1);
- try_io("no_keep_domain <kernel> foo", 0);
- try_io("no_keep_domain <kernel> \\*", 0);
- try_io("no_keep_domain /ssh", 1);
- try_io("no_keep_domain /ssh /foo", 0);
- try_io("no_keep_domain /foo from <kernel>", 1);
- try_io("no_keep_domain /foo from <kernel> /sbin/init", 1);
- try_io("no_keep_domain from <kernel> /sbin/init", 0);
- try_io("no_keep_domain \\* from <kernel> /sbin/init", 0);
- try_io("initialize_domain /foo", 1);
- try_io("initialize_domain /\\*", 1);
- try_io("initialize_domain /foo /bar", 0);
- try_io("initialize_domain /foo from /bar", 1);
- try_io("initialize_domain /foo from <kernel> /bar", 1);
- try_io("initialize_domain /\\* from <kernel>", 1);
- try_io("initialize_domain /foo from <kernel> \\*", 0);
- try_io("no_initialize_domain /foo", 1);
- try_io("no_initialize_domain /\\*", 1);
- try_io("no_initialize_domain /foo /bar", 0);
- try_io("no_initialize_domain /foo from /bar", 1);
- try_io("no_initialize_domain /foo from <kernel> /bar", 1);
- try_io("no_initialize_domain /\\* from <kernel>", 1);
- try_io("no_initialize_domain /foo from <kernel> \\*", 0);
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
- stage_policy_io_test();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
deleted file mode 100644
index a6620ba30..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_policy_memory_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-/*
- * Usage: Run this program using init= boot option.
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/mount.h>
-
-static void BUG(const char *msg)
-{
- printf("%s", msg);
- fflush(stdout);
- while (1)
- sleep(100);
-}
-
-static const char *policy_file = NULL;
-static const char *policy = NULL;
-
-static void get_meminfo(unsigned int *policy_memory)
-{
- FILE *fp = fopen("/sys/kernel/security/tomoyo/meminfo", "r");
- if (!fp || fscanf(fp, "Policy: %u", policy_memory) != 1 || fclose(fp))
- BUG("BUG: Policy read error\n");
-}
-
-static void check_policy_common(const int found_expected, const int id)
-{
- FILE *fp = fopen(policy_file, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp)
- BUG("BUG: Policy read error\n");
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found != found_expected) {
- printf("BUG: Policy write error: %s %s at %d\n", policy,
- found_expected ? "not added" : "not deleted", id);
- BUG("");
- }
-}
-
-static inline void check_policy_written(FILE * fp, const int id)
-{
- fflush(fp);
- check_policy_common(1, id);
-}
-
-static inline void check_policy_deleted(FILE * fp, const int id)
-{
- fflush(fp);
- check_policy_common(0, id);
-}
-
-static const char *domain_testcases[] = {
- "allow_create /tmp/mknod_reg_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_execute /bin/true",
- "allow_execute /bin/true",
- "allow_execute /bin/true0",
- "allow_execute /bin/true1",
- "allow_execute /bin/true2",
- "allow_execute /bin/true3",
- "allow_execute /bin/true4",
- "allow_execute /bin/true5",
- "allow_execute /bin/true6",
- "allow_execute /bin/true7",
- "allow_execute /bin/true7",
- "allow_execute /bin/true7",
- "allow_execute /bin/true8",
- "allow_ioctl socket:[family=2:type=2:protocol=17] 0-35122",
- "allow_ioctl socket:[family=2:type=2:protocol=17] 35122-35124",
- "allow_link /tmp/link_source_test /tmp/link_dest_test",
- "allow_mkblock /tmp/mknod_blk_test 0600 1 0",
- "allow_mkchar /tmp/mknod_chr_test 0600 1 3",
- "allow_mkdir /tmp/mkdir_test/ 0755",
- "allow_mkfifo /tmp/mknod_fifo_test 0600",
- "allow_mkfifo /tmp/mknod_fifo_test 0600",
- "allow_mksock /tmp/mknod_sock_test 0600",
- "allow_mksock /tmp/socket_test 0600",
- "allow_read /bin/true",
- "allow_read /bin/true",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /foo",
- "allow_read /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /bar",
- "allow_read/write /dev/null",
- "allow_read/write /dev/null",
- "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /tmp/fifo",
- "allow_read/write /tmp/fifo",
- "allow_read/write /tmp/rewrite_test",
- "allow_rename /tmp/rename_source_test /tmp/rename_dest_test",
- "allow_rmdir /tmp/rmdir_test/",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_truncate /tmp/rewrite_test",
- "allow_truncate /tmp/truncate_test",
- "allow_truncate /tmp/truncate_test",
- "allow_unlink /tmp/unlink_test",
- "allow_write /123",
- "allow_write /dev/null",
- "allow_write /dev/null",
- "allow_write /devfile",
- "allow_write /devfile",
- "allow_write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_write /tmp/open_test",
- "allow_write /tmp/open_test",
- "allow_write /tmp/open_test",
- "allow_write /tmp/truncate_test",
- "allow_write /tmp/truncate_test",
- "allow_rewrite /tmp/rewrite_test",
- "allow_rewrite /tmp/rewrite_test",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
- "allow_chroot /",
- "allow_chroot /",
- "allow_chroot /mnt/",
- "allow_pivot_root / /proc/",
- "allow_pivot_root /mnt/ /proc/mnt/",
- "allow_unmount /",
- "allow_unmount /proc/",
- NULL
-};
-
-static void domain_policy_test(const unsigned int before)
-{
- unsigned int after;
- int j;
- policy_file = "/sys/kernel/security/tomoyo/domain_policy";
- for (j = 0; domain_testcases[j]; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- fprintf(fp, "<kernel>\n");
- policy = domain_testcases[j];
- printf("Processing: %s\n", policy);
- for (i = 0; i < 100; i++) {
- fprintf(fp, "%s\n", policy);
- if (!i)
- check_policy_written(fp, 1);
- fprintf(fp, "delete %s\n", policy);
- }
- check_policy_deleted(fp, 1);
- for (i = 0; i < 100; i++)
- fprintf(fp, "%s\n", policy);
- check_policy_written(fp, 2);
- fprintf(fp, "delete %s\n", policy);
- check_policy_deleted(fp, 2);
- fclose(fp);
- for (i = 0; i < 30; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
- for (j = 0; j < 10; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- fprintf(fp, "<kernel> /sbin/init\n");
- for (i = 0; domain_testcases[i]; i++)
- fprintf(fp, "%s\n", domain_testcases[i]);
- fprintf(fp, "delete <kernel> /sbin/init\n");
- fclose(fp);
- for (i = 0; i < 50; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
-}
-
-static const char *exception_testcases[] = {
- "allow_read /tmp/mknod_reg_test",
- "allow_env HOME",
- "path_group PG1 /",
- "path_group PG2 /",
- "address_group AG3 0.0.0.0",
- "address_group AG3 1.2.3.4-5.6.7.8",
- "address_group AG3 f:ee:ddd:cccc:b:aa:999:8888",
- "address_group AG4 0:1:2:3:4:5:6:7-8:90:a00:b000:c00:d0:e:f000",
- "number_group NG1 1000",
- "number_group NG2 10-0x100000",
- "number_group NG3 01234567-0xABCDEF89",
- "deny_autobind 1024",
- "deny_autobind 32668-65535",
- "deny_autobind 0-1023",
- "initialize_domain /usr/sbin/sshd",
- "no_initialize_domain /usr/sbin/sshd",
- "initialize_domain /usr/sbin/sshd from /bin/bash",
- "no_initialize_domain /usr/sbin/sshd from /bin/bash",
- "initialize_domain /usr/sbin/sshd from "
- "<kernel> /bin/mingetty/bin/bash",
- "no_initialize_domain /usr/sbin/sshd from "
- "<kernel> /bin/mingetty/bin/bash",
- "keep_domain <kernel> /usr/sbin/sshd /bin/bash",
- "no_keep_domain <kernel> /usr/sbin/sshd /bin/bash",
- "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
- "no_keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
- "keep_domain /bin/pwd from /bin/bash",
- "no_keep_domain /bin/pwd from /bin/bash",
- "file_pattern /proc/\\$/task/\\$/environ",
- "file_pattern /proc/\\$/task/\\$/auxv",
- "allow_read /etc/ld.so.cache",
- "allow_read /proc/meminfo",
- "allow_read /proc/sys/kernel/version",
- "allow_read /etc/localtime",
- "allow_read /proc/self/task/\\$/attr/current",
- "allow_read /proc/self/task/\\$/oom_score",
- "allow_read /proc/self/wchan",
- "allow_read /lib/ld-2.5.so",
- "file_pattern pipe:[\\$]",
- "file_pattern socket:[\\$]",
- "file_pattern /var/cache/logwatch/logwatch.\\*/",
- "file_pattern /var/cache/logwatch/logwatch.\\*/\\*",
- "deny_rewrite /var/log/\\*",
- "deny_rewrite /var/log/\\*/\\*",
- "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+smb /etc/rc.d/init.d/smb",
- "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+crond /etc/rc.d/init.d/crond",
- NULL
-};
-
-static void exception_policy_test(const unsigned int before)
-{
- unsigned int after;
- int j;
- policy_file = "/sys/kernel/security/tomoyo/exception_policy";
- for (j = 0; exception_testcases[j]; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- policy = exception_testcases[j];
- printf("Processing: %s\n", policy);
- for (i = 0; i < 100; i++) {
- fprintf(fp, "%s\n", policy);
- if (!i)
- check_policy_written(fp, 1);
- fprintf(fp, "delete %s\n", policy);
- }
- check_policy_deleted(fp, 1);
- for (i = 0; i < 100; i++)
- fprintf(fp, "%s\n", policy);
- check_policy_written(fp, 2);
- fprintf(fp, "delete %s\n", policy);
- check_policy_deleted(fp, 2);
- fclose(fp);
- for (i = 0; i < 30; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
- for (j = 0; j < 10; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- for (i = 0; exception_testcases[i]; i++)
- fprintf(fp, "%s\n", exception_testcases[i]);
- for (i = 0; exception_testcases[i]; i++)
- fprintf(fp, "delete %s\n", exception_testcases[i]);
- fclose(fp);
- for (i = 0; i < 50; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
-}
-
-int main(void)
-{
- unsigned int before;
- mount("/proc", "/proc/", "proc", 0, NULL);
- get_meminfo(&before);
- domain_policy_test(before);
- exception_policy_test(before);
- BUG("Policy read/write test: Success\n");
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c b/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
deleted file mode 100644
index 7bc22c39b..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_rewrite_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int should_fail = 0;
-
-static void show_prompt(const char *str)
-{
- printf("Testing %35s: (%s) ", str,
- should_fail ? "must fail" : "must success");
- errno = 0;
-}
-
-static void show_result(int result)
-{
- if (should_fail) {
- if (result == EOF) {
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG!\n");
- } else {
- printf("BUG!\n");
- }
- } else {
- if (result != EOF)
- printf("OK\n");
- else
- printf("BUG!\n");
- }
-}
-
-#define REWRITE_PATH "/tmp/rewrite_test"
-
-static void stage_rewrite_test(void)
-{
- int fd;
-
- /* Start up */
- write_domain_policy("allow_read/write " REWRITE_PATH, 0);
- write_domain_policy("allow_truncate " REWRITE_PATH, 0);
- write_domain_policy("allow_create " REWRITE_PATH " 0600", 0);
- write_domain_policy("allow_unlink " REWRITE_PATH, 0);
- write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::truncate");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::unlink");
- close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
-
- /* Enforce mode */
- should_fail = 0;
-
- show_prompt("open(O_RDONLY)");
- fd = open(REWRITE_PATH, O_RDONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_result(fd);
- close(fd);
-
- should_fail = 1;
- show_prompt("open(O_WRONLY)");
- fd = open(REWRITE_PATH, O_WRONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(REWRITE_PATH, 0));
-
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_prompt("ftruncate()");
- show_result(ftruncate(fd, 0));
-
- show_prompt("fcntl(F_SETFL, ~O_APPEND)");
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
- close(fd);
-
- /* Permissive mode */
- set_profile(2, "file::open");
- set_profile(2, "file::create");
- set_profile(2, "file::truncate");
- set_profile(2, "file::rewrite");
- set_profile(2, "file::unlink");
- should_fail = 0;
-
- show_prompt("open(O_RDONLY)");
- fd = open(REWRITE_PATH, O_RDONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY)");
- fd = open(REWRITE_PATH, O_WRONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(REWRITE_PATH, 0));
-
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_prompt("ftruncate()");
- show_result(ftruncate(fd, 0));
-
- show_prompt("fcntl(F_SETFL, ~O_APPEND)");
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
- close(fd);
-
- /* Clean up */
- unlink(REWRITE_PATH);
- write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
- printf("\n\n");
-}
-
-int main(void)
-{
- tomoyo_test_init();
- stage_rewrite_test();
- clear_status();
- return 0;
-}
--
2.35.3
More information about the ltp
mailing list