[LTP] [PATCH v1] [RFC] Remove tomoyo testing suite
Andrea Cervesato
andrea.cervesato@suse.com
Thu Mar 2 10:41:36 CET 2023
Hi,
an update: tomoyo linux is still maintained in Kernel Linux
(https://github.com/torvalds/linux/commits/master/security/tomoyo), but
we ask if LTP is still used to test it or we can remove the testing
suite due to API deprecation.
If not, we should find someone who wants/needs to maintain it, because
some API that the testing suite is using are going to be
deprecated/removed in the next future.
Regards,
Andrea
On 3/2/23 10:34, Andrea Cervesato wrote:
> The tomoyo testing suite is built and installed inside the LTP testcases
> folder, but it's not used by any runtest file. It seems an old and
> unmaintained testing suite that uses old LTP API and ltp_clone_quick
> that is going to be deprecated.
>
> We suppose to update it using new LTP API, cleaning up the code and
> removing deprecated functions, but nowadays the whole Tomoyo linux
> functionality seems replaced by SELinux or AppArmor and not maintained
> anymore in years of development.
>
> For this reason, this patch is going to remove it from LTP installation.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> testcases/kernel/security/tomoyo/.gitignore | 9 -
> testcases/kernel/security/tomoyo/Makefile | 29 -
> testcases/kernel/security/tomoyo/README | 58 --
> testcases/kernel/security/tomoyo/include.h | 379 ----------
> testcases/kernel/security/tomoyo/newns.c | 49 --
> testcases/kernel/security/tomoyo/testall.sh | 46 --
> .../security/tomoyo/tomoyo_accept_test.c | 146 ----
> .../kernel/security/tomoyo/tomoyo_file_test.c | 304 --------
> .../security/tomoyo/tomoyo_filesystem_test.c | 633 -----------------
> .../security/tomoyo/tomoyo_new_file_test.c | 627 -----------------
> .../kernel/security/tomoyo/tomoyo_new_test.c | 652 ------------------
> .../security/tomoyo/tomoyo_policy_io_test.c | 195 ------
> .../tomoyo/tomoyo_policy_memory_test.c | 358 ----------
> .../security/tomoyo/tomoyo_rewrite_test.c | 169 -----
> 14 files changed, 3654 deletions(-)
> delete mode 100644 testcases/kernel/security/tomoyo/.gitignore
> delete mode 100644 testcases/kernel/security/tomoyo/Makefile
> delete mode 100644 testcases/kernel/security/tomoyo/README
> delete mode 100644 testcases/kernel/security/tomoyo/include.h
> delete mode 100644 testcases/kernel/security/tomoyo/newns.c
> delete mode 100644 testcases/kernel/security/tomoyo/testall.sh
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_accept_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_file_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
> delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
>
> diff --git a/testcases/kernel/security/tomoyo/.gitignore b/testcases/kernel/security/tomoyo/.gitignore
> deleted file mode 100644
> index 698646d93..000000000
> --- a/testcases/kernel/security/tomoyo/.gitignore
> +++ /dev/null
> @@ -1,9 +0,0 @@
> -/newns
> -/tomoyo_accept_test
> -/tomoyo_file_test
> -/tomoyo_filesystem_test
> -/tomoyo_new_file_test
> -/tomoyo_new_test
> -/tomoyo_policy_io_test
> -/tomoyo_policy_memory_test
> -/tomoyo_rewrite_test
> diff --git a/testcases/kernel/security/tomoyo/Makefile b/testcases/kernel/security/tomoyo/Makefile
> deleted file mode 100644
> index 00e4cc3ed..000000000
> --- a/testcases/kernel/security/tomoyo/Makefile
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -#
> -# kernel/security/smack testcase Makefile
> -#
> -# Copyright (C) 2009, Cisco Systems Inc.
> -#
> -# This program is free software; you can redistribute it and/or modify
> -# it under the terms of the GNU General Public License as published by
> -# the Free Software Foundation; either version 2 of the License, or
> -# (at your option) any later version.
> -#
> -# This program is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -# GNU General Public License for more details.
> -#
> -# You should have received a copy of the GNU General Public License along
> -# with this program; if not, write to the Free Software Foundation, Inc.,
> -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> -#
> -# Ngie Cooper, July 2009
> -#
> -
> -top_srcdir ?= ../../../..
> -
> -include $(top_srcdir)/include/mk/testcases.mk
> -
> -INSTALL_TARGETS := testall.sh
> -
> -include $(top_srcdir)/include/mk/generic_leaf_target.mk
> diff --git a/testcases/kernel/security/tomoyo/README b/testcases/kernel/security/tomoyo/README
> deleted file mode 100644
> index 0cb538868..000000000
> --- a/testcases/kernel/security/tomoyo/README
> +++ /dev/null
> @@ -1,58 +0,0 @@
> -Always look here for latest version of these tests:
> -http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/?root=tomoyo
> -
> -These testcases test the TOMOYO Security Module. And they are not part of
> -default LTP build/install/run.
> -
> -A kernel with TOMOYO configured is required to run the TOMOYO testsuite.
> -The securityfs filesystem must be mounted at /sys/kernel/security .
> -
> -Preparation steps are:
> -
> -1) Download tomoyo-tools package and extract and build and install.
> -
> - # wget -O tomoyo-tools.tar.gz 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar'
> - # tar -zxf tomoyo-tools.tar.gz
> - # make -C tomoyo-tools/ install
> -
> - Programs are installed in /usr/sbin/ with prefix "tomoyo-" and
> - /usr/lib/tomoyo/ directory without prefix "tomoyo-".
> -
> - You can make a RPM package by "rpmbuild -bb tomoyo-tools/tomoyo-tools.spec" and
> - a DEB package by "alien -k" after "rpmbuild -bb".
> -
> -2) Run /usr/lib/tomoyo/init_policy .
> -
> - This will take several minutes.
> -
> - Hiding kernel source directory by "mount -t tmpfs none /usr/src/linux/"
> - would save some time.
> -
> - Configuration files are saved in /etc/tomoyo/ directory.
> - You can do "rm -fR /etc/tomoyo/" if you want to uninstall.
> -
> -3) Reboot the system with TOMOYO enabled kernel.
> -
> - To make sure TOMOYO is selected, you can add security=tomoyo to kernel's
> - command line.
> -
> -4) Build the tests.
> -
> - # (extract the tar ball containing the tests.)
> - # make autotools
> - # ./configure
> - # cd testcases/kernel/security/tomoyo/
> - # make
> - # find `/bin/pwd` -type f -perm +100 >> /etc/tomoyo/manager.conf
> - # /usr/sbin/tomoyo-loadpolicy m
> -
> -Test steps are:
> -
> -1) Run the tests from the directory you ran "make".
> -
> - # ./testall.sh
> -
> - Please don't run the tests inside /tmp/ directory, for /tmp/ directory is
> - hidden by "newns" (a wrapper program to run the test in a new namespace).
> -
> - You can use "| grep -vF OK" to pick up only failed tests as testall.sh does.
> diff --git a/testcases/kernel/security/tomoyo/include.h b/testcases/kernel/security/tomoyo/include.h
> deleted file mode 100644
> index edaf1170f..000000000
> --- a/testcases/kernel/security/tomoyo/include.h
> +++ /dev/null
> @@ -1,379 +0,0 @@
> -/******************************************************************************/
> -/* */
> -/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
> -/* */
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * include.h
> - *
> - * Common functions for testing TOMOYO Linux's kernel.
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include <errno.h>
> -#include <fcntl.h>
> -#include <linux/kdev_t.h>
> -#include <linux/unistd.h>
> -#include <pty.h>
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <string.h>
> -#include <sys/socket.h>
> -#include <sys/stat.h>
> -#include <sys/syscall.h>
> -#include <sys/time.h>
> -#include <sys/timex.h>
> -#include <sys/types.h>
> -#include <sys/un.h>
> -#include <sys/wait.h>
> -#include <time.h>
> -#include <unistd.h>
> -#include <utime.h>
> -#include <sched.h>
> -#include <stdarg.h>
> -#include <sys/mount.h>
> -#include <arpa/inet.h>
> -#include <net/if.h>
> -#include <linux/ip.h>
> -#include <err.h>
> -#include "test.h"
> -
> -/*
> - * Some architectures like mips n32 don't have __NR_uselib defined in the
> - * system headers.
> - */
> -#ifdef __NR_uselib
> -static inline int uselib(const char *library)
> -{
> - return syscall(__NR_uselib, library);
> -}
> -#else
> -static inline int uselib(const char *library)
> -{
> - errno = ENOSYS;
> - return -1;
> -}
> -#endif
> -
> -/* Is there an architecture without __NR_pivot_root defined? */
> -#ifdef __NR_pivot_root
> -static inline int pivot_root(const char *new_root, const char *put_old)
> -{
> - return syscall(__NR_pivot_root, new_root, put_old);
> -}
> -#else
> -static inline int pivot_root(const char *new_root, const char *put_old)
> -{
> - errno = ENOSYS;
> - return -1;
> -}
> -#endif
> -
> -/* The sysctl() wrapper is dead and newer arches omit it now. */
> -static inline int write_sysctl(const char *path, const char *value)
> -{
> - FILE *fp = fopen(path, "w");
> - if (!fp)
> - return 1;
> - fputs(value, fp);
> - fclose(fp);
> - return 0;
> -}
> -
> -static inline int read_sysctl(const char *path, char *value, int len)
> -{
> - char scratch[100];
> - FILE *fp = fopen(path, "r");
> - if (!fp)
> - return 1;
> - if (!value) {
> - value = scratch;
> - len = sizeof(scratch);
> - }
> - if (fgets(value, len, fp))
> - /* ignore */;
> - fclose(fp);
> - return 0;
> -}
> -
> -/* Should be a fairly benign path to bang on. */
> -#define TEST_SYSCTL_PATH "/proc/sys/net/ipv4/ip_local_port_range"
> -
> -#define proc_policy_dir "/sys/kernel/security/tomoyo/"
> -#define proc_policy_domain_policy "/sys/kernel/security/tomoyo/domain_policy"
> -#define proc_policy_exception_policy "/sys/kernel/security/tomoyo/exception_policy"
> -#define proc_policy_profile "/sys/kernel/security/tomoyo/profile"
> -#define proc_policy_manager "/sys/kernel/security/tomoyo/manager"
> -#define proc_policy_query "/sys/kernel/security/tomoyo/query"
> -#define proc_policy_grant_log "/sys/kernel/security/tomoyo/grant_log"
> -#define proc_policy_reject_log "/sys/kernel/security/tomoyo/reject_log"
> -#define proc_policy_domain_status "/sys/kernel/security/tomoyo/.domain_status"
> -#define proc_policy_process_status "/sys/kernel/security/tomoyo/.process_status"
> -#define proc_policy_self_domain "/sys/kernel/security/tomoyo/self_domain"
> -
> -static FILE *profile_fp = NULL;
> -static FILE *domain_fp = NULL;
> -static FILE *exception_fp = NULL;
> -static char self_domain[4096] = "";
> -static pid_t pid = 0;
> -
> -static void clear_status(void)
> -{
> - static const char *keywords[] = {
> - "file::execute",
> - "file::open",
> - "file::create",
> - "file::unlink",
> - "file::mkdir",
> - "file::rmdir",
> - "file::mkfifo",
> - "file::mksock",
> - "file::truncate",
> - "file::symlink",
> - "file::rewrite",
> - "file::mkblock",
> - "file::mkchar",
> - "file::link",
> - "file::rename",
> - "file::chmod",
> - "file::chown",
> - "file::chgrp",
> - "file::ioctl",
> - "file::chroot",
> - "file::mount",
> - "file::umount",
> - "file::pivot_root",
> - NULL
> - };
> - int i;
> - FILE *fp = fopen(proc_policy_profile, "r");
> - static char buffer[4096];
> - if (!fp) {
> - fprintf(stderr, "Can't open %s\n", proc_policy_profile);
> - exit(1);
> - }
> - for (i = 0; keywords[i]; i++)
> - fprintf(profile_fp,
> - "255-CONFIG::%s={ mode=disabled }\n",
> - keywords[i]);
> - while (memset(buffer, 0, sizeof(buffer)),
> - fgets(buffer, sizeof(buffer) - 10, fp)) {
> - const char *mode;
> - char *cp = strchr(buffer, '=');
> - if (!cp)
> - continue;
> - *cp = '\0';
> - mode = cp + 1;
> - cp = strchr(buffer, '-');
> - if (!cp)
> - continue;
> - *cp++ = '\0';
> - if (strcmp(buffer, "0"))
> - continue;
> - fprintf(profile_fp, "255-%s", cp);
> - if (!strcmp(cp, "COMMENT"))
> - mode = "Profile for kernel test\n";
> - else
> - mode = "{ mode=disabled verbose=no }\n";
> - fprintf(profile_fp, "255-%s=%s", cp, mode);
> - }
> - fprintf(profile_fp, "255-PREFERENCE::learning= verbose=no\n");
> - fprintf(profile_fp, "255-PREFERENCE::enforcing= verbose=no\n");
> - fprintf(profile_fp, "255-PREFERENCE::permissive= verbose=no\n");
> - fprintf(profile_fp, "255-PREFERENCE::disabled= verbose=no\n");
> - fprintf(profile_fp, "255-PREFERENCE::learning= max_entry=2048\n");
> - fflush(profile_fp);
> - fclose(fp);
> -}
> -
> -static void tomoyo_test_init(void)
> -{
> - pid = getpid();
> - if (access(proc_policy_dir, F_OK)) {
> - fprintf(stderr, "You can't use this program for this kernel."
> - "\n");
> - exit(1);
> - }
> - profile_fp = fopen(proc_policy_profile, "w");
> - if (!profile_fp) {
> - fprintf(stderr, "Can't open %s .\n", proc_policy_profile);
> - exit(1);
> - }
> - setlinebuf(profile_fp);
> - domain_fp = fopen(proc_policy_domain_policy, "w");
> - if (!domain_fp) {
> - fprintf(stderr, "Can't open %s .\n",
> - proc_policy_domain_policy);
> - exit(1);
> - }
> - setlinebuf(domain_fp);
> - exception_fp = fopen(proc_policy_exception_policy, "w");
> - if (!exception_fp) {
> - fprintf(stderr, "Can't open %s .\n",
> - proc_policy_exception_policy);
> - exit(1);
> - }
> - setlinebuf(exception_fp);
> - if (fputc('\n', profile_fp) != '\n' || fflush(profile_fp)) {
> - fprintf(stderr, "You need to register this program to %s to "
> - "run this program.\n", proc_policy_manager);
> - exit(1);
> - }
> - clear_status();
> - {
> - FILE *fp = fopen(proc_policy_self_domain, "r");
> - memset(self_domain, 0, sizeof(self_domain));
> - if (!fp || !fgets(self_domain, sizeof(self_domain) - 1, fp) ||
> - fclose(fp)) {
> - fprintf(stderr, "Can't open %s .\n",
> - proc_policy_self_domain);
> - exit(1);
> - }
> - }
> - fprintf(domain_fp, "select pid=%u\n", pid);
> - fprintf(domain_fp, "use_profile 255\n");
> - fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/domain_policy\n");
> - fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/domain_policy\n");
> - fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/exception_policy\n");
> - fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/exception_policy\n");
> - fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/profile\n");
> - fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/profile\n");
> -}
> -
> -static void BUG(const char *fmt, ...)
> - __attribute__ ((format(printf, 1, 2)));
> -
> -static void BUG(const char *fmt, ...)
> -{
> - va_list args;
> - printf("BUG: ");
> - va_start(args, fmt);
> - vprintf(fmt, args);
> - va_end(args);
> - putchar('\n');
> - fflush(stdout);
> - while (1)
> - sleep(100);
> -}
> -
> -int write_domain_policy(const char *policy, int is_delete)
> -{
> - FILE *fp = fopen(proc_policy_domain_policy, "r");
> - char buffer[8192];
> - int domain_found = 0;
> - int policy_found = 0;
> - memset(buffer, 0, sizeof(buffer));
> - if (!fp) {
> - BUG("Can't read %s", proc_policy_domain_policy);
> - return 0;
> - }
> - if (is_delete)
> - fprintf(domain_fp, "delete ");
> - fprintf(domain_fp, "%s\n", policy);
> - while (fgets(buffer, sizeof(buffer) - 1, fp)) {
> - char *cp = strchr(buffer, '\n');
> - if (cp)
> - *cp = '\0';
> - if (!strncmp(buffer, "<kernel>", 8))
> - domain_found = !strcmp(self_domain, buffer);
> - if (!domain_found)
> - continue;
> - /* printf("<%s>\n", buffer); */
> - if (strcmp(buffer, policy))
> - continue;
> - policy_found = 1;
> - break;
> - }
> - fclose(fp);
> - if (policy_found == is_delete) {
> - BUG("Can't %s %s", is_delete ? "delete" : "append",
> - policy);
> - return 0;
> - }
> - errno = 0;
> - return 1;
> -
> -}
> -
> -int write_exception_policy(const char *policy, int is_delete)
> -{
> - FILE *fp = fopen(proc_policy_exception_policy, "r");
> - char buffer[8192];
> - int policy_found = 0;
> - memset(buffer, 0, sizeof(buffer));
> - if (!fp) {
> - BUG("Can't read %s", proc_policy_exception_policy);
> - return 0;
> - }
> - if (is_delete)
> - fprintf(exception_fp, "delete ");
> - fprintf(exception_fp, "%s\n", policy);
> - while (fgets(buffer, sizeof(buffer) - 1, fp)) {
> - char *cp = strchr(buffer, '\n');
> - if (cp)
> - *cp = '\0';
> - if (strcmp(buffer, policy))
> - continue;
> - policy_found = 1;
> - break;
> - }
> - fclose(fp);
> - if (policy_found == is_delete) {
> - BUG("Can't %s %s", is_delete ? "delete" : "append",
> - policy);
> - return 0;
> - }
> - errno = 0;
> - return 1;
> -
> -}
> -
> -int set_profile(const int mode, const char *name)
> -{
> - static const char *modes[4] = { "disabled", "learning", "permissive",
> - "enforcing" };
> - FILE *fp = fopen(proc_policy_profile, "r");
> - char buffer[8192];
> - int policy_found = 0;
> - const int len = strlen(name);
> - if (!fp) {
> - BUG("Can't read %s", proc_policy_profile);
> - return 0;
> - }
> - fprintf(profile_fp, "255-CONFIG::%s=%s\n", name, modes[mode]);
> - while (memset(buffer, 0, sizeof(buffer)),
> - fgets(buffer, sizeof(buffer) - 1, fp)) {
> - char *cp = strchr(buffer, '\n');
> - if (cp)
> - *cp = '\0';
> - if (strncmp(buffer, "255-CONFIG::", 12) ||
> - strncmp(buffer + 12, name, len) ||
> - buffer[12 + len] != '=')
> - continue;
> - if (strstr(buffer + 13 + len, modes[mode]))
> - policy_found = 1;
> - break;
> - }
> - fclose(fp);
> - if (!policy_found) {
> - BUG("Can't change profile to 255-CONFIG::%s=%s",
> - name, modes[mode]);
> - return 0;
> - }
> - errno = 0;
> - return 1;
> -}
> diff --git a/testcases/kernel/security/tomoyo/newns.c b/testcases/kernel/security/tomoyo/newns.c
> deleted file mode 100644
> index f888ca31f..000000000
> --- a/testcases/kernel/security/tomoyo/newns.c
> +++ /dev/null
> @@ -1,49 +0,0 @@
> -/******************************************************************************/
> -/* */
> -/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
> -/* */
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -
> -#define _GNU_SOURCE
> -
> -#include <stdio.h>
> -#include <sys/types.h>
> -#include <sys/wait.h>
> -#include <sys/mount.h>
> -#include <unistd.h>
> -#include <sched.h>
> -#include <errno.h>
> -#include <stdlib.h>
> -#include "test.h"
> -
> -static int child(void *arg)
> -{
> - char **argv = (char **)arg;
> - argv++;
> - mount("/tmp/", "/tmp/", "tmpfs", 0, NULL);
> - execvp(argv[0], argv);
> - _exit(1);
> -}
> -
> -int main(int argc, char *argv[])
> -{
> - char c = 0;
> - const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, (void *)argv);
> - while (waitpid(pid, NULL, __WALL) == EOF && errno == EINTR)
> - c++; /* Dummy. */
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/testall.sh b/testcases/kernel/security/tomoyo/testall.sh
> deleted file mode 100644
> index b103be6c6..000000000
> --- a/testcases/kernel/security/tomoyo/testall.sh
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -#! /bin/sh
> -################################################################################
> -## ##
> -## Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 ##
> -## ##
> -## This program is free software; you can redistribute it and#or modify ##
> -## it under the terms of the GNU General Public License as published by ##
> -## the Free Software Foundation; either version 2 of the License, or ##
> -## (at your option) any later version. ##
> -## ##
> -## This program is distributed in the hope that it will be useful, but ##
> -## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
> -## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
> -## for more details. ##
> -## ##
> -## You should have received a copy of the GNU General Public License ##
> -## along with this program; if not, write to the Free Software ##
> -## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ##
> -## ##
> -################################################################################
> -
> -cd ${0%/*}
> -export PATH=$PWD:${PATH}
> -
> -echo "Testing all. (All results are reported)"
> -newns tomoyo_accept_test
> -newns tomoyo_filesystem_test
> -newns tomoyo_file_test
> -newns tomoyo_rewrite_test
> -newns tomoyo_new_file_test
> -newns tomoyo_new_test
> -echo
> -echo
> -echo
> -echo "Testing all. (Only ERRORS are reported)"
> -newns tomoyo_accept_test | grep -vF Done
> -newns tomoyo_filesystem_test | grep -vF OK | grep -F '('
> -newns tomoyo_file_test | grep -vF OK | grep -F '('
> -newns tomoyo_rewrite_test | grep -vF OK | grep -F '('
> -newns tomoyo_new_test | grep -vF OK
> -echo
> -echo
> -echo
> -echo "Testing policy I/O. (Only ERRORS are reported)"
> -newns tomoyo_policy_io_test | grep -vF OK
> -newns tomoyo_new_file_test | grep -vF OK
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c b/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
> deleted file mode 100644
> index 335818a25..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
> +++ /dev/null
> @@ -1,146 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_accept_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static void set_level(const int i)
> -{
> - set_profile(i, "file::execute");
> - set_profile(i, "file::open");
> - set_profile(i, "file::create");
> - set_profile(i, "file::unlink");
> - set_profile(i, "file::mkdir");
> - set_profile(i, "file::rmdir");
> - set_profile(i, "file::mkfifo");
> - set_profile(i, "file::mksock");
> - set_profile(i, "file::truncate");
> - set_profile(i, "file::symlink");
> - set_profile(i, "file::rewrite");
> - set_profile(i, "file::mkblock");
> - set_profile(i, "file::mkchar");
> - set_profile(i, "file::link");
> - set_profile(i, "file::rename");
> - set_profile(i, "file::chmod");
> - set_profile(i, "file::chown");
> - set_profile(i, "file::chgrp");
> - set_profile(i, "file::ioctl");
> - set_profile(i, "file::chroot");
> - set_profile(i, "file::mount");
> - set_profile(i, "file::umount");
> - set_profile(i, "file::pivot_root");
> -}
> -
> -static void test(int rw_loop, int truncate_loop, int append_loop,
> - int create_loop)
> -{
> - static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
> - static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ ,
> - O_CREAT /* existent */
> - };
> - static const int truncate_flags[2] = { 0, O_TRUNC };
> - static const int append_flags[2] = { 0, O_APPEND };
> - int level;
> - int flags;
> - int i;
> - int fd;
> - static char buffer[1024];
> - memset(buffer, 0, sizeof(buffer));
> - snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
> - append_loop, truncate_loop, create_loop, rw_loop);
> - fprintf(exception_fp, "deny_rewrite %s\n", buffer);
> - flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
> - append_flags[append_loop] | create_flags[create_loop];
> - for (i = 1; i < 8; i++)
> - fprintf(domain_fp, "delete %d %s\n", i, buffer);
> - for (level = 0; level < 4; level++) {
> - set_level(0);
> - if (create_loop == 1)
> - unlink(buffer);
> - else
> - close(open(buffer, O_CREAT, 0644));
> - set_level(level);
> - fd = open(buffer, flags, 0644);
> - if (fd != EOF)
> - close(fd);
> - else
> - fprintf(stderr, "%d: open(%04o) failed\n", level,
> - flags);
> - /*
> - fd = open(buffer, flags, 0644)
> - if (fd != EOF)
> - close(fd);
> - else
> - fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
> - */
> - /*
> - fd = open(buffer, flags, 0644);
> - if (fd != EOF)
> - close(fd);
> - else
> - fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
> - */
> - }
> - for (i = 1; i < 8; i++)
> - fprintf(domain_fp, "delete %d %s\n", i, buffer);
> - fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
> - fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
> - fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
> - fd = open(buffer, flags, 0644);
> - if (fd != EOF) {
> - close(fd);
> - fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
> - }
> -}
> -
> -int main(void)
> -{
> - tomoyo_test_init();
> - fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
> - fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
> - fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
> - fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
> - set_profile(0, "file");
> - fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
> - {
> - int append_loop;
> - for (append_loop = 0; append_loop < 2; append_loop++) {
> - int truncate_loop;
> - for (truncate_loop = 0; truncate_loop < 2;
> - truncate_loop++) {
> - int create_loop;
> - for (create_loop = 0; create_loop < 3;
> - create_loop++) {
> - int rw_loop;
> - for (rw_loop = 0; rw_loop < 4;
> - rw_loop++)
> - test(rw_loop, truncate_loop,
> - append_loop, create_loop);
> - }
> - }
> - }
> - }
> - fprintf(profile_fp, "255-CONFIG::file=disabled\n");
> - printf("Done\n");
> - clear_status();
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_file_test.c
> deleted file mode 100644
> index 003f47720..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_file_test.c
> +++ /dev/null
> @@ -1,304 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_file_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static int should_fail = 0;
> -
> -static void show_prompt(const char *str)
> -{
> - printf("Testing %35s: (%s) ", str,
> - should_fail ? "must fail" : "should success");
> - errno = 0;
> -}
> -
> -static void show_result(int result)
> -{
> - if (should_fail) {
> - if (result == EOF) {
> - if (errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - } else {
> - printf("BUG!\n");
> - }
> - } else {
> - if (result != EOF)
> - printf("OK\n");
> - else
> - printf("%s\n", strerror(errno));
> - }
> -}
> -
> -static const char *dev_null_path = "/dev/null";
> -static const char *truncate_path = "/tmp/truncate_test";
> -static const char *ftruncate_path = "/tmp/ftruncate_test";
> -static const char *open_creat_path = "/tmp/open_test";
> -static const char *mknod_reg_path = "/tmp/mknod_reg_test";
> -static const char *mknod_chr_path = "/tmp/mknod_chr_test";
> -static const char *mknod_blk_path = "/tmp/mknod_blk_test";
> -static const char *mknod_fifo_path = "/tmp/mknod_fifo_test";
> -static const char *mknod_sock_path = "/tmp/mknod_sock_test";
> -static const char *unlink_path = "/tmp/unlink_test";
> -static const char *mkdir_path = "/tmp/mkdir_test";
> -static const char *rmdir_path = "/tmp/rmdir_test";
> -static const char *link_source_path = "/tmp/link_source_test";
> -static const char *link_dest_path = "/tmp/link_dest_test";
> -static const char *symlink_source_path = "/tmp/symlink_source_test";
> -static const char *symlink_dest_path = "/tmp/symlink_dest_test";
> -static const char *rename_source_path = "/tmp/rename_source_test";
> -static const char *rename_dest_path = "/tmp/rename_dest_test";
> -static const char *socket_path = "/tmp/socket_test";
> -
> -static int ftruncate_fd = EOF;
> -
> -static void stage_file_test(void)
> -{
> - int fd;
> - {
> - const char buffer[] = "32768 61000";
> - show_prompt("sysctl(READ)");
> - show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0));
> - show_prompt("sysctl(WRITE)");
> - show_result(write_sysctl(TEST_SYSCTL_PATH, buffer));
> - }
> -
> - /* QUESTION: Is there a file which can be passed to uselib()? */
> - show_prompt("uselib()");
> - show_result(uselib("/bin/true"));
> -
> - {
> - int pipe_fd[2] = { EOF, EOF };
> - int error = 0;
> - fflush(stdout);
> - fflush(stderr);
> - if (pipe(pipe_fd) == -1)
> - err(1, "pipe");
> - if (fork() == 0) {
> - execl("/bin/true", "/bin/true", NULL);
> - if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
> - err(1, "write");
> - _exit(0);
> - }
> - close(pipe_fd[1]);
> - (void)read(pipe_fd[0], &error, sizeof(error));
> - show_prompt("execve()");
> - errno = error;
> - show_result(error ? EOF : 0);
> - }
> -
> - show_prompt("open(O_RDONLY)");
> - fd = open(dev_null_path, O_RDONLY);
> - show_result(fd);
> - if (fd != EOF)
> - close(fd);
> -
> - show_prompt("open(O_WRONLY)");
> - fd = open(dev_null_path, O_WRONLY);
> - show_result(fd);
> - if (fd != EOF)
> - close(fd);
> -
> - show_prompt("open(O_RDWR)");
> - fd = open(dev_null_path, O_RDWR);
> - show_result(fd);
> - if (fd != EOF)
> - close(fd);
> -
> - show_prompt("open(O_CREAT | O_EXCL)");
> - fd = open(open_creat_path, O_CREAT | O_EXCL, 0666);
> - show_result(fd);
> - if (fd != EOF)
> - close(fd);
> -
> - show_prompt("open(O_TRUNC)");
> - fd = open(truncate_path, O_TRUNC);
> - show_result(fd);
> - if (fd != EOF)
> - close(fd);
> -
> - show_prompt("truncate()");
> - show_result(truncate(truncate_path, 0));
> -
> - show_prompt("ftruncate()");
> - show_result(ftruncate(ftruncate_fd, 0));
> -
> - show_prompt("mknod(S_IFREG)");
> - show_result(mknod(mknod_reg_path, S_IFREG, 0));
> -
> - show_prompt("mknod(S_IFCHR)");
> - show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3)));
> -
> - show_prompt("mknod(S_IFBLK)");
> - show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0)));
> -
> - show_prompt("mknod(S_IFIFO)");
> - show_result(mknod(mknod_fifo_path, S_IFIFO, 0));
> -
> - show_prompt("mknod(S_IFSOCK)");
> - show_result(mknod(mknod_sock_path, S_IFSOCK, 0));
> -
> - show_prompt("mkdir()");
> - show_result(mkdir(mkdir_path, 0600));
> -
> - show_prompt("rmdir()");
> - show_result(rmdir(rmdir_path));
> -
> - show_prompt("unlink()");
> - show_result(unlink(unlink_path));
> -
> - show_prompt("symlink()");
> - show_result(symlink(symlink_dest_path, symlink_source_path));
> -
> - show_prompt("link()");
> - show_result(link(link_source_path, link_dest_path));
> -
> - show_prompt("rename()");
> - show_result(rename(rename_source_path, rename_dest_path));
> -
> - {
> - struct sockaddr_un addr;
> - int fd;
> - memset(&addr, 0, sizeof(addr));
> - addr.sun_family = AF_UNIX;
> - strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
> - fd = socket(AF_UNIX, SOCK_STREAM, 0);
> - show_prompt("unix_bind()");
> - show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)));
> - if (fd != EOF)
> - close(fd);
> - }
> -
> - printf("\n\n");
> -}
> -
> -static void create_files(void)
> -{
> - mkdir(rmdir_path, 0700);
> - close(creat(link_source_path, 0600));
> - close(creat(rename_source_path, 0600));
> - close(creat(truncate_path, 0600));
> - close(creat(unlink_path, 0600));
> - ftruncate_fd = open(ftruncate_path, O_WRONLY | O_CREAT, 0600);
> -}
> -
> -static void creanup_files(void)
> -{
> - if (ftruncate_fd != EOF)
> - close(ftruncate_fd);
> - ftruncate_fd = EOF;
> - unlink(open_creat_path);
> - unlink(mknod_reg_path);
> - unlink(mknod_chr_path);
> - unlink(mknod_blk_path);
> - unlink(mknod_fifo_path);
> - unlink(mknod_sock_path);
> - rmdir(mkdir_path);
> - unlink(symlink_source_path);
> - unlink(symlink_dest_path);
> - unlink(link_source_path);
> - unlink(link_dest_path);
> - unlink(rename_source_path);
> - unlink(rename_dest_path);
> - unlink(truncate_path);
> - unlink(ftruncate_path);
> - unlink(socket_path);
> -}
> -
> -static void set_file_enforce(int enforce)
> -{
> - if (enforce) {
> - set_profile(3, "file::execute");
> - set_profile(3, "file::open");
> - set_profile(3, "file::create");
> - set_profile(3, "file::unlink");
> - set_profile(3, "file::mkdir");
> - set_profile(3, "file::rmdir");
> - set_profile(3, "file::mkfifo");
> - set_profile(3, "file::mksock");
> - set_profile(3, "file::truncate");
> - set_profile(3, "file::symlink");
> - set_profile(3, "file::rewrite");
> - set_profile(3, "file::mkblock");
> - set_profile(3, "file::mkchar");
> - set_profile(3, "file::link");
> - set_profile(3, "file::rename");
> - set_profile(3, "file::chmod");
> - set_profile(3, "file::chown");
> - set_profile(3, "file::chgrp");
> - set_profile(3, "file::ioctl");
> - set_profile(3, "file::chroot");
> - set_profile(3, "file::mount");
> - set_profile(3, "file::umount");
> - set_profile(3, "file::pivot_root");
> - } else {
> - set_profile(0, "file::execute");
> - set_profile(0, "file::open");
> - set_profile(0, "file::create");
> - set_profile(0, "file::unlink");
> - set_profile(0, "file::mkdir");
> - set_profile(0, "file::rmdir");
> - set_profile(0, "file::mkfifo");
> - set_profile(0, "file::mksock");
> - set_profile(0, "file::truncate");
> - set_profile(0, "file::symlink");
> - set_profile(0, "file::rewrite");
> - set_profile(0, "file::mkblock");
> - set_profile(0, "file::mkchar");
> - set_profile(0, "file::link");
> - set_profile(0, "file::rename");
> - set_profile(0, "file::chmod");
> - set_profile(0, "file::chown");
> - set_profile(0, "file::chgrp");
> - set_profile(0, "file::ioctl");
> - set_profile(0, "file::chroot");
> - set_profile(0, "file::mount");
> - set_profile(0, "file::umount");
> - set_profile(0, "file::pivot_root");
> - }
> -}
> -
> -int main(void)
> -{
> - tomoyo_test_init();
> -
> - printf("***** Testing file hooks in enforce mode. *****\n");
> - create_files();
> - should_fail = 1;
> - set_file_enforce(1);
> - stage_file_test();
> - set_file_enforce(0);
> - clear_status();
> - creanup_files();
> -
> - printf("***** Testing file hooks in permissive mode. *****\n");
> - should_fail = 0;
> - create_files();
> - set_file_enforce(0);
> - stage_file_test();
> - creanup_files();
> -
> - clear_status();
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c b/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
> deleted file mode 100644
> index e6e3bb087..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
> +++ /dev/null
> @@ -1,633 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_filesystem_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#define _GNU_SOURCE
> -#include "include.h"
> -
> -static void show_prompt(const char *str, const int should_fail)
> -{
> - printf("Testing %60s: (%s) ", str,
> - should_fail ? "must fail" : "should success");
> - errno = 0;
> -}
> -
> -#ifndef MS_MOVE
> -#define MS_MOVE 8192
> -#endif
> -
> -static const char *pivot_root_dir = "/sys/kernel/security/";
> -
> -static int child(void *arg)
> -{
> - errno = 0;
> - pivot_root(pivot_root_dir, proc_policy_dir);
> - return errno;
> -}
> -
> -static void mount2(const char *source, const char *target,
> - const char *filesystemtype)
> -{
> - if (mount(source, target, filesystemtype, 0, NULL)) {
> - printf("BUG: mount() failed\n");
> - fflush(stdout);
> - }
> -}
> -
> -static const unsigned char compressed_ext2_image_sample[1350] = {
> - 0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
> - 0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
> - 0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
> - 0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
> - 0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
> - 0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
> - 0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
> - 0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
> - 0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
> - 0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
> - 0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
> - 0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
> - 0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
> - 0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
> - 0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
> - 0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
> - 0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
> - 0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
> - 0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
> - 0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
> - 0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
> - 0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
> - 0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
> - 0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
> - 0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
> - 0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
> - 0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
> - 0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
> - 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
> - 0x14, 0x08, 0x00, 0x00, 0x10, 0x00
> -};
> -
> -int main(void)
> -{
> - char c = 0;
> - tomoyo_test_init();
> -
> - /* Test mount(). */
> - {
> - set_profile(3, "file::mount");
> - show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
> - if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
> - errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else if (errno == ENODEV)
> - printf("OK: No such device.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - set_profile(1, "file::mount");
> - show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
> - if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
> - errno == ENOMEM)
> - printf("OK: Out of memory.\n");
> - else if (errno == ENODEV)
> - printf("OK: No such device.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - set_profile(3, "file::mount");
> - show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
> - if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
> - errno == ENOMEM)
> - printf("OK: Out of memory.\n");
> - else if (errno == ENODEV)
> - printf("OK: No such device.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - fprintf(domain_fp, "delete allow_mount dev\\011name / "
> - "fs\\011name 0\n");
> - show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
> - if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
> - errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else if (errno == ENODEV)
> - printf("OK: No such device.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - set_profile(1, "file::mount");
> - show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
> - if (mount(NULL, "/", "tmpfs", 0, NULL))
> - printf("BUG: %s\n", strerror(errno));
> - else
> - printf("OK: Success\n");
> - set_profile(3, "file::mount");
> - show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
> - if (mount(NULL, "/", "tmpfs", 0, NULL))
> - printf("BUG: %s\n", strerror(errno));
> - else
> - printf("OK: Success\n");
> - show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
> - if (mount("anydev", "/", "tmpfs", 0, NULL))
> - printf("BUG: %s\n", strerror(errno));
> - else
> - printf("OK: Success\n");
> - fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
> - fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
> - show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
> - if (mount(NULL, "/", "tmpfs", 0, NULL))
> - printf("BUG: %s\n", strerror(errno));
> - else
> - printf("OK: Success\n");
> - fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
> - set_profile(2, "file::mount");
> - show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
> - if (mount(NULL, NULL, "tmpfs", 0, NULL))
> - printf("OK: %s\n", strerror(errno));
> - else
> - printf("BUG: Did not fail.\n");
> - show_prompt("mount(NULL, NULL, NULL) ", 1);
> - if (mount(NULL, NULL, NULL, 0, NULL))
> - printf("OK: %s\n", strerror(errno));
> - else
> - printf("BUG: Did not fail.\n");
> - show_prompt("mount('/', NULL, NULL) ", 1);
> - if (mount("/", NULL, NULL, 0, NULL))
> - printf("OK: %s\n", strerror(errno));
> - else
> - printf("BUG: Did not fail.\n");
> - show_prompt("mount('/', NULL, 'tmpfs') ", 1);
> - if (mount("/", NULL, "tmpfs", 0, NULL))
> - printf("OK: %s\n", strerror(errno));
> - else
> - printf("BUG: Did not fail.\n");
> - show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
> - if (mount("/", "/", "nonexistentfs", 0, NULL))
> - printf("OK: %s\n", strerror(errno));
> - else
> - printf("BUG: Did not fail.\n");
> - set_profile(0, "file::mount");
> - }
> -
> - mkdir("/tmp/mount/", 0755);
> - mkdir("/tmp/mount_bind/", 0755);
> - mkdir("/tmp/mount_move/", 0755);
> -
> - /* Test mount(). */
> - {
> - static char buf[4096];
> - char *dev_ram_path = realpath("/dev/ram0", NULL);
> - if (!dev_ram_path)
> - dev_ram_path = realpath("/dev/ram", NULL);
> - if (!dev_ram_path) {
> - dev_ram_path = "/dev/ram0";
> - mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
> - }
> - memset(buf, 0, sizeof(buf));
> - {
> - struct stat sbuf;
> - FILE *fp = NULL;
> - snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
> - dev_ram_path);
> - if (lstat(dev_ram_path, &sbuf) == 0 &&
> - S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
> - fp = popen(buf, "w");
> - if (fp) {
> - if (fwrite(compressed_ext2_image_sample, 1,
> - sizeof(compressed_ext2_image_sample),
> - fp) !=
> - sizeof(compressed_ext2_image_sample))
> - err(1, "fwrite");
> - pclose(fp);
> - } else
> - fprintf(stderr, "Can't write to %s .\n",
> - dev_ram_path);
> - }
> - set_profile(3, "file::mount");
> -
> - /* Test standard case */
> - show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
> - "'/tmp/mount/'", 1);
> - if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
> - errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - /* Test device_name with pattern */
> - snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
> - "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
> - show_prompt(buf, 1);
> - if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
> - == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - /* Test dir_name with pattern */
> - show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
> - "'/tmp/\\?\\?\\?\\?\\?/'", 1);
> - if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
> - errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - /* Test standard case */
> - fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
> - show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
> - "'/tmp/mount/'", 0);
> - if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fprintf(domain_fp,
> - "delete allow_mount none /tmp/mount/ tmpfs 0\n");
> -
> - /* Test device_name with pattern */
> - fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
> - dev_ram_path);
> - snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
> - "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
> - show_prompt(buf, 0);
> - if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
> - == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fprintf(domain_fp, "delete allow_mount %s\\* "
> - "/tmp/mount/ ext2 1\n", dev_ram_path);
> -
> - /* Test dir_name with pattern */
> - fprintf(domain_fp,
> - "allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
> - show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
> - "'/tmp/\\?\\?\\?\\?\\?/'", 0);
> - if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fprintf(domain_fp, "delete allow_mount none "
> - "/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
> -
> - set_profile(0, "file::mount");
> - while (umount("/tmp/mount/") == 0)
> - c++; /* Dummy. */
> - }
> -
> - /* Test mount(). */
> - {
> - mount2("none", "/tmp/mount/", "tmpfs");
> - set_profile(3, "file::mount");
> -
> - /* Test remount case */
> - show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
> - if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
> - == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
> - if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
> - && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - fprintf(domain_fp, "allow_mount something /tmp/mount/ "
> - "--remount 0\n");
> - show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
> - if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
> - printf("BUG: %s\n", strerror(errno));
> - else
> - printf("OK: Success.\n");
> - fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
> - "--remount 0\n");
> -
> - /* Test bind case */
> - show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
> - "MS_BIND)", 1);
> - if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
> - NULL) == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - /* Test move case */
> - show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
> - "MS_MOVE)", 1);
> - if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
> - NULL) == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - /* Test remount case */
> - fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n");
> - show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
> - if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
> - == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
> - "--remount 0\n");
> -
> - /* Test bind case */
> - fprintf(domain_fp,
> - "allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
> - show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
> - 0);
> - if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
> - NULL) == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - set_profile(0, "file::mount");
> - umount("/tmp/mount_bind/");
> - fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
> - "/tmp/mount_bind/ --bind 0\n");
> -
> - /* Test move case */
> - set_profile(3, "file::mount");
> - fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
> - fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
> - "--move 0\n");
> - show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
> - "MS_MOVE)", 0);
> - if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
> - NULL) == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - set_profile(0, "file::mount");
> - umount("/tmp/mount_move/");
> - fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
> - fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
> - "/tmp/mount_move/ --move 0\n");
> -
> - while (umount("/tmp/mount/") == 0)
> - c++; /* Dummy. */
> - }
> -
> - /* Test umount(). */
> - {
> - /* Test standard case */
> - fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
> -
> - set_profile(0, "file::umount");
> - mount2("none", "/tmp/mount/", "tmpfs");
> - set_profile(3, "file::umount");
> - show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
> - if (umount("/tmp/mount/") == 0)
> - printf("OK\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
> -
> - set_profile(0, "file::umount");
> -
> - mount2("none", "/tmp/mount/", "tmpfs");
> - set_profile(3, "file::umount");
> - show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
> - if (umount("/tmp/mount/") == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> -
> - /* Test pattern */
> - fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
> - set_profile(0, "file::umount");
> - mount2("none", "/tmp/mount/", "tmpfs");
> - set_profile(3, "file::umount");
> - show_prompt("umount('/tmp/mount/') for "
> - "'/tmp/\\?\\?\\?\\?\\?/'", 1);
> - if (umount("/tmp/mount/") == 0)
> - printf("OK\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - fprintf(domain_fp,
> - "delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
> -
> - set_profile(0, "file::umount");
> - while (umount("/tmp/mount/") == 0)
> - c++; /* Dummy. */
> - }
> -
> - /* Test chroot(). */
> - {
> - set_profile(3, "file::chroot");
> -
> - /* Test standard case */
> - fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
> - show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
> - fflush(stdout);
> - if (fork() == 0) {
> - if (chroot("/tmp/mount/") == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fflush(stdout);
> - _exit(0);
> - }
> - wait(NULL);
> - fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
> -
> - show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
> - fflush(stdout);
> - if (fork() == 0) {
> - if (chroot("/tmp/mount/") == EOF && errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> - fflush(stdout);
> - _exit(0);
> - }
> - wait(NULL);
> -
> - /* Test pattern */
> - fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
> - show_prompt("chroot('/tmp/mount/') for "
> - "'/tmp/\\?\\?\\?\\?\\?/'", 0);
> - fflush(stdout);
> - if (fork() == 0) {
> - if (chroot("/tmp/mount/") == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> - fflush(stdout);
> - _exit(0);
> - }
> - wait(NULL);
> - fprintf(domain_fp,
> - "delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
> -
> - set_profile(0, "file::chroot");
> - }
> -
> - /* Test pivot_root(). */
> - {
> - int error;
> - static char stack[8192];
> - set_profile(3, "file::pivot_root");
> - fprintf(domain_fp, "allow_pivot_root %s %s\n",
> - pivot_root_dir, proc_policy_dir);
> - snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
> - proc_policy_dir);
> - show_prompt(stack, 0);
> - {
> - const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
> - NULL);
> - while (waitpid(pid, &error, __WALL) == EOF &&
> - errno == EINTR)
> - c++; /* Dummy. */
> - }
> - errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
> - if (errno == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> -
> - fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
> - pivot_root_dir, proc_policy_dir);
> - snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
> - proc_policy_dir);
> - show_prompt(stack, 1);
> - {
> - const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
> - NULL);
> - while (waitpid(pid, &error, __WALL) == EOF &&
> - errno == EINTR)
> - c++; /* Dummy. */
> - }
> - errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
> - if (errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG: %s\n", strerror(errno));
> -
> - set_profile(2, "file::pivot_root");
> - snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
> - proc_policy_dir);
> - show_prompt(stack, 0);
> - {
> - const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
> - NULL);
> - while (waitpid(pid, &error, __WALL) == EOF &&
> - errno == EINTR)
> - c++; /* Dummy. */
> - }
> - errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
> - if (errno == 0)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(errno));
> -
> - set_profile(0, "file::pivot_root");
> -
> - }
> -
> - rmdir("/tmp/mount_move/");
> - rmdir("/tmp/mount_bind/");
> - rmdir("/tmp/mount/");
> -
> - clear_status();
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
> deleted file mode 100644
> index eb912d726..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
> +++ /dev/null
> @@ -1,627 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_new_file_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static const char *policy = "";
> -
> -static void show_result(int result, char should_success)
> -{
> - int error = errno;
> - printf("%s : ", policy);
> - if (should_success) {
> - if (result != EOF)
> - printf("OK\n");
> - else
> - printf("FAILED: %s\n", strerror(error));
> - } else {
> - if (result == EOF) {
> - if (error == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("FAILED: %s\n", strerror(error));
> - } else {
> - printf("BUG: didn't fail.\n");
> - }
> - }
> -}
> -
> -static void create2(const char *pathname)
> -{
> - set_profile(0, "file::create");
> - set_profile(0, "file::open");
> - close(creat(pathname, 0600));
> - set_profile(3, "file::create");
> - set_profile(3, "file::open");
> - errno = 0;
> -}
> -
> -static void mkdir2(const char *pathname)
> -{
> - set_profile(0, "file::mkdir");
> - mkdir(pathname, 0600);
> - set_profile(3, "file::mkdir");
> - errno = 0;
> -}
> -
> -static void unlink2(const char *pathname)
> -{
> - set_profile(0, "file::unlink");
> - unlink(pathname);
> - set_profile(3, "file::unlink");
> - errno = 0;
> -}
> -
> -static void rmdir2(const char *pathname)
> -{
> - set_profile(0, "file::rmdir");
> - rmdir(pathname);
> - set_profile(3, "file::rmdir");
> - errno = 0;
> -}
> -
> -static void mkfifo2(const char *pathname)
> -{
> - set_profile(0, "file::mkfifo");
> - mkfifo(pathname, 0600);
> - set_profile(3, "file::mkfifo");
> - errno = 0;
> -}
> -
> -static void stage_file_test(void)
> -{
> - const char buffer[] = "32768 61000";
> - int pipe_fd[2] = { EOF, EOF };
> - int error = 0;
> - int fd;
> - char pbuffer[1024];
> - struct stat sbuf;
> - struct sockaddr_un addr;
> - struct ifreq ifreq;
> - char *filename = "";
> - set_profile(3, "file::execute");
> - set_profile(3, "file::open");
> - set_profile(3, "file::create");
> - set_profile(3, "file::unlink");
> - set_profile(3, "file::mkdir");
> - set_profile(3, "file::rmdir");
> - set_profile(3, "file::mkfifo");
> - set_profile(3, "file::mksock");
> - set_profile(3, "file::truncate");
> - set_profile(3, "file::symlink");
> - set_profile(3, "file::rewrite");
> - set_profile(3, "file::mkblock");
> - set_profile(3, "file::mkchar");
> - set_profile(3, "file::link");
> - set_profile(3, "file::rename");
> - set_profile(3, "file::chmod");
> - set_profile(3, "file::chown");
> - set_profile(3, "file::chgrp");
> - set_profile(3, "file::ioctl");
> - set_profile(3, "file::chroot");
> - set_profile(3, "file::mount");
> - set_profile(3, "file::umount");
> - set_profile(3, "file::pivot_root");
> -
> - policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
> - write_domain_policy(policy, 0);
> - show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 1);
> - write_domain_policy(policy, 1);
> - show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 0);
> -
> - policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
> - write_domain_policy(policy, 0);
> - show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
> - write_domain_policy(policy, 1);
> - show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
> -
> - policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
> - write_domain_policy(policy, 0);
> - show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
> - write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
> - write_domain_policy(policy, 1);
> - show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
> - write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
> -
> - policy = "allow_read /bin/true";
> - write_domain_policy(policy, 0);
> - show_result(uselib("/bin/true"), 1);
> - write_domain_policy(policy, 1);
> - show_result(uselib("/bin/true"), 0);
> -
> - policy = "allow_execute /bin/true";
> - write_domain_policy(policy, 0);
> - fflush(stdout);
> - fflush(stderr);
> - if (pipe(pipe_fd) == -1)
> - err(1, "pipe");
> - if (fork() == 0) {
> - execl("/bin/true", "/bin/true", NULL);
> - if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
> - err(1, "write");
> - exit(0);
> - }
> - close(pipe_fd[1]);
> - (void)read(pipe_fd[0], &error, sizeof(error));
> - close(pipe_fd[0]);
> - wait(NULL);
> - errno = error;
> - show_result(error ? EOF : 0, 1);
> - write_domain_policy(policy, 1);
> - fflush(stdout);
> - fflush(stderr);
> - if (pipe(pipe_fd) == -1)
> - err(1, "pipe");
> - if (fork() == 0) {
> - execl("/bin/true", "/bin/true", NULL);
> - if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
> - err(1, "write");
> - _exit(0);
> - }
> - close(pipe_fd[1]);
> - (void)read(pipe_fd[0], &error, sizeof(error));
> - close(pipe_fd[0]);
> - wait(NULL);
> - errno = error;
> - show_result(errno ? EOF : 0, 0);
> -
> - policy = "allow_read /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - set_profile(3, "file::mkfifo");
> - policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_fifo_test";
> - show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
> -
> - memset(pbuffer, 0, sizeof(pbuffer));
> - memset(&sbuf, 0, sizeof(sbuf));
> - filename = "/dev/null";
> - stat(filename, &sbuf);
> - snprintf(pbuffer, sizeof(pbuffer) - 1, "allow_write %s", filename);
> - policy = pbuffer;
> - write_domain_policy(policy, 0);
> - fd = open(filename, O_WRONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open(filename, O_WRONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read/write /tmp/fifo";
> - mkfifo2("/tmp/fifo");
> - write_domain_policy(policy, 0);
> - fd = open("/tmp/fifo", O_RDWR);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/tmp/fifo", O_RDWR);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_write /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_WRONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_WRONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_read/write /dev/null";
> - write_domain_policy(policy, 0);
> - fd = open("/dev/null", O_RDWR);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open("/dev/null", O_RDWR);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - policy = "allow_create /tmp/open_test 0644";
> - write_domain_policy(policy, 0);
> - policy = "allow_write /tmp/open_test";
> - write_domain_policy(policy, 0);
> - fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - unlink2("/tmp/open_test");
> - write_domain_policy(policy, 1);
> - fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> - unlink2("/tmp/open_test");
> -
> - policy = "allow_create /tmp/open_test 0644";
> - write_domain_policy(policy, 1);
> -
> - policy = "allow_write /tmp/open_test";
> - write_domain_policy(policy, 0);
> - policy = "allow_create /tmp/open_test 0644";
> - write_domain_policy(policy, 0);
> - fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - unlink2("/tmp/open_test");
> - write_domain_policy(policy, 1);
> - fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> - unlink2("/tmp/open_test");
> - policy = "allow_write /tmp/open_test";
> - write_domain_policy(policy, 1);
> -
> - filename = "/tmp/truncate_test";
> - create2(filename);
> -
> - policy = "allow_truncate /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - policy = "allow_write /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - fd = open(filename, O_WRONLY | O_TRUNC);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open(filename, O_WRONLY | O_TRUNC);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> - policy = "allow_truncate /tmp/truncate_test";
> - write_domain_policy(policy, 1);
> -
> - policy = "allow_write /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - policy = "allow_truncate /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - fd = open(filename, O_WRONLY | O_TRUNC);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - fd = open(filename, O_WRONLY | O_TRUNC);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> - policy = "allow_write /tmp/truncate_test";
> - write_domain_policy(policy, 1);
> -
> - policy = "allow_truncate /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - show_result(truncate(filename, 0), 1);
> - write_domain_policy(policy, 1);
> - show_result(truncate(filename, 0), 0);
> -
> - policy = "allow_truncate /tmp/truncate_test";
> - write_domain_policy(policy, 0);
> - set_profile(0, "file::open");
> - fd = open(filename, O_WRONLY);
> - set_profile(3, "file::open");
> - show_result(ftruncate(fd, 0), 1);
> - write_domain_policy(policy, 1);
> - show_result(ftruncate(fd, 0), 0);
> - if (fd != EOF)
> - close(fd);
> -
> - unlink2(filename);
> -
> - policy = "allow_create /tmp/mknod_reg_test 0644";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_reg_test";
> - show_result(mknod(filename, S_IFREG | 0644, 0), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFREG | 0644, 0), 0);
> -
> - policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_chr_test";
> - show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
> -
> - policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_blk_test";
> - show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
> -
> - policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_fifo_test";
> - show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
> -
> - policy = "allow_mksock /tmp/mknod_sock_test 0644";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mknod_sock_test";
> - show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
> -
> - policy = "allow_mkdir /tmp/mkdir_test/ 0600";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/mkdir_test";
> - show_result(mkdir(filename, 0600), 1);
> - write_domain_policy(policy, 1);
> - rmdir2(filename);
> - show_result(mkdir(filename, 0600), 0);
> -
> - policy = "allow_rmdir /tmp/rmdir_test/";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/rmdir_test";
> - mkdir2(filename);
> - show_result(rmdir(filename), 1);
> - write_domain_policy(policy, 1);
> - mkdir2(filename);
> - show_result(rmdir(filename), 0);
> - rmdir2(filename);
> -
> - policy = "allow_unlink /tmp/unlink_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/unlink_test";
> - create2(filename);
> - show_result(unlink(filename), 1);
> - write_domain_policy(policy, 1);
> - create2(filename);
> - show_result(unlink(filename), 0);
> - unlink2(filename);
> -
> - policy = "allow_symlink /tmp/symlink_source_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/symlink_source_test";
> - show_result(symlink("/tmp/symlink_dest_test", filename), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(symlink("/tmp/symlink_dest_test", filename), 0);
> -
> - policy = "allow_symlink /tmp/symlink_source_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/symlink_source_test";
> - show_result(symlink("/tmp/symlink_dest_test", filename), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(symlink("/tmp/symlink_dest_test", filename), 0);
> -
> - policy = "allow_symlink /tmp/symlink_source_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/symlink_source_test";
> - show_result(symlink("/tmp/symlink_dest_test", filename), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(symlink("/tmp/symlink_dest_test", filename), 0);
> -
> - policy = "allow_symlink /tmp/symlink_source_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/symlink_source_test";
> - show_result(symlink("/tmp/symlink_dest_test", filename), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(symlink("/tmp/symlink_dest_test", filename), 0);
> -
> - policy = "allow_symlink /tmp/symlink_source_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/symlink_source_test";
> - show_result(symlink("/tmp/symlink_dest_test", filename), 1);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - show_result(symlink("/tmp/symlink_dest_test", filename), 0);
> -
> - policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/link_source_test";
> - create2(filename);
> - show_result(link(filename, "/tmp/link_dest_test"), 1);
> - write_domain_policy(policy, 1);
> - unlink2("/tmp/link_dest_test");
> - show_result(link(filename, "/tmp/link_dest_test"), 0);
> - unlink2(filename);
> -
> - policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/rename_source_test";
> - create2(filename);
> - show_result(rename(filename, "/tmp/rename_dest_test"), 1);
> - write_domain_policy(policy, 1);
> - unlink2("/tmp/rename_dest_test");
> - create2(filename);
> - show_result(rename(filename, "/tmp/rename_dest_test"), 0);
> - unlink2(filename);
> -
> - policy = "allow_mksock /tmp/socket_test 0755";
> - write_domain_policy(policy, 0);
> - filename = "/tmp/socket_test";
> - memset(&addr, 0, sizeof(addr));
> - addr.sun_family = AF_UNIX;
> - strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
> - fd = socket(AF_UNIX, SOCK_STREAM, 0);
> - show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 1);
> - if (fd != EOF)
> - close(fd);
> - write_domain_policy(policy, 1);
> - unlink2(filename);
> - fd = socket(AF_UNIX, SOCK_STREAM, 0);
> - show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 0);
> - if (fd != EOF)
> - close(fd);
> -
> - filename = "/tmp/rewrite_test";
> - create2(filename);
> - policy = "allow_read/write /tmp/rewrite_test";
> - write_domain_policy(policy, 0);
> - write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
> - policy = "allow_truncate /tmp/rewrite_test";
> - write_domain_policy(policy, 0);
> -
> - fd = open(filename, O_RDONLY);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> -
> - fd = open(filename, O_WRONLY | O_APPEND);
> - show_result(fd, 1);
> - if (fd != EOF)
> - close(fd);
> -
> - fd = open(filename, O_WRONLY);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - fd = open(filename, O_WRONLY | O_TRUNC);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
> - show_result(fd, 0);
> - if (fd != EOF)
> - close(fd);
> -
> - show_result(truncate(filename, 0), 0);
> -
> - set_profile(0, "file::open");
> - fd = open(filename, O_WRONLY | O_APPEND);
> - set_profile(3, "file::open");
> - show_result(ftruncate(fd, 0), 0);
> -
> - show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0);
> - if (fd != EOF)
> - close(fd);
> -
> - write_domain_policy(policy, 1);
> -
> - policy = "allow_read/write /tmp/rewrite_test";
> - write_domain_policy(policy, 1);
> - write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
> -
> - unlink2(filename);
> -
> - policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
> - "35122-35124";
> - write_domain_policy(policy, 0);
> - fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
> - memset(&ifreq, 0, sizeof(ifreq));
> - snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
> - show_result(ioctl(fd, 35123, &ifreq), 1);
> - write_domain_policy(policy, 1);
> - policy = "allow_ioctl " "socket:[family=2:type=2:protocol=17] 0-35122";
> - write_domain_policy(policy, 0);
> - show_result(ioctl(fd, 35123, &ifreq), 0);
> - write_domain_policy(policy, 1);
> - if (fd != EOF)
> - close(fd);
> -}
> -
> -int main(void)
> -{
> - tomoyo_test_init();
> - fprintf(domain_fp, "%s /bin/true\n", self_domain);
> - fprintf(domain_fp, "use_profile 255\n");
> - fprintf(domain_fp, "select pid=%u\n", pid);
> - fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
> - stage_file_test();
> - fprintf(domain_fp, "use_profile 0\n");
> - clear_status();
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_test.c
> deleted file mode 100644
> index a1ab259e5..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_new_test.c
> +++ /dev/null
> @@ -1,652 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_new_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static int result;
> -static int error;
> -
> -static void show_result(const char *test, int should_success)
> -{
> - error = errno;
> - printf("%s : ", test);
> - if (should_success) {
> - if (error == 0)
> - printf("OK (%d)\n", result);
> - else
> - printf("FAILED: %s\n", strerror(error));
> - } else {
> - if (error == 0)
> - printf("BUG: Didn't fail (%d)\n", result);
> - else if (error == EPERM)
> - printf("OK: permission denied\n");
> - else
> - printf("FAILED: %s\n", strerror(error));
> - }
> -}
> -
> -static void test_read_etc_fstab(void)
> -{
> - result = open("/etc/fstab", O_RDONLY);
> -}
> -
> -static void test_write_dev_null(void)
> -{
> - result = open("/dev/null", O_WRONLY);
> -}
> -
> -static void cleanup_file_open(void)
> -{
> - if (result != EOF)
> - close(result);
> -}
> -
> -static void test_mkdir_testdir(void)
> -{
> - result = mkdir("/tmp/testdir", 0755);
> -}
> -
> -static void cleanup_mkdir_testdir(void)
> -{
> - rmdir("/tmp/testdir");
> -}
> -
> -static void setup_mkdir_testdir(void)
> -{
> - mkdir("/tmp/testdir", 0755);
> -}
> -
> -static void test_rmdir_testdir(void)
> -{
> - result = rmdir("/tmp/testdir");
> -}
> -
> -static void setup_execute_bin_true(void)
> -{
> - fprintf(domain_fp, "%s /bin/true\n", self_domain);
> - fprintf(domain_fp, "use_profile 0\n");
> - fprintf(domain_fp, "select pid=%u\n", pid);
> -}
> -
> -static void cleanup_execute_bin_true(void)
> -{
> - wait(NULL);
> - fprintf(domain_fp, "delete %s /bin/true\n", self_domain);
> - fprintf(domain_fp, "select pid=%u\n", pid);
> -}
> -
> -static void test_execute_bin_true(void)
> -{
> - char *argv[] = { "/bin/true", NULL };
> - char *envp[] = { "HOME=/", NULL };
> - int pipe_fd[2] = { EOF, EOF };
> - if (pipe(pipe_fd) == -1)
> - err(1, "pipe");
> - switch (fork()) {
> - case 0:
> - execve("/bin/true", argv, envp);
> - error = errno;
> - if (write(pipe_fd[1], &error, sizeof(error)) == -1)
> - err(1, "write");
> - _exit(0);
> - break;
> - case -1:
> - error = ENOMEM;
> - break;
> - }
> - close(pipe_fd[1]);
> - (void)read(pipe_fd[0], &error, sizeof(error));
> - close(pipe_fd[0]);
> - result = error ? EOF : 0;
> - errno = error;
> -}
> -
> -static void test_chmod_dev_null(void)
> -{
> - result = chmod("/dev/null", 0666);
> -}
> -
> -static void test_chown_dev_null(void)
> -{
> - result = chown("/dev/null", 0, -1);
> -}
> -
> -static void test_chgrp_dev_null(void)
> -{
> - result = chown("/dev/null", -1, 0);
> -}
> -
> -static void test_ioctl_dev_null(void)
> -{
> - int fd = open("/dev/null", O_RDWR);
> - errno = 0;
> - result = ioctl(fd, 0x5451, NULL);
> - error = errno;
> - close(fd);
> - errno = error;
> -}
> -
> -static void setup_chmod_group(void)
> -{
> - write_exception_policy("path_group CHMOD_TARGET /dev/null", 0);
> - write_exception_policy("number_group CHMOD_MODES 0666", 0);
> -}
> -
> -static void cleanup_chmod_group(void)
> -{
> - write_exception_policy("path_group CHMOD_TARGET /dev/null", 1);
> - write_exception_policy("number_group CHMOD_MODES 0666", 1);
> -}
> -
> -static void setup_chown_group(void)
> -{
> - write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 0);
> - write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 0);
> -}
> -
> -static void cleanup_chown_group(void)
> -{
> - write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 1);
> - write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 1);
> -}
> -
> -static void setup_ioctl_group(void)
> -{
> - write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 0);
> - write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 0);
> -}
> -
> -static void cleanup_ioctl_group(void)
> -{
> - write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 1);
> - write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 1);
> -}
> -
> -static void setup_open_group(void)
> -{
> - write_exception_policy("path_group READABLE /etc/\\*", 0);
> - write_exception_policy("number_group READABLE_IDS 0-0xFFF", 0);
> -}
> -
> -static void cleanup_open_group(void)
> -{
> - cleanup_file_open();
> - write_exception_policy("path_group READABLE /etc/\\*", 1);
> - write_exception_policy("number_group READABLE_IDS 0-0xFFF", 1);
> -}
> -
> -static void test_file_open_0(void)
> -{
> - result = open("/tmp/testfile0", O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_1(void)
> -{
> - result = open("/tmp/testfile1", O_CREAT | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_2(void)
> -{
> - result = open("/tmp/testfile2", O_TRUNC | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_3(void)
> -{
> - result = open("/tmp/testfile3", O_TRUNC | O_CREAT | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_4(void)
> -{
> - result = open("/tmp/testfile4", O_APPEND | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_5(void)
> -{
> - result = open("/tmp/testfile5", O_APPEND | O_CREAT | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_6(void)
> -{
> - result = open("/tmp/testfile6", O_APPEND | O_TRUNC | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_7(void)
> -{
> - result = open("/tmp/testfile7",
> - O_APPEND | O_TRUNC | O_CREAT | O_RDONLY, 0600);
> -}
> -
> -static void test_file_open_8(void)
> -{
> - result = open("/tmp/testfile8", O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_9(void)
> -{
> - result = open("/tmp/testfile9", O_CREAT | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_10(void)
> -{
> - result = open("/tmp/testfile10", O_TRUNC | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_11(void)
> -{
> - result = open("/tmp/testfile11", O_TRUNC | O_CREAT | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_12(void)
> -{
> - result = open("/tmp/testfile12", O_APPEND | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_13(void)
> -{
> - result = open("/tmp/testfile13", O_APPEND | O_CREAT | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_14(void)
> -{
> - result = open("/tmp/testfile14", O_APPEND | O_TRUNC | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_15(void)
> -{
> - result = open("/tmp/testfile15",
> - O_APPEND | O_TRUNC | O_CREAT | O_WRONLY, 0600);
> -}
> -
> -static void test_file_open_16(void)
> -{
> - result = open("/tmp/testfile16", O_RDWR, 0600);
> -}
> -
> -static void test_file_open_17(void)
> -{
> - result = open("/tmp/testfile17", O_CREAT | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_18(void)
> -{
> - result = open("/tmp/testfile18", O_TRUNC | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_19(void)
> -{
> - result = open("/tmp/testfile19", O_TRUNC | O_CREAT | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_20(void)
> -{
> - result = open("/tmp/testfile20", O_APPEND | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_21(void)
> -{
> - result = open("/tmp/testfile21", O_APPEND | O_CREAT | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_22(void)
> -{
> - result = open("/tmp/testfile22", O_APPEND | O_TRUNC | O_RDWR, 0600);
> -}
> -
> -static void test_file_open_23(void)
> -{
> - result = open("/tmp/testfile23", O_APPEND | O_TRUNC | O_CREAT | O_RDWR,
> - 0600);
> -}
> -
> -static void setup_test_file(void)
> -{
> - int i;
> - char buffer[32];
> - buffer[31] = '\0';
> - for (i = 0; i < 24; i += 2) {
> - snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
> - close(open(buffer, O_WRONLY | O_CREAT, 0600));
> - }
> - write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
> -}
> -
> -static void setup_test_file_truncate(void)
> -{
> - setup_test_file();
> - write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
> - set_profile(3, "file::truncate");
> -}
> -
> -static void setup_all_test_file(void)
> -{
> - int i;
> - char buffer[32];
> - buffer[31] = '\0';
> - for (i = 0; i < 24; i++) {
> - snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
> - close(open(buffer, O_WRONLY | O_CREAT, 0600));
> - }
> - write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
> -}
> -
> -static void setup_all_test_file_truncate(void)
> -{
> - setup_all_test_file();
> - write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
> - set_profile(3, "file::truncate");
> -}
> -
> -static void cleanup_test_file(void)
> -{
> - int i;
> - char buffer[32];
> - buffer[31] = '\0';
> - for (i = 0; i < 24; i++) {
> - snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
> - unlink(buffer);
> - }
> - write_exception_policy("deny_rewrite /tmp/testfile\\$", 1);
> - cleanup_file_open();
> -}
> -
> -static void cleanup_test_file_truncate(void)
> -{
> - cleanup_test_file();
> - write_domain_policy("allow_truncate /tmp/testfile\\$", 1);
> - set_profile(0, "file::truncate");
> -}
> -
> -static struct test_struct {
> - void (*do_setup) (void);
> - void (*do_test) (void);
> - void (*do_cleanup) (void);
> - const char *name;
> - const char *policy;
> -} tests[] = {
> - {
> - NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
> - "allow_read /etc/fstab"}, {
> - NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
> - "allow_read /etc/fstab"}, {
> - NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
> - "allow_read /etc/fstab"}, {
> - setup_open_group, test_read_etc_fstab, cleanup_open_group,
> - "file::open", "allow_read @READABLE"}, {
> - NULL, test_write_dev_null, cleanup_file_open, "file::open",
> - "allow_write /dev/null"}, {
> - NULL, test_write_dev_null, cleanup_file_open, "file::open",
> - "allow_write /dev/null"}, {
> - NULL, test_write_dev_null, cleanup_file_open, "file::open",
> - "allow_write /dev/null"}, {
> - cleanup_mkdir_testdir, test_mkdir_testdir,
> - cleanup_mkdir_testdir, "file::mkdir",
> - "allow_mkdir /tmp/testdir/ 0755"}, {
> - cleanup_mkdir_testdir, test_mkdir_testdir,
> - cleanup_mkdir_testdir, "file::mkdir",
> - "allow_mkdir /tmp/testdir/ 0755"}, {
> - cleanup_mkdir_testdir, test_mkdir_testdir,
> - cleanup_mkdir_testdir, "file::mkdir",
> - "allow_mkdir /tmp/testdir/ 0755"}, {
> - setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
> - "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
> - setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
> - "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
> - setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
> - "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
> - setup_execute_bin_true, test_execute_bin_true,
> - cleanup_execute_bin_true, "file::execute",
> - "allow_execute /bin/true"}, {
> - setup_execute_bin_true, test_execute_bin_true,
> - cleanup_execute_bin_true, "file::execute",
> - "allow_execute /bin/true"}, {
> - setup_execute_bin_true, test_execute_bin_true,
> - cleanup_execute_bin_true, "file::execute",
> - "allow_execute /bin/true"}, {
> - NULL, test_chmod_dev_null, NULL, "file::chmod",
> - "allow_chmod /dev/null 0666"}, {
> - NULL, test_chown_dev_null, NULL, "file::chown",
> - "allow_chown /dev/null 0"}, {
> - NULL, test_chgrp_dev_null, NULL, "file::chgrp",
> - "allow_chgrp /dev/null 0"}, {
> - NULL, test_ioctl_dev_null, NULL, "file::ioctl",
> - "allow_ioctl /dev/null 0x5451"}, {
> - setup_chmod_group, test_chmod_dev_null, cleanup_chmod_group,
> - "file::chmod", "allow_chmod @CHMOD_TARGET @CHMOD_MODES"}, {
> - setup_chown_group, test_chown_dev_null, cleanup_chown_group,
> - "file::chown", "allow_chown @CHOWN_TARGET @CHOWN_IDS"}, {
> - setup_chown_group, test_chgrp_dev_null, cleanup_chown_group,
> - "file::chgrp", "allow_chgrp @CHOWN_TARGET @CHOWN_IDS"}, {
> - setup_ioctl_group, test_ioctl_dev_null, cleanup_ioctl_group,
> - "file::ioctl", "allow_ioctl @IOCTL_TARGET @IOCTL_NUMBERS"},
> - {
> - setup_test_file, test_file_open_0, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile0"}, {
> - setup_test_file, test_file_open_1, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile1"}, {
> - setup_test_file, test_file_open_1, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile1 0600"}, {
> - setup_test_file, test_file_open_2, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile2"}, {
> - setup_test_file, test_file_open_2, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile2"}, {
> - setup_test_file_truncate, test_file_open_2,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile2"}, {
> - setup_test_file, test_file_open_3, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile3"}, {
> - setup_test_file, test_file_open_3, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile3 0600"}, {
> - setup_test_file, test_file_open_4, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile4"}, {
> - setup_test_file, test_file_open_5, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile5"}, {
> - setup_test_file, test_file_open_5, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile5 0600"}, {
> - setup_test_file, test_file_open_6, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile6"}, {
> - setup_test_file, test_file_open_6, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile6"}, {
> - setup_test_file_truncate, test_file_open_6,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile6"}, {
> - setup_test_file, test_file_open_7, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile7"}, {
> - setup_test_file, test_file_open_7, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile7 0600"}, {
> - setup_test_file, test_file_open_8, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile8"}, {
> - setup_test_file, test_file_open_8, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
> - setup_test_file, test_file_open_9, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile9"}, {
> - setup_test_file, test_file_open_9, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile9 0600"}, {
> - setup_test_file, test_file_open_9, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile9"}, {
> - setup_test_file, test_file_open_10, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile10"}, {
> - setup_test_file, test_file_open_10, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile10"}, {
> - setup_test_file, test_file_open_10, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
> - setup_test_file, test_file_open_11, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile11"}, {
> - setup_test_file, test_file_open_11, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile11 0600"}, {
> - setup_test_file, test_file_open_11, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile11"}, {
> - setup_test_file, test_file_open_12, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile12"}, {
> - setup_test_file, test_file_open_13, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile13"}, {
> - setup_test_file, test_file_open_13, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile13 0600"}, {
> - setup_test_file, test_file_open_14, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile14"}, {
> - setup_test_file, test_file_open_14, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile14"}, {
> - setup_test_file_truncate, test_file_open_14,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile14"}, {
> - setup_test_file, test_file_open_15, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile15"}, {
> - setup_test_file, test_file_open_15, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile15 0600"}, {
> - setup_test_file, test_file_open_16, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile16"}, {
> - setup_test_file, test_file_open_16, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
> - setup_test_file, test_file_open_17, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile17"}, {
> - setup_test_file, test_file_open_17, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile17 0600"}, {
> - setup_test_file, test_file_open_17, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile17"}, {
> - setup_test_file, test_file_open_18, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile18"}, {
> - setup_test_file, test_file_open_18, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile18"}, {
> - setup_test_file, test_file_open_18, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
> - setup_test_file, test_file_open_19, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile19"}, {
> - setup_test_file, test_file_open_19, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile19 0600"}, {
> - setup_test_file, test_file_open_19, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile19"}, {
> - setup_test_file, test_file_open_20, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile20"}, {
> - setup_test_file, test_file_open_21, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile21"}, {
> - setup_test_file, test_file_open_21, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile21 0600"}, {
> - setup_test_file, test_file_open_22, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile22"}, {
> - setup_test_file, test_file_open_22, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile22"}, {
> - setup_test_file_truncate, test_file_open_22,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile22"}, {
> - setup_test_file, test_file_open_23, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile23"}, {
> - setup_test_file, test_file_open_23, cleanup_test_file,
> - "file::create", "allow_create /tmp/testfile23 0600"}, {
> - setup_all_test_file, test_file_open_0, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile0"}, {
> - setup_all_test_file, test_file_open_2, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile2"}, {
> - setup_all_test_file, test_file_open_2, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile2"}, {
> - setup_all_test_file_truncate, test_file_open_2,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile2"}, {
> - setup_all_test_file, test_file_open_4, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile4"}, {
> - setup_all_test_file, test_file_open_6, cleanup_test_file,
> - "file::open", "allow_read /tmp/testfile6"}, {
> - setup_all_test_file, test_file_open_6, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile6"}, {
> - setup_all_test_file_truncate, test_file_open_6,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile6"}, {
> - setup_all_test_file, test_file_open_8, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile8"}, {
> - setup_all_test_file, test_file_open_8, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
> - setup_all_test_file, test_file_open_10, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile10"}, {
> - setup_all_test_file, test_file_open_10, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile10"}, {
> - setup_all_test_file, test_file_open_10, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
> - setup_all_test_file, test_file_open_12, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile12"}, {
> - setup_all_test_file, test_file_open_14, cleanup_test_file,
> - "file::open", "allow_write /tmp/testfile14"}, {
> - setup_all_test_file, test_file_open_14, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile14"}, {
> - setup_all_test_file_truncate, test_file_open_14,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile14"}, {
> - setup_all_test_file, test_file_open_16, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile16"}, {
> - setup_all_test_file, test_file_open_16, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
> - setup_all_test_file, test_file_open_18, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile18"}, {
> - setup_all_test_file, test_file_open_18, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile18"}, {
> - setup_all_test_file, test_file_open_18, cleanup_test_file,
> - "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
> - setup_all_test_file, test_file_open_20, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile20"}, {
> - setup_all_test_file, test_file_open_22, cleanup_test_file,
> - "file::open", "allow_read/write /tmp/testfile22"}, {
> - setup_all_test_file, test_file_open_22, cleanup_test_file,
> - "file::truncate", "allow_truncate /tmp/testfile22"}, {
> - setup_all_test_file_truncate, test_file_open_22,
> - cleanup_test_file_truncate, "file::rewrite",
> - "allow_rewrite /tmp/testfile22"}, {
> - NULL}
> -};
> -
> -int main(void)
> -{
> - int i;
> - tomoyo_test_init();
> - for (i = 0; tests[i].do_test; i++) {
> - int trial;
> - for (trial = 0; trial < 2; trial++) {
> - int should_fail;
> - for (should_fail = 0; should_fail < 2; should_fail++) {
> - if (tests[i].do_setup)
> - tests[i].do_setup();
> - if (!should_fail)
> - write_domain_policy(tests[i].policy, 0);
> - set_profile(3, tests[i].name);
> - tests[i].do_test();
> - show_result(tests[i].policy, !should_fail);
> - set_profile(0, tests[i].name);
> - if (tests[i].do_cleanup)
> - tests[i].do_cleanup();
> - if (!should_fail)
> - write_domain_policy(tests[i].policy, 1);
> - }
> - }
> - }
> - for (i = 0; tests[i].do_test; i++) {
> - int mode;
> - for (mode = 0; mode < 4; mode++) {
> - if (tests[i].do_setup)
> - tests[i].do_setup();
> - set_profile(mode, tests[i].name);
> - tests[i].do_test();
> - show_result(tests[i].name, 1);
> - set_profile(0, tests[i].name);
> - if (tests[i].do_cleanup)
> - tests[i].do_cleanup();
> - }
> - }
> - fprintf(domain_fp, "delete %s\n", self_domain);
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
> deleted file mode 100644
> index b1897a0fc..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
> +++ /dev/null
> @@ -1,195 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_policy_io_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static FILE *policy_fp = NULL;
> -static const char *policy_file = "";
> -
> -static void try_io(const char *policy, const char should_success)
> -{
> - FILE *fp = fopen(policy_file, "r");
> - char buffer[8192];
> - int policy_found = 0;
> - memset(buffer, 0, sizeof(buffer));
> - printf("%s: ", policy);
> - fprintf(policy_fp, "%s\n", policy);
> - if (!fp) {
> - printf("BUG: policy read failed\n");
> - return;
> - }
> - while (fgets(buffer, sizeof(buffer) - 1, fp)) {
> - char *cp = strchr(buffer, '\n');
> - if (cp)
> - *cp = '\0';
> - if (!strcmp(buffer, policy)) {
> - policy_found = 1;
> - break;
> - }
> - }
> - fclose(fp);
> - if (should_success) {
> - if (policy_found)
> - printf("OK\n");
> - else
> - printf("BUG: policy write failed\n");
> - } else {
> - if (!policy_found)
> - printf("OK : write rejected.\n");
> - else
> - printf("BUG: policy write not rejected.\n");
> - }
> - fprintf(policy_fp, "delete %s\n", policy);
> -}
> -
> -static void stage_policy_io_test(void)
> -{
> - int i;
> - policy_file = proc_policy_domain_policy;
> - policy_fp = domain_fp;
> - for (i = 0; i < 3; i++) {
> - try_io("allow_chroot /", 1);
> - try_io("allow_chroot ", 0);
> - try_io("allow_chroot /mnt0/", 1);
> - try_io("allow_chroot /var1/chroot2/", 1);
> - try_io("allow_chroot /mnt0/", 1);
> - try_io("allow_chroot /mnt0/", 1);
> - try_io("allow_chroot /mnt0/", 1);
> - try_io("allow_chroot /mnt\\?\\*/", 1);
> - try_io("allow_chroot /mnt\\?\\*/", 1);
> - try_io("allow_unmount /", 1);
> - try_io("allow_unmount /sys1/", 1);
> - try_io("allow_unmount /initrd2/", 1);
> - try_io("allow_unmount /initrd/dev3/", 1);
> - try_io("allow_unmount /initrd/\\*\\+/", 1);
> - try_io("allow_unmount /initrd/\\@\\*/", 1);
> - try_io("allow_unmount /initrd2/", 1);
> - try_io("allow_pivot_root / /proc3/", 1);
> - try_io("allow_pivot_root /sys5/ /proc3/", 1);
> - try_io("allow_pivot_root /sys/", 0);
> - try_io("allow_pivot_root *", 0);
> - try_io("allow_pivot_root /sys5/ /proc3/", 1);
> - try_io("allow_mount / / --bind 0xD", 1);
> - try_io("allow_mount / / --move 0xF", 1);
> - try_io("allow_mount / --remount", 0);
> - try_io("allow_mount /", 0);
> - try_io("allow_mount none /tmp/ tmpfs 0x1", 1);
> - try_io("allow_mount none /tmp/ tmpfs", 0);
> - try_io("allow_mount none /tmp/ nonexistent 0x0", 1);
> - try_io("allow_mount none /proc/ proc 0x0", 1);
> - try_io("allow_mount none /selinux/ selinuxfs 0x0", 1);
> - try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
> - try_io("allow_mount none /dev/pts/ devpts 0x0", 1);
> - try_io("allow_mount any / --remount 0xC00", 1);
> - try_io("allow_mount /dev/sda1 /boot/ ext3 0xC00", 1);
> - try_io("allow_mount none /dev/shm/ tmpfs 0x0", 1);
> - try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
> - "0x0", 1);
> - try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
> - "0x0 0x1", 0);
> - try_io("allow_mount none /proc/sys/fs/binfmt_misc/ tmpfs "
> - "binfmt_misc 0x0", 0);
> - try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
> - }
> - policy_file = proc_policy_exception_policy;
> - policy_fp = exception_fp;
> - for (i = 0; i < 3; i++) {
> - try_io("allow_read /tmp/abc", 1);
> - try_io("allow_read /tmp/abc\\*", 1);
> - try_io("allow_read abc", 1);
> - try_io("allow_read /tmp/abc/", 1);
> - try_io("allow_read", 0);
> - try_io("allow_read *", 1);
> - try_io("file_pattern /\\*\\*\\*", 1);
> - try_io("file_pattern /abc", 1);
> - try_io("file_pattern /abc /def", 0);
> - try_io("file_pattern abcdef", 1);
> - try_io("path_group TEST /", 1);
> - try_io("path_group TEST /boo", 1);
> - try_io("path_group TEST /bar", 1);
> - try_io("path_group TEST /\\*", 1);
> - try_io("path_group TEST / /", 0);
> - try_io("path_group TEST /boo", 1);
> - try_io("path_group TEST /bar", 1);
> - try_io("path_group TEST boo", 1);
> - try_io("path_group TEST boo/", 1);
> - try_io("path_group TEST /bar", 1);
> - try_io("path_group TEST3 /\\*", 1);
> - try_io("path_group TEST3 / /", 0);
> - try_io("path_group TEST3 /boo", 1);
> - try_io("path_group TEST3 /bar", 1);
> - try_io("path_group TEST3 boo", 1);
> - try_io("path_group TEST3 boo/", 1);
> - try_io("deny_rewrite /", 1);
> - try_io("deny_rewrite /foo", 1);
> - try_io("deny_rewrite /\\*", 1);
> - try_io("deny_rewrite /\\:", 0);
> - try_io("deny_rewrite / /", 0);
> - try_io("deny_rewrite @/TEST", 1);
> - try_io("aggregator /boo/\\* /BOO", 1);
> - try_io("aggregator /boo/\\* /BOO\\*", 0);
> - try_io("aggregator /boo/\\*/ /BOO", 1);
> - try_io("aggregator /boo/\\* /BOO/", 1);
> - try_io("keep_domain <kernel>", 1);
> - try_io("keep_domain <kernel> /sbin/init", 1);
> - try_io("keep_domain <kernel> foo", 0);
> - try_io("keep_domain <kernel> \\*", 0);
> - try_io("keep_domain /ssh", 1);
> - try_io("keep_domain /ssh /foo", 0);
> - try_io("keep_domain /foo from <kernel>", 1);
> - try_io("keep_domain /foo from <kernel> /sbin/init", 1);
> - try_io("keep_domain from <kernel> /sbin/init", 0);
> - try_io("keep_domain \\* from <kernel> /sbin/init", 0);
> - try_io("no_keep_domain <kernel>", 1);
> - try_io("no_keep_domain <kernel> /sbin/init", 1);
> - try_io("no_keep_domain <kernel> foo", 0);
> - try_io("no_keep_domain <kernel> \\*", 0);
> - try_io("no_keep_domain /ssh", 1);
> - try_io("no_keep_domain /ssh /foo", 0);
> - try_io("no_keep_domain /foo from <kernel>", 1);
> - try_io("no_keep_domain /foo from <kernel> /sbin/init", 1);
> - try_io("no_keep_domain from <kernel> /sbin/init", 0);
> - try_io("no_keep_domain \\* from <kernel> /sbin/init", 0);
> - try_io("initialize_domain /foo", 1);
> - try_io("initialize_domain /\\*", 1);
> - try_io("initialize_domain /foo /bar", 0);
> - try_io("initialize_domain /foo from /bar", 1);
> - try_io("initialize_domain /foo from <kernel> /bar", 1);
> - try_io("initialize_domain /\\* from <kernel>", 1);
> - try_io("initialize_domain /foo from <kernel> \\*", 0);
> - try_io("no_initialize_domain /foo", 1);
> - try_io("no_initialize_domain /\\*", 1);
> - try_io("no_initialize_domain /foo /bar", 0);
> - try_io("no_initialize_domain /foo from /bar", 1);
> - try_io("no_initialize_domain /foo from <kernel> /bar", 1);
> - try_io("no_initialize_domain /\\* from <kernel>", 1);
> - try_io("no_initialize_domain /foo from <kernel> \\*", 0);
> - }
> -}
> -
> -int main(void)
> -{
> - tomoyo_test_init();
> - stage_policy_io_test();
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
> deleted file mode 100644
> index a6620ba30..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
> +++ /dev/null
> @@ -1,358 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_policy_memory_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -/*
> - * Usage: Run this program using init= boot option.
> - */
> -#include <stdio.h>
> -#include <stdlib.h>
> -#include <string.h>
> -#include <unistd.h>
> -#include <sys/mount.h>
> -
> -static void BUG(const char *msg)
> -{
> - printf("%s", msg);
> - fflush(stdout);
> - while (1)
> - sleep(100);
> -}
> -
> -static const char *policy_file = NULL;
> -static const char *policy = NULL;
> -
> -static void get_meminfo(unsigned int *policy_memory)
> -{
> - FILE *fp = fopen("/sys/kernel/security/tomoyo/meminfo", "r");
> - if (!fp || fscanf(fp, "Policy: %u", policy_memory) != 1 || fclose(fp))
> - BUG("BUG: Policy read error\n");
> -}
> -
> -static void check_policy_common(const int found_expected, const int id)
> -{
> - FILE *fp = fopen(policy_file, "r");
> - char buffer[8192];
> - int policy_found = 0;
> - memset(buffer, 0, sizeof(buffer));
> - if (!fp)
> - BUG("BUG: Policy read error\n");
> - while (fgets(buffer, sizeof(buffer) - 1, fp)) {
> - char *cp = strchr(buffer, '\n');
> - if (cp)
> - *cp = '\0';
> - if (strcmp(buffer, policy))
> - continue;
> - policy_found = 1;
> - break;
> - }
> - fclose(fp);
> - if (policy_found != found_expected) {
> - printf("BUG: Policy write error: %s %s at %d\n", policy,
> - found_expected ? "not added" : "not deleted", id);
> - BUG("");
> - }
> -}
> -
> -static inline void check_policy_written(FILE * fp, const int id)
> -{
> - fflush(fp);
> - check_policy_common(1, id);
> -}
> -
> -static inline void check_policy_deleted(FILE * fp, const int id)
> -{
> - fflush(fp);
> - check_policy_common(0, id);
> -}
> -
> -static const char *domain_testcases[] = {
> - "allow_create /tmp/mknod_reg_test 0600",
> - "allow_create /tmp/open_test 0600",
> - "allow_create /tmp/open_test 0600",
> - "allow_create /tmp/open_test 0600",
> - "allow_execute /bin/true",
> - "allow_execute /bin/true",
> - "allow_execute /bin/true0",
> - "allow_execute /bin/true1",
> - "allow_execute /bin/true2",
> - "allow_execute /bin/true3",
> - "allow_execute /bin/true4",
> - "allow_execute /bin/true5",
> - "allow_execute /bin/true6",
> - "allow_execute /bin/true7",
> - "allow_execute /bin/true7",
> - "allow_execute /bin/true7",
> - "allow_execute /bin/true8",
> - "allow_ioctl socket:[family=2:type=2:protocol=17] 0-35122",
> - "allow_ioctl socket:[family=2:type=2:protocol=17] 35122-35124",
> - "allow_link /tmp/link_source_test /tmp/link_dest_test",
> - "allow_mkblock /tmp/mknod_blk_test 0600 1 0",
> - "allow_mkchar /tmp/mknod_chr_test 0600 1 3",
> - "allow_mkdir /tmp/mkdir_test/ 0755",
> - "allow_mkfifo /tmp/mknod_fifo_test 0600",
> - "allow_mkfifo /tmp/mknod_fifo_test 0600",
> - "allow_mksock /tmp/mknod_sock_test 0600",
> - "allow_mksock /tmp/socket_test 0600",
> - "allow_read /bin/true",
> - "allow_read /bin/true",
> - "allow_read /dev/null",
> - "allow_read /dev/null",
> - "allow_read /dev/null",
> - "allow_read /dev/null",
> - "allow_read /dev/null",
> - "allow_read /dev/null",
> - "allow_read /foo",
> - "allow_read /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_read /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_read/write /bar",
> - "allow_read/write /dev/null",
> - "allow_read/write /dev/null",
> - "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_read/write /tmp/fifo",
> - "allow_read/write /tmp/fifo",
> - "allow_read/write /tmp/rewrite_test",
> - "allow_rename /tmp/rename_source_test /tmp/rename_dest_test",
> - "allow_rmdir /tmp/rmdir_test/",
> - "allow_symlink /symlink",
> - "allow_symlink /symlink",
> - "allow_symlink /symlink",
> - "allow_symlink /symlink",
> - "allow_symlink /tmp/symlink_source_test",
> - "allow_symlink /tmp/symlink_source_test",
> - "allow_symlink /tmp/symlink_source_test",
> - "allow_symlink /tmp/symlink_source_test",
> - "allow_symlink /tmp/symlink_source_test",
> - "allow_truncate /tmp/rewrite_test",
> - "allow_truncate /tmp/truncate_test",
> - "allow_truncate /tmp/truncate_test",
> - "allow_unlink /tmp/unlink_test",
> - "allow_write /123",
> - "allow_write /dev/null",
> - "allow_write /dev/null",
> - "allow_write /devfile",
> - "allow_write /devfile",
> - "allow_write /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_write /proc/sys/net/ipv4/ip_local_port_range",
> - "allow_write /tmp/open_test",
> - "allow_write /tmp/open_test",
> - "allow_write /tmp/open_test",
> - "allow_write /tmp/truncate_test",
> - "allow_write /tmp/truncate_test",
> - "allow_rewrite /tmp/rewrite_test",
> - "allow_rewrite /tmp/rewrite_test",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
> - "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
> - "allow_chroot /",
> - "allow_chroot /",
> - "allow_chroot /mnt/",
> - "allow_pivot_root / /proc/",
> - "allow_pivot_root /mnt/ /proc/mnt/",
> - "allow_unmount /",
> - "allow_unmount /proc/",
> - NULL
> -};
> -
> -static void domain_policy_test(const unsigned int before)
> -{
> - unsigned int after;
> - int j;
> - policy_file = "/sys/kernel/security/tomoyo/domain_policy";
> - for (j = 0; domain_testcases[j]; j++) {
> - int i;
> - FILE *fp = fopen(policy_file, "w");
> - if (!fp)
> - BUG("BUG: Policy write error\n");
> - fprintf(fp, "<kernel>\n");
> - policy = domain_testcases[j];
> - printf("Processing: %s\n", policy);
> - for (i = 0; i < 100; i++) {
> - fprintf(fp, "%s\n", policy);
> - if (!i)
> - check_policy_written(fp, 1);
> - fprintf(fp, "delete %s\n", policy);
> - }
> - check_policy_deleted(fp, 1);
> - for (i = 0; i < 100; i++)
> - fprintf(fp, "%s\n", policy);
> - check_policy_written(fp, 2);
> - fprintf(fp, "delete %s\n", policy);
> - check_policy_deleted(fp, 2);
> - fclose(fp);
> - for (i = 0; i < 30; i++) {
> - usleep(100000);
> - get_meminfo(&after);
> - if (before == after)
> - break;
> - }
> - if (before != after) {
> - printf("Policy: %d\n", after - before);
> - BUG("Policy read/write test: Fail\n");
> - }
> - }
> - for (j = 0; j < 10; j++) {
> - int i;
> - FILE *fp = fopen(policy_file, "w");
> - if (!fp)
> - BUG("BUG: Policy write error\n");
> - fprintf(fp, "<kernel> /sbin/init\n");
> - for (i = 0; domain_testcases[i]; i++)
> - fprintf(fp, "%s\n", domain_testcases[i]);
> - fprintf(fp, "delete <kernel> /sbin/init\n");
> - fclose(fp);
> - for (i = 0; i < 50; i++) {
> - usleep(100000);
> - get_meminfo(&after);
> - if (before == after)
> - break;
> - }
> - if (before != after) {
> - printf("Policy: %d\n", after - before);
> - BUG("Policy read/write test: Fail\n");
> - }
> - }
> -}
> -
> -static const char *exception_testcases[] = {
> - "allow_read /tmp/mknod_reg_test",
> - "allow_env HOME",
> - "path_group PG1 /",
> - "path_group PG2 /",
> - "address_group AG3 0.0.0.0",
> - "address_group AG3 1.2.3.4-5.6.7.8",
> - "address_group AG3 f:ee:ddd:cccc:b:aa:999:8888",
> - "address_group AG4 0:1:2:3:4:5:6:7-8:90:a00:b000:c00:d0:e:f000",
> - "number_group NG1 1000",
> - "number_group NG2 10-0x100000",
> - "number_group NG3 01234567-0xABCDEF89",
> - "deny_autobind 1024",
> - "deny_autobind 32668-65535",
> - "deny_autobind 0-1023",
> - "initialize_domain /usr/sbin/sshd",
> - "no_initialize_domain /usr/sbin/sshd",
> - "initialize_domain /usr/sbin/sshd from /bin/bash",
> - "no_initialize_domain /usr/sbin/sshd from /bin/bash",
> - "initialize_domain /usr/sbin/sshd from "
> - "<kernel> /bin/mingetty/bin/bash",
> - "no_initialize_domain /usr/sbin/sshd from "
> - "<kernel> /bin/mingetty/bin/bash",
> - "keep_domain <kernel> /usr/sbin/sshd /bin/bash",
> - "no_keep_domain <kernel> /usr/sbin/sshd /bin/bash",
> - "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
> - "no_keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
> - "keep_domain /bin/pwd from /bin/bash",
> - "no_keep_domain /bin/pwd from /bin/bash",
> - "file_pattern /proc/\\$/task/\\$/environ",
> - "file_pattern /proc/\\$/task/\\$/auxv",
> - "allow_read /etc/ld.so.cache",
> - "allow_read /proc/meminfo",
> - "allow_read /proc/sys/kernel/version",
> - "allow_read /etc/localtime",
> - "allow_read /proc/self/task/\\$/attr/current",
> - "allow_read /proc/self/task/\\$/oom_score",
> - "allow_read /proc/self/wchan",
> - "allow_read /lib/ld-2.5.so",
> - "file_pattern pipe:[\\$]",
> - "file_pattern socket:[\\$]",
> - "file_pattern /var/cache/logwatch/logwatch.\\*/",
> - "file_pattern /var/cache/logwatch/logwatch.\\*/\\*",
> - "deny_rewrite /var/log/\\*",
> - "deny_rewrite /var/log/\\*/\\*",
> - "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+smb /etc/rc.d/init.d/smb",
> - "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+crond /etc/rc.d/init.d/crond",
> - NULL
> -};
> -
> -static void exception_policy_test(const unsigned int before)
> -{
> - unsigned int after;
> - int j;
> - policy_file = "/sys/kernel/security/tomoyo/exception_policy";
> - for (j = 0; exception_testcases[j]; j++) {
> - int i;
> - FILE *fp = fopen(policy_file, "w");
> - if (!fp)
> - BUG("BUG: Policy write error\n");
> - policy = exception_testcases[j];
> - printf("Processing: %s\n", policy);
> - for (i = 0; i < 100; i++) {
> - fprintf(fp, "%s\n", policy);
> - if (!i)
> - check_policy_written(fp, 1);
> - fprintf(fp, "delete %s\n", policy);
> - }
> - check_policy_deleted(fp, 1);
> - for (i = 0; i < 100; i++)
> - fprintf(fp, "%s\n", policy);
> - check_policy_written(fp, 2);
> - fprintf(fp, "delete %s\n", policy);
> - check_policy_deleted(fp, 2);
> - fclose(fp);
> - for (i = 0; i < 30; i++) {
> - usleep(100000);
> - get_meminfo(&after);
> - if (before == after)
> - break;
> - }
> - if (before != after) {
> - printf("Policy: %d\n", after - before);
> - BUG("Policy read/write test: Fail\n");
> - }
> - }
> - for (j = 0; j < 10; j++) {
> - int i;
> - FILE *fp = fopen(policy_file, "w");
> - if (!fp)
> - BUG("BUG: Policy write error\n");
> - for (i = 0; exception_testcases[i]; i++)
> - fprintf(fp, "%s\n", exception_testcases[i]);
> - for (i = 0; exception_testcases[i]; i++)
> - fprintf(fp, "delete %s\n", exception_testcases[i]);
> - fclose(fp);
> - for (i = 0; i < 50; i++) {
> - usleep(100000);
> - get_meminfo(&after);
> - if (before == after)
> - break;
> - }
> - if (before != after) {
> - printf("Policy: %d\n", after - before);
> - BUG("Policy read/write test: Fail\n");
> - }
> - }
> -}
> -
> -int main(void)
> -{
> - unsigned int before;
> - mount("/proc", "/proc/", "proc", 0, NULL);
> - get_meminfo(&before);
> - domain_policy_test(before);
> - exception_policy_test(before);
> - BUG("Policy read/write test: Success\n");
> - return 0;
> -}
> diff --git a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c b/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
> deleted file mode 100644
> index 7bc22c39b..000000000
> --- a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
> +++ /dev/null
> @@ -1,169 +0,0 @@
> -/******************************************************************************/
> -/* This program is free software; you can redistribute it and/or modify */
> -/* it under the terms of the GNU General Public License as published by */
> -/* the Free Software Foundation; either version 2 of the License, or */
> -/* (at your option) any later version. */
> -/* */
> -/* This program is distributed in the hope that it will be useful, */
> -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
> -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
> -/* the GNU General Public License for more details. */
> -/* */
> -/* You should have received a copy of the GNU General Public License */
> -/* along with this program; if not, write to the Free Software */
> -/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
> -/* */
> -/******************************************************************************/
> -/*
> - * tomoyo_rewrite_test.c
> - *
> - * Testing program for security/tomoyo/
> - *
> - * Copyright (C) 2005-2010 NTT DATA CORPORATION
> - */
> -#include "include.h"
> -
> -static int should_fail = 0;
> -
> -static void show_prompt(const char *str)
> -{
> - printf("Testing %35s: (%s) ", str,
> - should_fail ? "must fail" : "must success");
> - errno = 0;
> -}
> -
> -static void show_result(int result)
> -{
> - if (should_fail) {
> - if (result == EOF) {
> - if (errno == EPERM)
> - printf("OK: Permission denied.\n");
> - else
> - printf("BUG!\n");
> - } else {
> - printf("BUG!\n");
> - }
> - } else {
> - if (result != EOF)
> - printf("OK\n");
> - else
> - printf("BUG!\n");
> - }
> -}
> -
> -#define REWRITE_PATH "/tmp/rewrite_test"
> -
> -static void stage_rewrite_test(void)
> -{
> - int fd;
> -
> - /* Start up */
> - write_domain_policy("allow_read/write " REWRITE_PATH, 0);
> - write_domain_policy("allow_truncate " REWRITE_PATH, 0);
> - write_domain_policy("allow_create " REWRITE_PATH " 0600", 0);
> - write_domain_policy("allow_unlink " REWRITE_PATH, 0);
> - write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
> - set_profile(3, "file::open");
> - set_profile(3, "file::create");
> - set_profile(3, "file::truncate");
> - set_profile(3, "file::rewrite");
> - set_profile(3, "file::unlink");
> - close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
> -
> - /* Enforce mode */
> - should_fail = 0;
> -
> - show_prompt("open(O_RDONLY)");
> - fd = open(REWRITE_PATH, O_RDONLY);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_APPEND)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
> - show_result(fd);
> - close(fd);
> -
> - should_fail = 1;
> - show_prompt("open(O_WRONLY)");
> - fd = open(REWRITE_PATH, O_WRONLY);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_TRUNC)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("truncate()");
> - show_result(truncate(REWRITE_PATH, 0));
> -
> - fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
> - show_prompt("ftruncate()");
> - show_result(ftruncate(fd, 0));
> -
> - show_prompt("fcntl(F_SETFL, ~O_APPEND)");
> - show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
> - close(fd);
> -
> - /* Permissive mode */
> - set_profile(2, "file::open");
> - set_profile(2, "file::create");
> - set_profile(2, "file::truncate");
> - set_profile(2, "file::rewrite");
> - set_profile(2, "file::unlink");
> - should_fail = 0;
> -
> - show_prompt("open(O_RDONLY)");
> - fd = open(REWRITE_PATH, O_RDONLY);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_APPEND)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY)");
> - fd = open(REWRITE_PATH, O_WRONLY);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_TRUNC)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
> - fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
> - show_result(fd);
> - close(fd);
> -
> - show_prompt("truncate()");
> - show_result(truncate(REWRITE_PATH, 0));
> -
> - fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
> - show_prompt("ftruncate()");
> - show_result(ftruncate(fd, 0));
> -
> - show_prompt("fcntl(F_SETFL, ~O_APPEND)");
> - show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
> - close(fd);
> -
> - /* Clean up */
> - unlink(REWRITE_PATH);
> - write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
> - printf("\n\n");
> -}
> -
> -int main(void)
> -{
> - tomoyo_test_init();
> - stage_rewrite_test();
> - clear_status();
> - return 0;
> -}
More information about the ltp
mailing list