[LTP] [PATCH v2] Remove tomoyo testing suite
Andrea Cervesato
andrea.cervesato@suse.de
Tue Mar 7 14:34:31 CET 2023
From: Andrea Cervesato <andrea.cervesato@suse.com>
The tomoyo testing suite is built and installed inside the LTP testcases
folder, but it's not used and maintained anymore.
This patch removes it, so we get rid of ltp_clone_quick as well and make
some space in the installation folder.
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
testcases/kernel/security/tomoyo/.gitignore | 9 -
testcases/kernel/security/tomoyo/Makefile | 29 -
testcases/kernel/security/tomoyo/README | 58 --
testcases/kernel/security/tomoyo/include.h | 379 ----------
testcases/kernel/security/tomoyo/newns.c | 49 --
testcases/kernel/security/tomoyo/testall.sh | 46 --
.../security/tomoyo/tomoyo_accept_test.c | 146 ----
.../kernel/security/tomoyo/tomoyo_file_test.c | 304 --------
.../security/tomoyo/tomoyo_filesystem_test.c | 633 -----------------
.../security/tomoyo/tomoyo_new_file_test.c | 627 -----------------
.../kernel/security/tomoyo/tomoyo_new_test.c | 652 ------------------
.../security/tomoyo/tomoyo_policy_io_test.c | 195 ------
.../tomoyo/tomoyo_policy_memory_test.c | 358 ----------
.../security/tomoyo/tomoyo_rewrite_test.c | 169 -----
14 files changed, 3654 deletions(-)
delete mode 100644 testcases/kernel/security/tomoyo/.gitignore
delete mode 100644 testcases/kernel/security/tomoyo/Makefile
delete mode 100644 testcases/kernel/security/tomoyo/README
delete mode 100644 testcases/kernel/security/tomoyo/include.h
delete mode 100644 testcases/kernel/security/tomoyo/newns.c
delete mode 100644 testcases/kernel/security/tomoyo/testall.sh
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_accept_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_file_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_new_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
delete mode 100644 testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
diff --git a/testcases/kernel/security/tomoyo/.gitignore b/testcases/kernel/security/tomoyo/.gitignore
deleted file mode 100644
index 698646d93..000000000
--- a/testcases/kernel/security/tomoyo/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-/newns
-/tomoyo_accept_test
-/tomoyo_file_test
-/tomoyo_filesystem_test
-/tomoyo_new_file_test
-/tomoyo_new_test
-/tomoyo_policy_io_test
-/tomoyo_policy_memory_test
-/tomoyo_rewrite_test
diff --git a/testcases/kernel/security/tomoyo/Makefile b/testcases/kernel/security/tomoyo/Makefile
deleted file mode 100644
index 00e4cc3ed..000000000
--- a/testcases/kernel/security/tomoyo/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# kernel/security/smack testcase Makefile
-#
-# Copyright (C) 2009, Cisco Systems Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Ngie Cooper, July 2009
-#
-
-top_srcdir ?= ../../../..
-
-include $(top_srcdir)/include/mk/testcases.mk
-
-INSTALL_TARGETS := testall.sh
-
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/tomoyo/README b/testcases/kernel/security/tomoyo/README
deleted file mode 100644
index 0cb538868..000000000
--- a/testcases/kernel/security/tomoyo/README
+++ /dev/null
@@ -1,58 +0,0 @@
-Always look here for latest version of these tests:
-http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/?root=tomoyo
-
-These testcases test the TOMOYO Security Module. And they are not part of
-default LTP build/install/run.
-
-A kernel with TOMOYO configured is required to run the TOMOYO testsuite.
-The securityfs filesystem must be mounted at /sys/kernel/security .
-
-Preparation steps are:
-
-1) Download tomoyo-tools package and extract and build and install.
-
- # wget -O tomoyo-tools.tar.gz 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar'
- # tar -zxf tomoyo-tools.tar.gz
- # make -C tomoyo-tools/ install
-
- Programs are installed in /usr/sbin/ with prefix "tomoyo-" and
- /usr/lib/tomoyo/ directory without prefix "tomoyo-".
-
- You can make a RPM package by "rpmbuild -bb tomoyo-tools/tomoyo-tools.spec" and
- a DEB package by "alien -k" after "rpmbuild -bb".
-
-2) Run /usr/lib/tomoyo/init_policy .
-
- This will take several minutes.
-
- Hiding kernel source directory by "mount -t tmpfs none /usr/src/linux/"
- would save some time.
-
- Configuration files are saved in /etc/tomoyo/ directory.
- You can do "rm -fR /etc/tomoyo/" if you want to uninstall.
-
-3) Reboot the system with TOMOYO enabled kernel.
-
- To make sure TOMOYO is selected, you can add security=tomoyo to kernel's
- command line.
-
-4) Build the tests.
-
- # (extract the tar ball containing the tests.)
- # make autotools
- # ./configure
- # cd testcases/kernel/security/tomoyo/
- # make
- # find `/bin/pwd` -type f -perm +100 >> /etc/tomoyo/manager.conf
- # /usr/sbin/tomoyo-loadpolicy m
-
-Test steps are:
-
-1) Run the tests from the directory you ran "make".
-
- # ./testall.sh
-
- Please don't run the tests inside /tmp/ directory, for /tmp/ directory is
- hidden by "newns" (a wrapper program to run the test in a new namespace).
-
- You can use "| grep -vF OK" to pick up only failed tests as testall.sh does.
diff --git a/testcases/kernel/security/tomoyo/include.h b/testcases/kernel/security/tomoyo/include.h
deleted file mode 100644
index edaf1170f..000000000
--- a/testcases/kernel/security/tomoyo/include.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/******************************************************************************/
-/* */
-/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
-/* */
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * include.h
- *
- * Common functions for testing TOMOYO Linux's kernel.
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/kdev_t.h>
-#include <linux/unistd.h>
-#include <pty.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <sys/time.h>
-#include <sys/timex.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-#include <time.h>
-#include <unistd.h>
-#include <utime.h>
-#include <sched.h>
-#include <stdarg.h>
-#include <sys/mount.h>
-#include <arpa/inet.h>
-#include <net/if.h>
-#include <linux/ip.h>
-#include <err.h>
-#include "test.h"
-
-/*
- * Some architectures like mips n32 don't have __NR_uselib defined in the
- * system headers.
- */
-#ifdef __NR_uselib
-static inline int uselib(const char *library)
-{
- return syscall(__NR_uselib, library);
-}
-#else
-static inline int uselib(const char *library)
-{
- errno = ENOSYS;
- return -1;
-}
-#endif
-
-/* Is there an architecture without __NR_pivot_root defined? */
-#ifdef __NR_pivot_root
-static inline int pivot_root(const char *new_root, const char *put_old)
-{
- return syscall(__NR_pivot_root, new_root, put_old);
-}
-#else
-static inline int pivot_root(const char *new_root, const char *put_old)
-{
- errno = ENOSYS;
- return -1;
-}
-#endif
-
-/* The sysctl() wrapper is dead and newer arches omit it now. */
-static inline int write_sysctl(const char *path, const char *value)
-{
- FILE *fp = fopen(path, "w");
- if (!fp)
- return 1;
- fputs(value, fp);
- fclose(fp);
- return 0;
-}
-
-static inline int read_sysctl(const char *path, char *value, int len)
-{
- char scratch[100];
- FILE *fp = fopen(path, "r");
- if (!fp)
- return 1;
- if (!value) {
- value = scratch;
- len = sizeof(scratch);
- }
- if (fgets(value, len, fp))
- /* ignore */;
- fclose(fp);
- return 0;
-}
-
-/* Should be a fairly benign path to bang on. */
-#define TEST_SYSCTL_PATH "/proc/sys/net/ipv4/ip_local_port_range"
-
-#define proc_policy_dir "/sys/kernel/security/tomoyo/"
-#define proc_policy_domain_policy "/sys/kernel/security/tomoyo/domain_policy"
-#define proc_policy_exception_policy "/sys/kernel/security/tomoyo/exception_policy"
-#define proc_policy_profile "/sys/kernel/security/tomoyo/profile"
-#define proc_policy_manager "/sys/kernel/security/tomoyo/manager"
-#define proc_policy_query "/sys/kernel/security/tomoyo/query"
-#define proc_policy_grant_log "/sys/kernel/security/tomoyo/grant_log"
-#define proc_policy_reject_log "/sys/kernel/security/tomoyo/reject_log"
-#define proc_policy_domain_status "/sys/kernel/security/tomoyo/.domain_status"
-#define proc_policy_process_status "/sys/kernel/security/tomoyo/.process_status"
-#define proc_policy_self_domain "/sys/kernel/security/tomoyo/self_domain"
-
-static FILE *profile_fp = NULL;
-static FILE *domain_fp = NULL;
-static FILE *exception_fp = NULL;
-static char self_domain[4096] = "";
-static pid_t pid = 0;
-
-static void clear_status(void)
-{
- static const char *keywords[] = {
- "file::execute",
- "file::open",
- "file::create",
- "file::unlink",
- "file::mkdir",
- "file::rmdir",
- "file::mkfifo",
- "file::mksock",
- "file::truncate",
- "file::symlink",
- "file::rewrite",
- "file::mkblock",
- "file::mkchar",
- "file::link",
- "file::rename",
- "file::chmod",
- "file::chown",
- "file::chgrp",
- "file::ioctl",
- "file::chroot",
- "file::mount",
- "file::umount",
- "file::pivot_root",
- NULL
- };
- int i;
- FILE *fp = fopen(proc_policy_profile, "r");
- static char buffer[4096];
- if (!fp) {
- fprintf(stderr, "Can't open %s\n", proc_policy_profile);
- exit(1);
- }
- for (i = 0; keywords[i]; i++)
- fprintf(profile_fp,
- "255-CONFIG::%s={ mode=disabled }\n",
- keywords[i]);
- while (memset(buffer, 0, sizeof(buffer)),
- fgets(buffer, sizeof(buffer) - 10, fp)) {
- const char *mode;
- char *cp = strchr(buffer, '=');
- if (!cp)
- continue;
- *cp = '\0';
- mode = cp + 1;
- cp = strchr(buffer, '-');
- if (!cp)
- continue;
- *cp++ = '\0';
- if (strcmp(buffer, "0"))
- continue;
- fprintf(profile_fp, "255-%s", cp);
- if (!strcmp(cp, "COMMENT"))
- mode = "Profile for kernel test\n";
- else
- mode = "{ mode=disabled verbose=no }\n";
- fprintf(profile_fp, "255-%s=%s", cp, mode);
- }
- fprintf(profile_fp, "255-PREFERENCE::learning= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::enforcing= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::permissive= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::disabled= verbose=no\n");
- fprintf(profile_fp, "255-PREFERENCE::learning= max_entry=2048\n");
- fflush(profile_fp);
- fclose(fp);
-}
-
-static void tomoyo_test_init(void)
-{
- pid = getpid();
- if (access(proc_policy_dir, F_OK)) {
- fprintf(stderr, "You can't use this program for this kernel."
- "\n");
- exit(1);
- }
- profile_fp = fopen(proc_policy_profile, "w");
- if (!profile_fp) {
- fprintf(stderr, "Can't open %s .\n", proc_policy_profile);
- exit(1);
- }
- setlinebuf(profile_fp);
- domain_fp = fopen(proc_policy_domain_policy, "w");
- if (!domain_fp) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_domain_policy);
- exit(1);
- }
- setlinebuf(domain_fp);
- exception_fp = fopen(proc_policy_exception_policy, "w");
- if (!exception_fp) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_exception_policy);
- exit(1);
- }
- setlinebuf(exception_fp);
- if (fputc('\n', profile_fp) != '\n' || fflush(profile_fp)) {
- fprintf(stderr, "You need to register this program to %s to "
- "run this program.\n", proc_policy_manager);
- exit(1);
- }
- clear_status();
- {
- FILE *fp = fopen(proc_policy_self_domain, "r");
- memset(self_domain, 0, sizeof(self_domain));
- if (!fp || !fgets(self_domain, sizeof(self_domain) - 1, fp) ||
- fclose(fp)) {
- fprintf(stderr, "Can't open %s .\n",
- proc_policy_self_domain);
- exit(1);
- }
- }
- fprintf(domain_fp, "select pid=%u\n", pid);
- fprintf(domain_fp, "use_profile 255\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/domain_policy\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/domain_policy\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/exception_policy\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/exception_policy\n");
- fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/profile\n");
- fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/profile\n");
-}
-
-static void BUG(const char *fmt, ...)
- __attribute__ ((format(printf, 1, 2)));
-
-static void BUG(const char *fmt, ...)
-{
- va_list args;
- printf("BUG: ");
- va_start(args, fmt);
- vprintf(fmt, args);
- va_end(args);
- putchar('\n');
- fflush(stdout);
- while (1)
- sleep(100);
-}
-
-int write_domain_policy(const char *policy, int is_delete)
-{
- FILE *fp = fopen(proc_policy_domain_policy, "r");
- char buffer[8192];
- int domain_found = 0;
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp) {
- BUG("Can't read %s", proc_policy_domain_policy);
- return 0;
- }
- if (is_delete)
- fprintf(domain_fp, "delete ");
- fprintf(domain_fp, "%s\n", policy);
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (!strncmp(buffer, "<kernel>", 8))
- domain_found = !strcmp(self_domain, buffer);
- if (!domain_found)
- continue;
- /* printf("<%s>\n", buffer); */
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found == is_delete) {
- BUG("Can't %s %s", is_delete ? "delete" : "append",
- policy);
- return 0;
- }
- errno = 0;
- return 1;
-
-}
-
-int write_exception_policy(const char *policy, int is_delete)
-{
- FILE *fp = fopen(proc_policy_exception_policy, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp) {
- BUG("Can't read %s", proc_policy_exception_policy);
- return 0;
- }
- if (is_delete)
- fprintf(exception_fp, "delete ");
- fprintf(exception_fp, "%s\n", policy);
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found == is_delete) {
- BUG("Can't %s %s", is_delete ? "delete" : "append",
- policy);
- return 0;
- }
- errno = 0;
- return 1;
-
-}
-
-int set_profile(const int mode, const char *name)
-{
- static const char *modes[4] = { "disabled", "learning", "permissive",
- "enforcing" };
- FILE *fp = fopen(proc_policy_profile, "r");
- char buffer[8192];
- int policy_found = 0;
- const int len = strlen(name);
- if (!fp) {
- BUG("Can't read %s", proc_policy_profile);
- return 0;
- }
- fprintf(profile_fp, "255-CONFIG::%s=%s\n", name, modes[mode]);
- while (memset(buffer, 0, sizeof(buffer)),
- fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strncmp(buffer, "255-CONFIG::", 12) ||
- strncmp(buffer + 12, name, len) ||
- buffer[12 + len] != '=')
- continue;
- if (strstr(buffer + 13 + len, modes[mode]))
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (!policy_found) {
- BUG("Can't change profile to 255-CONFIG::%s=%s",
- name, modes[mode]);
- return 0;
- }
- errno = 0;
- return 1;
-}
diff --git a/testcases/kernel/security/tomoyo/newns.c b/testcases/kernel/security/tomoyo/newns.c
deleted file mode 100644
index f888ca31f..000000000
--- a/testcases/kernel/security/tomoyo/newns.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/******************************************************************************/
-/* */
-/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
-/* */
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/mount.h>
-#include <unistd.h>
-#include <sched.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "test.h"
-
-static int child(void *arg)
-{
- char **argv = (char **)arg;
- argv++;
- mount("/tmp/", "/tmp/", "tmpfs", 0, NULL);
- execvp(argv[0], argv);
- _exit(1);
-}
-
-int main(int argc, char *argv[])
-{
- char c = 0;
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, (void *)argv);
- while (waitpid(pid, NULL, __WALL) == EOF && errno == EINTR)
- c++; /* Dummy. */
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/testall.sh b/testcases/kernel/security/tomoyo/testall.sh
deleted file mode 100644
index b103be6c6..000000000
--- a/testcases/kernel/security/tomoyo/testall.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#! /bin/sh
-################################################################################
-## ##
-## Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 ##
-## ##
-## This program is free software; you can redistribute it and#or modify ##
-## it under the terms of the GNU General Public License as published by ##
-## the Free Software Foundation; either version 2 of the License, or ##
-## (at your option) any later version. ##
-## ##
-## This program is distributed in the hope that it will be useful, but ##
-## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
-## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
-## for more details. ##
-## ##
-## You should have received a copy of the GNU General Public License ##
-## along with this program; if not, write to the Free Software ##
-## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ##
-## ##
-################################################################################
-
-cd ${0%/*}
-export PATH=$PWD:${PATH}
-
-echo "Testing all. (All results are reported)"
-newns tomoyo_accept_test
-newns tomoyo_filesystem_test
-newns tomoyo_file_test
-newns tomoyo_rewrite_test
-newns tomoyo_new_file_test
-newns tomoyo_new_test
-echo
-echo
-echo
-echo "Testing all. (Only ERRORS are reported)"
-newns tomoyo_accept_test | grep -vF Done
-newns tomoyo_filesystem_test | grep -vF OK | grep -F '('
-newns tomoyo_file_test | grep -vF OK | grep -F '('
-newns tomoyo_rewrite_test | grep -vF OK | grep -F '('
-newns tomoyo_new_test | grep -vF OK
-echo
-echo
-echo
-echo "Testing policy I/O. (Only ERRORS are reported)"
-newns tomoyo_policy_io_test | grep -vF OK
-newns tomoyo_new_file_test | grep -vF OK
diff --git a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c b/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
deleted file mode 100644
index 335818a25..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_accept_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static void set_level(const int i)
-{
- set_profile(i, "file::execute");
- set_profile(i, "file::open");
- set_profile(i, "file::create");
- set_profile(i, "file::unlink");
- set_profile(i, "file::mkdir");
- set_profile(i, "file::rmdir");
- set_profile(i, "file::mkfifo");
- set_profile(i, "file::mksock");
- set_profile(i, "file::truncate");
- set_profile(i, "file::symlink");
- set_profile(i, "file::rewrite");
- set_profile(i, "file::mkblock");
- set_profile(i, "file::mkchar");
- set_profile(i, "file::link");
- set_profile(i, "file::rename");
- set_profile(i, "file::chmod");
- set_profile(i, "file::chown");
- set_profile(i, "file::chgrp");
- set_profile(i, "file::ioctl");
- set_profile(i, "file::chroot");
- set_profile(i, "file::mount");
- set_profile(i, "file::umount");
- set_profile(i, "file::pivot_root");
-}
-
-static void test(int rw_loop, int truncate_loop, int append_loop,
- int create_loop)
-{
- static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
- static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ ,
- O_CREAT /* existent */
- };
- static const int truncate_flags[2] = { 0, O_TRUNC };
- static const int append_flags[2] = { 0, O_APPEND };
- int level;
- int flags;
- int i;
- int fd;
- static char buffer[1024];
- memset(buffer, 0, sizeof(buffer));
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
- append_loop, truncate_loop, create_loop, rw_loop);
- fprintf(exception_fp, "deny_rewrite %s\n", buffer);
- flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
- append_flags[append_loop] | create_flags[create_loop];
- for (i = 1; i < 8; i++)
- fprintf(domain_fp, "delete %d %s\n", i, buffer);
- for (level = 0; level < 4; level++) {
- set_level(0);
- if (create_loop == 1)
- unlink(buffer);
- else
- close(open(buffer, O_CREAT, 0644));
- set_level(level);
- fd = open(buffer, flags, 0644);
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level,
- flags);
- /*
- fd = open(buffer, flags, 0644)
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
- */
- /*
- fd = open(buffer, flags, 0644);
- if (fd != EOF)
- close(fd);
- else
- fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
- */
- }
- for (i = 1; i < 8; i++)
- fprintf(domain_fp, "delete %d %s\n", i, buffer);
- fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
- fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
- fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
- fd = open(buffer, flags, 0644);
- if (fd != EOF) {
- close(fd);
- fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
- fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
- fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
- set_profile(0, "file");
- fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
- {
- int append_loop;
- for (append_loop = 0; append_loop < 2; append_loop++) {
- int truncate_loop;
- for (truncate_loop = 0; truncate_loop < 2;
- truncate_loop++) {
- int create_loop;
- for (create_loop = 0; create_loop < 3;
- create_loop++) {
- int rw_loop;
- for (rw_loop = 0; rw_loop < 4;
- rw_loop++)
- test(rw_loop, truncate_loop,
- append_loop, create_loop);
- }
- }
- }
- }
- fprintf(profile_fp, "255-CONFIG::file=disabled\n");
- printf("Done\n");
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_file_test.c
deleted file mode 100644
index 003f47720..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_file_test.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_file_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int should_fail = 0;
-
-static void show_prompt(const char *str)
-{
- printf("Testing %35s: (%s) ", str,
- should_fail ? "must fail" : "should success");
- errno = 0;
-}
-
-static void show_result(int result)
-{
- if (should_fail) {
- if (result == EOF) {
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- } else {
- printf("BUG!\n");
- }
- } else {
- if (result != EOF)
- printf("OK\n");
- else
- printf("%s\n", strerror(errno));
- }
-}
-
-static const char *dev_null_path = "/dev/null";
-static const char *truncate_path = "/tmp/truncate_test";
-static const char *ftruncate_path = "/tmp/ftruncate_test";
-static const char *open_creat_path = "/tmp/open_test";
-static const char *mknod_reg_path = "/tmp/mknod_reg_test";
-static const char *mknod_chr_path = "/tmp/mknod_chr_test";
-static const char *mknod_blk_path = "/tmp/mknod_blk_test";
-static const char *mknod_fifo_path = "/tmp/mknod_fifo_test";
-static const char *mknod_sock_path = "/tmp/mknod_sock_test";
-static const char *unlink_path = "/tmp/unlink_test";
-static const char *mkdir_path = "/tmp/mkdir_test";
-static const char *rmdir_path = "/tmp/rmdir_test";
-static const char *link_source_path = "/tmp/link_source_test";
-static const char *link_dest_path = "/tmp/link_dest_test";
-static const char *symlink_source_path = "/tmp/symlink_source_test";
-static const char *symlink_dest_path = "/tmp/symlink_dest_test";
-static const char *rename_source_path = "/tmp/rename_source_test";
-static const char *rename_dest_path = "/tmp/rename_dest_test";
-static const char *socket_path = "/tmp/socket_test";
-
-static int ftruncate_fd = EOF;
-
-static void stage_file_test(void)
-{
- int fd;
- {
- const char buffer[] = "32768 61000";
- show_prompt("sysctl(READ)");
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0));
- show_prompt("sysctl(WRITE)");
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer));
- }
-
- /* QUESTION: Is there a file which can be passed to uselib()? */
- show_prompt("uselib()");
- show_result(uselib("/bin/true"));
-
- {
- int pipe_fd[2] = { EOF, EOF };
- int error = 0;
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- _exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- show_prompt("execve()");
- errno = error;
- show_result(error ? EOF : 0);
- }
-
- show_prompt("open(O_RDONLY)");
- fd = open(dev_null_path, O_RDONLY);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_WRONLY)");
- fd = open(dev_null_path, O_WRONLY);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_RDWR)");
- fd = open(dev_null_path, O_RDWR);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_CREAT | O_EXCL)");
- fd = open(open_creat_path, O_CREAT | O_EXCL, 0666);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("open(O_TRUNC)");
- fd = open(truncate_path, O_TRUNC);
- show_result(fd);
- if (fd != EOF)
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(truncate_path, 0));
-
- show_prompt("ftruncate()");
- show_result(ftruncate(ftruncate_fd, 0));
-
- show_prompt("mknod(S_IFREG)");
- show_result(mknod(mknod_reg_path, S_IFREG, 0));
-
- show_prompt("mknod(S_IFCHR)");
- show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3)));
-
- show_prompt("mknod(S_IFBLK)");
- show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0)));
-
- show_prompt("mknod(S_IFIFO)");
- show_result(mknod(mknod_fifo_path, S_IFIFO, 0));
-
- show_prompt("mknod(S_IFSOCK)");
- show_result(mknod(mknod_sock_path, S_IFSOCK, 0));
-
- show_prompt("mkdir()");
- show_result(mkdir(mkdir_path, 0600));
-
- show_prompt("rmdir()");
- show_result(rmdir(rmdir_path));
-
- show_prompt("unlink()");
- show_result(unlink(unlink_path));
-
- show_prompt("symlink()");
- show_result(symlink(symlink_dest_path, symlink_source_path));
-
- show_prompt("link()");
- show_result(link(link_source_path, link_dest_path));
-
- show_prompt("rename()");
- show_result(rename(rename_source_path, rename_dest_path));
-
- {
- struct sockaddr_un addr;
- int fd;
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_prompt("unix_bind()");
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)));
- if (fd != EOF)
- close(fd);
- }
-
- printf("\n\n");
-}
-
-static void create_files(void)
-{
- mkdir(rmdir_path, 0700);
- close(creat(link_source_path, 0600));
- close(creat(rename_source_path, 0600));
- close(creat(truncate_path, 0600));
- close(creat(unlink_path, 0600));
- ftruncate_fd = open(ftruncate_path, O_WRONLY | O_CREAT, 0600);
-}
-
-static void creanup_files(void)
-{
- if (ftruncate_fd != EOF)
- close(ftruncate_fd);
- ftruncate_fd = EOF;
- unlink(open_creat_path);
- unlink(mknod_reg_path);
- unlink(mknod_chr_path);
- unlink(mknod_blk_path);
- unlink(mknod_fifo_path);
- unlink(mknod_sock_path);
- rmdir(mkdir_path);
- unlink(symlink_source_path);
- unlink(symlink_dest_path);
- unlink(link_source_path);
- unlink(link_dest_path);
- unlink(rename_source_path);
- unlink(rename_dest_path);
- unlink(truncate_path);
- unlink(ftruncate_path);
- unlink(socket_path);
-}
-
-static void set_file_enforce(int enforce)
-{
- if (enforce) {
- set_profile(3, "file::execute");
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::unlink");
- set_profile(3, "file::mkdir");
- set_profile(3, "file::rmdir");
- set_profile(3, "file::mkfifo");
- set_profile(3, "file::mksock");
- set_profile(3, "file::truncate");
- set_profile(3, "file::symlink");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::mkblock");
- set_profile(3, "file::mkchar");
- set_profile(3, "file::link");
- set_profile(3, "file::rename");
- set_profile(3, "file::chmod");
- set_profile(3, "file::chown");
- set_profile(3, "file::chgrp");
- set_profile(3, "file::ioctl");
- set_profile(3, "file::chroot");
- set_profile(3, "file::mount");
- set_profile(3, "file::umount");
- set_profile(3, "file::pivot_root");
- } else {
- set_profile(0, "file::execute");
- set_profile(0, "file::open");
- set_profile(0, "file::create");
- set_profile(0, "file::unlink");
- set_profile(0, "file::mkdir");
- set_profile(0, "file::rmdir");
- set_profile(0, "file::mkfifo");
- set_profile(0, "file::mksock");
- set_profile(0, "file::truncate");
- set_profile(0, "file::symlink");
- set_profile(0, "file::rewrite");
- set_profile(0, "file::mkblock");
- set_profile(0, "file::mkchar");
- set_profile(0, "file::link");
- set_profile(0, "file::rename");
- set_profile(0, "file::chmod");
- set_profile(0, "file::chown");
- set_profile(0, "file::chgrp");
- set_profile(0, "file::ioctl");
- set_profile(0, "file::chroot");
- set_profile(0, "file::mount");
- set_profile(0, "file::umount");
- set_profile(0, "file::pivot_root");
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
-
- printf("***** Testing file hooks in enforce mode. *****\n");
- create_files();
- should_fail = 1;
- set_file_enforce(1);
- stage_file_test();
- set_file_enforce(0);
- clear_status();
- creanup_files();
-
- printf("***** Testing file hooks in permissive mode. *****\n");
- should_fail = 0;
- create_files();
- set_file_enforce(0);
- stage_file_test();
- creanup_files();
-
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c b/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
deleted file mode 100644
index e6e3bb087..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
+++ /dev/null
@@ -1,633 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_filesystem_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#define _GNU_SOURCE
-#include "include.h"
-
-static void show_prompt(const char *str, const int should_fail)
-{
- printf("Testing %60s: (%s) ", str,
- should_fail ? "must fail" : "should success");
- errno = 0;
-}
-
-#ifndef MS_MOVE
-#define MS_MOVE 8192
-#endif
-
-static const char *pivot_root_dir = "/sys/kernel/security/";
-
-static int child(void *arg)
-{
- errno = 0;
- pivot_root(pivot_root_dir, proc_policy_dir);
- return errno;
-}
-
-static void mount2(const char *source, const char *target,
- const char *filesystemtype)
-{
- if (mount(source, target, filesystemtype, 0, NULL)) {
- printf("BUG: mount() failed\n");
- fflush(stdout);
- }
-}
-
-static const unsigned char compressed_ext2_image_sample[1350] = {
- 0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
- 0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
- 0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
- 0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
- 0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
- 0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
- 0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
- 0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
- 0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
- 0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
- 0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
- 0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
- 0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
- 0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
- 0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
- 0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
- 0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
- 0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
- 0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
- 0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
- 0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
- 0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
- 0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
- 0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
- 0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
- 0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
- 0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
- 0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
- 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
- 0x14, 0x08, 0x00, 0x00, 0x10, 0x00
-};
-
-int main(void)
-{
- char c = 0;
- tomoyo_test_init();
-
- /* Test mount(). */
- {
- set_profile(3, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(1, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == ENOMEM)
- printf("OK: Out of memory.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(3, "file::mount");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == ENOMEM)
- printf("OK: Out of memory.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount dev\\011name / "
- "fs\\011name 0\n");
- show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
- if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else if (errno == ENODEV)
- printf("OK: No such device.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- set_profile(1, "file::mount");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- set_profile(3, "file::mount");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
- if (mount("anydev", "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
- fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
- show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
- if (mount(NULL, "/", "tmpfs", 0, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success\n");
- fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
- set_profile(2, "file::mount");
- show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
- if (mount(NULL, NULL, "tmpfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount(NULL, NULL, NULL) ", 1);
- if (mount(NULL, NULL, NULL, 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', NULL, NULL) ", 1);
- if (mount("/", NULL, NULL, 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', NULL, 'tmpfs') ", 1);
- if (mount("/", NULL, "tmpfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
- if (mount("/", "/", "nonexistentfs", 0, NULL))
- printf("OK: %s\n", strerror(errno));
- else
- printf("BUG: Did not fail.\n");
- set_profile(0, "file::mount");
- }
-
- mkdir("/tmp/mount/", 0755);
- mkdir("/tmp/mount_bind/", 0755);
- mkdir("/tmp/mount_move/", 0755);
-
- /* Test mount(). */
- {
- static char buf[4096];
- char *dev_ram_path = realpath("/dev/ram0", NULL);
- if (!dev_ram_path)
- dev_ram_path = realpath("/dev/ram", NULL);
- if (!dev_ram_path) {
- dev_ram_path = "/dev/ram0";
- mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
- }
- memset(buf, 0, sizeof(buf));
- {
- struct stat sbuf;
- FILE *fp = NULL;
- snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
- dev_ram_path);
- if (lstat(dev_ram_path, &sbuf) == 0 &&
- S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
- fp = popen(buf, "w");
- if (fp) {
- if (fwrite(compressed_ext2_image_sample, 1,
- sizeof(compressed_ext2_image_sample),
- fp) !=
- sizeof(compressed_ext2_image_sample))
- err(1, "fwrite");
- pclose(fp);
- } else
- fprintf(stderr, "Can't write to %s .\n",
- dev_ram_path);
- }
- set_profile(3, "file::mount");
-
- /* Test standard case */
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/mount/'", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test device_name with pattern */
- snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
- "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
- show_prompt(buf, 1);
- if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
- == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test dir_name with pattern */
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
- errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test standard case */
- fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/mount/'", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp,
- "delete allow_mount none /tmp/mount/ tmpfs 0\n");
-
- /* Test device_name with pattern */
- fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
- dev_ram_path);
- snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
- "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
- show_prompt(buf, 0);
- if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
- == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount %s\\* "
- "/tmp/mount/ ext2 1\n", dev_ram_path);
-
- /* Test dir_name with pattern */
- fprintf(domain_fp,
- "allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
- show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount none "
- "/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
-
- set_profile(0, "file::mount");
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test mount(). */
- {
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::mount");
-
- /* Test remount case */
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
- if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
- == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
- if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
- && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "allow_mount something /tmp/mount/ "
- "--remount 0\n");
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
- if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
- printf("BUG: %s\n", strerror(errno));
- else
- printf("OK: Success.\n");
- fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
- "--remount 0\n");
-
- /* Test bind case */
- show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
- "MS_BIND)", 1);
- if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
- NULL) == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test move case */
- show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
- "MS_MOVE)", 1);
- if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
- NULL) == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- /* Test remount case */
- fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n");
- show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
- if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
- == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
- "--remount 0\n");
-
- /* Test bind case */
- fprintf(domain_fp,
- "allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
- show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
- 0);
- if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
- NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- set_profile(0, "file::mount");
- umount("/tmp/mount_bind/");
- fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
- "/tmp/mount_bind/ --bind 0\n");
-
- /* Test move case */
- set_profile(3, "file::mount");
- fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
- fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
- "--move 0\n");
- show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
- "MS_MOVE)", 0);
- if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
- NULL) == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- set_profile(0, "file::mount");
- umount("/tmp/mount_move/");
- fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
- fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
- "/tmp/mount_move/ --move 0\n");
-
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test umount(). */
- {
- /* Test standard case */
- fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
-
- set_profile(0, "file::umount");
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
- if (umount("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
-
- set_profile(0, "file::umount");
-
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
- if (umount("/tmp/mount/") == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- /* Test pattern */
- fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
- set_profile(0, "file::umount");
- mount2("none", "/tmp/mount/", "tmpfs");
- set_profile(3, "file::umount");
- show_prompt("umount('/tmp/mount/') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 1);
- if (umount("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fprintf(domain_fp,
- "delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
-
- set_profile(0, "file::umount");
- while (umount("/tmp/mount/") == 0)
- c++; /* Dummy. */
- }
-
- /* Test chroot(). */
- {
- set_profile(3, "file::chroot");
-
- /* Test standard case */
- fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
- show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
- fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
-
- show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == EOF && errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
-
- /* Test pattern */
- fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
- show_prompt("chroot('/tmp/mount/') for "
- "'/tmp/\\?\\?\\?\\?\\?/'", 0);
- fflush(stdout);
- if (fork() == 0) {
- if (chroot("/tmp/mount/") == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
- fflush(stdout);
- _exit(0);
- }
- wait(NULL);
- fprintf(domain_fp,
- "delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
-
- set_profile(0, "file::chroot");
- }
-
- /* Test pivot_root(). */
- {
- int error;
- static char stack[8192];
- set_profile(3, "file::pivot_root");
- fprintf(domain_fp, "allow_pivot_root %s %s\n",
- pivot_root_dir, proc_policy_dir);
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 0);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
- pivot_root_dir, proc_policy_dir);
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 1);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG: %s\n", strerror(errno));
-
- set_profile(2, "file::pivot_root");
- snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
- proc_policy_dir);
- show_prompt(stack, 0);
- {
- const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
- NULL);
- while (waitpid(pid, &error, __WALL) == EOF &&
- errno == EINTR)
- c++; /* Dummy. */
- }
- errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
- if (errno == 0)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(errno));
-
- set_profile(0, "file::pivot_root");
-
- }
-
- rmdir("/tmp/mount_move/");
- rmdir("/tmp/mount_bind/");
- rmdir("/tmp/mount/");
-
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
deleted file mode 100644
index eb912d726..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
+++ /dev/null
@@ -1,627 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_new_file_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static const char *policy = "";
-
-static void show_result(int result, char should_success)
-{
- int error = errno;
- printf("%s : ", policy);
- if (should_success) {
- if (result != EOF)
- printf("OK\n");
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- if (result == EOF) {
- if (error == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- printf("BUG: didn't fail.\n");
- }
- }
-}
-
-static void create2(const char *pathname)
-{
- set_profile(0, "file::create");
- set_profile(0, "file::open");
- close(creat(pathname, 0600));
- set_profile(3, "file::create");
- set_profile(3, "file::open");
- errno = 0;
-}
-
-static void mkdir2(const char *pathname)
-{
- set_profile(0, "file::mkdir");
- mkdir(pathname, 0600);
- set_profile(3, "file::mkdir");
- errno = 0;
-}
-
-static void unlink2(const char *pathname)
-{
- set_profile(0, "file::unlink");
- unlink(pathname);
- set_profile(3, "file::unlink");
- errno = 0;
-}
-
-static void rmdir2(const char *pathname)
-{
- set_profile(0, "file::rmdir");
- rmdir(pathname);
- set_profile(3, "file::rmdir");
- errno = 0;
-}
-
-static void mkfifo2(const char *pathname)
-{
- set_profile(0, "file::mkfifo");
- mkfifo(pathname, 0600);
- set_profile(3, "file::mkfifo");
- errno = 0;
-}
-
-static void stage_file_test(void)
-{
- const char buffer[] = "32768 61000";
- int pipe_fd[2] = { EOF, EOF };
- int error = 0;
- int fd;
- char pbuffer[1024];
- struct stat sbuf;
- struct sockaddr_un addr;
- struct ifreq ifreq;
- char *filename = "";
- set_profile(3, "file::execute");
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::unlink");
- set_profile(3, "file::mkdir");
- set_profile(3, "file::rmdir");
- set_profile(3, "file::mkfifo");
- set_profile(3, "file::mksock");
- set_profile(3, "file::truncate");
- set_profile(3, "file::symlink");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::mkblock");
- set_profile(3, "file::mkchar");
- set_profile(3, "file::link");
- set_profile(3, "file::rename");
- set_profile(3, "file::chmod");
- set_profile(3, "file::chown");
- set_profile(3, "file::chgrp");
- set_profile(3, "file::ioctl");
- set_profile(3, "file::chroot");
- set_profile(3, "file::mount");
- set_profile(3, "file::umount");
- set_profile(3, "file::pivot_root");
-
- policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 1);
- write_domain_policy(policy, 1);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 0);
-
- policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
- write_domain_policy(policy, 1);
- show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
-
- policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
- write_domain_policy(policy, 0);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
- write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
- write_domain_policy(policy, 1);
- show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
- write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
-
- policy = "allow_read /bin/true";
- write_domain_policy(policy, 0);
- show_result(uselib("/bin/true"), 1);
- write_domain_policy(policy, 1);
- show_result(uselib("/bin/true"), 0);
-
- policy = "allow_execute /bin/true";
- write_domain_policy(policy, 0);
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- wait(NULL);
- errno = error;
- show_result(error ? EOF : 0, 1);
- write_domain_policy(policy, 1);
- fflush(stdout);
- fflush(stderr);
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- if (fork() == 0) {
- execl("/bin/true", "/bin/true", NULL);
- if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
- err(1, "write");
- _exit(0);
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- wait(NULL);
- errno = error;
- show_result(errno ? EOF : 0, 0);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- set_profile(3, "file::mkfifo");
- policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_fifo_test";
- show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-
- memset(pbuffer, 0, sizeof(pbuffer));
- memset(&sbuf, 0, sizeof(sbuf));
- filename = "/dev/null";
- stat(filename, &sbuf);
- snprintf(pbuffer, sizeof(pbuffer) - 1, "allow_write %s", filename);
- policy = pbuffer;
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read/write /tmp/fifo";
- mkfifo2("/tmp/fifo");
- write_domain_policy(policy, 0);
- fd = open("/tmp/fifo", O_RDWR);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/tmp/fifo", O_RDWR);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_write /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_WRONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_read/write /dev/null";
- write_domain_policy(policy, 0);
- fd = open("/dev/null", O_RDWR);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open("/dev/null", O_RDWR);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 0);
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 0);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- write_domain_policy(policy, 1);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
-
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 1);
-
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 0);
- policy = "allow_create /tmp/open_test 0644";
- write_domain_policy(policy, 0);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- write_domain_policy(policy, 1);
- fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- unlink2("/tmp/open_test");
- policy = "allow_write /tmp/open_test";
- write_domain_policy(policy, 1);
-
- filename = "/tmp/truncate_test";
- create2(filename);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 1);
-
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 0);
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
- policy = "allow_write /tmp/truncate_test";
- write_domain_policy(policy, 1);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- show_result(truncate(filename, 0), 1);
- write_domain_policy(policy, 1);
- show_result(truncate(filename, 0), 0);
-
- policy = "allow_truncate /tmp/truncate_test";
- write_domain_policy(policy, 0);
- set_profile(0, "file::open");
- fd = open(filename, O_WRONLY);
- set_profile(3, "file::open");
- show_result(ftruncate(fd, 0), 1);
- write_domain_policy(policy, 1);
- show_result(ftruncate(fd, 0), 0);
- if (fd != EOF)
- close(fd);
-
- unlink2(filename);
-
- policy = "allow_create /tmp/mknod_reg_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_reg_test";
- show_result(mknod(filename, S_IFREG | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFREG | 0644, 0), 0);
-
- policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_chr_test";
- show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
-
- policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_blk_test";
- show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
-
- policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_fifo_test";
- show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
-
- policy = "allow_mksock /tmp/mknod_sock_test 0644";
- write_domain_policy(policy, 0);
- filename = "/tmp/mknod_sock_test";
- show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
-
- policy = "allow_mkdir /tmp/mkdir_test/ 0600";
- write_domain_policy(policy, 0);
- filename = "/tmp/mkdir_test";
- show_result(mkdir(filename, 0600), 1);
- write_domain_policy(policy, 1);
- rmdir2(filename);
- show_result(mkdir(filename, 0600), 0);
-
- policy = "allow_rmdir /tmp/rmdir_test/";
- write_domain_policy(policy, 0);
- filename = "/tmp/rmdir_test";
- mkdir2(filename);
- show_result(rmdir(filename), 1);
- write_domain_policy(policy, 1);
- mkdir2(filename);
- show_result(rmdir(filename), 0);
- rmdir2(filename);
-
- policy = "allow_unlink /tmp/unlink_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/unlink_test";
- create2(filename);
- show_result(unlink(filename), 1);
- write_domain_policy(policy, 1);
- create2(filename);
- show_result(unlink(filename), 0);
- unlink2(filename);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_symlink /tmp/symlink_source_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/symlink_source_test";
- show_result(symlink("/tmp/symlink_dest_test", filename), 1);
- write_domain_policy(policy, 1);
- unlink2(filename);
- show_result(symlink("/tmp/symlink_dest_test", filename), 0);
-
- policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/link_source_test";
- create2(filename);
- show_result(link(filename, "/tmp/link_dest_test"), 1);
- write_domain_policy(policy, 1);
- unlink2("/tmp/link_dest_test");
- show_result(link(filename, "/tmp/link_dest_test"), 0);
- unlink2(filename);
-
- policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
- write_domain_policy(policy, 0);
- filename = "/tmp/rename_source_test";
- create2(filename);
- show_result(rename(filename, "/tmp/rename_dest_test"), 1);
- write_domain_policy(policy, 1);
- unlink2("/tmp/rename_dest_test");
- create2(filename);
- show_result(rename(filename, "/tmp/rename_dest_test"), 0);
- unlink2(filename);
-
- policy = "allow_mksock /tmp/socket_test 0755";
- write_domain_policy(policy, 0);
- filename = "/tmp/socket_test";
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 1);
- if (fd != EOF)
- close(fd);
- write_domain_policy(policy, 1);
- unlink2(filename);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 0);
- if (fd != EOF)
- close(fd);
-
- filename = "/tmp/rewrite_test";
- create2(filename);
- policy = "allow_read/write /tmp/rewrite_test";
- write_domain_policy(policy, 0);
- write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
- policy = "allow_truncate /tmp/rewrite_test";
- write_domain_policy(policy, 0);
-
- fd = open(filename, O_RDONLY);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_APPEND);
- show_result(fd, 1);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_TRUNC);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd, 0);
- if (fd != EOF)
- close(fd);
-
- show_result(truncate(filename, 0), 0);
-
- set_profile(0, "file::open");
- fd = open(filename, O_WRONLY | O_APPEND);
- set_profile(3, "file::open");
- show_result(ftruncate(fd, 0), 0);
-
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0);
- if (fd != EOF)
- close(fd);
-
- write_domain_policy(policy, 1);
-
- policy = "allow_read/write /tmp/rewrite_test";
- write_domain_policy(policy, 1);
- write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
-
- unlink2(filename);
-
- policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
- "35122-35124";
- write_domain_policy(policy, 0);
- fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
- memset(&ifreq, 0, sizeof(ifreq));
- snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
- show_result(ioctl(fd, 35123, &ifreq), 1);
- write_domain_policy(policy, 1);
- policy = "allow_ioctl " "socket:[family=2:type=2:protocol=17] 0-35122";
- write_domain_policy(policy, 0);
- show_result(ioctl(fd, 35123, &ifreq), 0);
- write_domain_policy(policy, 1);
- if (fd != EOF)
- close(fd);
-}
-
-int main(void)
-{
- tomoyo_test_init();
- fprintf(domain_fp, "%s /bin/true\n", self_domain);
- fprintf(domain_fp, "use_profile 255\n");
- fprintf(domain_fp, "select pid=%u\n", pid);
- fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
- stage_file_test();
- fprintf(domain_fp, "use_profile 0\n");
- clear_status();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_test.c
deleted file mode 100644
index a1ab259e5..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_new_test.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_new_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int result;
-static int error;
-
-static void show_result(const char *test, int should_success)
-{
- error = errno;
- printf("%s : ", test);
- if (should_success) {
- if (error == 0)
- printf("OK (%d)\n", result);
- else
- printf("FAILED: %s\n", strerror(error));
- } else {
- if (error == 0)
- printf("BUG: Didn't fail (%d)\n", result);
- else if (error == EPERM)
- printf("OK: permission denied\n");
- else
- printf("FAILED: %s\n", strerror(error));
- }
-}
-
-static void test_read_etc_fstab(void)
-{
- result = open("/etc/fstab", O_RDONLY);
-}
-
-static void test_write_dev_null(void)
-{
- result = open("/dev/null", O_WRONLY);
-}
-
-static void cleanup_file_open(void)
-{
- if (result != EOF)
- close(result);
-}
-
-static void test_mkdir_testdir(void)
-{
- result = mkdir("/tmp/testdir", 0755);
-}
-
-static void cleanup_mkdir_testdir(void)
-{
- rmdir("/tmp/testdir");
-}
-
-static void setup_mkdir_testdir(void)
-{
- mkdir("/tmp/testdir", 0755);
-}
-
-static void test_rmdir_testdir(void)
-{
- result = rmdir("/tmp/testdir");
-}
-
-static void setup_execute_bin_true(void)
-{
- fprintf(domain_fp, "%s /bin/true\n", self_domain);
- fprintf(domain_fp, "use_profile 0\n");
- fprintf(domain_fp, "select pid=%u\n", pid);
-}
-
-static void cleanup_execute_bin_true(void)
-{
- wait(NULL);
- fprintf(domain_fp, "delete %s /bin/true\n", self_domain);
- fprintf(domain_fp, "select pid=%u\n", pid);
-}
-
-static void test_execute_bin_true(void)
-{
- char *argv[] = { "/bin/true", NULL };
- char *envp[] = { "HOME=/", NULL };
- int pipe_fd[2] = { EOF, EOF };
- if (pipe(pipe_fd) == -1)
- err(1, "pipe");
- switch (fork()) {
- case 0:
- execve("/bin/true", argv, envp);
- error = errno;
- if (write(pipe_fd[1], &error, sizeof(error)) == -1)
- err(1, "write");
- _exit(0);
- break;
- case -1:
- error = ENOMEM;
- break;
- }
- close(pipe_fd[1]);
- (void)read(pipe_fd[0], &error, sizeof(error));
- close(pipe_fd[0]);
- result = error ? EOF : 0;
- errno = error;
-}
-
-static void test_chmod_dev_null(void)
-{
- result = chmod("/dev/null", 0666);
-}
-
-static void test_chown_dev_null(void)
-{
- result = chown("/dev/null", 0, -1);
-}
-
-static void test_chgrp_dev_null(void)
-{
- result = chown("/dev/null", -1, 0);
-}
-
-static void test_ioctl_dev_null(void)
-{
- int fd = open("/dev/null", O_RDWR);
- errno = 0;
- result = ioctl(fd, 0x5451, NULL);
- error = errno;
- close(fd);
- errno = error;
-}
-
-static void setup_chmod_group(void)
-{
- write_exception_policy("path_group CHMOD_TARGET /dev/null", 0);
- write_exception_policy("number_group CHMOD_MODES 0666", 0);
-}
-
-static void cleanup_chmod_group(void)
-{
- write_exception_policy("path_group CHMOD_TARGET /dev/null", 1);
- write_exception_policy("number_group CHMOD_MODES 0666", 1);
-}
-
-static void setup_chown_group(void)
-{
- write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 0);
- write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 0);
-}
-
-static void cleanup_chown_group(void)
-{
- write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 1);
- write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 1);
-}
-
-static void setup_ioctl_group(void)
-{
- write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 0);
- write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 0);
-}
-
-static void cleanup_ioctl_group(void)
-{
- write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 1);
- write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 1);
-}
-
-static void setup_open_group(void)
-{
- write_exception_policy("path_group READABLE /etc/\\*", 0);
- write_exception_policy("number_group READABLE_IDS 0-0xFFF", 0);
-}
-
-static void cleanup_open_group(void)
-{
- cleanup_file_open();
- write_exception_policy("path_group READABLE /etc/\\*", 1);
- write_exception_policy("number_group READABLE_IDS 0-0xFFF", 1);
-}
-
-static void test_file_open_0(void)
-{
- result = open("/tmp/testfile0", O_RDONLY, 0600);
-}
-
-static void test_file_open_1(void)
-{
- result = open("/tmp/testfile1", O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_2(void)
-{
- result = open("/tmp/testfile2", O_TRUNC | O_RDONLY, 0600);
-}
-
-static void test_file_open_3(void)
-{
- result = open("/tmp/testfile3", O_TRUNC | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_4(void)
-{
- result = open("/tmp/testfile4", O_APPEND | O_RDONLY, 0600);
-}
-
-static void test_file_open_5(void)
-{
- result = open("/tmp/testfile5", O_APPEND | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_6(void)
-{
- result = open("/tmp/testfile6", O_APPEND | O_TRUNC | O_RDONLY, 0600);
-}
-
-static void test_file_open_7(void)
-{
- result = open("/tmp/testfile7",
- O_APPEND | O_TRUNC | O_CREAT | O_RDONLY, 0600);
-}
-
-static void test_file_open_8(void)
-{
- result = open("/tmp/testfile8", O_WRONLY, 0600);
-}
-
-static void test_file_open_9(void)
-{
- result = open("/tmp/testfile9", O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_10(void)
-{
- result = open("/tmp/testfile10", O_TRUNC | O_WRONLY, 0600);
-}
-
-static void test_file_open_11(void)
-{
- result = open("/tmp/testfile11", O_TRUNC | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_12(void)
-{
- result = open("/tmp/testfile12", O_APPEND | O_WRONLY, 0600);
-}
-
-static void test_file_open_13(void)
-{
- result = open("/tmp/testfile13", O_APPEND | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_14(void)
-{
- result = open("/tmp/testfile14", O_APPEND | O_TRUNC | O_WRONLY, 0600);
-}
-
-static void test_file_open_15(void)
-{
- result = open("/tmp/testfile15",
- O_APPEND | O_TRUNC | O_CREAT | O_WRONLY, 0600);
-}
-
-static void test_file_open_16(void)
-{
- result = open("/tmp/testfile16", O_RDWR, 0600);
-}
-
-static void test_file_open_17(void)
-{
- result = open("/tmp/testfile17", O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_18(void)
-{
- result = open("/tmp/testfile18", O_TRUNC | O_RDWR, 0600);
-}
-
-static void test_file_open_19(void)
-{
- result = open("/tmp/testfile19", O_TRUNC | O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_20(void)
-{
- result = open("/tmp/testfile20", O_APPEND | O_RDWR, 0600);
-}
-
-static void test_file_open_21(void)
-{
- result = open("/tmp/testfile21", O_APPEND | O_CREAT | O_RDWR, 0600);
-}
-
-static void test_file_open_22(void)
-{
- result = open("/tmp/testfile22", O_APPEND | O_TRUNC | O_RDWR, 0600);
-}
-
-static void test_file_open_23(void)
-{
- result = open("/tmp/testfile23", O_APPEND | O_TRUNC | O_CREAT | O_RDWR,
- 0600);
-}
-
-static void setup_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i += 2) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- close(open(buffer, O_WRONLY | O_CREAT, 0600));
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
-}
-
-static void setup_test_file_truncate(void)
-{
- setup_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
- set_profile(3, "file::truncate");
-}
-
-static void setup_all_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i++) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- close(open(buffer, O_WRONLY | O_CREAT, 0600));
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
-}
-
-static void setup_all_test_file_truncate(void)
-{
- setup_all_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
- set_profile(3, "file::truncate");
-}
-
-static void cleanup_test_file(void)
-{
- int i;
- char buffer[32];
- buffer[31] = '\0';
- for (i = 0; i < 24; i++) {
- snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
- unlink(buffer);
- }
- write_exception_policy("deny_rewrite /tmp/testfile\\$", 1);
- cleanup_file_open();
-}
-
-static void cleanup_test_file_truncate(void)
-{
- cleanup_test_file();
- write_domain_policy("allow_truncate /tmp/testfile\\$", 1);
- set_profile(0, "file::truncate");
-}
-
-static struct test_struct {
- void (*do_setup) (void);
- void (*do_test) (void);
- void (*do_cleanup) (void);
- const char *name;
- const char *policy;
-} tests[] = {
- {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
- "allow_read /etc/fstab"}, {
- setup_open_group, test_read_etc_fstab, cleanup_open_group,
- "file::open", "allow_read @READABLE"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- NULL, test_write_dev_null, cleanup_file_open, "file::open",
- "allow_write /dev/null"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- cleanup_mkdir_testdir, test_mkdir_testdir,
- cleanup_mkdir_testdir, "file::mkdir",
- "allow_mkdir /tmp/testdir/ 0755"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
- "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- setup_execute_bin_true, test_execute_bin_true,
- cleanup_execute_bin_true, "file::execute",
- "allow_execute /bin/true"}, {
- NULL, test_chmod_dev_null, NULL, "file::chmod",
- "allow_chmod /dev/null 0666"}, {
- NULL, test_chown_dev_null, NULL, "file::chown",
- "allow_chown /dev/null 0"}, {
- NULL, test_chgrp_dev_null, NULL, "file::chgrp",
- "allow_chgrp /dev/null 0"}, {
- NULL, test_ioctl_dev_null, NULL, "file::ioctl",
- "allow_ioctl /dev/null 0x5451"}, {
- setup_chmod_group, test_chmod_dev_null, cleanup_chmod_group,
- "file::chmod", "allow_chmod @CHMOD_TARGET @CHMOD_MODES"}, {
- setup_chown_group, test_chown_dev_null, cleanup_chown_group,
- "file::chown", "allow_chown @CHOWN_TARGET @CHOWN_IDS"}, {
- setup_chown_group, test_chgrp_dev_null, cleanup_chown_group,
- "file::chgrp", "allow_chgrp @CHOWN_TARGET @CHOWN_IDS"}, {
- setup_ioctl_group, test_ioctl_dev_null, cleanup_ioctl_group,
- "file::ioctl", "allow_ioctl @IOCTL_TARGET @IOCTL_NUMBERS"},
- {
- setup_test_file, test_file_open_0, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile0"}, {
- setup_test_file, test_file_open_1, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile1"}, {
- setup_test_file, test_file_open_1, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile1 0600"}, {
- setup_test_file, test_file_open_2, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile2"}, {
- setup_test_file, test_file_open_2, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile2"}, {
- setup_test_file_truncate, test_file_open_2,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile2"}, {
- setup_test_file, test_file_open_3, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile3"}, {
- setup_test_file, test_file_open_3, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile3 0600"}, {
- setup_test_file, test_file_open_4, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile4"}, {
- setup_test_file, test_file_open_5, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile5"}, {
- setup_test_file, test_file_open_5, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile5 0600"}, {
- setup_test_file, test_file_open_6, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile6"}, {
- setup_test_file, test_file_open_6, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile6"}, {
- setup_test_file_truncate, test_file_open_6,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile6"}, {
- setup_test_file, test_file_open_7, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile7"}, {
- setup_test_file, test_file_open_7, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile7 0600"}, {
- setup_test_file, test_file_open_8, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile8"}, {
- setup_test_file, test_file_open_8, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile9"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile9 0600"}, {
- setup_test_file, test_file_open_9, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile9"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile10"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile10"}, {
- setup_test_file, test_file_open_10, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile11"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile11 0600"}, {
- setup_test_file, test_file_open_11, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile11"}, {
- setup_test_file, test_file_open_12, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile12"}, {
- setup_test_file, test_file_open_13, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile13"}, {
- setup_test_file, test_file_open_13, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile13 0600"}, {
- setup_test_file, test_file_open_14, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile14"}, {
- setup_test_file, test_file_open_14, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile14"}, {
- setup_test_file_truncate, test_file_open_14,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile14"}, {
- setup_test_file, test_file_open_15, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile15"}, {
- setup_test_file, test_file_open_15, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile15 0600"}, {
- setup_test_file, test_file_open_16, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile16"}, {
- setup_test_file, test_file_open_16, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile17"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile17 0600"}, {
- setup_test_file, test_file_open_17, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile17"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile18"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile18"}, {
- setup_test_file, test_file_open_18, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile19"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile19 0600"}, {
- setup_test_file, test_file_open_19, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile19"}, {
- setup_test_file, test_file_open_20, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile20"}, {
- setup_test_file, test_file_open_21, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile21"}, {
- setup_test_file, test_file_open_21, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile21 0600"}, {
- setup_test_file, test_file_open_22, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile22"}, {
- setup_test_file, test_file_open_22, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile22"}, {
- setup_test_file_truncate, test_file_open_22,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile22"}, {
- setup_test_file, test_file_open_23, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile23"}, {
- setup_test_file, test_file_open_23, cleanup_test_file,
- "file::create", "allow_create /tmp/testfile23 0600"}, {
- setup_all_test_file, test_file_open_0, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile0"}, {
- setup_all_test_file, test_file_open_2, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile2"}, {
- setup_all_test_file, test_file_open_2, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile2"}, {
- setup_all_test_file_truncate, test_file_open_2,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile2"}, {
- setup_all_test_file, test_file_open_4, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile4"}, {
- setup_all_test_file, test_file_open_6, cleanup_test_file,
- "file::open", "allow_read /tmp/testfile6"}, {
- setup_all_test_file, test_file_open_6, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile6"}, {
- setup_all_test_file_truncate, test_file_open_6,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile6"}, {
- setup_all_test_file, test_file_open_8, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile8"}, {
- setup_all_test_file, test_file_open_8, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_10, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
- setup_all_test_file, test_file_open_12, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile12"}, {
- setup_all_test_file, test_file_open_14, cleanup_test_file,
- "file::open", "allow_write /tmp/testfile14"}, {
- setup_all_test_file, test_file_open_14, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile14"}, {
- setup_all_test_file_truncate, test_file_open_14,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile14"}, {
- setup_all_test_file, test_file_open_16, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile16"}, {
- setup_all_test_file, test_file_open_16, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_18, cleanup_test_file,
- "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
- setup_all_test_file, test_file_open_20, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile20"}, {
- setup_all_test_file, test_file_open_22, cleanup_test_file,
- "file::open", "allow_read/write /tmp/testfile22"}, {
- setup_all_test_file, test_file_open_22, cleanup_test_file,
- "file::truncate", "allow_truncate /tmp/testfile22"}, {
- setup_all_test_file_truncate, test_file_open_22,
- cleanup_test_file_truncate, "file::rewrite",
- "allow_rewrite /tmp/testfile22"}, {
- NULL}
-};
-
-int main(void)
-{
- int i;
- tomoyo_test_init();
- for (i = 0; tests[i].do_test; i++) {
- int trial;
- for (trial = 0; trial < 2; trial++) {
- int should_fail;
- for (should_fail = 0; should_fail < 2; should_fail++) {
- if (tests[i].do_setup)
- tests[i].do_setup();
- if (!should_fail)
- write_domain_policy(tests[i].policy, 0);
- set_profile(3, tests[i].name);
- tests[i].do_test();
- show_result(tests[i].policy, !should_fail);
- set_profile(0, tests[i].name);
- if (tests[i].do_cleanup)
- tests[i].do_cleanup();
- if (!should_fail)
- write_domain_policy(tests[i].policy, 1);
- }
- }
- }
- for (i = 0; tests[i].do_test; i++) {
- int mode;
- for (mode = 0; mode < 4; mode++) {
- if (tests[i].do_setup)
- tests[i].do_setup();
- set_profile(mode, tests[i].name);
- tests[i].do_test();
- show_result(tests[i].name, 1);
- set_profile(0, tests[i].name);
- if (tests[i].do_cleanup)
- tests[i].do_cleanup();
- }
- }
- fprintf(domain_fp, "delete %s\n", self_domain);
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
deleted file mode 100644
index b1897a0fc..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_policy_io_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static FILE *policy_fp = NULL;
-static const char *policy_file = "";
-
-static void try_io(const char *policy, const char should_success)
-{
- FILE *fp = fopen(policy_file, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- printf("%s: ", policy);
- fprintf(policy_fp, "%s\n", policy);
- if (!fp) {
- printf("BUG: policy read failed\n");
- return;
- }
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (!strcmp(buffer, policy)) {
- policy_found = 1;
- break;
- }
- }
- fclose(fp);
- if (should_success) {
- if (policy_found)
- printf("OK\n");
- else
- printf("BUG: policy write failed\n");
- } else {
- if (!policy_found)
- printf("OK : write rejected.\n");
- else
- printf("BUG: policy write not rejected.\n");
- }
- fprintf(policy_fp, "delete %s\n", policy);
-}
-
-static void stage_policy_io_test(void)
-{
- int i;
- policy_file = proc_policy_domain_policy;
- policy_fp = domain_fp;
- for (i = 0; i < 3; i++) {
- try_io("allow_chroot /", 1);
- try_io("allow_chroot ", 0);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /var1/chroot2/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt0/", 1);
- try_io("allow_chroot /mnt\\?\\*/", 1);
- try_io("allow_chroot /mnt\\?\\*/", 1);
- try_io("allow_unmount /", 1);
- try_io("allow_unmount /sys1/", 1);
- try_io("allow_unmount /initrd2/", 1);
- try_io("allow_unmount /initrd/dev3/", 1);
- try_io("allow_unmount /initrd/\\*\\+/", 1);
- try_io("allow_unmount /initrd/\\@\\*/", 1);
- try_io("allow_unmount /initrd2/", 1);
- try_io("allow_pivot_root / /proc3/", 1);
- try_io("allow_pivot_root /sys5/ /proc3/", 1);
- try_io("allow_pivot_root /sys/", 0);
- try_io("allow_pivot_root *", 0);
- try_io("allow_pivot_root /sys5/ /proc3/", 1);
- try_io("allow_mount / / --bind 0xD", 1);
- try_io("allow_mount / / --move 0xF", 1);
- try_io("allow_mount / --remount", 0);
- try_io("allow_mount /", 0);
- try_io("allow_mount none /tmp/ tmpfs 0x1", 1);
- try_io("allow_mount none /tmp/ tmpfs", 0);
- try_io("allow_mount none /tmp/ nonexistent 0x0", 1);
- try_io("allow_mount none /proc/ proc 0x0", 1);
- try_io("allow_mount none /selinux/ selinuxfs 0x0", 1);
- try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
- try_io("allow_mount none /dev/pts/ devpts 0x0", 1);
- try_io("allow_mount any / --remount 0xC00", 1);
- try_io("allow_mount /dev/sda1 /boot/ ext3 0xC00", 1);
- try_io("allow_mount none /dev/shm/ tmpfs 0x0", 1);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
- "0x0", 1);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
- "0x0 0x1", 0);
- try_io("allow_mount none /proc/sys/fs/binfmt_misc/ tmpfs "
- "binfmt_misc 0x0", 0);
- try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
- }
- policy_file = proc_policy_exception_policy;
- policy_fp = exception_fp;
- for (i = 0; i < 3; i++) {
- try_io("allow_read /tmp/abc", 1);
- try_io("allow_read /tmp/abc\\*", 1);
- try_io("allow_read abc", 1);
- try_io("allow_read /tmp/abc/", 1);
- try_io("allow_read", 0);
- try_io("allow_read *", 1);
- try_io("file_pattern /\\*\\*\\*", 1);
- try_io("file_pattern /abc", 1);
- try_io("file_pattern /abc /def", 0);
- try_io("file_pattern abcdef", 1);
- try_io("path_group TEST /", 1);
- try_io("path_group TEST /boo", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST /\\*", 1);
- try_io("path_group TEST / /", 0);
- try_io("path_group TEST /boo", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST boo", 1);
- try_io("path_group TEST boo/", 1);
- try_io("path_group TEST /bar", 1);
- try_io("path_group TEST3 /\\*", 1);
- try_io("path_group TEST3 / /", 0);
- try_io("path_group TEST3 /boo", 1);
- try_io("path_group TEST3 /bar", 1);
- try_io("path_group TEST3 boo", 1);
- try_io("path_group TEST3 boo/", 1);
- try_io("deny_rewrite /", 1);
- try_io("deny_rewrite /foo", 1);
- try_io("deny_rewrite /\\*", 1);
- try_io("deny_rewrite /\\:", 0);
- try_io("deny_rewrite / /", 0);
- try_io("deny_rewrite @/TEST", 1);
- try_io("aggregator /boo/\\* /BOO", 1);
- try_io("aggregator /boo/\\* /BOO\\*", 0);
- try_io("aggregator /boo/\\*/ /BOO", 1);
- try_io("aggregator /boo/\\* /BOO/", 1);
- try_io("keep_domain <kernel>", 1);
- try_io("keep_domain <kernel> /sbin/init", 1);
- try_io("keep_domain <kernel> foo", 0);
- try_io("keep_domain <kernel> \\*", 0);
- try_io("keep_domain /ssh", 1);
- try_io("keep_domain /ssh /foo", 0);
- try_io("keep_domain /foo from <kernel>", 1);
- try_io("keep_domain /foo from <kernel> /sbin/init", 1);
- try_io("keep_domain from <kernel> /sbin/init", 0);
- try_io("keep_domain \\* from <kernel> /sbin/init", 0);
- try_io("no_keep_domain <kernel>", 1);
- try_io("no_keep_domain <kernel> /sbin/init", 1);
- try_io("no_keep_domain <kernel> foo", 0);
- try_io("no_keep_domain <kernel> \\*", 0);
- try_io("no_keep_domain /ssh", 1);
- try_io("no_keep_domain /ssh /foo", 0);
- try_io("no_keep_domain /foo from <kernel>", 1);
- try_io("no_keep_domain /foo from <kernel> /sbin/init", 1);
- try_io("no_keep_domain from <kernel> /sbin/init", 0);
- try_io("no_keep_domain \\* from <kernel> /sbin/init", 0);
- try_io("initialize_domain /foo", 1);
- try_io("initialize_domain /\\*", 1);
- try_io("initialize_domain /foo /bar", 0);
- try_io("initialize_domain /foo from /bar", 1);
- try_io("initialize_domain /foo from <kernel> /bar", 1);
- try_io("initialize_domain /\\* from <kernel>", 1);
- try_io("initialize_domain /foo from <kernel> \\*", 0);
- try_io("no_initialize_domain /foo", 1);
- try_io("no_initialize_domain /\\*", 1);
- try_io("no_initialize_domain /foo /bar", 0);
- try_io("no_initialize_domain /foo from /bar", 1);
- try_io("no_initialize_domain /foo from <kernel> /bar", 1);
- try_io("no_initialize_domain /\\* from <kernel>", 1);
- try_io("no_initialize_domain /foo from <kernel> \\*", 0);
- }
-}
-
-int main(void)
-{
- tomoyo_test_init();
- stage_policy_io_test();
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
deleted file mode 100644
index a6620ba30..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_policy_memory_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-/*
- * Usage: Run this program using init= boot option.
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/mount.h>
-
-static void BUG(const char *msg)
-{
- printf("%s", msg);
- fflush(stdout);
- while (1)
- sleep(100);
-}
-
-static const char *policy_file = NULL;
-static const char *policy = NULL;
-
-static void get_meminfo(unsigned int *policy_memory)
-{
- FILE *fp = fopen("/sys/kernel/security/tomoyo/meminfo", "r");
- if (!fp || fscanf(fp, "Policy: %u", policy_memory) != 1 || fclose(fp))
- BUG("BUG: Policy read error\n");
-}
-
-static void check_policy_common(const int found_expected, const int id)
-{
- FILE *fp = fopen(policy_file, "r");
- char buffer[8192];
- int policy_found = 0;
- memset(buffer, 0, sizeof(buffer));
- if (!fp)
- BUG("BUG: Policy read error\n");
- while (fgets(buffer, sizeof(buffer) - 1, fp)) {
- char *cp = strchr(buffer, '\n');
- if (cp)
- *cp = '\0';
- if (strcmp(buffer, policy))
- continue;
- policy_found = 1;
- break;
- }
- fclose(fp);
- if (policy_found != found_expected) {
- printf("BUG: Policy write error: %s %s at %d\n", policy,
- found_expected ? "not added" : "not deleted", id);
- BUG("");
- }
-}
-
-static inline void check_policy_written(FILE * fp, const int id)
-{
- fflush(fp);
- check_policy_common(1, id);
-}
-
-static inline void check_policy_deleted(FILE * fp, const int id)
-{
- fflush(fp);
- check_policy_common(0, id);
-}
-
-static const char *domain_testcases[] = {
- "allow_create /tmp/mknod_reg_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_create /tmp/open_test 0600",
- "allow_execute /bin/true",
- "allow_execute /bin/true",
- "allow_execute /bin/true0",
- "allow_execute /bin/true1",
- "allow_execute /bin/true2",
- "allow_execute /bin/true3",
- "allow_execute /bin/true4",
- "allow_execute /bin/true5",
- "allow_execute /bin/true6",
- "allow_execute /bin/true7",
- "allow_execute /bin/true7",
- "allow_execute /bin/true7",
- "allow_execute /bin/true8",
- "allow_ioctl socket:[family=2:type=2:protocol=17] 0-35122",
- "allow_ioctl socket:[family=2:type=2:protocol=17] 35122-35124",
- "allow_link /tmp/link_source_test /tmp/link_dest_test",
- "allow_mkblock /tmp/mknod_blk_test 0600 1 0",
- "allow_mkchar /tmp/mknod_chr_test 0600 1 3",
- "allow_mkdir /tmp/mkdir_test/ 0755",
- "allow_mkfifo /tmp/mknod_fifo_test 0600",
- "allow_mkfifo /tmp/mknod_fifo_test 0600",
- "allow_mksock /tmp/mknod_sock_test 0600",
- "allow_mksock /tmp/socket_test 0600",
- "allow_read /bin/true",
- "allow_read /bin/true",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /dev/null",
- "allow_read /foo",
- "allow_read /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /bar",
- "allow_read/write /dev/null",
- "allow_read/write /dev/null",
- "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_read/write /tmp/fifo",
- "allow_read/write /tmp/fifo",
- "allow_read/write /tmp/rewrite_test",
- "allow_rename /tmp/rename_source_test /tmp/rename_dest_test",
- "allow_rmdir /tmp/rmdir_test/",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /symlink",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_symlink /tmp/symlink_source_test",
- "allow_truncate /tmp/rewrite_test",
- "allow_truncate /tmp/truncate_test",
- "allow_truncate /tmp/truncate_test",
- "allow_unlink /tmp/unlink_test",
- "allow_write /123",
- "allow_write /dev/null",
- "allow_write /dev/null",
- "allow_write /devfile",
- "allow_write /devfile",
- "allow_write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_write /proc/sys/net/ipv4/ip_local_port_range",
- "allow_write /tmp/open_test",
- "allow_write /tmp/open_test",
- "allow_write /tmp/open_test",
- "allow_write /tmp/truncate_test",
- "allow_write /tmp/truncate_test",
- "allow_rewrite /tmp/rewrite_test",
- "allow_rewrite /tmp/rewrite_test",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
- "allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
- "allow_chroot /",
- "allow_chroot /",
- "allow_chroot /mnt/",
- "allow_pivot_root / /proc/",
- "allow_pivot_root /mnt/ /proc/mnt/",
- "allow_unmount /",
- "allow_unmount /proc/",
- NULL
-};
-
-static void domain_policy_test(const unsigned int before)
-{
- unsigned int after;
- int j;
- policy_file = "/sys/kernel/security/tomoyo/domain_policy";
- for (j = 0; domain_testcases[j]; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- fprintf(fp, "<kernel>\n");
- policy = domain_testcases[j];
- printf("Processing: %s\n", policy);
- for (i = 0; i < 100; i++) {
- fprintf(fp, "%s\n", policy);
- if (!i)
- check_policy_written(fp, 1);
- fprintf(fp, "delete %s\n", policy);
- }
- check_policy_deleted(fp, 1);
- for (i = 0; i < 100; i++)
- fprintf(fp, "%s\n", policy);
- check_policy_written(fp, 2);
- fprintf(fp, "delete %s\n", policy);
- check_policy_deleted(fp, 2);
- fclose(fp);
- for (i = 0; i < 30; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
- for (j = 0; j < 10; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- fprintf(fp, "<kernel> /sbin/init\n");
- for (i = 0; domain_testcases[i]; i++)
- fprintf(fp, "%s\n", domain_testcases[i]);
- fprintf(fp, "delete <kernel> /sbin/init\n");
- fclose(fp);
- for (i = 0; i < 50; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
-}
-
-static const char *exception_testcases[] = {
- "allow_read /tmp/mknod_reg_test",
- "allow_env HOME",
- "path_group PG1 /",
- "path_group PG2 /",
- "address_group AG3 0.0.0.0",
- "address_group AG3 1.2.3.4-5.6.7.8",
- "address_group AG3 f:ee:ddd:cccc:b:aa:999:8888",
- "address_group AG4 0:1:2:3:4:5:6:7-8:90:a00:b000:c00:d0:e:f000",
- "number_group NG1 1000",
- "number_group NG2 10-0x100000",
- "number_group NG3 01234567-0xABCDEF89",
- "deny_autobind 1024",
- "deny_autobind 32668-65535",
- "deny_autobind 0-1023",
- "initialize_domain /usr/sbin/sshd",
- "no_initialize_domain /usr/sbin/sshd",
- "initialize_domain /usr/sbin/sshd from /bin/bash",
- "no_initialize_domain /usr/sbin/sshd from /bin/bash",
- "initialize_domain /usr/sbin/sshd from "
- "<kernel> /bin/mingetty/bin/bash",
- "no_initialize_domain /usr/sbin/sshd from "
- "<kernel> /bin/mingetty/bin/bash",
- "keep_domain <kernel> /usr/sbin/sshd /bin/bash",
- "no_keep_domain <kernel> /usr/sbin/sshd /bin/bash",
- "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
- "no_keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
- "keep_domain /bin/pwd from /bin/bash",
- "no_keep_domain /bin/pwd from /bin/bash",
- "file_pattern /proc/\\$/task/\\$/environ",
- "file_pattern /proc/\\$/task/\\$/auxv",
- "allow_read /etc/ld.so.cache",
- "allow_read /proc/meminfo",
- "allow_read /proc/sys/kernel/version",
- "allow_read /etc/localtime",
- "allow_read /proc/self/task/\\$/attr/current",
- "allow_read /proc/self/task/\\$/oom_score",
- "allow_read /proc/self/wchan",
- "allow_read /lib/ld-2.5.so",
- "file_pattern pipe:[\\$]",
- "file_pattern socket:[\\$]",
- "file_pattern /var/cache/logwatch/logwatch.\\*/",
- "file_pattern /var/cache/logwatch/logwatch.\\*/\\*",
- "deny_rewrite /var/log/\\*",
- "deny_rewrite /var/log/\\*/\\*",
- "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+smb /etc/rc.d/init.d/smb",
- "aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+crond /etc/rc.d/init.d/crond",
- NULL
-};
-
-static void exception_policy_test(const unsigned int before)
-{
- unsigned int after;
- int j;
- policy_file = "/sys/kernel/security/tomoyo/exception_policy";
- for (j = 0; exception_testcases[j]; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- policy = exception_testcases[j];
- printf("Processing: %s\n", policy);
- for (i = 0; i < 100; i++) {
- fprintf(fp, "%s\n", policy);
- if (!i)
- check_policy_written(fp, 1);
- fprintf(fp, "delete %s\n", policy);
- }
- check_policy_deleted(fp, 1);
- for (i = 0; i < 100; i++)
- fprintf(fp, "%s\n", policy);
- check_policy_written(fp, 2);
- fprintf(fp, "delete %s\n", policy);
- check_policy_deleted(fp, 2);
- fclose(fp);
- for (i = 0; i < 30; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
- for (j = 0; j < 10; j++) {
- int i;
- FILE *fp = fopen(policy_file, "w");
- if (!fp)
- BUG("BUG: Policy write error\n");
- for (i = 0; exception_testcases[i]; i++)
- fprintf(fp, "%s\n", exception_testcases[i]);
- for (i = 0; exception_testcases[i]; i++)
- fprintf(fp, "delete %s\n", exception_testcases[i]);
- fclose(fp);
- for (i = 0; i < 50; i++) {
- usleep(100000);
- get_meminfo(&after);
- if (before == after)
- break;
- }
- if (before != after) {
- printf("Policy: %d\n", after - before);
- BUG("Policy read/write test: Fail\n");
- }
- }
-}
-
-int main(void)
-{
- unsigned int before;
- mount("/proc", "/proc/", "proc", 0, NULL);
- get_meminfo(&before);
- domain_policy_test(before);
- exception_policy_test(before);
- BUG("Policy read/write test: Success\n");
- return 0;
-}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c b/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
deleted file mode 100644
index 7bc22c39b..000000000
--- a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/******************************************************************************/
-/* This program is free software; you can redistribute it and/or modify */
-/* it under the terms of the GNU General Public License as published by */
-/* the Free Software Foundation; either version 2 of the License, or */
-/* (at your option) any later version. */
-/* */
-/* This program is distributed in the hope that it will be useful, */
-/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
-/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
-/* the GNU General Public License for more details. */
-/* */
-/* You should have received a copy of the GNU General Public License */
-/* along with this program; if not, write to the Free Software */
-/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
-/* */
-/******************************************************************************/
-/*
- * tomoyo_rewrite_test.c
- *
- * Testing program for security/tomoyo/
- *
- * Copyright (C) 2005-2010 NTT DATA CORPORATION
- */
-#include "include.h"
-
-static int should_fail = 0;
-
-static void show_prompt(const char *str)
-{
- printf("Testing %35s: (%s) ", str,
- should_fail ? "must fail" : "must success");
- errno = 0;
-}
-
-static void show_result(int result)
-{
- if (should_fail) {
- if (result == EOF) {
- if (errno == EPERM)
- printf("OK: Permission denied.\n");
- else
- printf("BUG!\n");
- } else {
- printf("BUG!\n");
- }
- } else {
- if (result != EOF)
- printf("OK\n");
- else
- printf("BUG!\n");
- }
-}
-
-#define REWRITE_PATH "/tmp/rewrite_test"
-
-static void stage_rewrite_test(void)
-{
- int fd;
-
- /* Start up */
- write_domain_policy("allow_read/write " REWRITE_PATH, 0);
- write_domain_policy("allow_truncate " REWRITE_PATH, 0);
- write_domain_policy("allow_create " REWRITE_PATH " 0600", 0);
- write_domain_policy("allow_unlink " REWRITE_PATH, 0);
- write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
- set_profile(3, "file::open");
- set_profile(3, "file::create");
- set_profile(3, "file::truncate");
- set_profile(3, "file::rewrite");
- set_profile(3, "file::unlink");
- close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
-
- /* Enforce mode */
- should_fail = 0;
-
- show_prompt("open(O_RDONLY)");
- fd = open(REWRITE_PATH, O_RDONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_result(fd);
- close(fd);
-
- should_fail = 1;
- show_prompt("open(O_WRONLY)");
- fd = open(REWRITE_PATH, O_WRONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(REWRITE_PATH, 0));
-
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_prompt("ftruncate()");
- show_result(ftruncate(fd, 0));
-
- show_prompt("fcntl(F_SETFL, ~O_APPEND)");
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
- close(fd);
-
- /* Permissive mode */
- set_profile(2, "file::open");
- set_profile(2, "file::create");
- set_profile(2, "file::truncate");
- set_profile(2, "file::rewrite");
- set_profile(2, "file::unlink");
- should_fail = 0;
-
- show_prompt("open(O_RDONLY)");
- fd = open(REWRITE_PATH, O_RDONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY)");
- fd = open(REWRITE_PATH, O_WRONLY);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
- show_result(fd);
- close(fd);
-
- show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
- fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
- show_result(fd);
- close(fd);
-
- show_prompt("truncate()");
- show_result(truncate(REWRITE_PATH, 0));
-
- fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
- show_prompt("ftruncate()");
- show_result(ftruncate(fd, 0));
-
- show_prompt("fcntl(F_SETFL, ~O_APPEND)");
- show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
- close(fd);
-
- /* Clean up */
- unlink(REWRITE_PATH);
- write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
- printf("\n\n");
-}
-
-int main(void)
-{
- tomoyo_test_init();
- stage_rewrite_test();
- clear_status();
- return 0;
-}
--
2.35.3
More information about the ltp
mailing list