170 lines
4.7 KiB
C
170 lines
4.7 KiB
C
/******************************************************************************/
|
|
/* This program is free software; you can redistribute it and/or modify */
|
|
/* it under the terms of the GNU General Public License as published by */
|
|
/* the Free Software Foundation; either version 2 of the License, or */
|
|
/* (at your option) any later version. */
|
|
/* */
|
|
/* This program is distributed in the hope that it will be useful, */
|
|
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
|
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
|
|
/* the GNU General Public License for more details. */
|
|
/* */
|
|
/* You should have received a copy of the GNU General Public License */
|
|
/* along with this program; if not, write to the Free Software */
|
|
/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
|
|
/* */
|
|
/******************************************************************************/
|
|
/*
|
|
* tomoyo_rewrite_test.c
|
|
*
|
|
* Testing program for security/tomoyo/
|
|
*
|
|
* Copyright (C) 2005-2010 NTT DATA CORPORATION
|
|
*/
|
|
#include "include.h"
|
|
|
|
static int should_fail = 0;
|
|
|
|
static void show_prompt(const char *str)
|
|
{
|
|
printf("Testing %35s: (%s) ", str,
|
|
should_fail ? "must fail" : "must success");
|
|
errno = 0;
|
|
}
|
|
|
|
static void show_result(int result)
|
|
{
|
|
if (should_fail) {
|
|
if (result == EOF) {
|
|
if (errno == EPERM)
|
|
printf("OK: Permission denied.\n");
|
|
else
|
|
printf("BUG!\n");
|
|
} else {
|
|
printf("BUG!\n");
|
|
}
|
|
} else {
|
|
if (result != EOF)
|
|
printf("OK\n");
|
|
else
|
|
printf("BUG!\n");
|
|
}
|
|
}
|
|
|
|
#define REWRITE_PATH "/tmp/rewrite_test"
|
|
|
|
static void stage_rewrite_test(void)
|
|
{
|
|
int fd;
|
|
|
|
/* Start up */
|
|
write_domain_policy("allow_read/write " REWRITE_PATH, 0);
|
|
write_domain_policy("allow_truncate " REWRITE_PATH, 0);
|
|
write_domain_policy("allow_create " REWRITE_PATH " 0600", 0);
|
|
write_domain_policy("allow_unlink " REWRITE_PATH, 0);
|
|
write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
|
|
set_profile(3, "file::open");
|
|
set_profile(3, "file::create");
|
|
set_profile(3, "file::truncate");
|
|
set_profile(3, "file::rewrite");
|
|
set_profile(3, "file::unlink");
|
|
close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
|
|
|
|
/* Enforce mode */
|
|
should_fail = 0;
|
|
|
|
show_prompt("open(O_RDONLY)");
|
|
fd = open(REWRITE_PATH, O_RDONLY);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_APPEND)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
should_fail = 1;
|
|
show_prompt("open(O_WRONLY)");
|
|
fd = open(REWRITE_PATH, O_WRONLY);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_TRUNC)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("truncate()");
|
|
show_result(truncate(REWRITE_PATH, 0));
|
|
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
|
|
show_prompt("ftruncate()");
|
|
show_result(ftruncate(fd, 0));
|
|
|
|
show_prompt("fcntl(F_SETFL, ~O_APPEND)");
|
|
show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
|
|
close(fd);
|
|
|
|
/* Permissive mode */
|
|
set_profile(2, "file::open");
|
|
set_profile(2, "file::create");
|
|
set_profile(2, "file::truncate");
|
|
set_profile(2, "file::rewrite");
|
|
set_profile(2, "file::unlink");
|
|
should_fail = 0;
|
|
|
|
show_prompt("open(O_RDONLY)");
|
|
fd = open(REWRITE_PATH, O_RDONLY);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_APPEND)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY)");
|
|
fd = open(REWRITE_PATH, O_WRONLY);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_TRUNC)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
|
|
show_result(fd);
|
|
close(fd);
|
|
|
|
show_prompt("truncate()");
|
|
show_result(truncate(REWRITE_PATH, 0));
|
|
|
|
fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
|
|
show_prompt("ftruncate()");
|
|
show_result(ftruncate(fd, 0));
|
|
|
|
show_prompt("fcntl(F_SETFL, ~O_APPEND)");
|
|
show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
|
|
close(fd);
|
|
|
|
/* Clean up */
|
|
unlink(REWRITE_PATH);
|
|
write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
|
|
printf("\n\n");
|
|
}
|
|
|
|
int main(void)
|
|
{
|
|
tomoyo_test_init();
|
|
stage_rewrite_test();
|
|
clear_status();
|
|
return 0;
|
|
}
|