testcases/kernel/security/tomoyo/tomoyo_accept_test.c - platform/external/ltp - Gitiles

 /******************************************************************************/
 /* This program is free software;  you can redistribute it and/or modify      */
 /* it under the terms of the GNU General Public License as published by       */
 /* the Free Software Foundation; either version 2 of the License, or          */
 /* (at your option) any later version.                                        */
 /*                                                                            */
 /* This program is distributed in the hope that it will be useful,            */
 /* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
 /* the GNU General Public License for more details.                           */
 /*                                                                            */
 /* You should have received a copy of the GNU General Public License          */
 /* along with this program;  if not, write to the Free Software               */
 /* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
 /*                                                                            */
 /******************************************************************************/
 /*
  * tomoyo_accept_test.c
  *
  * Testing program for security/tomoyo/
  *
  * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #include "include.h"

 static void set_level(const int i)
 {
 	set_profile(i, "file::execute");
 	set_profile(i, "file::open");
 	set_profile(i, "file::create");
 	set_profile(i, "file::unlink");
 	set_profile(i, "file::mkdir");
 	set_profile(i, "file::rmdir");
 	set_profile(i, "file::mkfifo");
 	set_profile(i, "file::mksock");
 	set_profile(i, "file::truncate");
 	set_profile(i, "file::symlink");
 	set_profile(i, "file::rewrite");
 	set_profile(i, "file::mkblock");
 	set_profile(i, "file::mkchar");
 	set_profile(i, "file::link");
 	set_profile(i, "file::rename");
 	set_profile(i, "file::chmod");
 	set_profile(i, "file::chown");
 	set_profile(i, "file::chgrp");
 	set_profile(i, "file::ioctl");
 	set_profile(i, "file::chroot");
 	set_profile(i, "file::mount");
 	set_profile(i, "file::umount");
 	set_profile(i, "file::pivot_root");
 }

 static void test(int rw_loop, int truncate_loop, int append_loop,
 		 int create_loop)
 {
 	static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
 	static const int create_flags[3] = { 0, O_CREAT /* nonexistent*/ ,
 					     O_CREAT /* existent */ };
 	static const int truncate_flags[2] = { 0, O_TRUNC };
 	static const int append_flags[2] = { 0, O_APPEND };
 	int level;
 	int flags;
 	int i;
 	int fd;
 	static char buffer[1024];
 	memset(buffer, 0, sizeof(buffer));
 	snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
 		 append_loop, truncate_loop, create_loop, rw_loop);
 	fprintf(exception_fp, "deny_rewrite %s\n", buffer);
 	flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
 		append_flags[append_loop] | create_flags[create_loop];
 	for (i = 1; i < 8; i++)
 		fprintf(domain_fp, "delete %d %s\n", i, buffer);
 	for (level = 0; level < 4; level++) {
 		set_level(0);
 		if (create_loop == 1)
 			unlink(buffer);
 		else
 			close(open(buffer, O_CREAT, 0644));
 		set_level(level);
 		fd = open(buffer, flags, 0644);
 		if (fd != EOF)
 			close(fd);
 		else
 			fprintf(stderr, "%d: open(%04o) failed\n", level,
 				flags);
 		/*
 		  fd = open(buffer, flags, 0644)
 		  if (fd != EOF)
 		  close(fd);
 		  else
 		  fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
 		*/
 		/*
 		  fd = open(buffer, flags, 0644);
 		  if (fd != EOF)
 		  close(fd);
 		  else
 		  fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
 		*/
 	}
 	for (i = 1; i < 8; i++)
 		fprintf(domain_fp, "delete %d %s\n", i, buffer);
 	fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
 	fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
 	fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
 	fd = open(buffer, flags, 0644);
 	if (fd != EOF) {
 		close(fd);
 		fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
 	}
 }

 int main(int argc, char *argv[])
 {
 	tomoyo_test_init();
 	fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
 	fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
 	fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
 	fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
 	set_profile(0, "file");
 	fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
 	{
 		int append_loop;
 		for (append_loop = 0; append_loop < 2; append_loop++) {
 			int truncate_loop;
 			for (truncate_loop = 0; truncate_loop < 2;
 			     truncate_loop++) {
 				int create_loop;
 				for (create_loop = 0; create_loop < 3;
 				     create_loop++) {
 					int rw_loop;
 					for (rw_loop = 0; rw_loop < 4;
 					     rw_loop++)
 						test(rw_loop, truncate_loop,
 						     append_loop, create_loop);
 				}
 			}
 		}
 	}
 	fprintf(profile_fp, "255-CONFIG::file=disabled\n");
 	printf("Done\n");
 	clear_status();
 	return 0;
 }
	/******************************************************************************/
	/* This program is free software; you can redistribute it and/or modify */
	/* it under the terms of the GNU General Public License as published by */
	/* the Free Software Foundation; either version 2 of the License, or */
	/* (at your option) any later version. */
	/* */
	/* This program is distributed in the hope that it will be useful, */
	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
	/* the GNU General Public License for more details. */
	/* */
	/* You should have received a copy of the GNU General Public License */
	/* along with this program; if not, write to the Free Software */
	/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
	/* */
	/******************************************************************************/
	/*
	* tomoyo_accept_test.c
	*
	* Testing program for security/tomoyo/
	*
	* Copyright (C) 2005-2010 NTT DATA CORPORATION
	*/
	#include "include.h"

	static void set_level(const int i)
	{
	set_profile(i, "file::execute");
	set_profile(i, "file::open");
	set_profile(i, "file::create");
	set_profile(i, "file::unlink");
	set_profile(i, "file::mkdir");
	set_profile(i, "file::rmdir");
	set_profile(i, "file::mkfifo");
	set_profile(i, "file::mksock");
	set_profile(i, "file::truncate");
	set_profile(i, "file::symlink");
	set_profile(i, "file::rewrite");
	set_profile(i, "file::mkblock");
	set_profile(i, "file::mkchar");
	set_profile(i, "file::link");
	set_profile(i, "file::rename");
	set_profile(i, "file::chmod");
	set_profile(i, "file::chown");
	set_profile(i, "file::chgrp");
	set_profile(i, "file::ioctl");
	set_profile(i, "file::chroot");
	set_profile(i, "file::mount");
	set_profile(i, "file::umount");
	set_profile(i, "file::pivot_root");
	}

	static void test(int rw_loop, int truncate_loop, int append_loop,
	int create_loop)
	{
	static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
	static const int create_flags[3] = { 0, O_CREAT /* nonexistent*/ ,
	O_CREAT /* existent */ };
	static const int truncate_flags[2] = { 0, O_TRUNC };
	static const int append_flags[2] = { 0, O_APPEND };
	int level;
	int flags;
	int i;
	int fd;
	static char buffer[1024];
	memset(buffer, 0, sizeof(buffer));
	snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
	append_loop, truncate_loop, create_loop, rw_loop);
	fprintf(exception_fp, "deny_rewrite %s\n", buffer);
	flags = rw_flags[rw_loop] \| truncate_flags[truncate_loop] \|
	append_flags[append_loop] \| create_flags[create_loop];
	for (i = 1; i < 8; i++)
	fprintf(domain_fp, "delete %d %s\n", i, buffer);
	for (level = 0; level < 4; level++) {
	set_level(0);
	if (create_loop == 1)
	unlink(buffer);
	else
	close(open(buffer, O_CREAT, 0644));
	set_level(level);
	fd = open(buffer, flags, 0644);
	if (fd != EOF)
	close(fd);
	else
	fprintf(stderr, "%d: open(%04o) failed\n", level,
	flags);
	/*
	fd = open(buffer, flags, 0644)
	if (fd != EOF)
	close(fd);
	else
	fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
	*/
	/*
	fd = open(buffer, flags, 0644);
	if (fd != EOF)
	close(fd);
	else
	fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
	*/
	}
	for (i = 1; i < 8; i++)
	fprintf(domain_fp, "delete %d %s\n", i, buffer);
	fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
	fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
	fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
	fd = open(buffer, flags, 0644);
	if (fd != EOF) {
	close(fd);
	fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
	}
	}

	int main(int argc, char *argv[])
	{
	tomoyo_test_init();
	fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
	fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
	fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
	fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
	set_profile(0, "file");
	fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
	{
	int append_loop;
	for (append_loop = 0; append_loop < 2; append_loop++) {
	int truncate_loop;
	for (truncate_loop = 0; truncate_loop < 2;
	truncate_loop++) {
	int create_loop;
	for (create_loop = 0; create_loop < 3;
	create_loop++) {
	int rw_loop;
	for (rw_loop = 0; rw_loop < 4;
	rw_loop++)
	test(rw_loop, truncate_loop,
	append_loop, create_loop);
	}
	}
	}
	}
	fprintf(profile_fp, "255-CONFIG::file=disabled\n");
	printf("Done\n");
	clear_status();
	return 0;
	}