1 /******************************************************************************/ 2 /* This program is free software; you can redistribute it and/or modify */ 3 /* it under the terms of the GNU General Public License as published by */ 4 /* the Free Software Foundation; either version 2 of the License, or */ 5 /* (at your option) any later version. */ 6 /* */ 7 /* This program is distributed in the hope that it will be useful, */ 8 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ 9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */ 10 /* the GNU General Public License for more details. */ 11 /* */ 12 /* You should have received a copy of the GNU General Public License */ 13 /* along with this program; if not, write to the Free Software */ 14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ 15 /* */ 16 /******************************************************************************/ 17 /* 18 * tomoyo_filesystem_test.c 19 * 20 * Testing program for security/tomoyo/ 21 * 22 * Copyright (C) 2005-2010 NTT DATA CORPORATION 23 */ 24 #define _GNU_SOURCE 25 #include "include.h" 26 27 static void show_prompt(const char *str, const int should_fail) 28 { 29 printf("Testing %60s: (%s) ", str, 30 should_fail ? "must fail" : "should success"); 31 errno = 0; 32 } 33 34 #ifndef MS_MOVE 35 #define MS_MOVE 8192 36 #endif 37 38 static const char *pivot_root_dir = "/sys/kernel/security/"; 39 40 static int child(void *arg) 41 { 42 errno = 0; 43 pivot_root(pivot_root_dir, proc_policy_dir); 44 return errno; 45 } 46 47 static void mount2(const char *source, const char *target, 48 const char *filesystemtype) 49 { 50 if (mount(source, target, filesystemtype, 0, NULL)) { 51 printf("BUG: mount() failed\n"); 52 fflush(stdout); 53 } 54 } 55 56 static const unsigned char compressed_ext2_image_sample[1350] = { 57 0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC, 58 0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C, 59 0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD, 60 0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B, 61 0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23, 62 0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6, 63 0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E, 64 0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9, 65 0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9, 66 0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68, 67 0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED, 68 0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78, 69 0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD, 70 0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0, 71 0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82, 72 0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09, 73 0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3, 74 0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13, 75 0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22, 76 0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37, 77 0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9, 78 0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A, 79 0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00, 80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81, 81 0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB, 82 0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F, 83 0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA, 84 0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F, 85 0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40, 86 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00, 87 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 89 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 91 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 92 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 93 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 94 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 103 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 104 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 109 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 111 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 112 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 116 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 118 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 120 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 122 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 123 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 124 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 127 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 130 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 131 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 132 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 133 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 134 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 135 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 136 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 138 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 139 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 140 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 145 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 146 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 151 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 152 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 153 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 154 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 155 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 156 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 157 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 161 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 162 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 163 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 164 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 165 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2, 169 0x14, 0x08, 0x00, 0x00, 0x10, 0x00 170 }; 171 172 int main(int argc, char *argv[]) 173 { 174 char c = 0; 175 tomoyo_test_init(); 176 177 /* Test mount(). */ 178 { 179 set_profile(3, "file::mount"); 180 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1); 181 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF && 182 errno == EPERM) 183 printf("OK: Permission denied.\n"); 184 else if (errno == ENODEV) 185 printf("OK: No such device.\n"); 186 else 187 printf("BUG: %s\n", strerror(errno)); 188 set_profile(1, "file::mount"); 189 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0); 190 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF && 191 errno == ENOMEM) 192 printf("OK: Out of memory.\n"); 193 else if (errno == ENODEV) 194 printf("OK: No such device.\n"); 195 else 196 printf("BUG: %s\n", strerror(errno)); 197 set_profile(3, "file::mount"); 198 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0); 199 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF && 200 errno == ENOMEM) 201 printf("OK: Out of memory.\n"); 202 else if (errno == ENODEV) 203 printf("OK: No such device.\n"); 204 else 205 printf("BUG: %s\n", strerror(errno)); 206 fprintf(domain_fp, "delete allow_mount dev\\011name / " 207 "fs\\011name 0\n"); 208 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1); 209 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF && 210 errno == EPERM) 211 printf("OK: Permission denied.\n"); 212 else if (errno == ENODEV) 213 printf("OK: No such device.\n"); 214 else 215 printf("BUG: %s\n", strerror(errno)); 216 set_profile(1, "file::mount"); 217 show_prompt("mount(NULL, '/', 'tmpfs') ", 0); 218 if (mount(NULL, "/", "tmpfs", 0, NULL)) 219 printf("BUG: %s\n", strerror(errno)); 220 else 221 printf("OK: Success\n"); 222 set_profile(3, "file::mount"); 223 show_prompt("mount(NULL, '/', 'tmpfs') ", 0); 224 if (mount(NULL, "/", "tmpfs", 0, NULL)) 225 printf("BUG: %s\n", strerror(errno)); 226 else 227 printf("OK: Success\n"); 228 show_prompt("mount('anydev', '/', 'tmpfs') ", 0); 229 if (mount("anydev", "/", "tmpfs", 0, NULL)) 230 printf("BUG: %s\n", strerror(errno)); 231 else 232 printf("OK: Success\n"); 233 fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n"); 234 fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n"); 235 show_prompt("mount(NULL, '/', 'tmpfs') ", 0); 236 if (mount(NULL, "/", "tmpfs", 0, NULL)) 237 printf("BUG: %s\n", strerror(errno)); 238 else 239 printf("OK: Success\n"); 240 fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n"); 241 set_profile(2, "file::mount"); 242 show_prompt("mount(NULL, NULL, 'tmpfs') ", 1); 243 if (mount(NULL, NULL, "tmpfs", 0, NULL)) 244 printf("OK: %s\n", strerror(errno)); 245 else 246 printf("BUG: Did not fail.\n"); 247 show_prompt("mount(NULL, NULL, NULL) ", 1); 248 if (mount(NULL, NULL, NULL, 0, NULL)) 249 printf("OK: %s\n", strerror(errno)); 250 else 251 printf("BUG: Did not fail.\n"); 252 show_prompt("mount('/', NULL, NULL) ", 1); 253 if (mount("/", NULL, NULL, 0, NULL)) 254 printf("OK: %s\n", strerror(errno)); 255 else 256 printf("BUG: Did not fail.\n"); 257 show_prompt("mount('/', NULL, 'tmpfs') ", 1); 258 if (mount("/", NULL, "tmpfs", 0, NULL)) 259 printf("OK: %s\n", strerror(errno)); 260 else 261 printf("BUG: Did not fail.\n"); 262 show_prompt("mount('/', '/', 'nonexistentfs') ", 1); 263 if (mount("/", "/", "nonexistentfs", 0, NULL)) 264 printf("OK: %s\n", strerror(errno)); 265 else 266 printf("BUG: Did not fail.\n"); 267 set_profile(0, "file::mount"); 268 } 269 270 mkdir("/tmp/mount/", 0755); 271 mkdir("/tmp/mount_bind/", 0755); 272 mkdir("/tmp/mount_move/", 0755); 273 274 /* Test mount(). */ 275 { 276 static char buf[4096]; 277 char *dev_ram_path = realpath("/dev/ram0", NULL); 278 if (!dev_ram_path) 279 dev_ram_path = realpath("/dev/ram", NULL); 280 if (!dev_ram_path) { 281 dev_ram_path = "/dev/ram0"; 282 mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0)); 283 } 284 memset(buf, 0, sizeof(buf)); 285 { 286 struct stat sbuf; 287 FILE *fp = NULL; 288 snprintf(buf, sizeof(buf) - 1, "zcat - > %s", 289 dev_ram_path); 290 if (lstat(dev_ram_path, &sbuf) == 0 && 291 S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1) 292 fp = popen(buf, "w"); 293 if (fp) { 294 if (fwrite(compressed_ext2_image_sample, 1, 295 sizeof(compressed_ext2_image_sample), 296 fp) != 297 sizeof(compressed_ext2_image_sample)) 298 err(1, "fwrite"); 299 pclose(fp); 300 } else 301 fprintf(stderr, "Can't write to %s .\n", 302 dev_ram_path); 303 } 304 set_profile(3, "file::mount"); 305 306 /* Test standard case */ 307 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for " 308 "'/tmp/mount/'", 1); 309 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF && 310 errno == EPERM) 311 printf("OK: Permission denied.\n"); 312 else 313 printf("BUG: %s\n", strerror(errno)); 314 315 /* Test device_name with pattern */ 316 snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', " 317 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path); 318 show_prompt(buf, 1); 319 if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL) 320 == EOF && errno == EPERM) 321 printf("OK: Permission denied.\n"); 322 else 323 printf("BUG: %s\n", strerror(errno)); 324 325 /* Test dir_name with pattern */ 326 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for " 327 "'/tmp/\\?\\?\\?\\?\\?/'", 1); 328 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF && 329 errno == EPERM) 330 printf("OK: Permission denied.\n"); 331 else 332 printf("BUG: %s\n", strerror(errno)); 333 334 /* Test standard case */ 335 fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n"); 336 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for " 337 "'/tmp/mount/'", 0); 338 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0) 339 printf("OK\n"); 340 else 341 printf("FAILED: %s\n", strerror(errno)); 342 fprintf(domain_fp, 343 "delete allow_mount none /tmp/mount/ tmpfs 0\n"); 344 345 /* Test device_name with pattern */ 346 fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n", 347 dev_ram_path); 348 snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', " 349 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path); 350 show_prompt(buf, 0); 351 if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL) 352 == 0) 353 printf("OK\n"); 354 else 355 printf("FAILED: %s\n", strerror(errno)); 356 fprintf(domain_fp, "delete allow_mount %s\\* " 357 "/tmp/mount/ ext2 1\n", dev_ram_path); 358 359 /* Test dir_name with pattern */ 360 fprintf(domain_fp, 361 "allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n"); 362 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for " 363 "'/tmp/\\?\\?\\?\\?\\?/'", 0); 364 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0) 365 printf("OK\n"); 366 else 367 printf("FAILED: %s\n", strerror(errno)); 368 fprintf(domain_fp, "delete allow_mount none " 369 "/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n"); 370 371 set_profile(0, "file::mount"); 372 while (umount("/tmp/mount/") == 0) 373 c++; /* Dummy. */ 374 } 375 376 /* Test mount(). */ 377 { 378 mount2("none", "/tmp/mount/", "tmpfs"); 379 set_profile(3, "file::mount"); 380 381 /* Test remount case */ 382 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1); 383 if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL) 384 == EOF && errno == EPERM) 385 printf("OK: Permission denied.\n"); 386 else 387 printf("BUG: %s\n", strerror(errno)); 388 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1); 389 if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF 390 && errno == EPERM) 391 printf("OK: Permission denied.\n"); 392 else 393 printf("BUG: %s\n", strerror(errno)); 394 fprintf(domain_fp, "allow_mount something /tmp/mount/ " 395 "--remount 0\n"); 396 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0); 397 if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL)) 398 printf("BUG: %s\n", strerror(errno)); 399 else 400 printf("OK: Success.\n"); 401 fprintf(domain_fp, "delete allow_mount something /tmp/mount/ " 402 "--remount 0\n"); 403 404 /* Test bind case */ 405 show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', " 406 "MS_BIND)", 1); 407 if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND, 408 NULL) == EOF && errno == EPERM) 409 printf("OK: Permission denied.\n"); 410 else 411 printf("BUG: %s\n", strerror(errno)); 412 413 /* Test move case */ 414 show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', " 415 "MS_MOVE)", 1); 416 if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE, 417 NULL) == EOF && errno == EPERM) 418 printf("OK: Permission denied.\n"); 419 else 420 printf("BUG: %s\n", strerror(errno)); 421 422 /* Test remount case */ 423 fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n"); 424 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0); 425 if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL) 426 == 0) 427 printf("OK\n"); 428 else 429 printf("FAILED: %s\n", strerror(errno)); 430 fprintf(domain_fp, "delete allow_mount any /tmp/mount/ " 431 "--remount 0\n"); 432 433 /* Test bind case */ 434 fprintf(domain_fp, 435 "allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n"); 436 show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)", 437 0); 438 if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND, 439 NULL) == 0) 440 printf("OK\n"); 441 else 442 printf("FAILED: %s\n", strerror(errno)); 443 set_profile(0, "file::mount"); 444 umount("/tmp/mount_bind/"); 445 fprintf(domain_fp, "delete allow_mount /tmp/mount/ " 446 "/tmp/mount_bind/ --bind 0\n"); 447 448 /* Test move case */ 449 set_profile(3, "file::mount"); 450 fprintf(domain_fp, "allow_unmount /tmp/mount/\n"); 451 fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ " 452 "--move 0\n"); 453 show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', " 454 "MS_MOVE)", 0); 455 if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE, 456 NULL) == 0) 457 printf("OK\n"); 458 else 459 printf("FAILED: %s\n", strerror(errno)); 460 set_profile(0, "file::mount"); 461 umount("/tmp/mount_move/"); 462 fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n"); 463 fprintf(domain_fp, "delete allow_mount /tmp/mount/ " 464 "/tmp/mount_move/ --move 0\n"); 465 466 while (umount("/tmp/mount/") == 0) 467 c++; /* Dummy. */ 468 } 469 470 /* Test umount(). */ 471 { 472 /* Test standard case */ 473 fprintf(domain_fp, "allow_unmount /tmp/mount/\n"); 474 475 set_profile(0, "file::umount"); 476 mount2("none", "/tmp/mount/", "tmpfs"); 477 set_profile(3, "file::umount"); 478 show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0); 479 if (umount("/tmp/mount/") == 0) 480 printf("OK\n"); 481 else 482 printf("BUG: %s\n", strerror(errno)); 483 fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n"); 484 485 set_profile(0, "file::umount"); 486 487 mount2("none", "/tmp/mount/", "tmpfs"); 488 set_profile(3, "file::umount"); 489 show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1); 490 if (umount("/tmp/mount/") == EOF && errno == EPERM) 491 printf("OK: Permission denied.\n"); 492 else 493 printf("FAILED: %s\n", strerror(errno)); 494 495 /* Test pattern */ 496 fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n"); 497 set_profile(0, "file::umount"); 498 mount2("none", "/tmp/mount/", "tmpfs"); 499 set_profile(3, "file::umount"); 500 show_prompt("umount('/tmp/mount/') for " 501 "'/tmp/\\?\\?\\?\\?\\?/'", 1); 502 if (umount("/tmp/mount/") == 0) 503 printf("OK\n"); 504 else 505 printf("BUG: %s\n", strerror(errno)); 506 fprintf(domain_fp, 507 "delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n"); 508 509 set_profile(0, "file::umount"); 510 while (umount("/tmp/mount/") == 0) 511 c++; /* Dummy. */ 512 } 513 514 /* Test chroot(). */ 515 { 516 set_profile(3, "file::chroot"); 517 518 /* Test standard case */ 519 fprintf(domain_fp, "allow_chroot /tmp/mount/\n"); 520 show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0); 521 fflush(stdout); 522 if (fork() == 0) { 523 if (chroot("/tmp/mount/") == 0) 524 printf("OK\n"); 525 else 526 printf("FAILED: %s\n", strerror(errno)); 527 fflush(stdout); 528 _exit(0); 529 } 530 wait(NULL); 531 fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n"); 532 533 show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1); 534 fflush(stdout); 535 if (fork() == 0) { 536 if (chroot("/tmp/mount/") == EOF && errno == EPERM) 537 printf("OK: Permission denied.\n"); 538 else 539 printf("BUG: %s\n", strerror(errno)); 540 fflush(stdout); 541 _exit(0); 542 } 543 wait(NULL); 544 545 /* Test pattern */ 546 fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n"); 547 show_prompt("chroot('/tmp/mount/') for " 548 "'/tmp/\\?\\?\\?\\?\\?/'", 0); 549 fflush(stdout); 550 if (fork() == 0) { 551 if (chroot("/tmp/mount/") == 0) 552 printf("OK\n"); 553 else 554 printf("FAILED: %s\n", strerror(errno)); 555 fflush(stdout); 556 _exit(0); 557 } 558 wait(NULL); 559 fprintf(domain_fp, 560 "delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n"); 561 562 set_profile(0, "file::chroot"); 563 } 564 565 /* Test pivot_root(). */ 566 { 567 int error; 568 static char stack[8192]; 569 set_profile(3, "file::pivot_root"); 570 fprintf(domain_fp, "allow_pivot_root %s %s\n", 571 pivot_root_dir, proc_policy_dir); 572 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir, 573 proc_policy_dir); 574 show_prompt(stack, 0); 575 { 576 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, 577 NULL); 578 while (waitpid(pid, &error, __WALL) == EOF && 579 errno == EINTR) 580 c++; /* Dummy. */ 581 } 582 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1; 583 if (errno == 0) 584 printf("OK\n"); 585 else 586 printf("FAILED: %s\n", strerror(errno)); 587 588 fprintf(domain_fp, "delete allow_pivot_root %s %s\n", 589 pivot_root_dir, proc_policy_dir); 590 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir, 591 proc_policy_dir); 592 show_prompt(stack, 1); 593 { 594 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, 595 NULL); 596 while (waitpid(pid, &error, __WALL) == EOF && 597 errno == EINTR) 598 c++; /* Dummy. */ 599 } 600 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1; 601 if (errno == EPERM) 602 printf("OK: Permission denied.\n"); 603 else 604 printf("BUG: %s\n", strerror(errno)); 605 606 set_profile(2, "file::pivot_root"); 607 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir, 608 proc_policy_dir); 609 show_prompt(stack, 0); 610 { 611 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child, 612 NULL); 613 while (waitpid(pid, &error, __WALL) == EOF && 614 errno == EINTR) 615 c++; /* Dummy. */ 616 } 617 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1; 618 if (errno == 0) 619 printf("OK\n"); 620 else 621 printf("FAILED: %s\n", strerror(errno)); 622 623 set_profile(0, "file::pivot_root"); 624 625 } 626 627 rmdir("/tmp/mount_move/"); 628 rmdir("/tmp/mount_bind/"); 629 rmdir("/tmp/mount/"); 630 631 clear_status(); 632 return 0; 633 } 634
