1 /******************************************************************************/ 2 /* This program is free software; you can redistribute it and/or modify */ 3 /* it under the terms of the GNU General Public License as published by */ 4 /* the Free Software Foundation; either version 2 of the License, or */ 5 /* (at your option) any later version. */ 6 /* */ 7 /* This program is distributed in the hope that it will be useful, */ 8 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ 9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */ 10 /* the GNU General Public License for more details. */ 11 /* */ 12 /* You should have received a copy of the GNU General Public License */ 13 /* along with this program; if not, write to the Free Software */ 14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ 15 /* */ 16 /******************************************************************************/ 17 /* 18 * tomoyo_accept_test.c 19 * 20 * Testing program for security/tomoyo/ 21 * 22 * Copyright (C) 2005-2010 NTT DATA CORPORATION 23 */ 24 #include "include.h" 25 26 static void set_level(const int i) 27 { 28 set_profile(i, "file::execute"); 29 set_profile(i, "file::open"); 30 set_profile(i, "file::create"); 31 set_profile(i, "file::unlink"); 32 set_profile(i, "file::mkdir"); 33 set_profile(i, "file::rmdir"); 34 set_profile(i, "file::mkfifo"); 35 set_profile(i, "file::mksock"); 36 set_profile(i, "file::truncate"); 37 set_profile(i, "file::symlink"); 38 set_profile(i, "file::rewrite"); 39 set_profile(i, "file::mkblock"); 40 set_profile(i, "file::mkchar"); 41 set_profile(i, "file::link"); 42 set_profile(i, "file::rename"); 43 set_profile(i, "file::chmod"); 44 set_profile(i, "file::chown"); 45 set_profile(i, "file::chgrp"); 46 set_profile(i, "file::ioctl"); 47 set_profile(i, "file::chroot"); 48 set_profile(i, "file::mount"); 49 set_profile(i, "file::umount"); 50 set_profile(i, "file::pivot_root"); 51 } 52 53 static void test(int rw_loop, int truncate_loop, int append_loop, 54 int create_loop) 55 { 56 static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR }; 57 static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ , 58 O_CREAT /* existent */ 59 }; 60 static const int truncate_flags[2] = { 0, O_TRUNC }; 61 static const int append_flags[2] = { 0, O_APPEND }; 62 int level; 63 int flags; 64 int i; 65 int fd; 66 static char buffer[1024]; 67 memset(buffer, 0, sizeof(buffer)); 68 snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d", 69 append_loop, truncate_loop, create_loop, rw_loop); 70 fprintf(exception_fp, "deny_rewrite %s\n", buffer); 71 flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] | 72 append_flags[append_loop] | create_flags[create_loop]; 73 for (i = 1; i < 8; i++) 74 fprintf(domain_fp, "delete %d %s\n", i, buffer); 75 for (level = 0; level < 4; level++) { 76 set_level(0); 77 if (create_loop == 1) 78 unlink(buffer); 79 else 80 close(open(buffer, O_CREAT, 0644)); 81 set_level(level); 82 fd = open(buffer, flags, 0644); 83 if (fd != EOF) 84 close(fd); 85 else 86 fprintf(stderr, "%d: open(%04o) failed\n", level, 87 flags); 88 /* 89 fd = open(buffer, flags, 0644) 90 if (fd != EOF) 91 close(fd); 92 else 93 fprintf(stderr, "%d: open(%04o) failed\n", level, flags); 94 */ 95 /* 96 fd = open(buffer, flags, 0644); 97 if (fd != EOF) 98 close(fd); 99 else 100 fprintf(stderr, "%d: open(%04o) failed\n", level, flags); 101 */ 102 } 103 for (i = 1; i < 8; i++) 104 fprintf(domain_fp, "delete %d %s\n", i, buffer); 105 fprintf(domain_fp, "delete allow_truncate %s\n", buffer); 106 fprintf(domain_fp, "delete allow_create %s 0644\n", buffer); 107 fprintf(domain_fp, "delete allow_rewrite %s\n", buffer); 108 fd = open(buffer, flags, 0644); 109 if (fd != EOF) { 110 close(fd); 111 fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags); 112 } 113 } 114 115 int main(int argc, char *argv[]) 116 { 117 tomoyo_test_init(); 118 fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n"); 119 fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n"); 120 fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n"); 121 fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n"); 122 set_profile(0, "file"); 123 fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n"); 124 { 125 int append_loop; 126 for (append_loop = 0; append_loop < 2; append_loop++) { 127 int truncate_loop; 128 for (truncate_loop = 0; truncate_loop < 2; 129 truncate_loop++) { 130 int create_loop; 131 for (create_loop = 0; create_loop < 3; 132 create_loop++) { 133 int rw_loop; 134 for (rw_loop = 0; rw_loop < 4; 135 rw_loop++) 136 test(rw_loop, truncate_loop, 137 append_loop, create_loop); 138 } 139 } 140 } 141 } 142 fprintf(profile_fp, "255-CONFIG::file=disabled\n"); 143 printf("Done\n"); 144 clear_status(); 145 return 0; 146 } 147
