• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************/
2 /* This program is free software;  you can redistribute it and/or modify      */
3 /* it under the terms of the GNU General Public License as published by       */
4 /* the Free Software Foundation; either version 2 of the License, or          */
5 /* (at your option) any later version.                                        */
6 /*                                                                            */
7 /* This program is distributed in the hope that it will be useful,            */
8 /* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
10 /* the GNU General Public License for more details.                           */
11 /*                                                                            */
12 /* You should have received a copy of the GNU General Public License          */
13 /* along with this program;  if not, write to the Free Software               */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    */
15 /*                                                                            */
16 /******************************************************************************/
17 /*
18  * tomoyo_accept_test.c
19  *
20  * Testing program for security/tomoyo/
21  *
22  * Copyright (C) 2005-2010  NTT DATA CORPORATION
23  */
24 #include "include.h"
25 
set_level(const int i)26 static void set_level(const int i)
27 {
28 	set_profile(i, "file::execute");
29 	set_profile(i, "file::open");
30 	set_profile(i, "file::create");
31 	set_profile(i, "file::unlink");
32 	set_profile(i, "file::mkdir");
33 	set_profile(i, "file::rmdir");
34 	set_profile(i, "file::mkfifo");
35 	set_profile(i, "file::mksock");
36 	set_profile(i, "file::truncate");
37 	set_profile(i, "file::symlink");
38 	set_profile(i, "file::rewrite");
39 	set_profile(i, "file::mkblock");
40 	set_profile(i, "file::mkchar");
41 	set_profile(i, "file::link");
42 	set_profile(i, "file::rename");
43 	set_profile(i, "file::chmod");
44 	set_profile(i, "file::chown");
45 	set_profile(i, "file::chgrp");
46 	set_profile(i, "file::ioctl");
47 	set_profile(i, "file::chroot");
48 	set_profile(i, "file::mount");
49 	set_profile(i, "file::umount");
50 	set_profile(i, "file::pivot_root");
51 }
52 
test(int rw_loop,int truncate_loop,int append_loop,int create_loop)53 static void test(int rw_loop, int truncate_loop, int append_loop,
54 		 int create_loop)
55 {
56 	static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
57 	static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ ,
58 		O_CREAT /* existent */
59 	};
60 	static const int truncate_flags[2] = { 0, O_TRUNC };
61 	static const int append_flags[2] = { 0, O_APPEND };
62 	int level;
63 	int flags;
64 	int i;
65 	int fd;
66 	static char buffer[1024];
67 	memset(buffer, 0, sizeof(buffer));
68 	snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
69 		 append_loop, truncate_loop, create_loop, rw_loop);
70 	fprintf(exception_fp, "deny_rewrite %s\n", buffer);
71 	flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
72 	    append_flags[append_loop] | create_flags[create_loop];
73 	for (i = 1; i < 8; i++)
74 		fprintf(domain_fp, "delete %d %s\n", i, buffer);
75 	for (level = 0; level < 4; level++) {
76 		set_level(0);
77 		if (create_loop == 1)
78 			unlink(buffer);
79 		else
80 			close(open(buffer, O_CREAT, 0644));
81 		set_level(level);
82 		fd = open(buffer, flags, 0644);
83 		if (fd != EOF)
84 			close(fd);
85 		else
86 			fprintf(stderr, "%d: open(%04o) failed\n", level,
87 				flags);
88 		/*
89 		   fd = open(buffer, flags, 0644)
90 		   if (fd != EOF)
91 		   close(fd);
92 		   else
93 		   fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
94 		 */
95 		/*
96 		   fd = open(buffer, flags, 0644);
97 		   if (fd != EOF)
98 		   close(fd);
99 		   else
100 		   fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
101 		 */
102 	}
103 	for (i = 1; i < 8; i++)
104 		fprintf(domain_fp, "delete %d %s\n", i, buffer);
105 	fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
106 	fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
107 	fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
108 	fd = open(buffer, flags, 0644);
109 	if (fd != EOF) {
110 		close(fd);
111 		fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
112 	}
113 }
114 
main(void)115 int main(void)
116 {
117 	tomoyo_test_init();
118 	fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
119 	fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
120 	fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
121 	fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
122 	set_profile(0, "file");
123 	fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
124 	{
125 		int append_loop;
126 		for (append_loop = 0; append_loop < 2; append_loop++) {
127 			int truncate_loop;
128 			for (truncate_loop = 0; truncate_loop < 2;
129 			     truncate_loop++) {
130 				int create_loop;
131 				for (create_loop = 0; create_loop < 3;
132 				     create_loop++) {
133 					int rw_loop;
134 					for (rw_loop = 0; rw_loop < 4;
135 					     rw_loop++)
136 						test(rw_loop, truncate_loop,
137 						     append_loop, create_loop);
138 				}
139 			}
140 		}
141 	}
142 	fprintf(profile_fp, "255-CONFIG::file=disabled\n");
143 	printf("Done\n");
144 	clear_status();
145 	return 0;
146 }
147