1 /******************************************************************************/
2 /* This program is free software; you can redistribute it and/or modify */
3 /* it under the terms of the GNU General Public License as published by */
4 /* the Free Software Foundation; either version 2 of the License, or */
5 /* (at your option) any later version. */
6 /* */
7 /* This program is distributed in the hope that it will be useful, */
8 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
10 /* the GNU General Public License for more details. */
11 /* */
12 /* You should have received a copy of the GNU General Public License */
13 /* along with this program; if not, write to the Free Software */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
15 /* */
16 /******************************************************************************/
17 /*
18 * tomoyo_accept_test.c
19 *
20 * Testing program for security/tomoyo/
21 *
22 * Copyright (C) 2005-2010 NTT DATA CORPORATION
23 */
24 #include "include.h"
25
set_level(const int i)26 static void set_level(const int i)
27 {
28 set_profile(i, "file::execute");
29 set_profile(i, "file::open");
30 set_profile(i, "file::create");
31 set_profile(i, "file::unlink");
32 set_profile(i, "file::mkdir");
33 set_profile(i, "file::rmdir");
34 set_profile(i, "file::mkfifo");
35 set_profile(i, "file::mksock");
36 set_profile(i, "file::truncate");
37 set_profile(i, "file::symlink");
38 set_profile(i, "file::rewrite");
39 set_profile(i, "file::mkblock");
40 set_profile(i, "file::mkchar");
41 set_profile(i, "file::link");
42 set_profile(i, "file::rename");
43 set_profile(i, "file::chmod");
44 set_profile(i, "file::chown");
45 set_profile(i, "file::chgrp");
46 set_profile(i, "file::ioctl");
47 set_profile(i, "file::chroot");
48 set_profile(i, "file::mount");
49 set_profile(i, "file::umount");
50 set_profile(i, "file::pivot_root");
51 }
52
test(int rw_loop,int truncate_loop,int append_loop,int create_loop)53 static void test(int rw_loop, int truncate_loop, int append_loop,
54 int create_loop)
55 {
56 static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
57 static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ ,
58 O_CREAT /* existent */
59 };
60 static const int truncate_flags[2] = { 0, O_TRUNC };
61 static const int append_flags[2] = { 0, O_APPEND };
62 int level;
63 int flags;
64 int i;
65 int fd;
66 static char buffer[1024];
67 memset(buffer, 0, sizeof(buffer));
68 snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
69 append_loop, truncate_loop, create_loop, rw_loop);
70 fprintf(exception_fp, "deny_rewrite %s\n", buffer);
71 flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
72 append_flags[append_loop] | create_flags[create_loop];
73 for (i = 1; i < 8; i++)
74 fprintf(domain_fp, "delete %d %s\n", i, buffer);
75 for (level = 0; level < 4; level++) {
76 set_level(0);
77 if (create_loop == 1)
78 unlink(buffer);
79 else
80 close(open(buffer, O_CREAT, 0644));
81 set_level(level);
82 fd = open(buffer, flags, 0644);
83 if (fd != EOF)
84 close(fd);
85 else
86 fprintf(stderr, "%d: open(%04o) failed\n", level,
87 flags);
88 /*
89 fd = open(buffer, flags, 0644)
90 if (fd != EOF)
91 close(fd);
92 else
93 fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
94 */
95 /*
96 fd = open(buffer, flags, 0644);
97 if (fd != EOF)
98 close(fd);
99 else
100 fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
101 */
102 }
103 for (i = 1; i < 8; i++)
104 fprintf(domain_fp, "delete %d %s\n", i, buffer);
105 fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
106 fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
107 fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
108 fd = open(buffer, flags, 0644);
109 if (fd != EOF) {
110 close(fd);
111 fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
112 }
113 }
114
main(void)115 int main(void)
116 {
117 tomoyo_test_init();
118 fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
119 fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
120 fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
121 fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
122 set_profile(0, "file");
123 fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
124 {
125 int append_loop;
126 for (append_loop = 0; append_loop < 2; append_loop++) {
127 int truncate_loop;
128 for (truncate_loop = 0; truncate_loop < 2;
129 truncate_loop++) {
130 int create_loop;
131 for (create_loop = 0; create_loop < 3;
132 create_loop++) {
133 int rw_loop;
134 for (rw_loop = 0; rw_loop < 4;
135 rw_loop++)
136 test(rw_loop, truncate_loop,
137 append_loop, create_loop);
138 }
139 }
140 }
141 }
142 fprintf(profile_fp, "255-CONFIG::file=disabled\n");
143 printf("Done\n");
144 clear_status();
145 return 0;
146 }
147