• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************/
2 /* This program is free software;  you can redistribute it and/or modify      */
3 /* it under the terms of the GNU General Public License as published by       */
4 /* the Free Software Foundation; either version 2 of the License, or          */
5 /* (at your option) any later version.                                        */
6 /*                                                                            */
7 /* This program is distributed in the hope that it will be useful,            */
8 /* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
10 /* the GNU General Public License for more details.                           */
11 /*                                                                            */
12 /* You should have received a copy of the GNU General Public License          */
13 /* along with this program;  if not, write to the Free Software               */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    */
15 /*                                                                            */
16 /******************************************************************************/
17 /*
18  * tomoyo_new_test.c
19  *
20  * Testing program for security/tomoyo/
21  *
22  * Copyright (C) 2005-2010  NTT DATA CORPORATION
23  */
24 #include "include.h"
25 
26 static int result;
27 static int error;
28 
show_result(const char * test,int should_success)29 static void show_result(const char *test, int should_success)
30 {
31 	error = errno;
32 	printf("%s : ", test);
33 	if (should_success) {
34 		if (error == 0)
35 			printf("OK (%d)\n", result);
36 		else
37 			printf("FAILED: %s\n", strerror(error));
38 	} else {
39 		if (error == 0)
40 			printf("BUG: Didn't fail (%d)\n", result);
41 		else if (error == EPERM)
42 			printf("OK: permission denied\n");
43 		else
44 			printf("FAILED: %s\n", strerror(error));
45 	}
46 }
47 
test_read_etc_fstab(void)48 static void test_read_etc_fstab(void)
49 {
50 	result = open("/etc/fstab", O_RDONLY);
51 }
52 
test_write_dev_null(void)53 static void test_write_dev_null(void)
54 {
55 	result = open("/dev/null", O_WRONLY);
56 }
57 
cleanup_file_open(void)58 static void cleanup_file_open(void)
59 {
60 	if (result != EOF)
61 		close(result);
62 }
63 
test_mkdir_testdir(void)64 static void test_mkdir_testdir(void)
65 {
66 	result = mkdir("/tmp/testdir", 0755);
67 }
68 
cleanup_mkdir_testdir(void)69 static void cleanup_mkdir_testdir(void)
70 {
71 	rmdir("/tmp/testdir");
72 }
73 
setup_mkdir_testdir(void)74 static void setup_mkdir_testdir(void)
75 {
76 	mkdir("/tmp/testdir", 0755);
77 }
78 
test_rmdir_testdir(void)79 static void test_rmdir_testdir(void)
80 {
81 	result = rmdir("/tmp/testdir");
82 }
83 
setup_execute_bin_true(void)84 static void setup_execute_bin_true(void)
85 {
86 	fprintf(domain_fp, "%s /bin/true\n", self_domain);
87 	fprintf(domain_fp, "use_profile 0\n");
88 	fprintf(domain_fp, "select pid=%u\n", pid);
89 }
90 
cleanup_execute_bin_true(void)91 static void cleanup_execute_bin_true(void)
92 {
93 	wait(NULL);
94 	fprintf(domain_fp, "delete %s /bin/true\n", self_domain);
95 	fprintf(domain_fp, "select pid=%u\n", pid);
96 }
97 
test_execute_bin_true(void)98 static void test_execute_bin_true(void)
99 {
100 	char *argv[] = { "/bin/true", NULL };
101 	char *envp[] = { "HOME=/", NULL };
102 	int pipe_fd[2] = { EOF, EOF };
103 	if (pipe(pipe_fd) == -1)
104 		err(1, "pipe");
105 	switch (fork()) {
106 	case 0:
107 		execve("/bin/true", argv, envp);
108 		error = errno;
109 		if (write(pipe_fd[1], &error, sizeof(error)) == -1)
110 			err(1, "write");
111 		_exit(0);
112 		break;
113 	case -1:
114 		error = ENOMEM;
115 		break;
116 	}
117 	close(pipe_fd[1]);
118 	(void)read(pipe_fd[0], &error, sizeof(error));
119 	close(pipe_fd[0]);
120 	result = error ? EOF : 0;
121 	errno = error;
122 }
123 
test_chmod_dev_null(void)124 static void test_chmod_dev_null(void)
125 {
126 	result = chmod("/dev/null", 0666);
127 }
128 
test_chown_dev_null(void)129 static void test_chown_dev_null(void)
130 {
131 	result = chown("/dev/null", 0, -1);
132 }
133 
test_chgrp_dev_null(void)134 static void test_chgrp_dev_null(void)
135 {
136 	result = chown("/dev/null", -1, 0);
137 }
138 
test_ioctl_dev_null(void)139 static void test_ioctl_dev_null(void)
140 {
141 	int fd = open("/dev/null", O_RDWR);
142 	errno = 0;
143 	result = ioctl(fd, 0x5451, NULL);
144 	error = errno;
145 	close(fd);
146 	errno = error;
147 }
148 
setup_chmod_group(void)149 static void setup_chmod_group(void)
150 {
151 	write_exception_policy("path_group CHMOD_TARGET /dev/null", 0);
152 	write_exception_policy("number_group CHMOD_MODES 0666", 0);
153 }
154 
cleanup_chmod_group(void)155 static void cleanup_chmod_group(void)
156 {
157 	write_exception_policy("path_group CHMOD_TARGET /dev/null", 1);
158 	write_exception_policy("number_group CHMOD_MODES 0666", 1);
159 }
160 
setup_chown_group(void)161 static void setup_chown_group(void)
162 {
163 	write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 0);
164 	write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 0);
165 }
166 
cleanup_chown_group(void)167 static void cleanup_chown_group(void)
168 {
169 	write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 1);
170 	write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 1);
171 }
172 
setup_ioctl_group(void)173 static void setup_ioctl_group(void)
174 {
175 	write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 0);
176 	write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 0);
177 }
178 
cleanup_ioctl_group(void)179 static void cleanup_ioctl_group(void)
180 {
181 	write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 1);
182 	write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 1);
183 }
184 
setup_open_group(void)185 static void setup_open_group(void)
186 {
187 	write_exception_policy("path_group READABLE /etc/\\*", 0);
188 	write_exception_policy("number_group READABLE_IDS 0-0xFFF", 0);
189 }
190 
cleanup_open_group(void)191 static void cleanup_open_group(void)
192 {
193 	cleanup_file_open();
194 	write_exception_policy("path_group READABLE /etc/\\*", 1);
195 	write_exception_policy("number_group READABLE_IDS 0-0xFFF", 1);
196 }
197 
test_file_open_0(void)198 static void test_file_open_0(void)
199 {
200 	result = open("/tmp/testfile0", O_RDONLY, 0600);
201 }
202 
test_file_open_1(void)203 static void test_file_open_1(void)
204 {
205 	result = open("/tmp/testfile1", O_CREAT | O_RDONLY, 0600);
206 }
207 
test_file_open_2(void)208 static void test_file_open_2(void)
209 {
210 	result = open("/tmp/testfile2", O_TRUNC | O_RDONLY, 0600);
211 }
212 
test_file_open_3(void)213 static void test_file_open_3(void)
214 {
215 	result = open("/tmp/testfile3", O_TRUNC | O_CREAT | O_RDONLY, 0600);
216 }
217 
test_file_open_4(void)218 static void test_file_open_4(void)
219 {
220 	result = open("/tmp/testfile4", O_APPEND | O_RDONLY, 0600);
221 }
222 
test_file_open_5(void)223 static void test_file_open_5(void)
224 {
225 	result = open("/tmp/testfile5", O_APPEND | O_CREAT | O_RDONLY, 0600);
226 }
227 
test_file_open_6(void)228 static void test_file_open_6(void)
229 {
230 	result = open("/tmp/testfile6", O_APPEND | O_TRUNC | O_RDONLY, 0600);
231 }
232 
test_file_open_7(void)233 static void test_file_open_7(void)
234 {
235 	result = open("/tmp/testfile7",
236 		      O_APPEND | O_TRUNC | O_CREAT | O_RDONLY, 0600);
237 }
238 
test_file_open_8(void)239 static void test_file_open_8(void)
240 {
241 	result = open("/tmp/testfile8", O_WRONLY, 0600);
242 }
243 
test_file_open_9(void)244 static void test_file_open_9(void)
245 {
246 	result = open("/tmp/testfile9", O_CREAT | O_WRONLY, 0600);
247 }
248 
test_file_open_10(void)249 static void test_file_open_10(void)
250 {
251 	result = open("/tmp/testfile10", O_TRUNC | O_WRONLY, 0600);
252 }
253 
test_file_open_11(void)254 static void test_file_open_11(void)
255 {
256 	result = open("/tmp/testfile11", O_TRUNC | O_CREAT | O_WRONLY, 0600);
257 }
258 
test_file_open_12(void)259 static void test_file_open_12(void)
260 {
261 	result = open("/tmp/testfile12", O_APPEND | O_WRONLY, 0600);
262 }
263 
test_file_open_13(void)264 static void test_file_open_13(void)
265 {
266 	result = open("/tmp/testfile13", O_APPEND | O_CREAT | O_WRONLY, 0600);
267 }
268 
test_file_open_14(void)269 static void test_file_open_14(void)
270 {
271 	result = open("/tmp/testfile14", O_APPEND | O_TRUNC | O_WRONLY, 0600);
272 }
273 
test_file_open_15(void)274 static void test_file_open_15(void)
275 {
276 	result = open("/tmp/testfile15",
277 		      O_APPEND | O_TRUNC | O_CREAT | O_WRONLY, 0600);
278 }
279 
test_file_open_16(void)280 static void test_file_open_16(void)
281 {
282 	result = open("/tmp/testfile16", O_RDWR, 0600);
283 }
284 
test_file_open_17(void)285 static void test_file_open_17(void)
286 {
287 	result = open("/tmp/testfile17", O_CREAT | O_RDWR, 0600);
288 }
289 
test_file_open_18(void)290 static void test_file_open_18(void)
291 {
292 	result = open("/tmp/testfile18", O_TRUNC | O_RDWR, 0600);
293 }
294 
test_file_open_19(void)295 static void test_file_open_19(void)
296 {
297 	result = open("/tmp/testfile19", O_TRUNC | O_CREAT | O_RDWR, 0600);
298 }
299 
test_file_open_20(void)300 static void test_file_open_20(void)
301 {
302 	result = open("/tmp/testfile20", O_APPEND | O_RDWR, 0600);
303 }
304 
test_file_open_21(void)305 static void test_file_open_21(void)
306 {
307 	result = open("/tmp/testfile21", O_APPEND | O_CREAT | O_RDWR, 0600);
308 }
309 
test_file_open_22(void)310 static void test_file_open_22(void)
311 {
312 	result = open("/tmp/testfile22", O_APPEND | O_TRUNC | O_RDWR, 0600);
313 }
314 
test_file_open_23(void)315 static void test_file_open_23(void)
316 {
317 	result = open("/tmp/testfile23", O_APPEND | O_TRUNC | O_CREAT | O_RDWR,
318 		      0600);
319 }
320 
setup_test_file(void)321 static void setup_test_file(void)
322 {
323 	int i;
324 	char buffer[32];
325 	buffer[31] = '\0';
326 	for (i = 0; i < 24; i += 2) {
327 		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
328 		close(open(buffer, O_WRONLY | O_CREAT, 0600));
329 	}
330 	write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
331 }
332 
setup_test_file_truncate(void)333 static void setup_test_file_truncate(void)
334 {
335 	setup_test_file();
336 	write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
337 	set_profile(3, "file::truncate");
338 }
339 
setup_all_test_file(void)340 static void setup_all_test_file(void)
341 {
342 	int i;
343 	char buffer[32];
344 	buffer[31] = '\0';
345 	for (i = 0; i < 24; i++) {
346 		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
347 		close(open(buffer, O_WRONLY | O_CREAT, 0600));
348 	}
349 	write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
350 }
351 
setup_all_test_file_truncate(void)352 static void setup_all_test_file_truncate(void)
353 {
354 	setup_all_test_file();
355 	write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
356 	set_profile(3, "file::truncate");
357 }
358 
cleanup_test_file(void)359 static void cleanup_test_file(void)
360 {
361 	int i;
362 	char buffer[32];
363 	buffer[31] = '\0';
364 	for (i = 0; i < 24; i++) {
365 		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
366 		unlink(buffer);
367 	}
368 	write_exception_policy("deny_rewrite /tmp/testfile\\$", 1);
369 	cleanup_file_open();
370 }
371 
cleanup_test_file_truncate(void)372 static void cleanup_test_file_truncate(void)
373 {
374 	cleanup_test_file();
375 	write_domain_policy("allow_truncate /tmp/testfile\\$", 1);
376 	set_profile(0, "file::truncate");
377 }
378 
379 static struct test_struct {
380 	void (*do_setup) (void);
381 	void (*do_test) (void);
382 	void (*do_cleanup) (void);
383 	const char *name;
384 	const char *policy;
385 } tests[] = {
386 	{
387 	NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
388 		    "allow_read /etc/fstab"}, {
389 	NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
390 		    "allow_read /etc/fstab"}, {
391 	NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
392 		    "allow_read /etc/fstab"}, {
393 	setup_open_group, test_read_etc_fstab, cleanup_open_group,
394 		    "file::open", "allow_read @READABLE"}, {
395 	NULL, test_write_dev_null, cleanup_file_open, "file::open",
396 		    "allow_write /dev/null"}, {
397 	NULL, test_write_dev_null, cleanup_file_open, "file::open",
398 		    "allow_write /dev/null"}, {
399 	NULL, test_write_dev_null, cleanup_file_open, "file::open",
400 		    "allow_write /dev/null"}, {
401 	cleanup_mkdir_testdir, test_mkdir_testdir,
402 		    cleanup_mkdir_testdir, "file::mkdir",
403 		    "allow_mkdir /tmp/testdir/ 0755"}, {
404 	cleanup_mkdir_testdir, test_mkdir_testdir,
405 		    cleanup_mkdir_testdir, "file::mkdir",
406 		    "allow_mkdir /tmp/testdir/ 0755"}, {
407 	cleanup_mkdir_testdir, test_mkdir_testdir,
408 		    cleanup_mkdir_testdir, "file::mkdir",
409 		    "allow_mkdir /tmp/testdir/ 0755"}, {
410 	setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
411 		    "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
412 	setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
413 		    "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
414 	setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
415 		    "file::rmdir", "allow_rmdir /tmp/testdir/"}, {
416 	setup_execute_bin_true, test_execute_bin_true,
417 		    cleanup_execute_bin_true, "file::execute",
418 		    "allow_execute /bin/true"}, {
419 	setup_execute_bin_true, test_execute_bin_true,
420 		    cleanup_execute_bin_true, "file::execute",
421 		    "allow_execute /bin/true"}, {
422 	setup_execute_bin_true, test_execute_bin_true,
423 		    cleanup_execute_bin_true, "file::execute",
424 		    "allow_execute /bin/true"}, {
425 	NULL, test_chmod_dev_null, NULL, "file::chmod",
426 		    "allow_chmod /dev/null 0666"}, {
427 	NULL, test_chown_dev_null, NULL, "file::chown",
428 		    "allow_chown /dev/null 0"}, {
429 	NULL, test_chgrp_dev_null, NULL, "file::chgrp",
430 		    "allow_chgrp /dev/null 0"}, {
431 	NULL, test_ioctl_dev_null, NULL, "file::ioctl",
432 		    "allow_ioctl /dev/null 0x5451"}, {
433 	setup_chmod_group, test_chmod_dev_null, cleanup_chmod_group,
434 		    "file::chmod", "allow_chmod @CHMOD_TARGET @CHMOD_MODES"}, {
435 	setup_chown_group, test_chown_dev_null, cleanup_chown_group,
436 		    "file::chown", "allow_chown @CHOWN_TARGET @CHOWN_IDS"}, {
437 	setup_chown_group, test_chgrp_dev_null, cleanup_chown_group,
438 		    "file::chgrp", "allow_chgrp @CHOWN_TARGET @CHOWN_IDS"}, {
439 	setup_ioctl_group, test_ioctl_dev_null, cleanup_ioctl_group,
440 		    "file::ioctl", "allow_ioctl @IOCTL_TARGET @IOCTL_NUMBERS"},
441 	{
442 	setup_test_file, test_file_open_0, cleanup_test_file,
443 		    "file::open", "allow_read /tmp/testfile0"}, {
444 	setup_test_file, test_file_open_1, cleanup_test_file,
445 		    "file::open", "allow_read /tmp/testfile1"}, {
446 	setup_test_file, test_file_open_1, cleanup_test_file,
447 		    "file::create", "allow_create /tmp/testfile1 0600"}, {
448 	setup_test_file, test_file_open_2, cleanup_test_file,
449 		    "file::open", "allow_read /tmp/testfile2"}, {
450 	setup_test_file, test_file_open_2, cleanup_test_file,
451 		    "file::truncate", "allow_truncate /tmp/testfile2"}, {
452 	setup_test_file_truncate, test_file_open_2,
453 		    cleanup_test_file_truncate, "file::rewrite",
454 		    "allow_rewrite /tmp/testfile2"}, {
455 	setup_test_file, test_file_open_3, cleanup_test_file,
456 		    "file::open", "allow_read /tmp/testfile3"}, {
457 	setup_test_file, test_file_open_3, cleanup_test_file,
458 		    "file::create", "allow_create /tmp/testfile3 0600"}, {
459 	setup_test_file, test_file_open_4, cleanup_test_file,
460 		    "file::open", "allow_read /tmp/testfile4"}, {
461 	setup_test_file, test_file_open_5, cleanup_test_file,
462 		    "file::open", "allow_read /tmp/testfile5"}, {
463 	setup_test_file, test_file_open_5, cleanup_test_file,
464 		    "file::create", "allow_create /tmp/testfile5 0600"}, {
465 	setup_test_file, test_file_open_6, cleanup_test_file,
466 		    "file::open", "allow_read /tmp/testfile6"}, {
467 	setup_test_file, test_file_open_6, cleanup_test_file,
468 		    "file::truncate", "allow_truncate /tmp/testfile6"}, {
469 	setup_test_file_truncate, test_file_open_6,
470 		    cleanup_test_file_truncate, "file::rewrite",
471 		    "allow_rewrite /tmp/testfile6"}, {
472 	setup_test_file, test_file_open_7, cleanup_test_file,
473 		    "file::open", "allow_read /tmp/testfile7"}, {
474 	setup_test_file, test_file_open_7, cleanup_test_file,
475 		    "file::create", "allow_create /tmp/testfile7 0600"}, {
476 	setup_test_file, test_file_open_8, cleanup_test_file,
477 		    "file::open", "allow_write /tmp/testfile8"}, {
478 	setup_test_file, test_file_open_8, cleanup_test_file,
479 		    "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
480 	setup_test_file, test_file_open_9, cleanup_test_file,
481 		    "file::open", "allow_write /tmp/testfile9"}, {
482 	setup_test_file, test_file_open_9, cleanup_test_file,
483 		    "file::create", "allow_create /tmp/testfile9 0600"}, {
484 	setup_test_file, test_file_open_9, cleanup_test_file,
485 		    "file::rewrite", "allow_rewrite /tmp/testfile9"}, {
486 	setup_test_file, test_file_open_10, cleanup_test_file,
487 		    "file::open", "allow_write /tmp/testfile10"}, {
488 	setup_test_file, test_file_open_10, cleanup_test_file,
489 		    "file::truncate", "allow_truncate /tmp/testfile10"}, {
490 	setup_test_file, test_file_open_10, cleanup_test_file,
491 		    "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
492 	setup_test_file, test_file_open_11, cleanup_test_file,
493 		    "file::open", "allow_write /tmp/testfile11"}, {
494 	setup_test_file, test_file_open_11, cleanup_test_file,
495 		    "file::create", "allow_create /tmp/testfile11 0600"}, {
496 	setup_test_file, test_file_open_11, cleanup_test_file,
497 		    "file::rewrite", "allow_rewrite /tmp/testfile11"}, {
498 	setup_test_file, test_file_open_12, cleanup_test_file,
499 		    "file::open", "allow_write /tmp/testfile12"}, {
500 	setup_test_file, test_file_open_13, cleanup_test_file,
501 		    "file::open", "allow_write /tmp/testfile13"}, {
502 	setup_test_file, test_file_open_13, cleanup_test_file,
503 		    "file::create", "allow_create /tmp/testfile13 0600"}, {
504 	setup_test_file, test_file_open_14, cleanup_test_file,
505 		    "file::open", "allow_write /tmp/testfile14"}, {
506 	setup_test_file, test_file_open_14, cleanup_test_file,
507 		    "file::truncate", "allow_truncate /tmp/testfile14"}, {
508 	setup_test_file_truncate, test_file_open_14,
509 		    cleanup_test_file_truncate, "file::rewrite",
510 		    "allow_rewrite /tmp/testfile14"}, {
511 	setup_test_file, test_file_open_15, cleanup_test_file,
512 		    "file::open", "allow_write /tmp/testfile15"}, {
513 	setup_test_file, test_file_open_15, cleanup_test_file,
514 		    "file::create", "allow_create /tmp/testfile15 0600"}, {
515 	setup_test_file, test_file_open_16, cleanup_test_file,
516 		    "file::open", "allow_read/write /tmp/testfile16"}, {
517 	setup_test_file, test_file_open_16, cleanup_test_file,
518 		    "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
519 	setup_test_file, test_file_open_17, cleanup_test_file,
520 		    "file::open", "allow_read/write /tmp/testfile17"}, {
521 	setup_test_file, test_file_open_17, cleanup_test_file,
522 		    "file::create", "allow_create /tmp/testfile17 0600"}, {
523 	setup_test_file, test_file_open_17, cleanup_test_file,
524 		    "file::rewrite", "allow_rewrite /tmp/testfile17"}, {
525 	setup_test_file, test_file_open_18, cleanup_test_file,
526 		    "file::open", "allow_read/write /tmp/testfile18"}, {
527 	setup_test_file, test_file_open_18, cleanup_test_file,
528 		    "file::truncate", "allow_truncate /tmp/testfile18"}, {
529 	setup_test_file, test_file_open_18, cleanup_test_file,
530 		    "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
531 	setup_test_file, test_file_open_19, cleanup_test_file,
532 		    "file::open", "allow_read/write /tmp/testfile19"}, {
533 	setup_test_file, test_file_open_19, cleanup_test_file,
534 		    "file::create", "allow_create /tmp/testfile19 0600"}, {
535 	setup_test_file, test_file_open_19, cleanup_test_file,
536 		    "file::rewrite", "allow_rewrite /tmp/testfile19"}, {
537 	setup_test_file, test_file_open_20, cleanup_test_file,
538 		    "file::open", "allow_read/write /tmp/testfile20"}, {
539 	setup_test_file, test_file_open_21, cleanup_test_file,
540 		    "file::open", "allow_read/write /tmp/testfile21"}, {
541 	setup_test_file, test_file_open_21, cleanup_test_file,
542 		    "file::create", "allow_create /tmp/testfile21 0600"}, {
543 	setup_test_file, test_file_open_22, cleanup_test_file,
544 		    "file::open", "allow_read/write /tmp/testfile22"}, {
545 	setup_test_file, test_file_open_22, cleanup_test_file,
546 		    "file::truncate", "allow_truncate /tmp/testfile22"}, {
547 	setup_test_file_truncate, test_file_open_22,
548 		    cleanup_test_file_truncate, "file::rewrite",
549 		    "allow_rewrite /tmp/testfile22"}, {
550 	setup_test_file, test_file_open_23, cleanup_test_file,
551 		    "file::open", "allow_read/write /tmp/testfile23"}, {
552 	setup_test_file, test_file_open_23, cleanup_test_file,
553 		    "file::create", "allow_create /tmp/testfile23 0600"}, {
554 	setup_all_test_file, test_file_open_0, cleanup_test_file,
555 		    "file::open", "allow_read /tmp/testfile0"}, {
556 	setup_all_test_file, test_file_open_2, cleanup_test_file,
557 		    "file::open", "allow_read /tmp/testfile2"}, {
558 	setup_all_test_file, test_file_open_2, cleanup_test_file,
559 		    "file::truncate", "allow_truncate /tmp/testfile2"}, {
560 	setup_all_test_file_truncate, test_file_open_2,
561 		    cleanup_test_file_truncate, "file::rewrite",
562 		    "allow_rewrite /tmp/testfile2"}, {
563 	setup_all_test_file, test_file_open_4, cleanup_test_file,
564 		    "file::open", "allow_read /tmp/testfile4"}, {
565 	setup_all_test_file, test_file_open_6, cleanup_test_file,
566 		    "file::open", "allow_read /tmp/testfile6"}, {
567 	setup_all_test_file, test_file_open_6, cleanup_test_file,
568 		    "file::truncate", "allow_truncate /tmp/testfile6"}, {
569 	setup_all_test_file_truncate, test_file_open_6,
570 		    cleanup_test_file_truncate, "file::rewrite",
571 		    "allow_rewrite /tmp/testfile6"}, {
572 	setup_all_test_file, test_file_open_8, cleanup_test_file,
573 		    "file::open", "allow_write /tmp/testfile8"}, {
574 	setup_all_test_file, test_file_open_8, cleanup_test_file,
575 		    "file::rewrite", "allow_rewrite /tmp/testfile8"}, {
576 	setup_all_test_file, test_file_open_10, cleanup_test_file,
577 		    "file::open", "allow_write /tmp/testfile10"}, {
578 	setup_all_test_file, test_file_open_10, cleanup_test_file,
579 		    "file::truncate", "allow_truncate /tmp/testfile10"}, {
580 	setup_all_test_file, test_file_open_10, cleanup_test_file,
581 		    "file::rewrite", "allow_rewrite /tmp/testfile10"}, {
582 	setup_all_test_file, test_file_open_12, cleanup_test_file,
583 		    "file::open", "allow_write /tmp/testfile12"}, {
584 	setup_all_test_file, test_file_open_14, cleanup_test_file,
585 		    "file::open", "allow_write /tmp/testfile14"}, {
586 	setup_all_test_file, test_file_open_14, cleanup_test_file,
587 		    "file::truncate", "allow_truncate /tmp/testfile14"}, {
588 	setup_all_test_file_truncate, test_file_open_14,
589 		    cleanup_test_file_truncate, "file::rewrite",
590 		    "allow_rewrite /tmp/testfile14"}, {
591 	setup_all_test_file, test_file_open_16, cleanup_test_file,
592 		    "file::open", "allow_read/write /tmp/testfile16"}, {
593 	setup_all_test_file, test_file_open_16, cleanup_test_file,
594 		    "file::rewrite", "allow_rewrite /tmp/testfile16"}, {
595 	setup_all_test_file, test_file_open_18, cleanup_test_file,
596 		    "file::open", "allow_read/write /tmp/testfile18"}, {
597 	setup_all_test_file, test_file_open_18, cleanup_test_file,
598 		    "file::truncate", "allow_truncate /tmp/testfile18"}, {
599 	setup_all_test_file, test_file_open_18, cleanup_test_file,
600 		    "file::rewrite", "allow_rewrite /tmp/testfile18"}, {
601 	setup_all_test_file, test_file_open_20, cleanup_test_file,
602 		    "file::open", "allow_read/write /tmp/testfile20"}, {
603 	setup_all_test_file, test_file_open_22, cleanup_test_file,
604 		    "file::open", "allow_read/write /tmp/testfile22"}, {
605 	setup_all_test_file, test_file_open_22, cleanup_test_file,
606 		    "file::truncate", "allow_truncate /tmp/testfile22"}, {
607 	setup_all_test_file_truncate, test_file_open_22,
608 		    cleanup_test_file_truncate, "file::rewrite",
609 		    "allow_rewrite /tmp/testfile22"}, {
610 	NULL}
611 };
612 
main(void)613 int main(void)
614 {
615 	int i;
616 	tomoyo_test_init();
617 	for (i = 0; tests[i].do_test; i++) {
618 		int trial;
619 		for (trial = 0; trial < 2; trial++) {
620 			int should_fail;
621 			for (should_fail = 0; should_fail < 2; should_fail++) {
622 				if (tests[i].do_setup)
623 					tests[i].do_setup();
624 				if (!should_fail)
625 					write_domain_policy(tests[i].policy, 0);
626 				set_profile(3, tests[i].name);
627 				tests[i].do_test();
628 				show_result(tests[i].policy, !should_fail);
629 				set_profile(0, tests[i].name);
630 				if (tests[i].do_cleanup)
631 					tests[i].do_cleanup();
632 				if (!should_fail)
633 					write_domain_policy(tests[i].policy, 1);
634 			}
635 		}
636 	}
637 	for (i = 0; tests[i].do_test; i++) {
638 		int mode;
639 		for (mode = 0; mode < 4; mode++) {
640 			if (tests[i].do_setup)
641 				tests[i].do_setup();
642 			set_profile(mode, tests[i].name);
643 			tests[i].do_test();
644 			show_result(tests[i].name, 1);
645 			set_profile(0, tests[i].name);
646 			if (tests[i].do_cleanup)
647 				tests[i].do_cleanup();
648 		}
649 	}
650 	fprintf(domain_fp, "delete %s\n", self_domain);
651 	return 0;
652 }
653