1 /******************************************************************************/
2 /* This program is free software; you can redistribute it and/or modify */
3 /* it under the terms of the GNU General Public License as published by */
4 /* the Free Software Foundation; either version 2 of the License, or */
5 /* (at your option) any later version. */
6 /* */
7 /* This program is distributed in the hope that it will be useful, */
8 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
10 /* the GNU General Public License for more details. */
11 /* */
12 /* You should have received a copy of the GNU General Public License */
13 /* along with this program; if not, write to the Free Software */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
15 /* */
16 /******************************************************************************/
17 /*
18 * tomoyo_new_file_test.c
19 *
20 * Testing program for security/tomoyo/
21 *
22 * Copyright (C) 2005-2010 NTT DATA CORPORATION
23 */
24 #include "include.h"
25
26 static const char *policy = "";
27
show_result(int result,char should_success)28 static void show_result(int result, char should_success)
29 {
30 int error = errno;
31 printf("%s : ", policy);
32 if (should_success) {
33 if (result != EOF)
34 printf("OK\n");
35 else
36 printf("FAILED: %s\n", strerror(error));
37 } else {
38 if (result == EOF) {
39 if (error == EPERM)
40 printf("OK: Permission denied.\n");
41 else
42 printf("FAILED: %s\n", strerror(error));
43 } else {
44 printf("BUG: didn't fail.\n");
45 }
46 }
47 }
48
create2(const char * pathname)49 static void create2(const char *pathname)
50 {
51 set_profile(0, "file::create");
52 set_profile(0, "file::open");
53 close(creat(pathname, 0600));
54 set_profile(3, "file::create");
55 set_profile(3, "file::open");
56 errno = 0;
57 }
58
mkdir2(const char * pathname)59 static void mkdir2(const char *pathname)
60 {
61 set_profile(0, "file::mkdir");
62 mkdir(pathname, 0600);
63 set_profile(3, "file::mkdir");
64 errno = 0;
65 }
66
unlink2(const char * pathname)67 static void unlink2(const char *pathname)
68 {
69 set_profile(0, "file::unlink");
70 unlink(pathname);
71 set_profile(3, "file::unlink");
72 errno = 0;
73 }
74
rmdir2(const char * pathname)75 static void rmdir2(const char *pathname)
76 {
77 set_profile(0, "file::rmdir");
78 rmdir(pathname);
79 set_profile(3, "file::rmdir");
80 errno = 0;
81 }
82
mkfifo2(const char * pathname)83 static void mkfifo2(const char *pathname)
84 {
85 set_profile(0, "file::mkfifo");
86 mkfifo(pathname, 0600);
87 set_profile(3, "file::mkfifo");
88 errno = 0;
89 }
90
stage_file_test(void)91 static void stage_file_test(void)
92 {
93 const char buffer[] = "32768 61000";
94 int pipe_fd[2] = { EOF, EOF };
95 int error = 0;
96 int fd;
97 char pbuffer[1024];
98 struct stat sbuf;
99 struct sockaddr_un addr;
100 struct ifreq ifreq;
101 char *filename = "";
102 set_profile(3, "file::execute");
103 set_profile(3, "file::open");
104 set_profile(3, "file::create");
105 set_profile(3, "file::unlink");
106 set_profile(3, "file::mkdir");
107 set_profile(3, "file::rmdir");
108 set_profile(3, "file::mkfifo");
109 set_profile(3, "file::mksock");
110 set_profile(3, "file::truncate");
111 set_profile(3, "file::symlink");
112 set_profile(3, "file::rewrite");
113 set_profile(3, "file::mkblock");
114 set_profile(3, "file::mkchar");
115 set_profile(3, "file::link");
116 set_profile(3, "file::rename");
117 set_profile(3, "file::chmod");
118 set_profile(3, "file::chown");
119 set_profile(3, "file::chgrp");
120 set_profile(3, "file::ioctl");
121 set_profile(3, "file::chroot");
122 set_profile(3, "file::mount");
123 set_profile(3, "file::umount");
124 set_profile(3, "file::pivot_root");
125
126 policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
127 write_domain_policy(policy, 0);
128 show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 1);
129 write_domain_policy(policy, 1);
130 show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0), 0);
131
132 policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
133 write_domain_policy(policy, 0);
134 show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
135 write_domain_policy(policy, 1);
136 show_result(write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
137
138 policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
139 write_domain_policy(policy, 0);
140 show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
141 write_sysctl(TEST_SYSCTL_PATH, buffer), 1);
142 write_domain_policy(policy, 1);
143 show_result(read_sysctl(TEST_SYSCTL_PATH, NULL, 0) &&
144 write_sysctl(TEST_SYSCTL_PATH, buffer), 0);
145
146 policy = "allow_read /bin/true";
147 write_domain_policy(policy, 0);
148 show_result(uselib("/bin/true"), 1);
149 write_domain_policy(policy, 1);
150 show_result(uselib("/bin/true"), 0);
151
152 policy = "allow_execute /bin/true";
153 write_domain_policy(policy, 0);
154 fflush(stdout);
155 fflush(stderr);
156 if (pipe(pipe_fd) == -1)
157 err(1, "pipe");
158 if (fork() == 0) {
159 execl("/bin/true", "/bin/true", NULL);
160 if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
161 err(1, "write");
162 exit(0);
163 }
164 close(pipe_fd[1]);
165 (void)read(pipe_fd[0], &error, sizeof(error));
166 close(pipe_fd[0]);
167 wait(NULL);
168 errno = error;
169 show_result(error ? EOF : 0, 1);
170 write_domain_policy(policy, 1);
171 fflush(stdout);
172 fflush(stderr);
173 if (pipe(pipe_fd) == -1)
174 err(1, "pipe");
175 if (fork() == 0) {
176 execl("/bin/true", "/bin/true", NULL);
177 if (write(pipe_fd[1], &errno, sizeof(errno)) == -1)
178 err(1, "write");
179 _exit(0);
180 }
181 close(pipe_fd[1]);
182 (void)read(pipe_fd[0], &error, sizeof(error));
183 close(pipe_fd[0]);
184 wait(NULL);
185 errno = error;
186 show_result(errno ? EOF : 0, 0);
187
188 policy = "allow_read /dev/null";
189 write_domain_policy(policy, 0);
190 fd = open("/dev/null", O_RDONLY);
191 show_result(fd, 1);
192 if (fd != EOF)
193 close(fd);
194 write_domain_policy(policy, 1);
195 fd = open("/dev/null", O_RDONLY);
196 show_result(fd, 0);
197 if (fd != EOF)
198 close(fd);
199
200 policy = "allow_read /dev/null";
201 write_domain_policy(policy, 0);
202 fd = open("/dev/null", O_RDONLY);
203 show_result(fd, 1);
204 if (fd != EOF)
205 close(fd);
206 write_domain_policy(policy, 1);
207 fd = open("/dev/null", O_RDONLY);
208 show_result(fd, 0);
209 if (fd != EOF)
210 close(fd);
211
212 policy = "allow_read /dev/null";
213 write_domain_policy(policy, 0);
214 fd = open("/dev/null", O_RDONLY);
215 show_result(fd, 1);
216 if (fd != EOF)
217 close(fd);
218 write_domain_policy(policy, 1);
219 fd = open("/dev/null", O_RDONLY);
220 show_result(fd, 0);
221 if (fd != EOF)
222 close(fd);
223
224 policy = "allow_read /dev/null";
225 write_domain_policy(policy, 0);
226 fd = open("/dev/null", O_RDONLY);
227 show_result(fd, 1);
228 if (fd != EOF)
229 close(fd);
230 write_domain_policy(policy, 1);
231 fd = open("/dev/null", O_RDONLY);
232 show_result(fd, 0);
233 if (fd != EOF)
234 close(fd);
235
236 set_profile(3, "file::mkfifo");
237 policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
238 write_domain_policy(policy, 0);
239 filename = "/tmp/mknod_fifo_test";
240 show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
241 write_domain_policy(policy, 1);
242 unlink2(filename);
243 show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
244
245 memset(pbuffer, 0, sizeof(pbuffer));
246 memset(&sbuf, 0, sizeof(sbuf));
247 filename = "/dev/null";
248 stat(filename, &sbuf);
249 snprintf(pbuffer, sizeof(pbuffer) - 1, "allow_write %s", filename);
250 policy = pbuffer;
251 write_domain_policy(policy, 0);
252 fd = open(filename, O_WRONLY);
253 show_result(fd, 1);
254 if (fd != EOF)
255 close(fd);
256 write_domain_policy(policy, 1);
257 fd = open(filename, O_WRONLY);
258 show_result(fd, 0);
259 if (fd != EOF)
260 close(fd);
261
262 policy = "allow_read/write /tmp/fifo";
263 mkfifo2("/tmp/fifo");
264 write_domain_policy(policy, 0);
265 fd = open("/tmp/fifo", O_RDWR);
266 show_result(fd, 1);
267 if (fd != EOF)
268 close(fd);
269 write_domain_policy(policy, 1);
270 fd = open("/tmp/fifo", O_RDWR);
271 show_result(fd, 0);
272 if (fd != EOF)
273 close(fd);
274
275 policy = "allow_read /dev/null";
276 write_domain_policy(policy, 0);
277 fd = open("/dev/null", O_RDONLY);
278 show_result(fd, 1);
279 if (fd != EOF)
280 close(fd);
281 write_domain_policy(policy, 1);
282 fd = open("/dev/null", O_RDONLY);
283 show_result(fd, 0);
284 if (fd != EOF)
285 close(fd);
286
287 policy = "allow_write /dev/null";
288 write_domain_policy(policy, 0);
289 fd = open("/dev/null", O_WRONLY);
290 show_result(fd, 1);
291 if (fd != EOF)
292 close(fd);
293 write_domain_policy(policy, 1);
294 fd = open("/dev/null", O_WRONLY);
295 show_result(fd, 0);
296 if (fd != EOF)
297 close(fd);
298
299 policy = "allow_read/write /dev/null";
300 write_domain_policy(policy, 0);
301 fd = open("/dev/null", O_RDWR);
302 show_result(fd, 1);
303 if (fd != EOF)
304 close(fd);
305 write_domain_policy(policy, 1);
306 fd = open("/dev/null", O_RDWR);
307 show_result(fd, 0);
308 if (fd != EOF)
309 close(fd);
310
311 policy = "allow_create /tmp/open_test 0644";
312 write_domain_policy(policy, 0);
313 policy = "allow_write /tmp/open_test";
314 write_domain_policy(policy, 0);
315 fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
316 show_result(fd, 1);
317 if (fd != EOF)
318 close(fd);
319 unlink2("/tmp/open_test");
320 write_domain_policy(policy, 1);
321 fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
322 show_result(fd, 0);
323 if (fd != EOF)
324 close(fd);
325 unlink2("/tmp/open_test");
326
327 policy = "allow_create /tmp/open_test 0644";
328 write_domain_policy(policy, 1);
329
330 policy = "allow_write /tmp/open_test";
331 write_domain_policy(policy, 0);
332 policy = "allow_create /tmp/open_test 0644";
333 write_domain_policy(policy, 0);
334 fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
335 show_result(fd, 1);
336 if (fd != EOF)
337 close(fd);
338 unlink2("/tmp/open_test");
339 write_domain_policy(policy, 1);
340 fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
341 show_result(fd, 0);
342 if (fd != EOF)
343 close(fd);
344 unlink2("/tmp/open_test");
345 policy = "allow_write /tmp/open_test";
346 write_domain_policy(policy, 1);
347
348 filename = "/tmp/truncate_test";
349 create2(filename);
350
351 policy = "allow_truncate /tmp/truncate_test";
352 write_domain_policy(policy, 0);
353 policy = "allow_write /tmp/truncate_test";
354 write_domain_policy(policy, 0);
355 fd = open(filename, O_WRONLY | O_TRUNC);
356 show_result(fd, 1);
357 if (fd != EOF)
358 close(fd);
359 write_domain_policy(policy, 1);
360 fd = open(filename, O_WRONLY | O_TRUNC);
361 show_result(fd, 0);
362 if (fd != EOF)
363 close(fd);
364 policy = "allow_truncate /tmp/truncate_test";
365 write_domain_policy(policy, 1);
366
367 policy = "allow_write /tmp/truncate_test";
368 write_domain_policy(policy, 0);
369 policy = "allow_truncate /tmp/truncate_test";
370 write_domain_policy(policy, 0);
371 fd = open(filename, O_WRONLY | O_TRUNC);
372 show_result(fd, 1);
373 if (fd != EOF)
374 close(fd);
375 write_domain_policy(policy, 1);
376 fd = open(filename, O_WRONLY | O_TRUNC);
377 show_result(fd, 0);
378 if (fd != EOF)
379 close(fd);
380 policy = "allow_write /tmp/truncate_test";
381 write_domain_policy(policy, 1);
382
383 policy = "allow_truncate /tmp/truncate_test";
384 write_domain_policy(policy, 0);
385 show_result(truncate(filename, 0), 1);
386 write_domain_policy(policy, 1);
387 show_result(truncate(filename, 0), 0);
388
389 policy = "allow_truncate /tmp/truncate_test";
390 write_domain_policy(policy, 0);
391 set_profile(0, "file::open");
392 fd = open(filename, O_WRONLY);
393 set_profile(3, "file::open");
394 show_result(ftruncate(fd, 0), 1);
395 write_domain_policy(policy, 1);
396 show_result(ftruncate(fd, 0), 0);
397 if (fd != EOF)
398 close(fd);
399
400 unlink2(filename);
401
402 policy = "allow_create /tmp/mknod_reg_test 0644";
403 write_domain_policy(policy, 0);
404 filename = "/tmp/mknod_reg_test";
405 show_result(mknod(filename, S_IFREG | 0644, 0), 1);
406 write_domain_policy(policy, 1);
407 unlink2(filename);
408 show_result(mknod(filename, S_IFREG | 0644, 0), 0);
409
410 policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
411 write_domain_policy(policy, 0);
412 filename = "/tmp/mknod_chr_test";
413 show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
414 write_domain_policy(policy, 1);
415 unlink2(filename);
416 show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
417
418 policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
419 write_domain_policy(policy, 0);
420 filename = "/tmp/mknod_blk_test";
421 show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
422 write_domain_policy(policy, 1);
423 unlink2(filename);
424 show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
425
426 policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
427 write_domain_policy(policy, 0);
428 filename = "/tmp/mknod_fifo_test";
429 show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
430 write_domain_policy(policy, 1);
431 unlink2(filename);
432 show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
433
434 policy = "allow_mksock /tmp/mknod_sock_test 0644";
435 write_domain_policy(policy, 0);
436 filename = "/tmp/mknod_sock_test";
437 show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
438 write_domain_policy(policy, 1);
439 unlink2(filename);
440 show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
441
442 policy = "allow_mkdir /tmp/mkdir_test/ 0600";
443 write_domain_policy(policy, 0);
444 filename = "/tmp/mkdir_test";
445 show_result(mkdir(filename, 0600), 1);
446 write_domain_policy(policy, 1);
447 rmdir2(filename);
448 show_result(mkdir(filename, 0600), 0);
449
450 policy = "allow_rmdir /tmp/rmdir_test/";
451 write_domain_policy(policy, 0);
452 filename = "/tmp/rmdir_test";
453 mkdir2(filename);
454 show_result(rmdir(filename), 1);
455 write_domain_policy(policy, 1);
456 mkdir2(filename);
457 show_result(rmdir(filename), 0);
458 rmdir2(filename);
459
460 policy = "allow_unlink /tmp/unlink_test";
461 write_domain_policy(policy, 0);
462 filename = "/tmp/unlink_test";
463 create2(filename);
464 show_result(unlink(filename), 1);
465 write_domain_policy(policy, 1);
466 create2(filename);
467 show_result(unlink(filename), 0);
468 unlink2(filename);
469
470 policy = "allow_symlink /tmp/symlink_source_test";
471 write_domain_policy(policy, 0);
472 filename = "/tmp/symlink_source_test";
473 show_result(symlink("/tmp/symlink_dest_test", filename), 1);
474 write_domain_policy(policy, 1);
475 unlink2(filename);
476 show_result(symlink("/tmp/symlink_dest_test", filename), 0);
477
478 policy = "allow_symlink /tmp/symlink_source_test";
479 write_domain_policy(policy, 0);
480 filename = "/tmp/symlink_source_test";
481 show_result(symlink("/tmp/symlink_dest_test", filename), 1);
482 write_domain_policy(policy, 1);
483 unlink2(filename);
484 show_result(symlink("/tmp/symlink_dest_test", filename), 0);
485
486 policy = "allow_symlink /tmp/symlink_source_test";
487 write_domain_policy(policy, 0);
488 filename = "/tmp/symlink_source_test";
489 show_result(symlink("/tmp/symlink_dest_test", filename), 1);
490 write_domain_policy(policy, 1);
491 unlink2(filename);
492 show_result(symlink("/tmp/symlink_dest_test", filename), 0);
493
494 policy = "allow_symlink /tmp/symlink_source_test";
495 write_domain_policy(policy, 0);
496 filename = "/tmp/symlink_source_test";
497 show_result(symlink("/tmp/symlink_dest_test", filename), 1);
498 write_domain_policy(policy, 1);
499 unlink2(filename);
500 show_result(symlink("/tmp/symlink_dest_test", filename), 0);
501
502 policy = "allow_symlink /tmp/symlink_source_test";
503 write_domain_policy(policy, 0);
504 filename = "/tmp/symlink_source_test";
505 show_result(symlink("/tmp/symlink_dest_test", filename), 1);
506 write_domain_policy(policy, 1);
507 unlink2(filename);
508 show_result(symlink("/tmp/symlink_dest_test", filename), 0);
509
510 policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
511 write_domain_policy(policy, 0);
512 filename = "/tmp/link_source_test";
513 create2(filename);
514 show_result(link(filename, "/tmp/link_dest_test"), 1);
515 write_domain_policy(policy, 1);
516 unlink2("/tmp/link_dest_test");
517 show_result(link(filename, "/tmp/link_dest_test"), 0);
518 unlink2(filename);
519
520 policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
521 write_domain_policy(policy, 0);
522 filename = "/tmp/rename_source_test";
523 create2(filename);
524 show_result(rename(filename, "/tmp/rename_dest_test"), 1);
525 write_domain_policy(policy, 1);
526 unlink2("/tmp/rename_dest_test");
527 create2(filename);
528 show_result(rename(filename, "/tmp/rename_dest_test"), 0);
529 unlink2(filename);
530
531 policy = "allow_mksock /tmp/socket_test 0755";
532 write_domain_policy(policy, 0);
533 filename = "/tmp/socket_test";
534 memset(&addr, 0, sizeof(addr));
535 addr.sun_family = AF_UNIX;
536 strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
537 fd = socket(AF_UNIX, SOCK_STREAM, 0);
538 show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 1);
539 if (fd != EOF)
540 close(fd);
541 write_domain_policy(policy, 1);
542 unlink2(filename);
543 fd = socket(AF_UNIX, SOCK_STREAM, 0);
544 show_result(bind(fd, (struct sockaddr *)&addr, sizeof(addr)), 0);
545 if (fd != EOF)
546 close(fd);
547
548 filename = "/tmp/rewrite_test";
549 create2(filename);
550 policy = "allow_read/write /tmp/rewrite_test";
551 write_domain_policy(policy, 0);
552 write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
553 policy = "allow_truncate /tmp/rewrite_test";
554 write_domain_policy(policy, 0);
555
556 fd = open(filename, O_RDONLY);
557 show_result(fd, 1);
558 if (fd != EOF)
559 close(fd);
560
561 fd = open(filename, O_WRONLY | O_APPEND);
562 show_result(fd, 1);
563 if (fd != EOF)
564 close(fd);
565
566 fd = open(filename, O_WRONLY);
567 show_result(fd, 0);
568 if (fd != EOF)
569 close(fd);
570
571 fd = open(filename, O_WRONLY | O_TRUNC);
572 show_result(fd, 0);
573 if (fd != EOF)
574 close(fd);
575
576 fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
577 show_result(fd, 0);
578 if (fd != EOF)
579 close(fd);
580
581 show_result(truncate(filename, 0), 0);
582
583 set_profile(0, "file::open");
584 fd = open(filename, O_WRONLY | O_APPEND);
585 set_profile(3, "file::open");
586 show_result(ftruncate(fd, 0), 0);
587
588 show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0);
589 if (fd != EOF)
590 close(fd);
591
592 write_domain_policy(policy, 1);
593
594 policy = "allow_read/write /tmp/rewrite_test";
595 write_domain_policy(policy, 1);
596 write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
597
598 unlink2(filename);
599
600 policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
601 "35122-35124";
602 write_domain_policy(policy, 0);
603 fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
604 memset(&ifreq, 0, sizeof(ifreq));
605 snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1, "lo");
606 show_result(ioctl(fd, 35123, &ifreq), 1);
607 write_domain_policy(policy, 1);
608 policy = "allow_ioctl " "socket:[family=2:type=2:protocol=17] 0-35122";
609 write_domain_policy(policy, 0);
610 show_result(ioctl(fd, 35123, &ifreq), 0);
611 write_domain_policy(policy, 1);
612 if (fd != EOF)
613 close(fd);
614 }
615
main(int argc,char * argv[])616 int main(int argc, char *argv[])
617 {
618 tomoyo_test_init();
619 fprintf(domain_fp, "%s /bin/true\n", self_domain);
620 fprintf(domain_fp, "use_profile 255\n");
621 fprintf(domain_fp, "select pid=%u\n", pid);
622 fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
623 stage_file_test();
624 fprintf(domain_fp, "use_profile 0\n");
625 clear_status();
626 return 0;
627 }
628