1 /******************************************************************************/
2 /* */
3 /* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009 */
4 /* */
5 /* This program is free software; you can redistribute it and/or modify */
6 /* it under the terms of the GNU General Public License as published by */
7 /* the Free Software Foundation; either version 2 of the License, or */
8 /* (at your option) any later version. */
9 /* */
10 /* This program is distributed in the hope that it will be useful, */
11 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
12 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
13 /* the GNU General Public License for more details. */
14 /* */
15 /* You should have received a copy of the GNU General Public License */
16 /* along with this program; if not, write to the Free Software */
17 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
18 /* */
19 /******************************************************************************/
20 /*
21 * include.h
22 *
23 * Common functions for testing TOMOYO Linux's kernel.
24 *
25 * Copyright (C) 2005-2010 NTT DATA CORPORATION
26 */
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <linux/kdev_t.h>
30 #include <linux/unistd.h>
31 #include <pty.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <sys/socket.h>
36 #include <sys/stat.h>
37 #include <sys/syscall.h>
38 #include <sys/time.h>
39 #include <sys/timex.h>
40 #include <sys/types.h>
41 #include <sys/un.h>
42 #include <sys/wait.h>
43 #include <time.h>
44 #include <unistd.h>
45 #include <utime.h>
46 #include <sched.h>
47 #include <stdarg.h>
48 #include <sys/mount.h>
49 #include <arpa/inet.h>
50 #include <net/if.h>
51 #include <linux/ip.h>
52 #include <err.h>
53 #include "test.h"
54
55 /*
56 * Some architectures like mips n32 don't have __NR_uselib defined in the
57 * system headers.
58 */
59 #ifdef __NR_uselib
uselib(const char * library)60 static inline int uselib(const char *library)
61 {
62 return syscall(__NR_uselib, library);
63 }
64 #else
uselib(const char * library)65 static inline int uselib(const char *library)
66 {
67 errno = ENOSYS;
68 return -1;
69 }
70 #endif
71
72 /* Is there an architecture without __NR_pivot_root defined? */
73 #ifdef __NR_pivot_root
pivot_root(const char * new_root,const char * put_old)74 static inline int pivot_root(const char *new_root, const char *put_old)
75 {
76 return syscall(__NR_pivot_root, new_root, put_old);
77 }
78 #else
pivot_root(const char * new_root,const char * put_old)79 static inline int pivot_root(const char *new_root, const char *put_old)
80 {
81 errno = ENOSYS;
82 return -1;
83 }
84 #endif
85
86 /* The sysctl() wrapper is dead and newer arches omit it now. */
write_sysctl(const char * path,const char * value)87 static inline int write_sysctl(const char *path, const char *value)
88 {
89 FILE *fp = fopen(path, "w");
90 if (!fp)
91 return 1;
92 fputs(value, fp);
93 fclose(fp);
94 return 0;
95 }
96
read_sysctl(const char * path,char * value,int len)97 static inline int read_sysctl(const char *path, char *value, int len)
98 {
99 char scratch[100];
100 FILE *fp = fopen(path, "r");
101 if (!fp)
102 return 1;
103 if (!value) {
104 value = scratch;
105 len = sizeof(scratch);
106 }
107 if (fgets(value, len, fp))
108 /* ignore */;
109 fclose(fp);
110 return 0;
111 }
112
113 /* Should be a fairly benign path to bang on. */
114 #define TEST_SYSCTL_PATH "/proc/sys/net/ipv4/ip_local_port_range"
115
116 #define proc_policy_dir "/sys/kernel/security/tomoyo/"
117 #define proc_policy_domain_policy "/sys/kernel/security/tomoyo/domain_policy"
118 #define proc_policy_exception_policy "/sys/kernel/security/tomoyo/exception_policy"
119 #define proc_policy_profile "/sys/kernel/security/tomoyo/profile"
120 #define proc_policy_manager "/sys/kernel/security/tomoyo/manager"
121 #define proc_policy_query "/sys/kernel/security/tomoyo/query"
122 #define proc_policy_grant_log "/sys/kernel/security/tomoyo/grant_log"
123 #define proc_policy_reject_log "/sys/kernel/security/tomoyo/reject_log"
124 #define proc_policy_domain_status "/sys/kernel/security/tomoyo/.domain_status"
125 #define proc_policy_process_status "/sys/kernel/security/tomoyo/.process_status"
126 #define proc_policy_self_domain "/sys/kernel/security/tomoyo/self_domain"
127
128 static FILE *profile_fp = NULL;
129 static FILE *domain_fp = NULL;
130 static FILE *exception_fp = NULL;
131 static char self_domain[4096] = "";
132 static pid_t pid = 0;
133
clear_status(void)134 static void clear_status(void)
135 {
136 static const char *keywords[] = {
137 "file::execute",
138 "file::open",
139 "file::create",
140 "file::unlink",
141 "file::mkdir",
142 "file::rmdir",
143 "file::mkfifo",
144 "file::mksock",
145 "file::truncate",
146 "file::symlink",
147 "file::rewrite",
148 "file::mkblock",
149 "file::mkchar",
150 "file::link",
151 "file::rename",
152 "file::chmod",
153 "file::chown",
154 "file::chgrp",
155 "file::ioctl",
156 "file::chroot",
157 "file::mount",
158 "file::umount",
159 "file::pivot_root",
160 NULL
161 };
162 int i;
163 FILE *fp = fopen(proc_policy_profile, "r");
164 static char buffer[4096];
165 if (!fp) {
166 fprintf(stderr, "Can't open %s\n", proc_policy_profile);
167 exit(1);
168 }
169 for (i = 0; keywords[i]; i++)
170 fprintf(profile_fp,
171 "255-CONFIG::%s={ mode=disabled }\n",
172 keywords[i]);
173 while (memset(buffer, 0, sizeof(buffer)),
174 fgets(buffer, sizeof(buffer) - 10, fp)) {
175 const char *mode;
176 char *cp = strchr(buffer, '=');
177 if (!cp)
178 continue;
179 *cp = '\0';
180 mode = cp + 1;
181 cp = strchr(buffer, '-');
182 if (!cp)
183 continue;
184 *cp++ = '\0';
185 if (strcmp(buffer, "0"))
186 continue;
187 fprintf(profile_fp, "255-%s", cp);
188 if (!strcmp(cp, "COMMENT"))
189 mode = "Profile for kernel test\n";
190 else
191 mode = "{ mode=disabled verbose=no }\n";
192 fprintf(profile_fp, "255-%s=%s", cp, mode);
193 }
194 fprintf(profile_fp, "255-PREFERENCE::learning= verbose=no\n");
195 fprintf(profile_fp, "255-PREFERENCE::enforcing= verbose=no\n");
196 fprintf(profile_fp, "255-PREFERENCE::permissive= verbose=no\n");
197 fprintf(profile_fp, "255-PREFERENCE::disabled= verbose=no\n");
198 fprintf(profile_fp, "255-PREFERENCE::learning= max_entry=2048\n");
199 fflush(profile_fp);
200 fclose(fp);
201 }
202
tomoyo_test_init(void)203 static void tomoyo_test_init(void)
204 {
205 pid = getpid();
206 if (access(proc_policy_dir, F_OK)) {
207 fprintf(stderr, "You can't use this program for this kernel."
208 "\n");
209 exit(1);
210 }
211 profile_fp = fopen(proc_policy_profile, "w");
212 if (!profile_fp) {
213 fprintf(stderr, "Can't open %s .\n", proc_policy_profile);
214 exit(1);
215 }
216 setlinebuf(profile_fp);
217 domain_fp = fopen(proc_policy_domain_policy, "w");
218 if (!domain_fp) {
219 fprintf(stderr, "Can't open %s .\n",
220 proc_policy_domain_policy);
221 exit(1);
222 }
223 setlinebuf(domain_fp);
224 exception_fp = fopen(proc_policy_exception_policy, "w");
225 if (!exception_fp) {
226 fprintf(stderr, "Can't open %s .\n",
227 proc_policy_exception_policy);
228 exit(1);
229 }
230 setlinebuf(exception_fp);
231 if (fputc('\n', profile_fp) != '\n' || fflush(profile_fp)) {
232 fprintf(stderr, "You need to register this program to %s to "
233 "run this program.\n", proc_policy_manager);
234 exit(1);
235 }
236 clear_status();
237 {
238 FILE *fp = fopen(proc_policy_self_domain, "r");
239 memset(self_domain, 0, sizeof(self_domain));
240 if (!fp || !fgets(self_domain, sizeof(self_domain) - 1, fp) ||
241 fclose(fp)) {
242 fprintf(stderr, "Can't open %s .\n",
243 proc_policy_self_domain);
244 exit(1);
245 }
246 }
247 fprintf(domain_fp, "select pid=%u\n", pid);
248 fprintf(domain_fp, "use_profile 255\n");
249 fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/domain_policy\n");
250 fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/domain_policy\n");
251 fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/exception_policy\n");
252 fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/exception_policy\n");
253 fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/profile\n");
254 fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/profile\n");
255 }
256
257 static void BUG(const char *fmt, ...)
258 __attribute__ ((format(printf, 1, 2)));
259
BUG(const char * fmt,...)260 static void BUG(const char *fmt, ...)
261 {
262 va_list args;
263 printf("BUG: ");
264 va_start(args, fmt);
265 vprintf(fmt, args);
266 va_end(args);
267 putchar('\n');
268 fflush(stdout);
269 while (1)
270 sleep(100);
271 }
272
write_domain_policy(const char * policy,int is_delete)273 int write_domain_policy(const char *policy, int is_delete)
274 {
275 FILE *fp = fopen(proc_policy_domain_policy, "r");
276 char buffer[8192];
277 int domain_found = 0;
278 int policy_found = 0;
279 memset(buffer, 0, sizeof(buffer));
280 if (!fp) {
281 BUG("Can't read %s", proc_policy_domain_policy);
282 return 0;
283 }
284 if (is_delete)
285 fprintf(domain_fp, "delete ");
286 fprintf(domain_fp, "%s\n", policy);
287 while (fgets(buffer, sizeof(buffer) - 1, fp)) {
288 char *cp = strchr(buffer, '\n');
289 if (cp)
290 *cp = '\0';
291 if (!strncmp(buffer, "<kernel>", 8))
292 domain_found = !strcmp(self_domain, buffer);
293 if (!domain_found)
294 continue;
295 /* printf("<%s>\n", buffer); */
296 if (strcmp(buffer, policy))
297 continue;
298 policy_found = 1;
299 break;
300 }
301 fclose(fp);
302 if (policy_found == is_delete) {
303 BUG("Can't %s %s", is_delete ? "delete" : "append",
304 policy);
305 return 0;
306 }
307 errno = 0;
308 return 1;
309
310 }
311
write_exception_policy(const char * policy,int is_delete)312 int write_exception_policy(const char *policy, int is_delete)
313 {
314 FILE *fp = fopen(proc_policy_exception_policy, "r");
315 char buffer[8192];
316 int policy_found = 0;
317 memset(buffer, 0, sizeof(buffer));
318 if (!fp) {
319 BUG("Can't read %s", proc_policy_exception_policy);
320 return 0;
321 }
322 if (is_delete)
323 fprintf(exception_fp, "delete ");
324 fprintf(exception_fp, "%s\n", policy);
325 while (fgets(buffer, sizeof(buffer) - 1, fp)) {
326 char *cp = strchr(buffer, '\n');
327 if (cp)
328 *cp = '\0';
329 if (strcmp(buffer, policy))
330 continue;
331 policy_found = 1;
332 break;
333 }
334 fclose(fp);
335 if (policy_found == is_delete) {
336 BUG("Can't %s %s", is_delete ? "delete" : "append",
337 policy);
338 return 0;
339 }
340 errno = 0;
341 return 1;
342
343 }
344
set_profile(const int mode,const char * name)345 int set_profile(const int mode, const char *name)
346 {
347 static const char *modes[4] = { "disabled", "learning", "permissive",
348 "enforcing" };
349 FILE *fp = fopen(proc_policy_profile, "r");
350 char buffer[8192];
351 int policy_found = 0;
352 const int len = strlen(name);
353 if (!fp) {
354 BUG("Can't read %s", proc_policy_profile);
355 return 0;
356 }
357 fprintf(profile_fp, "255-CONFIG::%s=%s\n", name, modes[mode]);
358 while (memset(buffer, 0, sizeof(buffer)),
359 fgets(buffer, sizeof(buffer) - 1, fp)) {
360 char *cp = strchr(buffer, '\n');
361 if (cp)
362 *cp = '\0';
363 if (strncmp(buffer, "255-CONFIG::", 12) ||
364 strncmp(buffer + 12, name, len) ||
365 buffer[12 + len] != '=')
366 continue;
367 if (strstr(buffer + 13 + len, modes[mode]))
368 policy_found = 1;
369 break;
370 }
371 fclose(fp);
372 if (!policy_found) {
373 BUG("Can't change profile to 255-CONFIG::%s=%s",
374 name, modes[mode]);
375 return 0;
376 }
377 errno = 0;
378 return 1;
379 }
380