1f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/******************************************************************************/ 2f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* This program is free software; you can redistribute it and/or modify */ 3f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* it under the terms of the GNU General Public License as published by */ 4f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* the Free Software Foundation; either version 2 of the License, or */ 5f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* (at your option) any later version. */ 6f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* */ 7f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* This program is distributed in the hope that it will be useful, */ 8f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ 9f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */ 10f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* the GNU General Public License for more details. */ 11f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* */ 12f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* You should have received a copy of the GNU General Public License */ 13f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* along with this program; if not, write to the Free Software */ 144548c6cf9bcdd96d8303caa4130ab638b61f8a30Wanlong Gao/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ 15f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* */ 16f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/******************************************************************************/ 17f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak/* 18f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak * tomoyo_accept_test.c 19f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak * 20f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak * Testing program for security/tomoyo/ 21f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak * 22f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak * Copyright (C) 2005-2010 NTT DATA CORPORATION 23f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak */ 24f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak#include "include.h" 25f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak 26f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modakstatic void set_level(const int i) 27f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak{ 28f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::execute"); 29f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::open"); 30f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::create"); 31f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::unlink"); 32f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mkdir"); 33f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::rmdir"); 34f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mkfifo"); 35f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mksock"); 36f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::truncate"); 37f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::symlink"); 38f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::rewrite"); 39f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mkblock"); 40f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mkchar"); 41f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::link"); 42f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::rename"); 43f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::chmod"); 44f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::chown"); 45f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::chgrp"); 46f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::ioctl"); 47f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::chroot"); 48f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::mount"); 49f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::umount"); 50f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(i, "file::pivot_root"); 51f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak} 52f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak 53f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modakstatic void test(int rw_loop, int truncate_loop, int append_loop, 54f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int create_loop) 55f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak{ 56f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR }; 57354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao static const int create_flags[3] = { 0, O_CREAT /* nonexistent */ , 58354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao O_CREAT /* existent */ 59354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao }; 60f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak static const int truncate_flags[2] = { 0, O_TRUNC }; 61f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak static const int append_flags[2] = { 0, O_APPEND }; 62f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int level; 63f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int flags; 64f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int i; 65f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int fd; 66f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak static char buffer[1024]; 67f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak memset(buffer, 0, sizeof(buffer)); 68f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d", 69f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak append_loop, truncate_loop, create_loop, rw_loop); 70f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(exception_fp, "deny_rewrite %s\n", buffer); 71f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] | 72354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao append_flags[append_loop] | create_flags[create_loop]; 73f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (i = 1; i < 8; i++) 74f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(domain_fp, "delete %d %s\n", i, buffer); 75f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (level = 0; level < 4; level++) { 76f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_level(0); 77f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak if (create_loop == 1) 78f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak unlink(buffer); 79f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak else 80f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak close(open(buffer, O_CREAT, 0644)); 81f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_level(level); 82f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fd = open(buffer, flags, 0644); 83f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak if (fd != EOF) 84f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak close(fd); 85f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak else 86f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(stderr, "%d: open(%04o) failed\n", level, 87f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak flags); 88f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak /* 89354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao fd = open(buffer, flags, 0644) 90354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao if (fd != EOF) 91354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao close(fd); 92354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao else 93354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao fprintf(stderr, "%d: open(%04o) failed\n", level, flags); 94354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao */ 95f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak /* 96354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao fd = open(buffer, flags, 0644); 97354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao if (fd != EOF) 98354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao close(fd); 99354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao else 100354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao fprintf(stderr, "%d: open(%04o) failed\n", level, flags); 101354ebb48db8e66a853a58379a4808d5dcd1ceac3Wanlong Gao */ 102f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 103f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (i = 1; i < 8; i++) 104f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(domain_fp, "delete %d %s\n", i, buffer); 105f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(domain_fp, "delete allow_truncate %s\n", buffer); 106f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(domain_fp, "delete allow_create %s 0644\n", buffer); 107f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(domain_fp, "delete allow_rewrite %s\n", buffer); 108f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fd = open(buffer, flags, 0644); 109f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak if (fd != EOF) { 110f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak close(fd); 111f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags); 112f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 113f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak} 114f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak 115f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modakint main(int argc, char *argv[]) 116f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak{ 117f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak tomoyo_test_init(); 118f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n"); 119f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n"); 120f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n"); 121f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n"); 122f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak set_profile(0, "file"); 123f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n"); 124f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak { 125f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int append_loop; 126f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (append_loop = 0; append_loop < 2; append_loop++) { 127f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int truncate_loop; 128f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (truncate_loop = 0; truncate_loop < 2; 129f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak truncate_loop++) { 130f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int create_loop; 131f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (create_loop = 0; create_loop < 3; 132f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak create_loop++) { 133f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak int rw_loop; 134f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak for (rw_loop = 0; rw_loop < 4; 135f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak rw_loop++) 136f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak test(rw_loop, truncate_loop, 137f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak append_loop, create_loop); 138f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 139f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 140f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 141f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak } 142f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak fprintf(profile_fp, "255-CONFIG::file=disabled\n"); 143f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak printf("Done\n"); 144f2e36d93c856782c4292ad0c21729c35776c1e31Subrata Modak clear_status(); 1457cdc42df6e8581783ea74f1403fc9398165c80e2Garrett Cooper return 0; 146ec6edca7aa42b6affd989ef91b5897f96795e40fChris Dearman} 147