1 /******************************************************************************/
2 /* This program is free software;  you can redistribute it and/or modify      */
3 /* it under the terms of the GNU General Public License as published by       */
4 /* the Free Software Foundation; either version 2 of the License, or          */
5 /* (at your option) any later version.                                        */
6 /*                                                                            */
7 /* This program is distributed in the hope that it will be useful,            */
8 /* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
10 /* the GNU General Public License for more details.                           */
11 /*                                                                            */
12 /* You should have received a copy of the GNU General Public License          */
13 /* along with this program;  if not, write to the Free Software               */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    */
15 /*                                                                            */
16 /******************************************************************************/
17 /*
18  * tomoyo_filesystem_test.c
19  *
20  * Testing program for security/tomoyo/
21  *
22  * Copyright (C) 2005-2010  NTT DATA CORPORATION
23  */
24 #define _GNU_SOURCE
25 #include "include.h"
26 
show_prompt(const char * str,const int should_fail)27 static void show_prompt(const char *str, const int should_fail)
28 {
29 	printf("Testing %60s: (%s) ", str,
30 	       should_fail ? "must fail" : "should success");
31 	errno = 0;
32 }
33 
34 #ifndef MS_MOVE
35 #define MS_MOVE         8192
36 #endif
37 
38 static const char *pivot_root_dir = "/sys/kernel/security/";
39 
child(void * arg)40 static int child(void *arg)
41 {
42 	errno = 0;
43 	pivot_root(pivot_root_dir, proc_policy_dir);
44 	return errno;
45 }
46 
mount2(const char * source,const char * target,const char * filesystemtype)47 static void mount2(const char *source, const char *target,
48 		   const char *filesystemtype)
49 {
50 	if (mount(source, target, filesystemtype, 0, NULL)) {
51 		printf("BUG: mount() failed\n");
52 		fflush(stdout);
53 	}
54 }
55 
56 static const unsigned char compressed_ext2_image_sample[1350] = {
57 	0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
58 	0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
59 	0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
60 	0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
61 	0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
62 	0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
63 	0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
64 	0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
65 	0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
66 	0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
67 	0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
68 	0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
69 	0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
70 	0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
71 	0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
72 	0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
73 	0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
74 	0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
75 	0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
76 	0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
77 	0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
78 	0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
79 	0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
80 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
81 	0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
82 	0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
83 	0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
84 	0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
85 	0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
86 	0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
87 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
92 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
100 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
102 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
103 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
111 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
120 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
122 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
124 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
125 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
126 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
127 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
128 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
129 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
130 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
131 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
132 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
133 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
134 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
136 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
137 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
138 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
139 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
140 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
141 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
151 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
152 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
153 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
154 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
155 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
156 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
157 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
158 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
159 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
161 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
162 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
163 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
164 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
165 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
166 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
167 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
168 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
169 	0x14, 0x08, 0x00, 0x00, 0x10, 0x00
170 };
171 
main(int argc,char * argv[])172 int main(int argc, char *argv[])
173 {
174 	char c = 0;
175 	tomoyo_test_init();
176 
177 	/* Test mount(). */
178 	{
179 		set_profile(3, "file::mount");
180 		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
181 		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
182 		    errno == EPERM)
183 			printf("OK: Permission denied.\n");
184 		else if (errno == ENODEV)
185 			printf("OK: No such device.\n");
186 		else
187 			printf("BUG: %s\n", strerror(errno));
188 		set_profile(1, "file::mount");
189 		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
190 		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
191 		    errno == ENOMEM)
192 			printf("OK: Out of memory.\n");
193 		else if (errno == ENODEV)
194 			printf("OK: No such device.\n");
195 		else
196 			printf("BUG: %s\n", strerror(errno));
197 		set_profile(3, "file::mount");
198 		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
199 		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
200 		    errno == ENOMEM)
201 			printf("OK: Out of memory.\n");
202 		else if (errno == ENODEV)
203 			printf("OK: No such device.\n");
204 		else
205 			printf("BUG: %s\n", strerror(errno));
206 		fprintf(domain_fp, "delete allow_mount dev\\011name / "
207 			"fs\\011name 0\n");
208 		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
209 		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
210 		    errno == EPERM)
211 			printf("OK: Permission denied.\n");
212 		else if (errno == ENODEV)
213 			printf("OK: No such device.\n");
214 		else
215 			printf("BUG: %s\n", strerror(errno));
216 		set_profile(1, "file::mount");
217 		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
218 		if (mount(NULL, "/", "tmpfs", 0, NULL))
219 			printf("BUG: %s\n", strerror(errno));
220 		else
221 			printf("OK: Success\n");
222 		set_profile(3, "file::mount");
223 		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
224 		if (mount(NULL, "/", "tmpfs", 0, NULL))
225 			printf("BUG: %s\n", strerror(errno));
226 		else
227 			printf("OK: Success\n");
228 		show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
229 		if (mount("anydev", "/", "tmpfs", 0, NULL))
230 			printf("BUG: %s\n", strerror(errno));
231 		else
232 			printf("OK: Success\n");
233 		fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
234 		fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
235 		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
236 		if (mount(NULL, "/", "tmpfs", 0, NULL))
237 			printf("BUG: %s\n", strerror(errno));
238 		else
239 			printf("OK: Success\n");
240 		fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
241 		set_profile(2, "file::mount");
242 		show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
243 		if (mount(NULL, NULL, "tmpfs", 0, NULL))
244 			printf("OK: %s\n", strerror(errno));
245 		else
246 			printf("BUG: Did not fail.\n");
247 		show_prompt("mount(NULL, NULL, NULL) ", 1);
248 		if (mount(NULL, NULL, NULL, 0, NULL))
249 			printf("OK: %s\n", strerror(errno));
250 		else
251 			printf("BUG: Did not fail.\n");
252 		show_prompt("mount('/', NULL, NULL) ", 1);
253 		if (mount("/", NULL, NULL, 0, NULL))
254 			printf("OK: %s\n", strerror(errno));
255 		else
256 			printf("BUG: Did not fail.\n");
257 		show_prompt("mount('/', NULL, 'tmpfs') ", 1);
258 		if (mount("/", NULL, "tmpfs", 0, NULL))
259 			printf("OK: %s\n", strerror(errno));
260 		else
261 			printf("BUG: Did not fail.\n");
262 		show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
263 		if (mount("/", "/", "nonexistentfs", 0, NULL))
264 			printf("OK: %s\n", strerror(errno));
265 		else
266 			printf("BUG: Did not fail.\n");
267 		set_profile(0, "file::mount");
268 	}
269 
270 	mkdir("/tmp/mount/", 0755);
271 	mkdir("/tmp/mount_bind/", 0755);
272 	mkdir("/tmp/mount_move/", 0755);
273 
274 	/* Test mount(). */
275 	{
276 		static char buf[4096];
277 		char *dev_ram_path = realpath("/dev/ram0", NULL);
278 		if (!dev_ram_path)
279 			dev_ram_path = realpath("/dev/ram", NULL);
280 		if (!dev_ram_path) {
281 			dev_ram_path = "/dev/ram0";
282 			mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
283 		}
284 		memset(buf, 0, sizeof(buf));
285 		{
286 			struct stat sbuf;
287 			FILE *fp = NULL;
288 			snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
289 				 dev_ram_path);
290 			if (lstat(dev_ram_path, &sbuf) == 0 &&
291 			    S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
292 				fp = popen(buf, "w");
293 			if (fp) {
294 				if (fwrite(compressed_ext2_image_sample, 1,
295 					   sizeof(compressed_ext2_image_sample),
296 					   fp) !=
297 				    sizeof(compressed_ext2_image_sample))
298 					err(1, "fwrite");
299 				pclose(fp);
300 			} else
301 				fprintf(stderr, "Can't write to %s .\n",
302 					dev_ram_path);
303 		}
304 		set_profile(3, "file::mount");
305 
306 		/* Test standard case */
307 		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
308 			    "'/tmp/mount/'", 1);
309 		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
310 		    errno == EPERM)
311 			printf("OK: Permission denied.\n");
312 		else
313 			printf("BUG: %s\n", strerror(errno));
314 
315 		/* Test device_name with pattern */
316 		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
317 			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
318 		show_prompt(buf, 1);
319 		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
320 		    == EOF && errno == EPERM)
321 			printf("OK: Permission denied.\n");
322 		else
323 			printf("BUG: %s\n", strerror(errno));
324 
325 		/* Test dir_name with pattern */
326 		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
327 			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
328 		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
329 		    errno == EPERM)
330 			printf("OK: Permission denied.\n");
331 		else
332 			printf("BUG: %s\n", strerror(errno));
333 
334 		/* Test standard case */
335 		fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
336 		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
337 			    "'/tmp/mount/'", 0);
338 		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
339 			printf("OK\n");
340 		else
341 			printf("FAILED: %s\n", strerror(errno));
342 		fprintf(domain_fp,
343 			"delete allow_mount none /tmp/mount/ tmpfs 0\n");
344 
345 		/* Test device_name with pattern */
346 		fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
347 			dev_ram_path);
348 		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
349 			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
350 		show_prompt(buf, 0);
351 		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
352 		    == 0)
353 			printf("OK\n");
354 		else
355 			printf("FAILED: %s\n", strerror(errno));
356 		fprintf(domain_fp, "delete allow_mount %s\\* "
357 			"/tmp/mount/ ext2 1\n", dev_ram_path);
358 
359 		/* Test dir_name with pattern */
360 		fprintf(domain_fp,
361 			"allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
362 		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
363 			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
364 		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
365 			printf("OK\n");
366 		else
367 			printf("FAILED: %s\n", strerror(errno));
368 		fprintf(domain_fp, "delete allow_mount none "
369 			"/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
370 
371 		set_profile(0, "file::mount");
372 		while (umount("/tmp/mount/") == 0)
373 			c++;	/* Dummy. */
374 	}
375 
376 	/* Test mount(). */
377 	{
378 		mount2("none", "/tmp/mount/", "tmpfs");
379 		set_profile(3, "file::mount");
380 
381 		/* Test remount case */
382 		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
383 		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
384 		    == EOF && errno == EPERM)
385 			printf("OK: Permission denied.\n");
386 		else
387 			printf("BUG: %s\n", strerror(errno));
388 		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
389 		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
390 		    && errno == EPERM)
391 			printf("OK: Permission denied.\n");
392 		else
393 			printf("BUG: %s\n", strerror(errno));
394 		fprintf(domain_fp, "allow_mount something /tmp/mount/ "
395 			"--remount 0\n");
396 		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
397 		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
398 			printf("BUG: %s\n", strerror(errno));
399 		else
400 			printf("OK: Success.\n");
401 		fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
402 			"--remount 0\n");
403 
404 		/* Test bind case */
405 		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
406 			    "MS_BIND)", 1);
407 		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
408 			  NULL) == EOF && errno == EPERM)
409 			printf("OK: Permission denied.\n");
410 		else
411 			printf("BUG: %s\n", strerror(errno));
412 
413 		/* Test move case */
414 		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
415 			    "MS_MOVE)", 1);
416 		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
417 			  NULL) == EOF && errno == EPERM)
418 			printf("OK: Permission denied.\n");
419 		else
420 			printf("BUG: %s\n", strerror(errno));
421 
422 		/* Test remount case */
423 		fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n");
424 		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
425 		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
426 		    == 0)
427 			printf("OK\n");
428 		else
429 			printf("FAILED: %s\n", strerror(errno));
430 		fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
431 			"--remount 0\n");
432 
433 		/* Test bind case */
434 		fprintf(domain_fp,
435 			"allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
436 		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
437 			    0);
438 		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
439 			  NULL) == 0)
440 			printf("OK\n");
441 		else
442 			printf("FAILED: %s\n", strerror(errno));
443 		set_profile(0, "file::mount");
444 		umount("/tmp/mount_bind/");
445 		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
446 			"/tmp/mount_bind/ --bind 0\n");
447 
448 		/* Test move case */
449 		set_profile(3, "file::mount");
450 		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
451 		fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
452 			"--move 0\n");
453 		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
454 			    "MS_MOVE)", 0);
455 		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
456 			  NULL) == 0)
457 			printf("OK\n");
458 		else
459 			printf("FAILED: %s\n", strerror(errno));
460 		set_profile(0, "file::mount");
461 		umount("/tmp/mount_move/");
462 		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
463 		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
464 			"/tmp/mount_move/ --move 0\n");
465 
466 		while (umount("/tmp/mount/") == 0)
467 			c++;	/* Dummy. */
468 	}
469 
470 	/* Test umount(). */
471 	{
472 		/* Test standard case */
473 		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
474 
475 		set_profile(0, "file::umount");
476 		mount2("none", "/tmp/mount/", "tmpfs");
477 		set_profile(3, "file::umount");
478 		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
479 		if (umount("/tmp/mount/") == 0)
480 			printf("OK\n");
481 		else
482 			printf("BUG: %s\n", strerror(errno));
483 		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
484 
485 		set_profile(0, "file::umount");
486 
487 		mount2("none", "/tmp/mount/", "tmpfs");
488 		set_profile(3, "file::umount");
489 		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
490 		if (umount("/tmp/mount/") == EOF && errno == EPERM)
491 			printf("OK: Permission denied.\n");
492 		else
493 			printf("FAILED: %s\n", strerror(errno));
494 
495 		/* Test pattern */
496 		fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
497 		set_profile(0, "file::umount");
498 		mount2("none", "/tmp/mount/", "tmpfs");
499 		set_profile(3, "file::umount");
500 		show_prompt("umount('/tmp/mount/') for "
501 			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
502 		if (umount("/tmp/mount/") == 0)
503 			printf("OK\n");
504 		else
505 			printf("BUG: %s\n", strerror(errno));
506 		fprintf(domain_fp,
507 			"delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
508 
509 		set_profile(0, "file::umount");
510 		while (umount("/tmp/mount/") == 0)
511 			c++;	/* Dummy. */
512 	}
513 
514 	/* Test chroot(). */
515 	{
516 		set_profile(3, "file::chroot");
517 
518 		/* Test standard case */
519 		fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
520 		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
521 		fflush(stdout);
522 		if (fork() == 0) {
523 			if (chroot("/tmp/mount/") == 0)
524 				printf("OK\n");
525 			else
526 				printf("FAILED: %s\n", strerror(errno));
527 			fflush(stdout);
528 			_exit(0);
529 		}
530 		wait(NULL);
531 		fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
532 
533 		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
534 		fflush(stdout);
535 		if (fork() == 0) {
536 			if (chroot("/tmp/mount/") == EOF && errno == EPERM)
537 				printf("OK: Permission denied.\n");
538 			else
539 				printf("BUG: %s\n", strerror(errno));
540 			fflush(stdout);
541 			_exit(0);
542 		}
543 		wait(NULL);
544 
545 		/* Test pattern */
546 		fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
547 		show_prompt("chroot('/tmp/mount/') for "
548 			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
549 		fflush(stdout);
550 		if (fork() == 0) {
551 			if (chroot("/tmp/mount/") == 0)
552 				printf("OK\n");
553 			else
554 				printf("FAILED: %s\n", strerror(errno));
555 			fflush(stdout);
556 			_exit(0);
557 		}
558 		wait(NULL);
559 		fprintf(domain_fp,
560 			"delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
561 
562 		set_profile(0, "file::chroot");
563 	}
564 
565 	/* Test pivot_root(). */
566 	{
567 		int error;
568 		static char stack[8192];
569 		set_profile(3, "file::pivot_root");
570 		fprintf(domain_fp, "allow_pivot_root %s %s\n",
571 			pivot_root_dir, proc_policy_dir);
572 		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
573 			 proc_policy_dir);
574 		show_prompt(stack, 0);
575 		{
576 			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
577 							  NULL);
578 			while (waitpid(pid, &error, __WALL) == EOF &&
579 			       errno == EINTR)
580 				c++;	/* Dummy. */
581 		}
582 		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
583 		if (errno == 0)
584 			printf("OK\n");
585 		else
586 			printf("FAILED: %s\n", strerror(errno));
587 
588 		fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
589 			pivot_root_dir, proc_policy_dir);
590 		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
591 			 proc_policy_dir);
592 		show_prompt(stack, 1);
593 		{
594 			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
595 							  NULL);
596 			while (waitpid(pid, &error, __WALL) == EOF &&
597 			       errno == EINTR)
598 				c++;	/* Dummy. */
599 		}
600 		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
601 		if (errno == EPERM)
602 			printf("OK: Permission denied.\n");
603 		else
604 			printf("BUG: %s\n", strerror(errno));
605 
606 		set_profile(2, "file::pivot_root");
607 		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
608 			 proc_policy_dir);
609 		show_prompt(stack, 0);
610 		{
611 			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
612 							  NULL);
613 			while (waitpid(pid, &error, __WALL) == EOF &&
614 			       errno == EINTR)
615 				c++;	/* Dummy. */
616 		}
617 		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
618 		if (errno == 0)
619 			printf("OK\n");
620 		else
621 			printf("FAILED: %s\n", strerror(errno));
622 
623 		set_profile(0, "file::pivot_root");
624 
625 	}
626 
627 	rmdir("/tmp/mount_move/");
628 	rmdir("/tmp/mount_bind/");
629 	rmdir("/tmp/mount/");
630 
631 	clear_status();
632 	return 0;
633 }
634