1 /******************************************************************************/
2 /* This program is free software; you can redistribute it and/or modify */
3 /* it under the terms of the GNU General Public License as published by */
4 /* the Free Software Foundation; either version 2 of the License, or */
5 /* (at your option) any later version. */
6 /* */
7 /* This program is distributed in the hope that it will be useful, */
8 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
9 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
10 /* the GNU General Public License for more details. */
11 /* */
12 /* You should have received a copy of the GNU General Public License */
13 /* along with this program; if not, write to the Free Software */
14 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
15 /* */
16 /******************************************************************************/
17 /*
18 * tomoyo_filesystem_test.c
19 *
20 * Testing program for security/tomoyo/
21 *
22 * Copyright (C) 2005-2010 NTT DATA CORPORATION
23 */
24 #define _GNU_SOURCE
25 #include "include.h"
26
show_prompt(const char * str,const int should_fail)27 static void show_prompt(const char *str, const int should_fail)
28 {
29 printf("Testing %60s: (%s) ", str,
30 should_fail ? "must fail" : "should success");
31 errno = 0;
32 }
33
34 #ifndef MS_MOVE
35 #define MS_MOVE 8192
36 #endif
37
38 static const char *pivot_root_dir = "/sys/kernel/security/";
39
child(void * arg)40 static int child(void *arg)
41 {
42 errno = 0;
43 pivot_root(pivot_root_dir, proc_policy_dir);
44 return errno;
45 }
46
mount2(const char * source,const char * target,const char * filesystemtype)47 static void mount2(const char *source, const char *target,
48 const char *filesystemtype)
49 {
50 if (mount(source, target, filesystemtype, 0, NULL)) {
51 printf("BUG: mount() failed\n");
52 fflush(stdout);
53 }
54 }
55
56 static const unsigned char compressed_ext2_image_sample[1350] = {
57 0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
58 0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
59 0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
60 0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
61 0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
62 0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
63 0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
64 0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
65 0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
66 0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
67 0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
68 0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
69 0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
70 0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
71 0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
72 0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
73 0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
74 0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
75 0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
76 0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
77 0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
78 0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
79 0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
81 0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
82 0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
83 0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
84 0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
85 0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
86 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
92 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
103 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
111 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
120 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
122 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
124 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
127 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
130 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
131 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
132 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
133 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
134 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
136 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
138 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
139 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
140 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
151 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
152 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
153 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
154 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
155 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
156 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
157 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
161 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
162 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
163 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
164 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
165 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
169 0x14, 0x08, 0x00, 0x00, 0x10, 0x00
170 };
171
main(int argc,char * argv[])172 int main(int argc, char *argv[])
173 {
174 char c = 0;
175 tomoyo_test_init();
176
177 /* Test mount(). */
178 {
179 set_profile(3, "file::mount");
180 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
181 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
182 errno == EPERM)
183 printf("OK: Permission denied.\n");
184 else if (errno == ENODEV)
185 printf("OK: No such device.\n");
186 else
187 printf("BUG: %s\n", strerror(errno));
188 set_profile(1, "file::mount");
189 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
190 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
191 errno == ENOMEM)
192 printf("OK: Out of memory.\n");
193 else if (errno == ENODEV)
194 printf("OK: No such device.\n");
195 else
196 printf("BUG: %s\n", strerror(errno));
197 set_profile(3, "file::mount");
198 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
199 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
200 errno == ENOMEM)
201 printf("OK: Out of memory.\n");
202 else if (errno == ENODEV)
203 printf("OK: No such device.\n");
204 else
205 printf("BUG: %s\n", strerror(errno));
206 fprintf(domain_fp, "delete allow_mount dev\\011name / "
207 "fs\\011name 0\n");
208 show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
209 if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
210 errno == EPERM)
211 printf("OK: Permission denied.\n");
212 else if (errno == ENODEV)
213 printf("OK: No such device.\n");
214 else
215 printf("BUG: %s\n", strerror(errno));
216 set_profile(1, "file::mount");
217 show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
218 if (mount(NULL, "/", "tmpfs", 0, NULL))
219 printf("BUG: %s\n", strerror(errno));
220 else
221 printf("OK: Success\n");
222 set_profile(3, "file::mount");
223 show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
224 if (mount(NULL, "/", "tmpfs", 0, NULL))
225 printf("BUG: %s\n", strerror(errno));
226 else
227 printf("OK: Success\n");
228 show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
229 if (mount("anydev", "/", "tmpfs", 0, NULL))
230 printf("BUG: %s\n", strerror(errno));
231 else
232 printf("OK: Success\n");
233 fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
234 fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
235 show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
236 if (mount(NULL, "/", "tmpfs", 0, NULL))
237 printf("BUG: %s\n", strerror(errno));
238 else
239 printf("OK: Success\n");
240 fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
241 set_profile(2, "file::mount");
242 show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
243 if (mount(NULL, NULL, "tmpfs", 0, NULL))
244 printf("OK: %s\n", strerror(errno));
245 else
246 printf("BUG: Did not fail.\n");
247 show_prompt("mount(NULL, NULL, NULL) ", 1);
248 if (mount(NULL, NULL, NULL, 0, NULL))
249 printf("OK: %s\n", strerror(errno));
250 else
251 printf("BUG: Did not fail.\n");
252 show_prompt("mount('/', NULL, NULL) ", 1);
253 if (mount("/", NULL, NULL, 0, NULL))
254 printf("OK: %s\n", strerror(errno));
255 else
256 printf("BUG: Did not fail.\n");
257 show_prompt("mount('/', NULL, 'tmpfs') ", 1);
258 if (mount("/", NULL, "tmpfs", 0, NULL))
259 printf("OK: %s\n", strerror(errno));
260 else
261 printf("BUG: Did not fail.\n");
262 show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
263 if (mount("/", "/", "nonexistentfs", 0, NULL))
264 printf("OK: %s\n", strerror(errno));
265 else
266 printf("BUG: Did not fail.\n");
267 set_profile(0, "file::mount");
268 }
269
270 mkdir("/tmp/mount/", 0755);
271 mkdir("/tmp/mount_bind/", 0755);
272 mkdir("/tmp/mount_move/", 0755);
273
274 /* Test mount(). */
275 {
276 static char buf[4096];
277 char *dev_ram_path = realpath("/dev/ram0", NULL);
278 if (!dev_ram_path)
279 dev_ram_path = realpath("/dev/ram", NULL);
280 if (!dev_ram_path) {
281 dev_ram_path = "/dev/ram0";
282 mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
283 }
284 memset(buf, 0, sizeof(buf));
285 {
286 struct stat sbuf;
287 FILE *fp = NULL;
288 snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
289 dev_ram_path);
290 if (lstat(dev_ram_path, &sbuf) == 0 &&
291 S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
292 fp = popen(buf, "w");
293 if (fp) {
294 if (fwrite(compressed_ext2_image_sample, 1,
295 sizeof(compressed_ext2_image_sample),
296 fp) !=
297 sizeof(compressed_ext2_image_sample))
298 err(1, "fwrite");
299 pclose(fp);
300 } else
301 fprintf(stderr, "Can't write to %s .\n",
302 dev_ram_path);
303 }
304 set_profile(3, "file::mount");
305
306 /* Test standard case */
307 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
308 "'/tmp/mount/'", 1);
309 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
310 errno == EPERM)
311 printf("OK: Permission denied.\n");
312 else
313 printf("BUG: %s\n", strerror(errno));
314
315 /* Test device_name with pattern */
316 snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
317 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
318 show_prompt(buf, 1);
319 if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
320 == EOF && errno == EPERM)
321 printf("OK: Permission denied.\n");
322 else
323 printf("BUG: %s\n", strerror(errno));
324
325 /* Test dir_name with pattern */
326 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
327 "'/tmp/\\?\\?\\?\\?\\?/'", 1);
328 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
329 errno == EPERM)
330 printf("OK: Permission denied.\n");
331 else
332 printf("BUG: %s\n", strerror(errno));
333
334 /* Test standard case */
335 fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
336 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
337 "'/tmp/mount/'", 0);
338 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
339 printf("OK\n");
340 else
341 printf("FAILED: %s\n", strerror(errno));
342 fprintf(domain_fp,
343 "delete allow_mount none /tmp/mount/ tmpfs 0\n");
344
345 /* Test device_name with pattern */
346 fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
347 dev_ram_path);
348 snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
349 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
350 show_prompt(buf, 0);
351 if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
352 == 0)
353 printf("OK\n");
354 else
355 printf("FAILED: %s\n", strerror(errno));
356 fprintf(domain_fp, "delete allow_mount %s\\* "
357 "/tmp/mount/ ext2 1\n", dev_ram_path);
358
359 /* Test dir_name with pattern */
360 fprintf(domain_fp,
361 "allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
362 show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
363 "'/tmp/\\?\\?\\?\\?\\?/'", 0);
364 if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
365 printf("OK\n");
366 else
367 printf("FAILED: %s\n", strerror(errno));
368 fprintf(domain_fp, "delete allow_mount none "
369 "/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
370
371 set_profile(0, "file::mount");
372 while (umount("/tmp/mount/") == 0)
373 c++; /* Dummy. */
374 }
375
376 /* Test mount(). */
377 {
378 mount2("none", "/tmp/mount/", "tmpfs");
379 set_profile(3, "file::mount");
380
381 /* Test remount case */
382 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
383 if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
384 == EOF && errno == EPERM)
385 printf("OK: Permission denied.\n");
386 else
387 printf("BUG: %s\n", strerror(errno));
388 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
389 if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
390 && errno == EPERM)
391 printf("OK: Permission denied.\n");
392 else
393 printf("BUG: %s\n", strerror(errno));
394 fprintf(domain_fp, "allow_mount something /tmp/mount/ "
395 "--remount 0\n");
396 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
397 if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
398 printf("BUG: %s\n", strerror(errno));
399 else
400 printf("OK: Success.\n");
401 fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
402 "--remount 0\n");
403
404 /* Test bind case */
405 show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
406 "MS_BIND)", 1);
407 if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
408 NULL) == EOF && errno == EPERM)
409 printf("OK: Permission denied.\n");
410 else
411 printf("BUG: %s\n", strerror(errno));
412
413 /* Test move case */
414 show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
415 "MS_MOVE)", 1);
416 if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
417 NULL) == EOF && errno == EPERM)
418 printf("OK: Permission denied.\n");
419 else
420 printf("BUG: %s\n", strerror(errno));
421
422 /* Test remount case */
423 fprintf(domain_fp, "allow_mount any /tmp/mount/ --remount 0\n");
424 show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
425 if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
426 == 0)
427 printf("OK\n");
428 else
429 printf("FAILED: %s\n", strerror(errno));
430 fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
431 "--remount 0\n");
432
433 /* Test bind case */
434 fprintf(domain_fp,
435 "allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
436 show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
437 0);
438 if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
439 NULL) == 0)
440 printf("OK\n");
441 else
442 printf("FAILED: %s\n", strerror(errno));
443 set_profile(0, "file::mount");
444 umount("/tmp/mount_bind/");
445 fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
446 "/tmp/mount_bind/ --bind 0\n");
447
448 /* Test move case */
449 set_profile(3, "file::mount");
450 fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
451 fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
452 "--move 0\n");
453 show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
454 "MS_MOVE)", 0);
455 if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
456 NULL) == 0)
457 printf("OK\n");
458 else
459 printf("FAILED: %s\n", strerror(errno));
460 set_profile(0, "file::mount");
461 umount("/tmp/mount_move/");
462 fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
463 fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
464 "/tmp/mount_move/ --move 0\n");
465
466 while (umount("/tmp/mount/") == 0)
467 c++; /* Dummy. */
468 }
469
470 /* Test umount(). */
471 {
472 /* Test standard case */
473 fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
474
475 set_profile(0, "file::umount");
476 mount2("none", "/tmp/mount/", "tmpfs");
477 set_profile(3, "file::umount");
478 show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
479 if (umount("/tmp/mount/") == 0)
480 printf("OK\n");
481 else
482 printf("BUG: %s\n", strerror(errno));
483 fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
484
485 set_profile(0, "file::umount");
486
487 mount2("none", "/tmp/mount/", "tmpfs");
488 set_profile(3, "file::umount");
489 show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
490 if (umount("/tmp/mount/") == EOF && errno == EPERM)
491 printf("OK: Permission denied.\n");
492 else
493 printf("FAILED: %s\n", strerror(errno));
494
495 /* Test pattern */
496 fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
497 set_profile(0, "file::umount");
498 mount2("none", "/tmp/mount/", "tmpfs");
499 set_profile(3, "file::umount");
500 show_prompt("umount('/tmp/mount/') for "
501 "'/tmp/\\?\\?\\?\\?\\?/'", 1);
502 if (umount("/tmp/mount/") == 0)
503 printf("OK\n");
504 else
505 printf("BUG: %s\n", strerror(errno));
506 fprintf(domain_fp,
507 "delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
508
509 set_profile(0, "file::umount");
510 while (umount("/tmp/mount/") == 0)
511 c++; /* Dummy. */
512 }
513
514 /* Test chroot(). */
515 {
516 set_profile(3, "file::chroot");
517
518 /* Test standard case */
519 fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
520 show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
521 fflush(stdout);
522 if (fork() == 0) {
523 if (chroot("/tmp/mount/") == 0)
524 printf("OK\n");
525 else
526 printf("FAILED: %s\n", strerror(errno));
527 fflush(stdout);
528 _exit(0);
529 }
530 wait(NULL);
531 fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
532
533 show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
534 fflush(stdout);
535 if (fork() == 0) {
536 if (chroot("/tmp/mount/") == EOF && errno == EPERM)
537 printf("OK: Permission denied.\n");
538 else
539 printf("BUG: %s\n", strerror(errno));
540 fflush(stdout);
541 _exit(0);
542 }
543 wait(NULL);
544
545 /* Test pattern */
546 fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
547 show_prompt("chroot('/tmp/mount/') for "
548 "'/tmp/\\?\\?\\?\\?\\?/'", 0);
549 fflush(stdout);
550 if (fork() == 0) {
551 if (chroot("/tmp/mount/") == 0)
552 printf("OK\n");
553 else
554 printf("FAILED: %s\n", strerror(errno));
555 fflush(stdout);
556 _exit(0);
557 }
558 wait(NULL);
559 fprintf(domain_fp,
560 "delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
561
562 set_profile(0, "file::chroot");
563 }
564
565 /* Test pivot_root(). */
566 {
567 int error;
568 static char stack[8192];
569 set_profile(3, "file::pivot_root");
570 fprintf(domain_fp, "allow_pivot_root %s %s\n",
571 pivot_root_dir, proc_policy_dir);
572 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
573 proc_policy_dir);
574 show_prompt(stack, 0);
575 {
576 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
577 NULL);
578 while (waitpid(pid, &error, __WALL) == EOF &&
579 errno == EINTR)
580 c++; /* Dummy. */
581 }
582 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
583 if (errno == 0)
584 printf("OK\n");
585 else
586 printf("FAILED: %s\n", strerror(errno));
587
588 fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
589 pivot_root_dir, proc_policy_dir);
590 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
591 proc_policy_dir);
592 show_prompt(stack, 1);
593 {
594 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
595 NULL);
596 while (waitpid(pid, &error, __WALL) == EOF &&
597 errno == EINTR)
598 c++; /* Dummy. */
599 }
600 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
601 if (errno == EPERM)
602 printf("OK: Permission denied.\n");
603 else
604 printf("BUG: %s\n", strerror(errno));
605
606 set_profile(2, "file::pivot_root");
607 snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
608 proc_policy_dir);
609 show_prompt(stack, 0);
610 {
611 const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
612 NULL);
613 while (waitpid(pid, &error, __WALL) == EOF &&
614 errno == EINTR)
615 c++; /* Dummy. */
616 }
617 errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
618 if (errno == 0)
619 printf("OK\n");
620 else
621 printf("FAILED: %s\n", strerror(errno));
622
623 set_profile(0, "file::pivot_root");
624
625 }
626
627 rmdir("/tmp/mount_move/");
628 rmdir("/tmp/mount_bind/");
629 rmdir("/tmp/mount/");
630
631 clear_status();
632 return 0;
633 }
634