(メッセージはありません)
@@ -178,6 +178,7 @@ | ||
178 | 178 | ccs_test_init(); |
179 | 179 | fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain); |
180 | 180 | fprintf(domain_fp, "use_profile 255\n"); |
181 | + fprintf(domain_fp, "use_group 0\n"); | |
181 | 182 | fprintf(domain_fp, "select pid=%u\n", pid); |
182 | 183 | fprintf(domain_fp, "file read/write %s\n", proc_policy_domain_policy); |
183 | 184 | set_profile(3, "file::execute"); |
@@ -118,6 +118,7 @@ | ||
118 | 118 | size_t size = sizeof(buffer); |
119 | 119 | int pipe_fd[2] = { EOF, EOF }; |
120 | 120 | int err = 0; |
121 | + int flags; | |
121 | 122 | int fd; |
122 | 123 | char pbuffer[1024]; |
123 | 124 | struct stat sbuf; |
@@ -184,6 +185,38 @@ | ||
184 | 185 | write_domain_policy(policy, 1); |
185 | 186 | show_result(uselib("/tmp/uselib"), 0); |
186 | 187 | |
188 | + policy = "file write /dev/null"; | |
189 | + fd = open("/dev/null", O_WRONLY); | |
190 | + show_result(fd, 0); | |
191 | + close(fd); | |
192 | + write_domain_policy(policy, 0); | |
193 | + fd = open("/dev/null", O_WRONLY); | |
194 | + show_result(fd, 1); | |
195 | + write_domain_policy(policy, 1); | |
196 | + flags = fcntl(fd, F_GETFL, 0) | O_APPEND; | |
197 | + policy = "file append /dev/null"; | |
198 | + show_result(fcntl(fd, F_SETFL, flags), 0); | |
199 | + write_domain_policy(policy, 0); | |
200 | + show_result(fcntl(fd, F_SETFL, flags), 1); | |
201 | + write_domain_policy(policy, 1); | |
202 | + close(fd); | |
203 | + | |
204 | + policy = "file append /dev/null"; | |
205 | + fd = open("/dev/null", O_WRONLY | O_APPEND); | |
206 | + show_result(fd, 0); | |
207 | + close(fd); | |
208 | + write_domain_policy(policy, 0); | |
209 | + fd = open("/dev/null", O_WRONLY | O_APPEND); | |
210 | + show_result(fd, 1); | |
211 | + write_domain_policy(policy, 1); | |
212 | + flags = fcntl(fd, F_GETFL, 0) & ~O_APPEND; | |
213 | + policy = "file write /dev/null"; | |
214 | + show_result(fcntl(fd, F_SETFL, flags), 0); | |
215 | + write_domain_policy(policy, 0); | |
216 | + show_result(fcntl(fd, F_SETFL, flags), 1); | |
217 | + write_domain_policy(policy, 1); | |
218 | + close(fd); | |
219 | + | |
187 | 220 | policy = "file execute " BINDIR "/true task.uid!=10 path1.parent.uid=0"; |
188 | 221 | write_domain_policy(policy, 0); |
189 | 222 | fflush(stdout); |
@@ -625,6 +658,7 @@ | ||
625 | 658 | make_elf_lib(); |
626 | 659 | fprintf(domain_fp, "%s " BINDIR "/true\n", self_domain); |
627 | 660 | fprintf(domain_fp, "use_profile 255\n"); |
661 | + fprintf(domain_fp, "use_group 0\n"); | |
628 | 662 | fprintf(domain_fp, "select pid=%u\n", pid); |
629 | 663 | fprintf(profile_fp, "255-PREFERENCE={ max_reject_log=1024 }\n"); |
630 | 664 | stage_file_test(); |