table::~table()
{
clear_table();
clear_header();
clear_status();
endwin();
}
RINGING_USING_NAMESPACE
RINGING_USING_STD
int main( int argc, char *argv[] )
{
arguments args;
{
arg_parser ap(argv[0],
"methsearch -- finds methods with particular properties.",
"OPTIONS" );
args.bind( ap );
if ( !ap.parse(argc, argv) )
{
ap.usage();
return 1;
}
if ( !args.validate( ap ) )
return 1;
}
method_libraries::init();
// So that errors with -M options are presented now rather than later.
musical_analysis::force_init( args.bells );
if ( formats_have_falseness_groups() )
false_courses::optimise( args.bells );
{
method startmeth;
try
{
startmeth = method( args.startmeth, args.bells );
}
catch ( const exception &e )
{
cerr << argv[0]
<< ": Unable to parse place-notation passed to start-at\n"
<< e.what() << "\n";
return 1;
}
try
{
run_search( args, startmeth );
}
catch ( const exit_exception& )
{}
}
if ( args.status ) clear_status();
args.outputs.flush(); // Causes stats to be emitted.
return 0;
}
static void
ephy_find_toolbar_set_web_view (EphyFindToolbar *toolbar,
WebKitWebView *web_view)
{
if (toolbar->web_view == web_view) return;
if (toolbar->web_view != NULL)
{
g_signal_handlers_disconnect_matched (toolbar->controller,
G_SIGNAL_MATCH_DATA,
0, 0, NULL, NULL, toolbar);
}
toolbar->web_view = web_view;
if (web_view != NULL)
{
toolbar->controller = webkit_web_view_get_find_controller (web_view);
g_signal_connect_object (toolbar->controller, "found-text",
G_CALLBACK (found_text_cb),
toolbar, 0);
g_signal_connect_object (toolbar->controller, "failed-to-find-text",
G_CALLBACK (failed_to_find_text_cb),
toolbar, 0);
g_signal_connect (web_view, "load-changed",
G_CALLBACK (ephy_find_toolbar_load_changed_cb),
toolbar);
clear_status (toolbar);
g_signal_connect_object (EPHY_WEB_VIEW (web_view), "search-key-press",
G_CALLBACK (tab_search_key_press_cb),
toolbar, 0);
}
}
int main(int argc, char *argv[])
{
tomoyo_test_init();
fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
set_profile(0, "file");
fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
{
int append_loop;
for (append_loop = 0; append_loop < 2; append_loop++) {
int truncate_loop;
for (truncate_loop = 0; truncate_loop < 2;
truncate_loop++) {
int create_loop;
for (create_loop = 0; create_loop < 3;
create_loop++) {
int rw_loop;
for (rw_loop = 0; rw_loop < 4;
rw_loop++)
test(rw_loop, truncate_loop,
append_loop, create_loop);
}
}
}
}
fprintf(profile_fp, "255-CONFIG::file=disabled\n");
printf("Done\n");
clear_status();
return 0;
}
int YARPMEIDeviceDriver::clearStop(void *axis)
{
int16 rc = 0;
int16 *ax = (int16 *) axis;
rc = clear_status(*ax);
// while(!motion_done(*ax)); //LATER: check this
return rc;
}
int main(int argc, char *argv[])
{
tomoyo_test_init();
fprintf(domain_fp, "%s /bin/true\n", self_domain);
fprintf(domain_fp, "use_profile 255\n");
fprintf(domain_fp, "select pid=%u\n", pid);
fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
stage_file_test();
fprintf(domain_fp, "use_profile 0\n");
clear_status();
return 0;
}
void start_test_button_clicked(GtkWidget *widget, gpointer data)
{
gtk_widget_set_sensitive(widget, FALSE);
gtk_widget_set_sensitive(stop_test_button, TRUE);
clear_status();
gtk_label_set_text(GTK_LABEL(result_label), "");
thread_exit = 0;
g_thread_new("test process", test_process, widget);
}
static int prepare_read(struct fsl_iim **regs, u32 bank, u32 word, u32 *val,
const char *caller)
{
int ret;
ret = prepare_access(regs, bank, word, val != NULL, caller);
if (ret)
return ret;
clear_status(*regs);
return 0;
}
int main(int argc, char *argv[])
{
tomoyo_test_init();
printf("***** Testing file hooks in enforce mode. *****\n");
create_files();
should_fail = 1;
set_file_enforce(1);
stage_file_test();
set_file_enforce(0);
clear_status();
creanup_files();
printf("***** Testing file hooks in permissive mode. *****\n");
should_fail = 0;
create_files();
set_file_enforce(0);
stage_file_test();
creanup_files();
clear_status();
return 0;
}
void
ephy_find_toolbar_open (EphyFindToolbar *toolbar,
gboolean links_only,
gboolean typing_ahead)
{
g_return_if_fail (toolbar->web_view != NULL);
toolbar->typing_ahead = typing_ahead;
toolbar->links_only = links_only;
clear_status (toolbar);
gtk_editable_select_region (GTK_EDITABLE (toolbar->entry), 0, -1);
gtk_search_bar_set_search_mode (GTK_SEARCH_BAR (toolbar), TRUE);
gtk_search_bar_set_show_close_button (GTK_SEARCH_BAR (toolbar), TRUE);
gtk_widget_grab_focus (toolbar->entry);
}
void
ephy_find_toolbar_open (EphyFindToolbar *toolbar,
gboolean links_only,
gboolean typing_ahead)
{
EphyFindToolbarPrivate *priv = toolbar->priv;
g_return_if_fail (priv->web_view != NULL);
priv->typing_ahead = typing_ahead;
priv->links_only = links_only;
clear_status (toolbar);
gtk_editable_select_region (GTK_EDITABLE (priv->entry), 0, -1);
gtk_widget_show (GTK_WIDGET (toolbar));
gtk_widget_grab_focus (GTK_WIDGET (toolbar));
}
static void
update_find_string (EphyFindToolbar *toolbar)
{
g_free (toolbar->find_string);
toolbar->find_string = g_strdup (gtk_entry_get_text (GTK_ENTRY (toolbar->entry)));
if (toolbar->find_source_id != 0) {
g_source_remove (toolbar->find_source_id);
toolbar->find_source_id = 0;
}
if (strlen (toolbar->find_string) == 0) {
clear_status (toolbar);
return;
}
toolbar->find_source_id = g_timeout_add (300, (GSourceFunc)do_search, toolbar);
g_source_set_name_by_id (toolbar->find_source_id, "[epiphany] do_search");
}
void
ephy_find_toolbar_set_embed (EphyFindToolbar *toolbar,
EphyEmbed *embed)
{
EphyFindToolbarPrivate *priv = toolbar->priv;
WebKitWebView *web_view = EPHY_GET_WEBKIT_WEB_VIEW_FROM_EMBED(embed);
if (priv->web_view == web_view) return;
if (priv->web_view != NULL)
{
#ifdef HAVE_WEBKIT2
g_signal_handlers_disconnect_matched (priv->controller,
G_SIGNAL_MATCH_DATA,
0, 0, NULL, NULL, toolbar);
#endif
g_signal_handlers_disconnect_matched (EPHY_WEB_VIEW (web_view),
G_SIGNAL_MATCH_DATA,
0, 0, NULL, NULL, toolbar);
}
priv->web_view = web_view;
if (web_view != NULL)
{
#ifdef HAVE_WEBKIT2
priv->controller = webkit_web_view_get_find_controller (web_view);
g_signal_connect_object (priv->controller, "found-text",
G_CALLBACK (found_text_cb),
toolbar, 0);
g_signal_connect_object (priv->controller, "failed-to-find-text",
G_CALLBACK (failed_to_find_text_cb),
toolbar, 0);
#endif
clear_status (toolbar);
g_signal_connect_object (EPHY_WEB_VIEW (web_view), "search-key-press",
G_CALLBACK (tab_search_key_press_cb),
toolbar, 0);
}
}
int main(int argc, char *argv[])
{
const char *cp;
int self_fd;
ccs_test_init();
self_fd = open(proc_policy_self_domain, O_RDONLY);
domain_fd = open(proc_policy_domain_policy, O_WRONLY);
if (domain_fd == EOF && errno == ENOENT) {
fprintf(stderr, "You can't use this program for this kernel."
"\n");
return 1;
}
memset(self_domain, 0, sizeof(self_domain));
read(self_fd, self_domain, sizeof(self_domain) - 1);
close(self_fd);
write(domain_fd, self_domain, strlen(self_domain));
write(domain_fd, "\n", 1);
cp = "use_profile 255\n";
write(domain_fd, cp, strlen(cp));
cp = "ignore_global_allow_read\n";
write(domain_fd, cp, strlen(cp));
cp = "allow_read/write ";
write(domain_fd, cp, strlen(cp));
cp = proc_policy_domain_policy;
write(domain_fd, cp, strlen(cp));
write(domain_fd, "\n", 1);
cp = "255-MAC_FOR_FILE=enforcing\n";
write(profile_fd, cp, strlen(cp));
stage_open_test();
cp = "255-MAC_FOR_FILE=disabled\n";
write(profile_fd, cp, strlen(cp));
cp = "255-MAC_FOR_SIGNAL=enforcing\n";
write(profile_fd, cp, strlen(cp));
stage_signal_test();
cp = "255-MAC_FOR_SIGNAL=disabled\n";
write(profile_fd, cp, strlen(cp));
clear_status();
return 0;
}
int main(int argc, char *argv[])
{
ccs_test_init();
domain_fd = open(proc_policy_domain_policy, O_WRONLY);
if (domain_fd == EOF && errno == ENOENT) {
fprintf(stderr, "You can't use this program for this kernel."
"\n");
return 1;
}
{
int self_fd = open(proc_policy_self_domain, O_RDONLY);
memset(self_domain, 0, sizeof(self_domain));
read(self_fd, self_domain, sizeof(self_domain) - 1);
close(self_fd);
write(domain_fd, self_domain, strlen(self_domain));
write(domain_fd, "\n", 1);
}
stage_capability_test();
close(domain_fd);
clear_status();
return 0;
}
int main(int argc, char** argv) {
std::string read_file = "./test_reads.txt";
//std::string kmer_file_name = "./test_kmers.txt";
std::string kmer_file_name = "./solid_kmers.txt";
std::ifstream input_file(read_file.c_str());
std::ifstream kmer_file(kmer_file_name.c_str());
std::string read_string;
std::string line_id;
std::string line_misc;
std::string quality_string("IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII00000000000000000000000000000000IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII");
std::string kmer_string;
int32_t read_length=112;
int32_t kmer_length=30;
int32_t threshold;
uint8_t level0;
uint8_t level1;
uint8_t level2;
uint8_t level3;
int num_reads_processed = 0;
int num_reads_per_iteration = 512;
int num_kmers_per_iteration = 512 * 4;
char* kmer_space;
uint32_t** correction_space;
char* candidate_space;
char* read_space;
int32_t* index_space;
struct correction_item* correction_array;
//First program solid k-mers into the bloom-filter
if (posix_memalign((void**)&kmer_space, 128, num_kmers_per_iteration * 64) != 0) {
std::cout << "ERROR!!!" << std::endl;
}
open_device((uint64_t) 0)
uint32_t val;
cxl_mmio_read32(afu_h,CONTROL,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,THRESHOLD,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,READ_BASE,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,WRITE_BASE,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,READS_RECEIVED,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,READS_WRITTEN,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,NUM_ITEMS,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,START,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,RESET,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,STATUS,&val);
std::cout << val << std::endl;
cxl_mmio_read32(afu_h,DDR3_BASE,&val);
std::cout << val << std::endl;
wait_for_idle(afu_h);
clear_status(afu_h);
if (!kmer_file.is_open()) {
std::cout << "Cannot open k-mer file!!!" << std::endl;
return -1;
}
int32_t num_kmers = 0;
while (std::getline(kmer_file, kmer_string)) {
memcpy(kmer_space + (num_kmers % num_kmers_per_iteration) * 64, kmer_string.c_str(), kmer_length);
num_kmers++;
if (num_kmers % num_kmers_per_iteration == 0) {
std::cout << "Completed collecting k-mers" << std::endl;
set_kmer_program_mode(afu_h, num_kmers_per_iteration, kmer_length, kmer_space);
Start;
#ifdef DEBUG
FILE* debug = fopen("./debug", "w");
for (int x = 0; x < num_kmers_per_iteration; x++) {
char* kmerToPrint = kmer_space + x * 64;
for (int y = 63; y > 0; y--) {
fprintf(debug,"%02x", kmerToPrint[y]);
}
fprintf(debug, "\n");
}
#endif
//Wait for IDLE
bool success = wait_for_idle(afu_h);
if (!success) {
std::cout << "Cannot complete AFU transactions. Exiting!!!" << std::endl;
return -1;
}
clear_status(afu_h);
std::cout << "Completed iteration" << std::endl;
}
}
if (num_kmers % num_kmers_per_iteration != 0) {
std::cout << "The last set of k-mers going to be tested ... " << std::endl;
int32_t num_remaining = num_kmers % num_kmers_per_iteration;
set_kmer_program_mode(afu_h, num_remaining, kmer_length, kmer_space);
Start;
bool success = wait_for_idle(afu_h);
if (!success) {
std::cout << "Cannot complete AFU transactions. Exiting!!!" << std::endl;
return -1;
}
clear_status(afu_h);
std::cout << "Completed last iteration" << std::endl;
}
////First convert each read to a correction item
// if (!(input_file.is_open())) {
// std::cout << "Cannot open input file" << std::endl;
// return 1;
// }
//
// //256 bytes per read = 2 cache lines = 2048 bits
// if (posix_memalign((void**)&read_space, 128, num_reads_per_iteration * 256) != 0) {
// std::cout << "ERROR!!! Cannot allocate aligned space for read_space" << std::endl;
// }
//
// //256 bytes per packed index space = 2 cache lines = 2048 bits = 32 * 2 * (32 indices)
// if (posix_memalign((void**)&index_space, 128, num_reads_per_iteration * 256) != 0) {
// std::cout << "ERROR!!! Cannot allocate aligned space for read_space" << std::endl;
// }
//
// while (std::getline(input_file, read_string)) {
// if (!std::getline(input_file, read_string)) {
// std::cout << "Error in file format" << std::endl;
// return 1;
// }
// if (!std::getline(input_file, quality_string)) {
// std::cout << "Error in file format" << std::endl;
// return 1;
// }
// if (!std::getline(input_file, quality_string)) {
// std::cout << "Error in file format" << std::endl;
// return 1;
// }
//
// char* read_item = read_space + 256 * (num_reads_processed % num_reads_per_iteration);
// memcpy(read_space + 256 * (num_reads_processed % num_reads_per_iteration), read_string.c_str(), read_length);
// read_item[255] = read_length;
// num_reads_processed++;
//
// //Flatten out stuff - in case it is all to go back to C
// //correction_array[num_reads_processed].read_string = (uint32_t*) read_space[num_reads_processed*2];
// //correction_array[num_reads_processed].quality_string = (uint32_t*) read_space[num_reads_processed*2+1];
// //correction_array[num_reads_processed].read_length = read_string.length();
// //correction_array[num_reads_processed].island_indices = (int32_t*) index_space[num_reads_processed];
// if (num_reads_processed % num_reads_per_iteration == 0) {
// int32_t num_corrections = 0;
// uint64_t wed = 0;
//
// std::cout << "Reads processed, proceeding to procure island information ... " << std::endl;
//
// //1. Profile the reads
// set_read_profile_mode(afu_h, num_reads_per_iteration, kmer_length, index_space, read_space);
// Start;
//
// bool success = wait_for_idle(afu_h);
// if (!success) {
// std::cout << "ERROR! Read profile doesn't complete!!!" << std::endl;
// }
// clear_status(afu_h);
//
// //Print the indices
// for (int m = 0; m < num_reads_per_iteration; m++) {
// int32_t* index_base = index_space + 32 * 2 * m;
// std::cout << "For " << m << "-th read" << std::endl;
// for (int n = 0; n < 32; n++) {
// int position = index_base[2*n];
// int length = index_base[2*n+1];
// //if ((position != -1) && (length != -1)) {
// std::cout << "(" << position << "," << length << ")" << std::endl;
// //} else {
// // break;
// //}
// }
// }
//
// ////2. Adjust solid islands
// ////adjust_solid_islands(index_space,num_reads_per_iteration);
//
// ////3. Set correction types for each read and collect reads to be corrected in a particular space
// //num_corrections = set_correction_types(correction_array, num_reads_per_iteration, candidate_space, correction_space);
//
// ////4. Correct errors
// //set_read_correct_mode(afu_h, num_reads_per_iteration, threshold, kmer_length, level0, level1, level2, level3, candidate_space, correction_space);
// //Start;
//
// ////5. Post process each correction, and then combine
// ////post_process_corrections(correction_array, num_reads_per_iteration);
// //
// ////TBD 9: Write out results
//
// //for (int k = 0; k < num_corrections; k++) {
// // delete[] correction_space[k];
// // for (int m = 0; m < 32; m++) {
// // delete[] candidate_space[32*k+m];
// // }
// //}
//
// //for (int k = 0; k < num_reads_per_iteration; k++) {
// // delete[] correction_array[k].candidates;
// // delete[] correction_array[k].start_position;
// // delete[] correction_array[k].end_position;
// //}
// }
// }
//
// if (num_reads_processed % num_reads_per_iteration != 0) {
// int32_t num_corrections = 0;
// uint64_t wed = 0;
//
// std::cout << "Processing last read batch for island information ... " << std::endl;
//
// //1. Profile the reads
// set_read_profile_mode(afu_h, num_reads_processed % num_reads_per_iteration, kmer_length, index_space, read_space);
// Start;
//
// bool success = wait_for_idle(afu_h);
// if (!success) {
// std::cout << "ERROR! Read profile doesn't complete!!!" << std::endl;
// }
// clear_status(afu_h);
//
// for (int m = 0; m < num_reads_processed % num_reads_per_iteration; m++) {
// int32_t* index_base = index_space + 32 * 2 * m;
// std::cout << "For " << m << "-th read" << std::endl;
// for (int n = 0; n < 32; n++) {
// int position = index_base[2*n];
// int length = index_base[2*n+1];
// //if ((position != -1) && (length != -1)) {
// std::cout << "(" << position << "," << length << ")" << std::endl;
// //} else {
// // break;
// //}
// }
// }
// }
// open_device((uint64_t) 0)
// clear_status(afu_h);
std::ifstream test_file("./stimulus.txt");
if (!test_file.is_open()) {
std::cout << "ERROR!! Cannot open stimulus file" << std::endl;
}
if (posix_memalign((void**)&read_space, 128, num_reads_per_iteration * 256 *2) != 0) {
std::cout << "ERROR!!!" << std::endl;
}
if (posix_memalign((void**)&candidate_space, 128, num_reads_per_iteration * 256 * 32) != 0) {
std::cout << "ERROR!!!" << std::endl;
}
num_reads_processed = 0;
char quality_string_c[113]; //= quality_string.c_str();
memcpy(quality_string_c, quality_string.c_str(), read_length);
for (int p = 40; p < 70; p++) {
quality_string_c[p] = 0;
}
while (std::getline(test_file, read_string)) {
uint32_t start_position, end_position;
char read_string_c[113];
sscanf(read_string.c_str(), "%s %d %d", read_string_c, &start_position, &end_position); read_string_c[read_length] = '\0';
std::cout << "Read : " << read_string_c << " start: " << (char) start_position << " end: " << (char) end_position << std::endl;
memcpy(read_space + 512 * (num_reads_processed % num_reads_per_iteration), read_string_c, read_length);
memcpy(read_space + 512 * (num_reads_processed % num_reads_per_iteration) + 256, quality_string_c, read_length);
char* read_item = read_space + 512 * (num_reads_processed % num_reads_per_iteration);
read_item[255] = read_length;
read_item[254] = start_position;
read_item[253] = end_position;
num_reads_processed++;
if (num_reads_processed % num_reads_per_iteration == 0) {
set_read_correct_mode(afu_h, num_reads_per_iteration, 1, kmer_length, 0, 20, 60, 80, candidate_space, read_space);
Start;
bool success = wait_for_idle(afu_h);
if (!success) {
std::cout << "ERROR! Read profile doesn't complete!!!" << std::endl;
return -1;
}
clear_status(afu_h);
for (int m = 0; m < num_reads_per_iteration; m++) {
char* candidate_local_space = candidate_space + m * 256 * 32;
char* read = read_space + m * 512; read[read_length] = '\0';
int32_t num_candidates = (int32_t) candidate_local_space[255]; //The last byte of every read provides us with the number of candidates
//std::cout << "Read " << read << " has " << num_candidates << " candidates" << std::endl;
printf("Candidate for %s is at %lu\n", read, (uint64_t) candidate_local_space);
printf("Read %s has %d candidates\n", read, num_candidates);
for (int n = 0; n < num_candidates; n++) {
char* candidate = candidate_local_space + n * 256;
int32_t num_candidates_to_print = (int32_t) candidate[255];
candidate[read_length] = '\0';
//candidate[read_length] = '\0';
printf("Read:%s:%s:%d\n", read,candidate,num_candidates_to_print);
}
std::cout << "Completed printing candidates ... " << std::endl;
}
}
}
if (num_reads_processed % num_reads_per_iteration != 0) {
std::cout << "Entering the final iteration" << std::endl;
set_read_correct_mode(afu_h, num_reads_processed % num_reads_per_iteration, 1, kmer_length, 0, 20, 60, 80, candidate_space, read_space);
Start;
bool success = wait_for_idle(afu_h);
if (!success) {
std::cout << "ERROR! Read profile doesn't complete!!!" << std::endl;
return -1;
}
clear_status(afu_h);
for (int m = 0; m < num_reads_processed % num_reads_per_iteration; m++) {
char* candidate_local_space = candidate_space + m * 256 * 32;
char* read = read_space + m * 512; read[read_length] = '\0';
int32_t num_candidates = (int32_t) candidate_local_space[255]; //The last byte of every read provides us with the number of candidates
printf("Candidate for %s is at %lu\n", read, (uint64_t) candidate_local_space);
printf("Read %s has %d candidates\n", read, num_candidates);
for (int n = 0; n < num_candidates; n++) {
char* candidate = candidate_local_space + n * 256;
int32_t num_candidates_to_print = (int32_t) candidate[255];
candidate[read_length] = '\0';
//std::cout << "Read " << read << ":" << candidate << ":" << num_candidates << std::endl;
printf("Read:%s:%s:%d\n",read,candidate,num_candidates_to_print);
}
std::cout << "Completed printing candidates ... " << std::endl;
}
}
close_device
std::cout << "Closing program ... " << std::endl;
return 0;
}
static void finish_access(struct fsl_iim *regs, u32 *stat, u32 *err)
{
*stat = iim_read32(®s->stat);
*err = iim_read32(®s->err);
clear_status(regs);
}
int main(int argc, char *argv[])
{
char c = 0;
ccs_test_init();
if (strncmp(proc_policy_dir, "/proc/", 6))
pivot_root_dir = "/sys/kernel/security/";
system_fd = open(proc_policy_system_policy, O_RDWR);
if (system_fd == EOF) {
fprintf(stderr, "You can't use this program for this kernel."
"\n");
return 1;
}
if (write(system_fd, "", 0) != 0) {
fprintf(stderr, "You need to register this program to %s to "
"run this program.\n", proc_policy_manager);
return 1;
}
/* Test mount(). */
{
write_status("RESTRICT_MOUNT=enforcing\n");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
write_status("RESTRICT_MOUNT=learning\n");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == ENOMEM)
printf("OK: Out of memory.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
write_status("RESTRICT_MOUNT=enforcing\n");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == ENOMEM)
printf("OK: Out of memory.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
write_policy("delete allow_mount dev\\011name / "
"fs\\011name 0\n");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
write_status("RESTRICT_MOUNT=learning\n");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
write_status("RESTRICT_MOUNT=enforcing\n");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
if (mount("anydev", "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
write_policy("delete allow_mount <NULL> / tmpfs 0\n");
write_policy("allow_mount anydev / tmpfs 0\n");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
write_policy("delete allow_mount anydev / tmpfs 0\n");
write_status("RESTRICT_MOUNT=permissive\n");
show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
if (mount(NULL, NULL, "tmpfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount(NULL, NULL, NULL) ", 1);
if (mount(NULL, NULL, NULL, 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', NULL, NULL) ", 1);
if (mount("/", NULL, NULL, 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', NULL, 'tmpfs') ", 1);
if (mount("/", NULL, "tmpfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
if (mount("/", "/", "nonexistentfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
write_status("RESTRICT_MOUNT=disabled\n");
}
mkdir(TEST_DIR, 0755);
mkdir(TEST_DIR_BIND, 0755);
mkdir(TEST_DIR_MOVE, 0755);
/* Test mount(). */
{
static char buf[4096];
char *dev_ram_path = canonicalize_file_name("/dev/ram0");
if (!dev_ram_path)
dev_ram_path = canonicalize_file_name("/dev/ram");
if (!dev_ram_path) {
dev_ram_path = "/dev/ram0";
mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
}
memset(buf, 0, sizeof(buf));
write_status("RESTRICT_MOUNT=enforcing\n");
/* Test standard case */
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs') for '"
TEST_DIR "'", 1);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test device_name with pattern */
snprintf(buf, sizeof(buf) - 1, "mount('%s', '" TEST_DIR
"', 'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
show_prompt(buf, 1);
if (mount(dev_ram_path, TEST_DIR, "ext2", MS_RDONLY, NULL)
== EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test dir_name with pattern */
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs') for '"
TEST_DIR_PATTERN "'", 1);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test standard case */
write_policy("allow_mount none " TEST_DIR " tmpfs 0\n");
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs') for '"
TEST_DIR "'", 0);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
write_policy("delete allow_mount none " TEST_DIR " tmpfs 0\n");
/* Test device_name with pattern */
snprintf(buf, sizeof(buf) - 1, "allow_mount %s\\* " TEST_DIR
" ext2 1\n", dev_ram_path);
write_policy(buf);
snprintf(buf, sizeof(buf) - 1, "mount('%s', '" TEST_DIR
"', 'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
show_prompt(buf, 0);
if (mount(dev_ram_path, TEST_DIR, "ext2", MS_RDONLY, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
snprintf(buf, sizeof(buf) - 1, "delete allow_mount %s\\* "
TEST_DIR " ext2 1\n", dev_ram_path);
write_policy(buf);
/* Test dir_name with pattern */
write_policy("allow_mount none " TEST_DIR_PATTERN " tmpfs 0\n");
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs') for '"
TEST_DIR_PATTERN "'", 0);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
write_policy("delete allow_mount none " TEST_DIR_PATTERN
" tmpfs 0\n");
write_status("RESTRICT_MOUNT=disabled\n");
while (umount(TEST_DIR) == 0)
c++; /* Dummy. */
}
/* Test mount(). */
{
mount("none", TEST_DIR, "tmpfs", 0, NULL);
write_status("RESTRICT_MOUNT=enforcing\n");
/* Test remount case */
show_prompt("mount('" TEST_DIR "', MS_REMOUNT)", 1);
if (mount("none", TEST_DIR, "tmpfs", MS_REMOUNT, NULL) == EOF
&& errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
show_prompt("mount('" TEST_DIR "', MS_REMOUNT)", 1);
if (mount(NULL, TEST_DIR, NULL, MS_REMOUNT, NULL) == EOF
&& errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
write_policy("allow_mount something " TEST_DIR
" --remount something 0\n");
show_prompt("mount('" TEST_DIR "', MS_REMOUNT)", 0);
if (mount(NULL, TEST_DIR, NULL, MS_REMOUNT, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success.\n");
write_policy("delete allow_mount something " TEST_DIR
" --remount something 0\n");
/* Test bind case */
show_prompt("mount('" TEST_DIR "', '" TEST_DIR_BIND
"', MS_BIND)", 1);
if (mount(TEST_DIR, TEST_DIR_BIND, NULL, MS_BIND, NULL) == EOF
&& errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test move case */
show_prompt("mount('" TEST_DIR "', '" TEST_DIR_MOVE
"', MS_MOVE)", 1);
if (mount(TEST_DIR, TEST_DIR_MOVE, NULL, MS_MOVE, NULL) == EOF
&& errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test remount case */
write_policy("allow_mount any " TEST_DIR " --remount 0\n");
show_prompt("mount('" TEST_DIR "', MS_REMOUNT)", 0);
if (mount("none", TEST_DIR, "tmpfs", MS_REMOUNT, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
write_policy("delete allow_mount any " TEST_DIR
" --remount 0\n");
/* Test bind case */
write_policy("allow_mount " TEST_DIR " " TEST_DIR_BIND
" --bind 0\n");
show_prompt("mount('" TEST_DIR "', '" TEST_DIR_BIND
"', MS_BIND)", 0);
if (mount(TEST_DIR, TEST_DIR_BIND, NULL, MS_BIND, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
umount(TEST_DIR_BIND);
write_policy("delete allow_mount " TEST_DIR " " TEST_DIR_BIND
" --bind 0\n");
/* Test move case */
write_policy("allow_mount " TEST_DIR " " TEST_DIR_MOVE
" --move 0\n");
show_prompt("mount('" TEST_DIR "', '" TEST_DIR_MOVE
"', MS_MOVE)", 0);
if (mount(TEST_DIR, TEST_DIR_MOVE, NULL, MS_MOVE, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
umount(TEST_DIR_MOVE);
write_policy("delete allow_mount " TEST_DIR " " TEST_DIR_MOVE
" --move 0\n");
write_status("RESTRICT_MOUNT=disabled\n");
while (umount(TEST_DIR) == 0)
c++; /* Dummy. */
}
/* Test mount(). */
{
mount("none", TEST_DIR, "tmpfs", 0, NULL);
write_status("DENY_CONCEAL_MOUNT=enforcing\n");
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs')", 1);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
show_prompt("mount('none', '/tmp/', 'tmpfs')", 1);
if (mount("none", "/tmp/", "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
show_prompt("mount('none', '/', 'tmpfs')", 1);
if (mount("none", "/", "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
write_status("DENY_CONCEAL_MOUNT=permissive\n");
show_prompt("mount('none', '" TEST_DIR "', 'tmpfs')", 0);
if (mount("none", TEST_DIR, "tmpfs", 0, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
write_status("DENY_CONCEAL_MOUNT=disabled\n");
while (umount(TEST_DIR) == 0)
c++; /* Dummy. */
}
/* Test umount(). */
{
write_status("RESTRICT_UNMOUNT=enforcing\n");
/* Test standard case */
write_policy("deny_unmount " TEST_DIR "\n");
mount("none", TEST_DIR, "tmpfs", 0, NULL);
show_prompt("umount('" TEST_DIR "') for '" TEST_DIR "'", 1);
if (umount(TEST_DIR) == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
write_policy("delete deny_unmount " TEST_DIR "\n");
mount("none", TEST_DIR, "tmpfs", 0, NULL);
show_prompt("umount('" TEST_DIR "') for '" TEST_DIR "'", 0);
if (umount(TEST_DIR) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
/* Test pattern */
write_policy("deny_unmount " TEST_DIR_PATTERN "\n");
mount("none", TEST_DIR, "tmpfs", 0, NULL);
show_prompt("umount('" TEST_DIR "') for '" TEST_DIR_PATTERN "'",
1);
if (umount(TEST_DIR) == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
write_policy("delete deny_unmount " TEST_DIR_PATTERN "\n");
write_status("RESTRICT_UNMOUNT=disabled\n");
while (umount(TEST_DIR) == 0)
c++; /* Dummy. */
}
/* Test chroot(). */
{
write_status("RESTRICT_CHROOT=enforcing\n");
/* Test standard case */
write_policy("allow_chroot " TEST_DIR "\n");
show_prompt("chroot('" TEST_DIR "') for '" TEST_DIR "'", 0);
fflush(stdout);
if (fork() == 0) {
if (chroot(TEST_DIR) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
write_policy("delete allow_chroot " TEST_DIR "\n");
show_prompt("chroot('" TEST_DIR "') for '" TEST_DIR "'", 1);
fflush(stdout);
if (fork() == 0) {
if (chroot(TEST_DIR) == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
/* Test pattern */
write_policy("allow_chroot " TEST_DIR_PATTERN "\n");
show_prompt("chroot('" TEST_DIR "') for '" TEST_DIR_PATTERN "'",
0);
fflush(stdout);
if (fork() == 0) {
if (chroot(TEST_DIR) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
write_policy("delete allow_chroot " TEST_DIR_PATTERN "\n");
write_status("RESTRICT_CHROOT=disabled\n");
}
/* Test pivot_root(). */
{
int error;
char *stack = malloc(8192);
write_status("RESTRICT_PIVOT_ROOT=enforcing\n");
snprintf(stack, 8191, "allow_pivot_root %s %s\n",
pivot_root_dir, proc_policy_dir);
write_policy(stack);
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 0);
{
const pid_t pid = clone(child, stack + (8192 / 2),
CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
snprintf(stack, 8191, "delete allow_pivot_root %s %s\n",
pivot_root_dir, proc_policy_dir);
write_policy(stack);
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 1);
{
const pid_t pid = clone(child, stack + (8192 / 2),
CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
write_status("RESTRICT_PIVOT_ROOT=permissive\n");
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 0);
{
const pid_t pid = clone(child, stack + (8192 / 2),
CLONE_NEWNS, NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
write_status("RESTRICT_PIVOT_ROOT=disabled\n");
free(stack);
}
rmdir(TEST_DIR_MOVE);
rmdir(TEST_DIR_BIND);
rmdir(TEST_DIR);
close(system_fd);
clear_status();
return 0;
}
int main(int argc, char *argv[])
{
char c = 0;
tomoyo_test_init();
/* Test mount(). */
{
set_profile(3, "file::mount");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
set_profile(1, "file::mount");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == ENOMEM)
printf("OK: Out of memory.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
set_profile(3, "file::mount");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == ENOMEM)
printf("OK: Out of memory.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_mount dev\\011name / "
"fs\\011name 0\n");
show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else if (errno == ENODEV)
printf("OK: No such device.\n");
else
printf("BUG: %s\n", strerror(errno));
set_profile(1, "file::mount");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
set_profile(3, "file::mount");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
if (mount("anydev", "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
if (mount(NULL, "/", "tmpfs", 0, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success\n");
fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
set_profile(2, "file::mount");
show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
if (mount(NULL, NULL, "tmpfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount(NULL, NULL, NULL) ", 1);
if (mount(NULL, NULL, NULL, 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', NULL, NULL) ", 1);
if (mount("/", NULL, NULL, 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', NULL, 'tmpfs') ", 1);
if (mount("/", NULL, "tmpfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
if (mount("/", "/", "nonexistentfs", 0, NULL))
printf("OK: %s\n", strerror(errno));
else
printf("BUG: Did not fail.\n");
set_profile(0, "file::mount");
}
mkdir("/tmp/mount/", 0755);
mkdir("/tmp/mount_bind/", 0755);
mkdir("/tmp/mount_move/", 0755);
/* Test mount(). */
{
static char buf[4096];
char *dev_ram_path = canonicalize_file_name("/dev/ram0");
if (!dev_ram_path)
dev_ram_path = canonicalize_file_name("/dev/ram");
if (!dev_ram_path) {
dev_ram_path = "/dev/ram0";
mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
}
memset(buf, 0, sizeof(buf));
{
struct stat sbuf;
FILE *fp = NULL;
snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
dev_ram_path);
if (lstat(dev_ram_path, &sbuf) == 0 &&
S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
fp = popen(buf, "w");
if (fp) {
if (fwrite(compressed_ext2_image_sample, 1,
sizeof(compressed_ext2_image_sample), fp) !=
sizeof(compressed_ext2_image_sample))
err(1, "fwrite");
pclose(fp);
} else
fprintf(stderr, "Can't write to %s .\n",
dev_ram_path);
}
set_profile(3, "file::mount");
/* Test standard case */
show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
"'/tmp/mount/'", 1);
if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test device_name with pattern */
snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
"'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
show_prompt(buf, 1);
if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
== EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test dir_name with pattern */
show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
"'/tmp/\\?\\?\\?\\?\\?/'", 1);
if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test standard case */
fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
"'/tmp/mount/'", 0);
if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fprintf(domain_fp,
"delete allow_mount none /tmp/mount/ tmpfs 0\n");
/* Test device_name with pattern */
fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
dev_ram_path);
snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
"'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
show_prompt(buf, 0);
if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
== 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_mount %s\\* "
"/tmp/mount/ ext2 1\n", dev_ram_path);
/* Test dir_name with pattern */
fprintf(domain_fp,
"allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
"'/tmp/\\?\\?\\?\\?\\?/'", 0);
if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_mount none "
"/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
set_profile(0, "file::mount");
while (umount("/tmp/mount/") == 0)
c++; /* Dummy. */
}
/* Test mount(). */
{
mount2("none", "/tmp/mount/", "tmpfs");
set_profile(3, "file::mount");
/* Test remount case */
show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
== EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
&& errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
fprintf(domain_fp, "allow_mount something /tmp/mount/ "
"--remount 0\n");
show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
printf("BUG: %s\n", strerror(errno));
else
printf("OK: Success.\n");
fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
"--remount 0\n");
/* Test bind case */
show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
"MS_BIND)", 1);
if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
NULL) == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test move case */
show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
"MS_MOVE)", 1);
if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
NULL) == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
/* Test remount case */
fprintf(domain_fp,
"allow_mount any /tmp/mount/ --remount 0\n");
show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
== 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
"--remount 0\n");
/* Test bind case */
fprintf(domain_fp,
"allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
0);
if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
set_profile(0, "file::mount");
umount("/tmp/mount_bind/");
fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
"/tmp/mount_bind/ --bind 0\n");
/* Test move case */
set_profile(3, "file::mount");
fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
"--move 0\n");
show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
"MS_MOVE)", 0);
if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
NULL) == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
set_profile(0, "file::mount");
umount("/tmp/mount_move/");
fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
"/tmp/mount_move/ --move 0\n");
while (umount("/tmp/mount/") == 0)
c++; /* Dummy. */
}
/* Test umount(). */
{
/* Test standard case */
fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
set_profile(0, "file::umount");
mount2("none", "/tmp/mount/", "tmpfs");
set_profile(3, "file::umount");
show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
if (umount("/tmp/mount/") == 0)
printf("OK\n");
else
printf("BUG: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
set_profile(0, "file::umount");
mount2("none", "/tmp/mount/", "tmpfs");
set_profile(3, "file::umount");
show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
if (umount("/tmp/mount/") == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("FAILED: %s\n", strerror(errno));
/* Test pattern */
fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
set_profile(0, "file::umount");
mount2("none", "/tmp/mount/", "tmpfs");
set_profile(3, "file::umount");
show_prompt("umount('/tmp/mount/') for "
"'/tmp/\\?\\?\\?\\?\\?/'", 1);
if (umount("/tmp/mount/") == 0)
printf("OK\n");
else
printf("BUG: %s\n", strerror(errno));
fprintf(domain_fp,
"delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
set_profile(0, "file::umount");
while (umount("/tmp/mount/") == 0)
c++; /* Dummy. */
}
/* Test chroot(). */
{
set_profile(3, "file::chroot");
/* Test standard case */
fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
fflush(stdout);
if (fork() == 0) {
if (chroot("/tmp/mount/") == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
fflush(stdout);
if (fork() == 0) {
if (chroot("/tmp/mount/") == EOF && errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
/* Test pattern */
fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
show_prompt("chroot('/tmp/mount/') for "
"'/tmp/\\?\\?\\?\\?\\?/'", 0);
fflush(stdout);
if (fork() == 0) {
if (chroot("/tmp/mount/") == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fflush(stdout);
_exit(0);
}
wait(NULL);
fprintf(domain_fp,
"delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
set_profile(0, "file::chroot");
}
/* Test pivot_root(). */
{
int error;
static char stack[8192];
set_profile(3, "file::pivot_root");
fprintf(domain_fp, "allow_pivot_root %s %s\n",
pivot_root_dir, proc_policy_dir);
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 0);
{
const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
pivot_root_dir, proc_policy_dir);
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 1);
{
const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == EPERM)
printf("OK: Permission denied.\n");
else
printf("BUG: %s\n", strerror(errno));
set_profile(2, "file::pivot_root");
snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
proc_policy_dir);
show_prompt(stack, 0);
{
const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
NULL);
while (waitpid(pid, &error, __WALL) == EOF &&
errno == EINTR)
c++; /* Dummy. */
}
errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
if (errno == 0)
printf("OK\n");
else
printf("FAILED: %s\n", strerror(errno));
set_profile(0, "file::pivot_root");
}
rmdir("/tmp/mount_move/");
rmdir("/tmp/mount_bind/");
rmdir("/tmp/mount/");
clear_status();
return 0;
}