[LTP] [linux-2.6.36] TOMOYO Linux update

[LTP] [linux-2.6.36] TOMOYO Linux update

[Tetsuo Handa]

Hello.



I updated TOMOYO testcases for Linux 2.6.36.
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
4425 lines, 141,420 bytes.
MD5: aeb0af73a8f140d50d4ab7435b10de16



By the way, any reason not to update the

  "Download Now! ltp-full-20100228.tgz (8.8 MB)"

icon at http://sourceforge.net/projects/ltp/files/ to point to ltp-full-20100430.tgz ?



Regards.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Subrata Modak]

Hello Tetsuo Handa,

On Sun, 2010-06-06 at 17:13 +0900, Tetsuo Handa wrote:
> Hello.
> 
> 
> 
> I updated TOMOYO testcases for Linux 2.6.36.
> http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
> 4425 lines, 141,420 bytes.
> MD5: aeb0af73a8f140d50d4ab7435b10de16

Thanks for intimating us the updates about the TOMYO test cases. Would
you mind sending us a patch against the LTP git
repo(git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev) so that i can
push your path against the latest tree.


> 
> 
> By the way, any reason not to update the
> 
>   "Download Now! ltp-full-20100228.tgz (8.8 MB)"
> 
> icon at http://sourceforge.net/projects/ltp/files/ to point to ltp-full-20100430.tgz ?

Ok. I will fix that soon. Thanks for pointing out the anomaly.

Regards--
Subrata

> 
> 
> 
> Regards.
> 
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
> lucky parental unit.  See the prize list and enter to win: 
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Tetsuo Handa]

Hello.

Subrata Modak wrote:
> > I updated TOMOYO testcases for Linux 2.6.36.
> > http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
> > 4425 lines, 141,420 bytes.
> > MD5: aeb0af73a8f140d50d4ab7435b10de16
> 
> Thanks for intimating us the updates about the TOMYO test cases. Would
> you mind sending us a patch against the LTP git
> repo(git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev) so that i can
> push your path against the latest tree.
> 
Above one applies against http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz

I didn't know ltp moved repository from cvs to git.
I downloaded files from cvs. Adding some notes on
http://ltp.sourceforge.net/documentation/how-to/ltp.php#_3.2
might help preventing users from downloading old files.

Regards.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Subrata Modak]

On Mon, 2010-06-07 at 15:51 +0900, Tetsuo Handa wrote:
> Hello.
> 
> Subrata Modak wrote:
> > > I updated TOMOYO testcases for Linux 2.6.36.
> > > http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
> > > 4425 lines, 141,420 bytes.
> > > MD5: aeb0af73a8f140d50d4ab7435b10de16
> > 
> > Thanks for intimating us the updates about the TOMYO test cases. Would
> > you mind sending us a patch against the LTP git
> > repo(git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev) so that i can
> > push your path against the latest tree.
> > 
> Above one applies against http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz
> 
> I didn't know ltp moved repository from cvs to git.
> I downloaded files from cvs. Adding some notes on
> http://ltp.sourceforge.net/documentation/how-to/ltp.php#_3.2
> might help preventing users from downloading old files.

The patch will apply fine with the git tree as well, as, no changes has
gone into the TOMYO tree recently. And git is just a migration from cvs
without harming the code. So, all patches will apply to git as well.
However, this patch did not apply as it was not created properly:

patching file testcases/kernel/security/tomoyo/README
patching file testcases/kernel/security/tomoyo/include.h
patching file testcases/kernel/security/tomoyo/newns.c
patching file testcases/kernel/security/tomoyo/testall.sh
patching file testcases/kernel/security/tomoyo/tomoyo_accept_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_file_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
patch: **** malformed patch at line 2088: 

Please create it properly and send me.

Meanwhile i am having trouble logging to the sf.net site. I will change
the documentation accordingly when i get a proper access.

Regards--
Subrata

> 
> Regards.


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Tetsuo Handa]

Subrata Modak wrote:
> However, this patch did not apply as it was not created properly:
That's strange... I can apply this patch cleanly. What tree should I use?

[root@tomoyo tmp]# wget 'http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;s
f=tgz'
--2010-06-07 19:19:34--  http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz
Resolving ltp.git.sourceforge.net... 216.34.181.91
Connecting to ltp.git.sourceforge.net|216.34.181.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving to: `gitweb.cgi?p=ltp%2Fltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz'

    [                                                                          <=>                          ] 8,240,148    118K/s   in 77s

2010-06-07 19:20:54 (104 KB/s) - `gitweb.cgi?p=ltp%2Fltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz' saved [8240148]

[root@tomoyo tmp]# tar -zxf gitweb.cgi\?p\=ltp%2Fltp-dev.git\;a\=snapshot\;h\=7f20a3add6c7f2166dbab5a712713ae8b5943448\;sf\=tgz
[root@tomoyo tmp]# cd ltp-dev/
[root@tomoyo ltp-dev]# wget 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&r
oot=tomoyo'
--2010-06-07 19:21:31--  http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
Resolving sourceforge.jp... 202.221.179.21
Connecting to sourceforge.jp|202.221.179.21|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/unregisterd-mime-type-to-avoid-IE-MIME-sniffing]
Saving to: `tomoyo-ltp.diff?revision=3740&root=tomoyo'

    [ <=>                                                                                                   ] 141,420     --.-K/s   in 0.08s

2010-06-07 19:21:31 (1.75 MB/s) - `tomoyo-ltp.diff?revision=3740&root=tomoyo' saved [141420]

[root@tomoyo ltp-dev]# md5sum tomoyo-ltp.diff\?revision\=3740\&root\=tomoyo
aeb0af73a8f140d50d4ab7435b10de16  tomoyo-ltp.diff?revision=3740&root=tomoyo
[root@tomoyo ltp-dev]# patch --dry-run -p1 < tomoyo-ltp.diff\?revision\=3740\&root\=tomoyo
patching file testcases/kernel/security/tomoyo/README
patching file testcases/kernel/security/tomoyo/include.h
patching file testcases/kernel/security/tomoyo/newns.c
patching file testcases/kernel/security/tomoyo/testall.sh
patching file testcases/kernel/security/tomoyo/tomoyo_accept_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_file_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_new_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
patching file testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
[root@tomoyo ltp-dev]#

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Garrett Cooper]

On Mon, Jun 7, 2010 at 2:11 AM, Subrata Modak
<subrata@linux.vnet.ibm.com> wrote:
> On Mon, 2010-06-07 at 15:51 +0900, Tetsuo Handa wrote:
>> Hello.
>>
>> Subrata Modak wrote:
>> > > I updated TOMOYO testcases for Linux 2.6.36.
>> > > http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
>> > > 4425 lines, 141,420 bytes.
>> > > MD5: aeb0af73a8f140d50d4ab7435b10de16
>> >
>> > Thanks for intimating us the updates about the TOMYO test cases. Would
>> > you mind sending us a patch against the LTP git
>> > repo(git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev) so that i can
>> > push your path against the latest tree.
>> >
>> Above one applies against http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz
>>
>> I didn't know ltp moved repository from cvs to git.
>> I downloaded files from cvs. Adding some notes on
>> http://ltp.sourceforge.net/documentation/how-to/ltp.php#_3.2
>> might help preventing users from downloading old files.
>
> The patch will apply fine with the git tree as well, as, no changes has
> gone into the TOMYO tree recently. And git is just a migration from cvs
> without harming the code. So, all patches will apply to git as well.
> However, this patch did not apply as it was not created properly:
>
> patching file testcases/kernel/security/tomoyo/README
> patching file testcases/kernel/security/tomoyo/include.h
> patching file testcases/kernel/security/tomoyo/newns.c
> patching file testcases/kernel/security/tomoyo/testall.sh
> patching file testcases/kernel/security/tomoyo/tomoyo_accept_test.c
> patching file testcases/kernel/security/tomoyo/tomoyo_file_test.c
> patching file testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
> patch: **** malformed patch at line 2088:
>
> Please create it properly and send me.
>
> Meanwhile i am having trouble logging to the sf.net site. I will change
> the documentation accordingly when i get a proper access.

Here's some info that might help:

1. Rishi tried to get the SF folks to disable the CVS SCM, but it
appears that it didn't get pushed through.
2. You might be trying to pull the from the wrong git branch. Try
something like: git clone
git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .

HTH,
-Garrett

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Tetsuo Handa]

Garrett Cooper wrote:
> 2. You might be trying to pull the from the wrong git branch. Try
> something like: git clone
> git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .

Is it possible to use http:// since I can't use git:// due to firewall.

Thanks.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Garrett Cooper]

On Jun 7, 2010, at 2:28 PM, Tetsuo Handa wrote:

> Garrett Cooper wrote:
>> 2. You might be trying to pull the from the wrong git branch. Try
>> something like: git clone
>> git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .
> 
> Is it possible to use http:// since I can't use git:// due to firewall.

Try and see whether or not it's possible :)...
-Garrett

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Subrata Modak]

On Mon, 2010-06-07 at 09:04 -0700, Garrett Cooper wrote:
> On Mon, Jun 7, 2010 at 2:11 AM, Subrata Modak
> <subrata@linux.vnet.ibm.com> wrote:
> > On Mon, 2010-06-07 at 15:51 +0900, Tetsuo Handa wrote:
> >> Hello.
> >>
> >> Subrata Modak wrote:
> >> > > I updated TOMOYO testcases for Linux 2.6.36.
> >> > > http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=3740&root=tomoyo
> >> > > 4425 lines, 141,420 bytes.
> >> > > MD5: aeb0af73a8f140d50d4ab7435b10de16
> >> >
> >> > Thanks for intimating us the updates about the TOMYO test cases. Would
> >> > you mind sending us a patch against the LTP git
> >> > repo(git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev) so that i can
> >> > push your path against the latest tree.
> >> >
> >> Above one applies against http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp-dev.git;a=snapshot;h=7f20a3add6c7f2166dbab5a712713ae8b5943448;sf=tgz
> >>
> >> I didn't know ltp moved repository from cvs to git.
> >> I downloaded files from cvs. Adding some notes on
> >> http://ltp.sourceforge.net/documentation/how-to/ltp.php#_3.2
> >> might help preventing users from downloading old files.
> >
> > The patch will apply fine with the git tree as well, as, no changes has
> > gone into the TOMYO tree recently. And git is just a migration from cvs
> > without harming the code. So, all patches will apply to git as well.
> > However, this patch did not apply as it was not created properly:
> >
> > patching file testcases/kernel/security/tomoyo/README
> > patching file testcases/kernel/security/tomoyo/include.h
> > patching file testcases/kernel/security/tomoyo/newns.c
> > patching file testcases/kernel/security/tomoyo/testall.sh
> > patching file testcases/kernel/security/tomoyo/tomoyo_accept_test.c
> > patching file testcases/kernel/security/tomoyo/tomoyo_file_test.c
> > patching file testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
> > patch: **** malformed patch at line 2088:
> >
> > Please create it properly and send me.
> >
> > Meanwhile i am having trouble logging to the sf.net site. I will change
> > the documentation accordingly when i get a proper access.
> 
> Here's some info that might help:
> 
> 1. Rishi tried to get the SF folks to disable the CVS SCM, but it
> appears that it didn't get pushed through.
> 2. You might be trying to pull the from the wrong git branch. Try
> something like: git clone
> git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .

Good to see your mail after long time. I am hoping that you are not
vanishing off completely from LTP mailing list ;-)

I am not having problem with the git. I am having all write access. The
problem is getting access to their SHELL server to change the
documentation :-(

Regards--
Subrata

> 
> HTH,
> -Garrett


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Tetsuo Handa]

Garrett Cooper wrote:
> On Jun 7, 2010, at 2:28 PM, Tetsuo Handa wrote:
> 
> > Garrett Cooper wrote:
> >> 2. You might be trying to pull the from the wrong git branch. Try
> >> something like: git clone
> >> git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .
> > 
> > Is it possible to use http:// since I can't use git:// due to firewall.
> 
> Try and see whether or not it's possible :)...

I couldn't use http:// .
Also http://sourceforge.net/apps/trac/sourceforge/wiki/Git says that
anonymous (read-only) access supports only git:// .



Subrata Modak wrote:
> Please create it properly and send me.
Here is the updated patch against git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git#next .

Posting large patches (like below) OK in this ML?

Regards.
----------
[PATCH] Update test programs for TOMOYO LSM module.

This patch updates test programs for TOMOYO 2.3 which will be included into
Linux kernel 2.6.36.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

 README                      |   23 -
 include.h                   |  326 +++++++++++---
 newns.c                     |    2
 testall.sh                  |   19
 tomoyo_accept_test.c        |  145 ++++++
 tomoyo_file_test.c          |  970 ++++----------------------------------------
 tomoyo_filesystem_test.c    |  632 ++++++++++++++++++++++++++++
 tomoyo_new_file_test.c      |  631 ++++++++++++++++++++++++++++
 tomoyo_new_test.c           |  682 ++++++++++++++++++++++++++++++
 tomoyo_policy_io_test.c     |  195 ++++++++
 tomoyo_policy_memory_test.c |  358 ++++++++++++++++
 tomoyo_rewrite_test.c       |  169 +++++++
 12 files changed, 3181 insertions(+), 971 deletions(-)

diff --git a/testcases/kernel/security/tomoyo/README b/testcases/kernel/security/tomoyo/README
index b112353..0cb5388 100644
--- a/testcases/kernel/security/tomoyo/README
+++ b/testcases/kernel/security/tomoyo/README
@@ -1,5 +1,5 @@
 Always look here for latest version of these tests:
-http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.2.x/kernel_test/?root=tomoyo
+http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/?root=tomoyo
 
 These testcases test the TOMOYO Security Module. And they are not part of
 default LTP build/install/run.
@@ -9,20 +9,19 @@ The securityfs filesystem must be mounted at /sys/kernel/security .
 
 Preparation steps are:
 
-1) Download ccs-tools package from http://osdn.dl.sourceforge.jp/tomoyo/30298/
-   and extract and build and install.
+1) Download tomoyo-tools package and extract and build and install.
 
-  # wget http://osdn.dl.sourceforge.jp/tomoyo/30298/ccs-tools-1.6.8-20090623.tar.gz
-  # tar -zxf ccs-tools-1.6.8-20090623.tar.gz
-  # make -C ccstools/ install 
+  # wget -O tomoyo-tools.tar.gz 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar'
+  # tar -zxf tomoyo-tools.tar.gz
+  # make -C tomoyo-tools/ install
 
-  Programs are installed in /usr/lib/ccs/ directory and some symlinks are
-  created in /usr/sbin/ directory with prefix "ccs-".
+  Programs are installed in /usr/sbin/ with prefix "tomoyo-" and
+  /usr/lib/tomoyo/ directory without prefix "tomoyo-".
 
-  You can make a RPM package by "rpmbuild -bb ccstools/ccs-tools.spec" and
+  You can make a RPM package by "rpmbuild -bb tomoyo-tools/tomoyo-tools.spec" and
   a DEB package by "alien -k" after "rpmbuild -bb".
 
-2) Run /usr/lib/ccs/tomoyo_init_policy.sh .
+2) Run /usr/lib/tomoyo/init_policy .
 
    This will take several minutes.
 
@@ -40,10 +39,12 @@ Preparation steps are:
 4) Build the tests.
 
    # (extract the tar ball containing the tests.)
+   # make autotools
+   # ./configure
    # cd testcases/kernel/security/tomoyo/
    # make
    # find `/bin/pwd` -type f -perm +100 >> /etc/tomoyo/manager.conf
-   # /usr/sbin/ccs-loadpolicy m
+   # /usr/sbin/tomoyo-loadpolicy m
 
 Test steps are:
 
diff --git a/testcases/kernel/security/tomoyo/include.h b/testcases/kernel/security/tomoyo/include.h
index be83a5a..2d3356f 100644
--- a/testcases/kernel/security/tomoyo/include.h
+++ b/testcases/kernel/security/tomoyo/include.h
@@ -22,10 +22,7 @@
  *
  * Common functions for testing TOMOYO Linux's kernel.
  *
- * Copyright (C) 2005-2009  NTT DATA CORPORATION
- *
- * Version: 2.2.0   2009/06/23
- *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #include <errno.h>
 #include <fcntl.h>
@@ -47,6 +44,13 @@
 #include <time.h>
 #include <unistd.h>
 #include <utime.h>
+#include "test.h"
+#include <sched.h>
+#include <stdarg.h>
+#include <sys/mount.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <linux/ip.h>
 
 /* 
  * Some architectures like mips n32 don't have __NR_uselib defined in the
@@ -65,53 +69,80 @@ static inline int uselib(const char *library)
 }
 #endif
 
-#define proc_policy_dir              "/sys/kernel/security/tomoyo/"
-#define proc_policy_domain_policy    proc_policy_dir "domain_policy"
-#define proc_policy_exception_policy proc_policy_dir "exception_policy"
-#define proc_policy_profile          proc_policy_dir "profile"
-#define proc_policy_self_domain      proc_policy_dir "self_domain"
-
-static void fprintf_encoded(FILE *fp, const char *pathname)
+/* Is there an architecture without __NR_pivot_root defined? */
+#ifdef __NR_pivot_root
+static inline int pivot_root(const char *new_root, const char *put_old)
 {
-	while (1) {
-		unsigned char c = *(const unsigned char *) pathname++;
-		if (!c)
-			break;
-		if (c == '\\') {
-			fputc('\\', fp);
-			fputc('\\', fp);
-		} else if (c > ' ' && c < 127) {
-			fputc(c, fp);
-		} else {
-			fprintf(fp, "\\%c%c%c", (c >> 6) + '0',
-				((c >> 3) & 7) + '0', (c & 7) + '0');
-		}
-	}
+	return syscall(__NR_pivot_root, new_root, put_old);
 }
-
-static char self_domain[4096] = "";
-static FILE *fp_domain = NULL;
-static FILE *fp_exception = NULL;
-static FILE *fp_profile = NULL;
-
-static void write_profile(const char *cp)
+#else
+static inline int pivot_root(const char *new_root, const char *put_old)
 {
-	fprintf(fp_profile, "%s", cp);
-	fflush(fp_profile);
+	errno = ENOSYS;
+	return -1;
 }
+#endif
+
+#define proc_policy_dir              "/sys/kernel/security/tomoyo/"
+#define proc_policy_domain_policy    "/sys/kernel/security/tomoyo/domain_policy"
+#define proc_policy_exception_policy "/sys/kernel/security/tomoyo/exception_policy"
+#define proc_policy_profile          "/sys/kernel/security/tomoyo/profile"
+#define proc_policy_manager          "/sys/kernel/security/tomoyo/manager"
+#define proc_policy_query            "/sys/kernel/security/tomoyo/query"
+#define proc_policy_grant_log        "/sys/kernel/security/tomoyo/grant_log"
+#define proc_policy_reject_log       "/sys/kernel/security/tomoyo/reject_log"
+#define proc_policy_domain_status    "/sys/kernel/security/tomoyo/.domain_status"
+#define proc_policy_process_status   "/sys/kernel/security/tomoyo/.process_status"
+#define proc_policy_self_domain      "/sys/kernel/security/tomoyo/self_domain"
+
+static FILE *profile_fp = NULL;
+static FILE *domain_fp = NULL;
+static FILE *exception_fp = NULL;
+static char self_domain[4096] = "";
+static pid_t pid = 0;
 
 static void clear_status(void)
 {
+	static const char *keywords[] = {
+		"file::execute",
+		"file::open",
+		"file::create",
+		"file::unlink",
+		"file::mkdir",
+		"file::rmdir",
+		"file::mkfifo",
+		"file::mksock",
+		"file::truncate",
+		"file::symlink",
+		"file::rewrite",
+		"file::mkblock",
+		"file::mkchar",
+		"file::link",
+		"file::rename",
+		"file::chmod",
+		"file::chown",
+		"file::chgrp",
+		"file::ioctl",
+		"file::chroot",
+		"file::mount",
+		"file::umount",
+		"file::pivot_root",
+		NULL
+	};
+	int i;
 	FILE *fp = fopen(proc_policy_profile, "r");
 	static char buffer[4096];
 	if (!fp) {
 		fprintf(stderr, "Can't open %s\n", proc_policy_profile);
 		exit(1);
 	}
+	for (i = 0; keywords[i]; i++)
+		fprintf(profile_fp,
+			"255-CONFIG::%s={ mode=disabled }\n",
+			keywords[i]);
 	while (memset(buffer, 0, sizeof(buffer)),
 	       fgets(buffer, sizeof(buffer) - 10, fp)) {
 		const char *mode;
-		int v;
 		char *cp = strchr(buffer, '=');
 		if (!cp)
 			continue;
@@ -123,61 +154,196 @@ static void clear_status(void)
 		*cp++ = '\0';
 		if (strcmp(buffer, "0"))
 			continue;
+		fprintf(profile_fp, "255-%s", cp);
 		if (!strcmp(cp, "COMMENT"))
-			mode = "=Profile for kernel test";
-		else if (sscanf(mode, "%u", &v) == 1)
-			mode = "=0";
+			mode = "Profile for kernel test\n";
 		else
-			mode = "=disabled";
-		fprintf(fp_profile, "255-%s%s\n", cp, mode);
+			mode = "{ mode=disabled verbose=no }\n";
+		fprintf(profile_fp, "255-%s=%s", cp, mode);
 	}
+	fprintf(profile_fp, "255-PREFERENCE::learning= verbose=no\n");
+	fprintf(profile_fp, "255-PREFERENCE::enforcing= verbose=no\n");
+	fprintf(profile_fp, "255-PREFERENCE::permissive= verbose=no\n");
+	fprintf(profile_fp, "255-PREFERENCE::disabled= verbose=no\n");
+	fprintf(profile_fp, "255-PREFERENCE::learning= max_entry=2048\n");
+	fflush(profile_fp);
 	fclose(fp);
-	fflush(fp_profile);
 }
 
-static void ccs_test_init(void)
+static void tomoyo_test_init(void)
 {
-	int fd = open(proc_policy_self_domain, O_RDONLY);
-	memset(self_domain, 0, sizeof(self_domain));
-	read(fd, self_domain, sizeof(self_domain) - 1);
-	close(fd);
-	errno = 0;
-	fp_profile = fopen(proc_policy_profile, "w");
-	fp_domain = fopen(proc_policy_domain_policy, "w");
-	fp_exception = fopen(proc_policy_exception_policy, "w");
-	if (!fp_domain || !fp_exception || !fp_profile) {
-		if (errno != ENOENT)
-			fprintf(stderr, "Please run \n"
-				"# echo 255-MAC_FOR_FILE=disabled | "
-				"/usr/sbin/ccs-loadpolicy -p\n");
-		else
-			fprintf(stderr, "You can't use this program "
-				"for this kernel.\n");
+	pid = getpid();
+	if (access(proc_policy_dir, F_OK)) {
+		fprintf(stderr, "You can't use this program for this kernel."
+			"\n");
 		exit(1);
 	}
-	if (fwrite("\n", 1, 1, fp_profile) != 1 || fflush(fp_profile)) {
-		memset(self_domain, 0, sizeof(self_domain));
-		readlink("/proc/self/exe", self_domain,
-			 sizeof(self_domain) - 1);
-		if (self_domain[0] != '/')
-			snprintf(self_domain, sizeof(self_domain) - 1,
-				 "path_to_this_program");
-		fprintf(stderr, "Please do either\n"
-			"(a) run\n"
-			"    # echo ");
-		fprintf_encoded(stderr, self_domain);
-		fprintf(stderr, " >> /etc/tomoyo/manager.conf\n"
-			"    and reboot\n"
-			"or\n"
-			"(b) run\n"
-			"    # echo ");
-		fprintf_encoded(stderr, self_domain);
-		fprintf(stderr, " | /usr/sbin/ccs-loadpolicy -m\n"
-			"before running this program.\n");
+	profile_fp = fopen(proc_policy_profile, "w");
+	if (!profile_fp) {
+		fprintf(stderr, "Can't open %s .\n", proc_policy_profile);
+		exit(1);
+	}
+	setlinebuf(profile_fp);
+	domain_fp = fopen(proc_policy_domain_policy, "w");
+	if (!domain_fp) {
+		fprintf(stderr, "Can't open %s .\n",
+			proc_policy_domain_policy);
+		exit(1);
+	}
+	setlinebuf(domain_fp);
+	exception_fp = fopen(proc_policy_exception_policy, "w");
+	if (!exception_fp) {
+		fprintf(stderr, "Can't open %s .\n",
+			proc_policy_exception_policy);
+		exit(1);
+	}
+	setlinebuf(exception_fp);
+	if (fputc('\n', profile_fp) != '\n' || fflush(profile_fp)) {
+		fprintf(stderr, "You need to register this program to %s to "
+			"run this program.\n", proc_policy_manager);
 		exit(1);
 	}
 	clear_status();
-	fprintf(fp_domain, "%s\nuse_profile 255\n", self_domain);
-	fflush(fp_domain);
-	write_profile("255-TOMOYO_VERBOSE=enabled\n");
+	{
+		FILE *fp = fopen(proc_policy_self_domain, "r");
+		memset(self_domain, 0, sizeof(self_domain));
+		if (!fp || !fgets(self_domain, sizeof(self_domain) - 1, fp) ||
+		    fclose(fp)) {
+			fprintf(stderr, "Can't open %s .\n",
+				proc_policy_self_domain);
+			exit(1);
+		}
+	}
+	fprintf(domain_fp, "select pid=%u\n", pid);
+	fprintf(domain_fp, "use_profile 255\n");
+	fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/domain_policy\n");
+	fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/domain_policy\n");
+	fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/exception_policy\n");
+	fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/exception_policy\n");
+	fprintf(domain_fp, "allow_read/write /sys/kernel/security/tomoyo/profile\n");
+	fprintf(domain_fp, "allow_truncate /sys/kernel/security/tomoyo/profile\n");
+}
+
+static void BUG(const char *fmt, ...)
+	__attribute__ ((format(printf, 1, 2)));
+
+static void BUG(const char *fmt, ...)
+{
+	va_list args;
+	printf("BUG: ");
+	va_start(args, fmt);
+	vprintf(fmt, args);
+	va_end(args);
+	putchar('\n');
+	fflush(stdout);
+	while (1)
+		sleep(100);
+}
+
+static int write_domain_policy(const char *policy, int is_delete)
+{
+	FILE *fp = fopen(proc_policy_domain_policy, "r");
+	char buffer[8192];
+	int domain_found = 0;
+	int policy_found = 0;
+	memset(buffer, 0, sizeof(buffer));
+	if (!fp) {
+		BUG("Can't read %s", proc_policy_domain_policy);
+		return 0;
+	}
+	if (is_delete)
+		fprintf(domain_fp, "delete ");
+	fprintf(domain_fp, "%s\n", policy);
+	while (fgets(buffer, sizeof(buffer) - 1, fp)) {
+		char *cp = strchr(buffer, '\n');
+		if (cp)
+			*cp = '\0';
+		if (!strncmp(buffer, "<kernel>", 8))
+			domain_found = !strcmp(self_domain, buffer);
+		if (!domain_found)
+			continue;
+		/* printf("<%s>\n", buffer); */
+		if (strcmp(buffer, policy))
+			continue;
+		policy_found = 1;
+		break;
+	}
+	fclose(fp);
+	if (policy_found == is_delete) {
+		BUG("Can't %s %s", is_delete ? "delete" : "append",
+		    policy);
+		return 0;
+	}
+	errno = 0;
+	return 1;
+
+}
+
+static int write_exception_policy(const char *policy, int is_delete)
+{
+	FILE *fp = fopen(proc_policy_exception_policy, "r");
+	char buffer[8192];
+	int policy_found = 0;
+	memset(buffer, 0, sizeof(buffer));
+	if (!fp) {
+		BUG("Can't read %s", proc_policy_exception_policy);
+		return 0;
+	}
+	if (is_delete)
+		fprintf(exception_fp, "delete ");
+	fprintf(exception_fp, "%s\n", policy);
+	while (fgets(buffer, sizeof(buffer) - 1, fp)) {
+		char *cp = strchr(buffer, '\n');
+		if (cp)
+			*cp = '\0';
+		if (strcmp(buffer, policy))
+			continue;
+		policy_found = 1;
+		break;
+	}
+	fclose(fp);
+	if (policy_found == is_delete) {
+		BUG("Can't %s %s", is_delete ? "delete" : "append",
+		    policy);
+		return 0;
+	}
+	errno = 0;
+	return 1;
+
+}
+
+static int set_profile(const int mode, const char *name)
+{
+	static const char *modes[4] = { "disabled", "learning", "permissive",
+					"enforcing" };
+	FILE *fp = fopen(proc_policy_profile, "r");
+	char buffer[8192];
+	int policy_found = 0;
+	const int len = strlen(name);
+	if (!fp) {
+		BUG("Can't read %s", proc_policy_profile);
+		return 0;
+	}
+	fprintf(profile_fp, "255-CONFIG::%s=%s\n", name, modes[mode]);
+	while (memset(buffer, 0, sizeof(buffer)),
+	       fgets(buffer, sizeof(buffer) - 1, fp)) {
+		char *cp = strchr(buffer, '\n');
+		if (cp)
+			*cp = '\0';
+		if (strncmp(buffer, "255-CONFIG::", 12) ||
+		    strncmp(buffer + 12, name, len) ||
+		    buffer[12 + len] != '=')
+			continue;
+		if (strstr(buffer + 13 + len, modes[mode]))
+			policy_found = 1;
+		break;
+	}
+	fclose(fp);
+	if (!policy_found) {
+		BUG("Can't change profile to 255-CONFIG::%s=%s",
+		    name, modes[mode]);
+		return 0;
+	}
+	errno = 0;
+	return 1;
 }
diff --git a/testcases/kernel/security/tomoyo/newns.c b/testcases/kernel/security/tomoyo/newns.c
index c170b93..cb93588 100644
--- a/testcases/kernel/security/tomoyo/newns.c
+++ b/testcases/kernel/security/tomoyo/newns.c
@@ -1,6 +1,6 @@
 /******************************************************************************/
 /*                                                                            */
-/* Copyright (c) Tutsi Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009      */
+/* Copyright (c) Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, 2009      */
 /*                                                                            */
 /* This program is free software;  you can redistribute it and/or modify      */
 /* it under the terms of the GNU General Public License as published by       */
diff --git a/testcases/kernel/security/tomoyo/testall.sh b/testcases/kernel/security/tomoyo/testall.sh
index 3e7049a..325a8d5 100644
--- a/testcases/kernel/security/tomoyo/testall.sh
+++ b/testcases/kernel/security/tomoyo/testall.sh
@@ -23,7 +23,24 @@ cd ${0%/*}
 export PATH=$PWD:${PATH}
 
 echo "Testing all. (All results are reported)"
+newns tomoyo_accept_test
+newns tomoyo_filesystem_test
 newns tomoyo_file_test
+newns tomoyo_rewrite_test
+newns tomoyo_new_file_test
+newns tomoyo_new_test
+echo
+echo
 echo
 echo "Testing all. (Only ERRORS are reported)"
-newns tomoyo_file_test | grep -vF OK
+newns tomoyo_accept_test | grep -vF Done
+newns tomoyo_filesystem_test | grep -vF OK | grep -F '('
+newns tomoyo_file_test | grep -vF OK | grep -F '('
+newns tomoyo_rewrite_test | grep -vF OK | grep -F '('
+newns tomoyo_new_test | grep -vF OK
+echo
+echo
+echo
+echo "Testing policy I/O.  (Only ERRORS are reported)"
+newns tomoyo_policy_io_test | grep -vF OK
+newns tomoyo_new_file_test | grep -vF OK
diff --git a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c b/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
index e69de29..1e29505 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_accept_test.c
@@ -0,0 +1,145 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_accept_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#include "include.h"
+
+static void set_level(const int i)
+{
+	set_profile(i, "file::execute");
+	set_profile(i, "file::open");
+	set_profile(i, "file::create");
+	set_profile(i, "file::unlink");
+	set_profile(i, "file::mkdir");
+	set_profile(i, "file::rmdir");
+	set_profile(i, "file::mkfifo");
+	set_profile(i, "file::mksock");
+	set_profile(i, "file::truncate");
+	set_profile(i, "file::symlink");
+	set_profile(i, "file::rewrite");
+	set_profile(i, "file::mkblock");
+	set_profile(i, "file::mkchar");
+	set_profile(i, "file::link");
+	set_profile(i, "file::rename");
+	set_profile(i, "file::chmod");
+	set_profile(i, "file::chown");
+	set_profile(i, "file::chgrp");
+	set_profile(i, "file::ioctl");
+	set_profile(i, "file::chroot");
+	set_profile(i, "file::mount");
+	set_profile(i, "file::umount");
+	set_profile(i, "file::pivot_root");
+}
+
+static void test(int rw_loop, int truncate_loop, int append_loop,
+		 int create_loop)
+{
+	static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
+	static const int create_flags[3] = { 0, O_CREAT /* nonexistent*/ ,
+					     O_CREAT /* existent */ };
+	static const int truncate_flags[2] = { 0, O_TRUNC };
+	static const int append_flags[2] = { 0, O_APPEND };
+	int level;
+	int flags;
+	int i;
+	int fd;
+	static char buffer[1024];
+	memset(buffer, 0, sizeof(buffer));
+	snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
+		 append_loop, truncate_loop, create_loop, rw_loop);
+	fprintf(exception_fp, "deny_rewrite %s\n", buffer);
+	flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
+		append_flags[append_loop] | create_flags[create_loop];
+	for (i = 1; i < 8; i++)
+		fprintf(domain_fp, "delete %d %s\n", i, buffer);
+	for (level = 0; level < 4; level++) {
+		set_level(0);
+		if (create_loop == 1)
+			unlink(buffer);
+		else
+			close(open(buffer, O_CREAT, 0644));
+		set_level(level);
+		fd = open(buffer, flags, 0644);
+		if (fd != EOF)
+			close(fd);
+		else
+			fprintf(stderr, "%d: open(%04o) failed\n", level,
+				flags);
+		/*
+		  fd = open(buffer, flags, 0644)
+		  if (fd != EOF)
+		  close(fd);
+		  else
+		  fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
+		*/
+		/*
+		  fd = open(buffer, flags, 0644);
+		  if (fd != EOF)
+		  close(fd);
+		  else
+		  fprintf(stderr, "%d: open(%04o) failed\n", level, flags);
+		*/
+	}
+	for (i = 1; i < 8; i++)
+		fprintf(domain_fp, "delete %d %s\n", i, buffer);
+	fprintf(domain_fp, "delete allow_truncate %s\n", buffer);
+	fprintf(domain_fp, "delete allow_create %s 0644\n", buffer);
+	fprintf(domain_fp, "delete allow_rewrite %s\n", buffer);
+	fd = open(buffer, flags, 0644);
+	if (fd != EOF) {
+		close(fd);
+		fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	tomoyo_test_init();
+	fprintf(profile_fp, "255-PREFERENCE::learning={ verbose=no }\n");
+	fprintf(profile_fp, "255-PREFERENCE::enforcing={ verbose=no }\n");
+	fprintf(profile_fp, "255-PREFERENCE::permissive={ verbose=no }\n");
+	fprintf(profile_fp, "255-PREFERENCE::disabled={ verbose=no }\n");
+	set_profile(0, "file");
+	fprintf(profile_fp, "255-PREFERENCE::learning={ max_entry=2048 }\n");
+	{
+		int append_loop;
+		for (append_loop = 0; append_loop < 2; append_loop++) {
+			int truncate_loop;
+			for (truncate_loop = 0; truncate_loop < 2;
+			     truncate_loop++) {
+				int create_loop;
+				for (create_loop = 0; create_loop < 3;
+				     create_loop++) {
+					int rw_loop;
+					for (rw_loop = 0; rw_loop < 4;
+					     rw_loop++)
+						test(rw_loop, truncate_loop,
+						     append_loop, create_loop);
+				}
+			}
+		}
+	}
+	fprintf(profile_fp, "255-CONFIG::file=disabled\n");
+	printf("Done\n");
+	clear_status();
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_file_test.c
index ac1dce4..b1fd394 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_file_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_file_test.c
@@ -19,36 +19,35 @@
  *
  * Testing program for security/tomoyo/
  *
- * Copyright (C) 2005-2009  NTT DATA CORPORATION
- *
- * Version: 2.2.0   2009/06/23
- *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #include "include.h"
 
+static int should_fail = 0;
+
 static void show_prompt(const char *str)
 {
-	printf("Testing %35s:", str);
+	printf("Testing %35s: (%s) ", str,
+	       should_fail ? "must fail" : "should success");
 	errno = 0;
 }
 
-static void show_result(int result, int should_success)
+static void show_result(int result)
 {
-	const int err = errno;
-	if (should_success) {
-		if (result != EOF)
-			printf("OK\n");
-		else
-			printf("%s\n", strerror(err));
-	} else {
+	if (should_fail) {
 		if (result == EOF) {
-			if (err == EPERM)
+			if (errno == EPERM)
 				printf("OK: Permission denied.\n");
 			else
-				printf("FAILED: %s\n", strerror(err));
+				printf("FAILED: %s\n", strerror(errno));
 		} else {
 			printf("BUG!\n");
 		}
+	} else {
+		if (result != EOF)
+			printf("OK\n");
+		else
+			printf("%s\n", strerror(errno));
 	}
 }
 
@@ -74,7 +73,7 @@ static const char *socket_path         = "/tmp/socket_test";
 
 static int ftruncate_fd = EOF;
 
-static void stage_file_test(int res)
+static void stage_file_test(void)
 {
 	int fd;
 	{
@@ -83,14 +82,14 @@ static void stage_file_test(int res)
 		int buffer[2] = { 32768, 61000 };
 		size_t size = sizeof(buffer);
 		show_prompt("sysctl(READ)");
-		show_result(sysctl(name, 3, buffer, &size, 0, 0), res);
+		show_result(sysctl(name, 3, buffer, &size, 0, 0));
 		show_prompt("sysctl(WRITE)");
-		show_result(sysctl(name, 3, 0, 0, buffer, size), res);
+		show_result(sysctl(name, 3, 0, 0, buffer, size));
 	}
 
 	/* QUESTION: Is there a file which can be passed to uselib()? */
 	show_prompt("uselib()");
-	show_result(uselib("/bin/true"), res);
+	show_result(uselib("/bin/true"));
 
 	{
 		int pipe_fd[2] = { EOF, EOF };
@@ -108,77 +107,77 @@ static void stage_file_test(int res)
 		read(pipe_fd[0], &err, sizeof(err));
 		show_prompt("execve()");
 		errno = err;
-		show_result(err ? EOF : 0, res);
+		show_result(err ? EOF : 0);
 	}
 
 	show_prompt("open(O_RDONLY)");
 	fd = open(dev_null_path, O_RDONLY);
-	show_result(fd, res);
+	show_result(fd);
 	if (fd != EOF)
 		close(fd);
 
 	show_prompt("open(O_WRONLY)");
 	fd = open(dev_null_path, O_WRONLY);
-	show_result(fd, res);
+	show_result(fd);
 	if (fd != EOF)
 		close(fd);
 
 	show_prompt("open(O_RDWR)");
 	fd = open(dev_null_path, O_RDWR);
-	show_result(fd, res);
+	show_result(fd);
 	if (fd != EOF)
 		close(fd);
 
 	show_prompt("open(O_CREAT | O_EXCL)");
 	fd = open(open_creat_path, O_CREAT | O_EXCL, 0666);
-	show_result(fd, res);
+	show_result(fd);
 	if (fd != EOF)
 		close(fd);
 
 	show_prompt("open(O_TRUNC)");
 	fd = open(truncate_path, O_TRUNC);
-	show_result(fd, res);
+	show_result(fd);
 	if (fd != EOF)
 		close(fd);
 
 	show_prompt("truncate()");
-	show_result(truncate(truncate_path, 0), res);
+	show_result(truncate(truncate_path, 0));
 
 	show_prompt("ftruncate()");
-	show_result(ftruncate(ftruncate_fd, 0), res);
+	show_result(ftruncate(ftruncate_fd, 0));
 
 	show_prompt("mknod(S_IFREG)");
-	show_result(mknod(mknod_reg_path, S_IFREG, 0), res);
+	show_result(mknod(mknod_reg_path, S_IFREG, 0));
 
 	show_prompt("mknod(S_IFCHR)");
-	show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3)), res);
+	show_result(mknod(mknod_chr_path, S_IFCHR, MKDEV(1, 3)));
 
 	show_prompt("mknod(S_IFBLK)");
-	show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0)), res);
+	show_result(mknod(mknod_blk_path, S_IFBLK, MKDEV(1, 0)));
 
 	show_prompt("mknod(S_IFIFO)");
-	show_result(mknod(mknod_fifo_path, S_IFIFO, 0), res);
+	show_result(mknod(mknod_fifo_path, S_IFIFO, 0));
 
 	show_prompt("mknod(S_IFSOCK)");
-	show_result(mknod(mknod_sock_path, S_IFSOCK, 0), res);
+	show_result(mknod(mknod_sock_path, S_IFSOCK, 0));
 
 	show_prompt("mkdir()");
-	show_result(mkdir(mkdir_path, 0600), res);
+	show_result(mkdir(mkdir_path, 0600));
 
 	show_prompt("rmdir()");
-	show_result(rmdir(rmdir_path), res);
+	show_result(rmdir(rmdir_path));
 
 	show_prompt("unlink()");
-	show_result(unlink(unlink_path), res);
+	show_result(unlink(unlink_path));
 
 	show_prompt("symlink()");
-	show_result(symlink(symlink_dest_path, symlink_source_path), res);
+	show_result(symlink(symlink_dest_path, symlink_source_path));
 
 	show_prompt("link()");
-	show_result(link(link_source_path, link_dest_path), res);
+	show_result(link(link_source_path, link_dest_path));
 
 	show_prompt("rename()");
-	show_result(rename(rename_source_path, rename_dest_path), res);
+	show_result(rename(rename_source_path, rename_dest_path));
 
 	{
 		struct sockaddr_un addr;
@@ -188,8 +187,7 @@ static void stage_file_test(int res)
 		strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
 		fd = socket(AF_UNIX, SOCK_STREAM, 0);
 		show_prompt("unix_bind()");
-		show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
-			    res);
+		show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)));
 		if (fd != EOF)
 			close(fd);
 	}
@@ -232,861 +230,77 @@ static void creanup_files(void)
 
 static void set_file_enforce(int enforce)
 {
-	if (enforce)
-		write_profile("255-MAC_FOR_FILE=enforcing\n");
-	else
-		write_profile("255-MAC_FOR_FILE=permissive\n");
-}
-
-static const char *policy = "";
-
-static int write_policy(void)
-{
-	FILE *fp;
-	char buffer[8192];
-	char *cp;
-	int domain_found = 0;
-	int policy_found = 0;
-	memset(buffer, 0, sizeof(buffer));
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	fp = fopen(proc_policy_domain_policy, "r");
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	fprintf(fp_domain, "%s\n", policy);
-	fflush(fp_domain);
-	if (!fp) {
-		printf("%s : BUG: policy read failed\n", policy);
-		return 0;
-	}
-	while (fgets(buffer, sizeof(buffer) - 1, fp)) {
-		cp = strchr(buffer, '\n');
-		if (cp)
-			*cp = '\0';
-		if (!strncmp(buffer, "<kernel>", 8))
-			domain_found = !strcmp(self_domain, buffer);
-		if (domain_found) {
-			/* printf("<%s>\n", buffer); */
-			if (!strcmp(buffer, policy)) {
-				policy_found = 1;
-				break;
-			}
-		}
-	}
-	fclose(fp);
-	if (!policy_found) {
-		printf("%s : BUG: policy write failed\n", policy);
-		return 0;
-	}
-	errno = 0;
-	return 1;
-}
-
-static void delete_policy(void)
-{
-	fprintf(fp_domain, "delete %s\n", policy);
-	fflush(fp_domain);
-	errno = 0;
-}
-
-static void show_result2(int result, char should_success)
-{
-	int err = errno;
-	printf("%s : ", policy);
-	if (should_success) {
-		if (result != EOF)
-			printf("OK\n");
-		else
-			printf("FAILED: %s\n", strerror(err));
+	if (enforce) {
+		set_profile(3, "file::execute");
+		set_profile(3, "file::open");
+		set_profile(3, "file::create");
+		set_profile(3, "file::unlink");
+		set_profile(3, "file::mkdir");
+		set_profile(3, "file::rmdir");
+		set_profile(3, "file::mkfifo");
+		set_profile(3, "file::mksock");
+		set_profile(3, "file::truncate");
+		set_profile(3, "file::symlink");
+		set_profile(3, "file::rewrite");
+		set_profile(3, "file::mkblock");
+		set_profile(3, "file::mkchar");
+		set_profile(3, "file::link");
+		set_profile(3, "file::rename");
+		set_profile(3, "file::chmod");
+		set_profile(3, "file::chown");
+		set_profile(3, "file::chgrp");
+		set_profile(3, "file::ioctl");
+		set_profile(3, "file::chroot");
+		set_profile(3, "file::mount");
+		set_profile(3, "file::umount");
+		set_profile(3, "file::pivot_root");
 	} else {
-		if (result == EOF) {
-			if (err == EPERM)
-				printf("OK: Permission denied.\n");
-			else
-				printf("FAILED: %s\n", strerror(err));
-		} else {
-			printf("BUG: didn't fail.\n");
-		}
+		set_profile(0, "file::execute");
+		set_profile(0, "file::open");
+		set_profile(0, "file::create");
+		set_profile(0, "file::unlink");
+		set_profile(0, "file::mkdir");
+		set_profile(0, "file::rmdir");
+		set_profile(0, "file::mkfifo");
+		set_profile(0, "file::mksock");
+		set_profile(0, "file::truncate");
+		set_profile(0, "file::symlink");
+		set_profile(0, "file::rewrite");
+		set_profile(0, "file::mkblock");
+		set_profile(0, "file::mkchar");
+		set_profile(0, "file::link");
+		set_profile(0, "file::rename");
+		set_profile(0, "file::chmod");
+		set_profile(0, "file::chown");
+		set_profile(0, "file::chgrp");
+		set_profile(0, "file::ioctl");
+		set_profile(0, "file::chroot");
+		set_profile(0, "file::mount");
+		set_profile(0, "file::umount");
+		set_profile(0, "file::pivot_root");
 	}
 }
 
-static void create2(const char *pathname)
-{
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	close(creat(pathname, 0600));
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	errno = 0;
-}
-
-static void mkdir2(const char *pathname)
-{
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	mkdir(pathname, 0600);
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	errno = 0;
-}
-
-static void unlink2(const char *pathname)
-{
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	unlink(pathname);
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	errno = 0;
-}
-
-static void rmdir2(const char *pathname)
-{
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	rmdir(pathname);
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	errno = 0;
-}
-
-static void mkfifo2(const char *pathname)
-{
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-	mkfifo(pathname, 0600);
-	write_profile("255-MAC_FOR_FILE=enforcing\n");
-	errno = 0;
-}
-
-static void stage_file_test2(void)
-{
-	char *filename = "";
-	policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
-	if (write_policy()) {
-		static int name[] = { CTL_NET, NET_IPV4,
-				      NET_IPV4_LOCAL_PORT_RANGE };
-		int buffer[2] = { 32768, 61000 };
-		size_t size = sizeof(buffer);
-		show_result2(sysctl(name, 3, buffer, &size, 0, 0), 1);
-		delete_policy();
-		show_result2(sysctl(name, 3, buffer, &size, 0, 0), 0);
-	}
-	policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
-	if (write_policy()) {
-		static int name[] = { CTL_NET, NET_IPV4,
-				      NET_IPV4_LOCAL_PORT_RANGE };
-		int buffer[2] = { 32768, 61000 };
-		size_t size = sizeof(buffer);
-		show_result2(sysctl(name, 3, 0, 0, buffer, size), 1);
-		delete_policy();
-		show_result2(sysctl(name, 3, 0, 0, buffer, size), 0);
-	}
-	policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
-	if (write_policy()) {
-		static int name[] = { CTL_NET, NET_IPV4,
-				      NET_IPV4_LOCAL_PORT_RANGE };
-		int buffer[2] = { 32768, 61000 };
-		size_t size = sizeof(buffer);
-		show_result2(sysctl(name, 3, buffer, &size, buffer, size), 1);
-		delete_policy();
-		show_result2(sysctl(name, 3, buffer, &size, buffer, size), 0);
-	}
-
-	policy = "allow_read /bin/true";
-	if (write_policy()) {
-		show_result2(uselib("/bin/true"), 1);
-		delete_policy();
-		show_result2(uselib("/bin/true"), 0);
-	}
-
-	policy = "allow_execute /bin/true";
-	if (write_policy()) {
-		int pipe_fd[2] = { EOF, EOF };
-		int err = 0;
-		fflush(stdout);
-		fflush(stderr);
-		pipe(pipe_fd);
-		if (fork() == 0) {
-			execl("/bin/true", "/bin/true", NULL);
-			err = errno;
-			write(pipe_fd[1], &err, sizeof(err));
-			_exit(0);
-		}
-		close(pipe_fd[1]);
-		read(pipe_fd[0], &err, sizeof(err));
-		close(pipe_fd[0]);
-		wait(NULL);
-		errno = err;
-		show_result2(err ? EOF : 0, 1);
-		delete_policy();
-		fflush(stdout);
-		fflush(stderr);
-		pipe(pipe_fd);
-		if (fork() == 0) {
-			execl("/bin/true", "/bin/true", NULL);
-			err = errno;
-			write(pipe_fd[1], &err, sizeof(err));
-			_exit(0);
-		}
-		close(pipe_fd[1]);
-		read(pipe_fd[0], &err, sizeof(err));
-		close(pipe_fd[0]);
-		wait(NULL);
-		errno = err;
-		show_result2(err ? EOF : 0, 0);
-	}
-
-	policy = "allow_read /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_read /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_read /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_read /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_mkfifo /tmp/mknod_fifo_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_fifo_test";
-		show_result2(mknod(filename, S_IFIFO, 0), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFIFO, 0), 0);
-	}
-
-	{
-		char buffer[1024];
-		struct stat sbuf;
-		memset(buffer, 0, sizeof(buffer));
-		memset(&sbuf, 0, sizeof(sbuf));
-		filename = "/dev/null";
-		stat(filename, &sbuf);
-		snprintf(buffer, sizeof(buffer) - 1, "allow_write %s",
-			 filename);
-		policy = buffer;
-		if (write_policy()) {
-			int fd = open(filename, O_WRONLY);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-			delete_policy();
-			fd = open(filename, O_WRONLY);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-		}
-	}
-
-	policy = "allow_read/write /tmp/fifo";
-	mkfifo2("/tmp/fifo");
-	if (write_policy()) {
-		int fd = open("/tmp/fifo", O_RDWR);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/tmp/fifo", O_RDWR);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_read /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_write /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_WRONLY);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_WRONLY);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_read/write /dev/null";
-	if (write_policy()) {
-		int fd = open("/dev/null", O_RDWR);
-		show_result2(fd, 1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		fd = open("/dev/null", O_RDWR);
-		show_result2(fd, 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	policy = "allow_create /tmp/open_test";
-	if (write_policy()) {
-		policy = "allow_write /tmp/open_test";
-		if (write_policy()) {
-			int fd = open("/tmp/open_test",
-				      O_WRONLY | O_CREAT | O_EXCL, 0666);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-			unlink2("/tmp/open_test");
-			delete_policy();
-			fd = open("/tmp/open_test",
-				  O_WRONLY | O_CREAT | O_EXCL, 0666);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-			unlink2("/tmp/open_test");
-		}
-		policy = "allow_create /tmp/open_test";
-		delete_policy();
-	}
-
-	policy = "allow_write /tmp/open_test";
-	if (write_policy()) {
-		policy = "allow_create /tmp/open_test";
-		if (write_policy()) {
-			int fd = open("/tmp/open_test",
-				      O_WRONLY | O_CREAT | O_EXCL, 0666);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-			unlink2("/tmp/open_test");
-			delete_policy();
-			fd = open("/tmp/open_test",
-				  O_WRONLY | O_CREAT | O_EXCL, 0666);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-			unlink2("/tmp/open_test");
-		}
-		policy = "allow_write /tmp/open_test";
-		delete_policy();
-	}
-
-	filename = "/tmp/truncate_test";
-	create2(filename);
-
-	policy = "allow_truncate /tmp/truncate_test";
-	if (write_policy()) {
-		policy = "allow_write /tmp/truncate_test";
-		if (write_policy()) {
-			int fd = open(filename, O_WRONLY | O_TRUNC);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-			delete_policy();
-			fd = open(filename, O_WRONLY | O_TRUNC);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-		}
-		policy = "allow_truncate /tmp/truncate_test";
-		delete_policy();
-	}
-
-	policy = "allow_write /tmp/truncate_test";
-	if (write_policy()) {
-		policy = "allow_truncate /tmp/truncate_test";
-		if (write_policy()) {
-			int fd = open(filename, O_WRONLY | O_TRUNC);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-			delete_policy();
-			fd = open(filename, O_WRONLY | O_TRUNC);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-		}
-		policy = "allow_write /tmp/truncate_test";
-		delete_policy();
-	}
-
-	policy = "allow_truncate /tmp/truncate_test";
-	if (write_policy()) {
-		show_result2(truncate(filename, 0), 1);
-		delete_policy();
-		show_result2(truncate(filename, 0), 0);
-	}
-
-	policy = "allow_truncate /tmp/truncate_test";
-	if (write_policy()) {
-		int fd;
-		write_profile("255-MAC_FOR_FILE=disabled\n");
-		fd = open(filename, O_WRONLY);
-		write_profile("255-MAC_FOR_FILE=enforcing\n");
-		errno = 0;
-		show_result2(ftruncate(fd, 0), 1);
-		delete_policy();
-		show_result2(ftruncate(fd, 0), 0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	unlink2(filename);
-
-	policy = "allow_create /tmp/mknod_reg_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_reg_test";
-		show_result2(mknod(filename, S_IFREG, 0), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFREG, 0), 0);
-	}
-
-	policy = "allow_mkchar /tmp/mknod_chr_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_chr_test";
-		show_result2(mknod(filename, S_IFCHR, MKDEV(1, 3)), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFCHR, MKDEV(1, 3)), 0);
-	}
-
-	policy = "allow_mkblock /tmp/mknod_blk_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_blk_test";
-		show_result2(mknod(filename, S_IFBLK, MKDEV(1, 0)), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFBLK, MKDEV(1, 0)), 0);
-	}
-
-	policy = "allow_mkfifo /tmp/mknod_fifo_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_fifo_test";
-		show_result2(mknod(filename, S_IFIFO, 0), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFIFO, 0), 0);
-	}
-
-	policy = "allow_mksock /tmp/mknod_sock_test";
-	if (write_policy()) {
-		filename = "/tmp/mknod_sock_test";
-		show_result2(mknod(filename, S_IFSOCK, 0), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(mknod(filename, S_IFSOCK, 0), 0);
-	}
-
-	policy = "allow_mkdir /tmp/mkdir_test/";
-	if (write_policy()) {
-		filename = "/tmp/mkdir_test";
-		show_result2(mkdir(filename, 0600), 1);
-		delete_policy();
-		rmdir2(filename);
-		show_result2(mkdir(filename, 0600), 0);
-	}
-
-	policy = "allow_rmdir /tmp/rmdir_test/";
-	if (write_policy()) {
-		filename = "/tmp/rmdir_test";
-		mkdir2(filename);
-		show_result2(rmdir(filename), 1);
-		delete_policy();
-		mkdir2(filename);
-		show_result2(rmdir(filename), 0);
-		rmdir2(filename);
-	}
-
-	policy = "allow_unlink /tmp/unlink_test";
-	if (write_policy()) {
-		filename = "/tmp/unlink_test";
-		create2(filename);
-		show_result2(unlink(filename), 1);
-		delete_policy();
-		create2(filename);
-		show_result2(unlink(filename), 0);
-		unlink2(filename);
-	}
-
-	policy = "allow_symlink /tmp/symlink_source_test";
-	if (write_policy()) {
-		filename = "/tmp/symlink_source_test";
-		show_result2(symlink("/tmp/symlink_dest_test", filename), 1);
-		delete_policy();
-		unlink2(filename);
-		show_result2(symlink("/tmp/symlink_dest_test", filename), 0);
-	}
-
-	policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
-	if (write_policy()) {
-		filename = "/tmp/link_source_test";
-		create2(filename);
-		show_result2(link(filename, "/tmp/link_dest_test"), 1);
-		delete_policy();
-		unlink2("/tmp/link_dest_test");
-		show_result2(link(filename, "/tmp/link_dest_test"), 0);
-		unlink2(filename);
-	}
-
-	policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
-	if (write_policy()) {
-		filename = "/tmp/rename_source_test";
-		create2(filename);
-		show_result2(rename(filename, "/tmp/rename_dest_test"), 1);
-		delete_policy();
-		unlink2("/tmp/rename_dest_test");
-		create2(filename);
-		show_result2(rename(filename, "/tmp/rename_dest_test"), 0);
-		unlink2(filename);
-	}
-
-	policy = "allow_mksock /tmp/socket_test";
-	if (write_policy()) {
-		struct sockaddr_un addr;
-		int fd;
-		filename = "/tmp/socket_test";
-		memset(&addr, 0, sizeof(addr));
-		addr.sun_family = AF_UNIX;
-		strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
-		fd = socket(AF_UNIX, SOCK_STREAM, 0);
-		show_result2(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
-			     1);
-		if (fd != EOF)
-			close(fd);
-		delete_policy();
-		unlink2(filename);
-		fd = socket(AF_UNIX, SOCK_STREAM, 0);
-		show_result2(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
-			     0);
-		if (fd != EOF)
-			close(fd);
-	}
-
-	filename = "/tmp/rewrite_test";
-	create2(filename);
-	policy = "allow_read/write /tmp/rewrite_test";
-	if (write_policy()) {
-		fprintf(fp_exception, "deny_rewrite /tmp/rewrite_test\n");
-		fflush(fp_exception);
-		policy = "allow_truncate /tmp/rewrite_test";
-		if (write_policy()) {
-			int fd;
-
-			fd = open(filename, O_RDONLY);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-
-			fd = open(filename, O_WRONLY | O_APPEND);
-			show_result2(fd, 1);
-			if (fd != EOF)
-				close(fd);
-
-			fd = open(filename, O_WRONLY);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-
-			fd = open(filename, O_WRONLY | O_TRUNC);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-
-			fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
-			show_result2(fd, 0);
-			if (fd != EOF)
-				close(fd);
-
-			show_result2(truncate(filename, 0), 0);
-
-			write_profile("255-MAC_FOR_FILE=disabled\n");
-			fd = open(filename, O_WRONLY | O_APPEND);
-			write_profile("255-MAC_FOR_FILE=enforcing\n");
-			show_result2(ftruncate(fd, 0), 0);
-			show_result2(fcntl(fd, F_SETFL,
-					   fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-			if (fd != EOF)
-				close(fd);
-
-			delete_policy();
-		}
-		policy = "allow_read/write /tmp/rewrite_test";
-		delete_policy();
-		fprintf(fp_exception, "delete deny_rewrite "
-			"/tmp/rewrite_test\n");
-		fflush(fp_exception);
-
-	}
-	unlink2(filename);
-}
-
-static void add_domain_policy(const char *data)
-{
-	set_file_enforce(0);
-	fprintf(fp_domain, "%s\n", self_domain);
-	fprintf(fp_domain, "%s\n", data);
-	fflush(fp_domain);
-}
-
-static void add_exception_policy(const char *data)
-{
-	set_file_enforce(0);
-	fprintf(fp_exception, "%s\n", data);
-	fflush(fp_exception);
-}
-
-#define REWRITE_PATH "/tmp/rewrite_test"
-
-static void stage_rewrite_test(void)
-{
-	int fd;
-
-	/* Start up */
-	add_domain_policy("allow_read/write " REWRITE_PATH);
-	add_domain_policy("allow_truncate " REWRITE_PATH);
-	add_domain_policy("allow_create " REWRITE_PATH);
-	add_domain_policy("allow_unlink " REWRITE_PATH);
-	add_exception_policy("deny_rewrite " REWRITE_PATH);
-	close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
-
-	/* Enforce mode */
-	set_file_enforce(1);
-
-	show_prompt("open(O_RDONLY)");
-	fd = open(REWRITE_PATH, O_RDONLY);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_APPEND)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY)");
-	fd = open(REWRITE_PATH, O_WRONLY);
-	show_result(fd, 0);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_TRUNC)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
-	show_result(fd, 0);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
-	show_result(fd, 0);
-	close(fd);
-
-	show_prompt("truncate()");
-	show_result(truncate(REWRITE_PATH, 0), 0);
-
-	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
-	show_prompt("ftruncate()");
-	show_result(ftruncate(fd, 0), 0);
-
-	show_prompt("fcntl(F_SETFL, ~O_APPEND)");
-	show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 0);
-	close(fd);
-
-	/* Permissive mode */
-	set_file_enforce(0);
-
-	show_prompt("open(O_RDONLY)");
-	fd = open(REWRITE_PATH, O_RDONLY);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_APPEND)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY)");
-	fd = open(REWRITE_PATH, O_WRONLY);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_TRUNC)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
-	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
-	show_result(fd, 1);
-	close(fd);
-
-	show_prompt("truncate()");
-	show_result(truncate(REWRITE_PATH, 0), 1);
-
-	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
-	show_prompt("ftruncate()");
-	show_result(ftruncate(fd, 0), 1);
-
-	show_prompt("fcntl(F_SETFL, ~O_APPEND)");
-	show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND), 1);
-	close(fd);
-
-	/* Clean up */
-	unlink(REWRITE_PATH);
-	add_exception_policy("delete " "deny_rewrite " REWRITE_PATH);
-	printf("\n\n");
-}
-
-static void set_level(const int i)
-{
-	fprintf(fp_profile, "255-MAC_FOR_FILE=%d\n", i);
-	fflush(fp_profile);
-}
-
-static void test(int rw_loop, int truncate_loop, int append_loop,
-		 int create_loop)
-{
-	static const int rw_flags[4] = { 0, O_RDONLY, O_WRONLY, O_RDWR };
-	static const int create_flags[3] = { 0, O_CREAT /* nonexistent*/ ,
-					     O_CREAT /* existent */ };
-	static const int truncate_flags[2] = { 0, O_TRUNC };
-	static const int append_flags[2] = { 0, O_APPEND };
-	int level;
-	int flags;
-	int i;
-	int fd;
-	static char buffer[1024];
-	memset(buffer, 0, sizeof(buffer));
-	snprintf(buffer, sizeof(buffer) - 1, "/tmp/file:a=%d:t=%d:c=%d:m=%d",
-		 append_loop, truncate_loop, create_loop, rw_loop);
-	fprintf(fp_exception, "deny_rewrite %s\n", buffer);
-	fflush(fp_exception);
-	flags = rw_flags[rw_loop] | truncate_flags[truncate_loop] |
-		append_flags[append_loop] | create_flags[create_loop];
-	for (i = 1; i < 8; i++)
-		fprintf(fp_domain, "delete %d %s\n", i, buffer);
-	fflush(fp_domain);
-	for (level = 0; level < 4; level++) {
-		set_level(0);
-		if (create_loop == 1)
-			unlink(buffer);
-		else
-			close(open(buffer, O_CREAT, 0666));
-		set_level(level);
-		fd = open(buffer, flags, 0666);
-		if (fd != EOF)
-			close(fd);
-		else
-			fprintf(stderr, "%d: open(%04o) failed\n", level,
-				flags);
-	}
-	for (i = 1; i < 8; i++)
-		fprintf(fp_domain, "delete %d %s\n", i, buffer);
-	fprintf(fp_domain, "delete allow_truncate %s\n", buffer);
-	fprintf(fp_domain, "delete allow_create %s\n", buffer);
-	fprintf(fp_domain, "delete allow_rewrite %s\n", buffer);
-	fflush(fp_domain);
-	fd = open(buffer, flags, 0666);
-	if (fd != EOF) {
-		close(fd);
-		fprintf(stderr, "%d: open(%04o) didn't fail\n", 3, flags);
-	}
-}
-
-static void stage_old_rewrite_test(void)
-{
-	write_profile("255-COMMENT=Test\n255-TOMOYO_VERBOSE=disabled\n"
-		"255-MAC_FOR_FILE=disabled\n255-MAX_ACCEPT_ENTRY=2048\n");
-	fprintf(fp_domain, "%s\n", self_domain);
-	fprintf(fp_domain, "use_profile 255\n");
-	fflush(fp_domain);
-
-	{
-		int append_loop;
-		for (append_loop = 0; append_loop < 2; append_loop++) {
-			int truncate_loop;
-			for (truncate_loop = 0; truncate_loop < 2;
-			     truncate_loop++) {
-				int create_loop;
-				for (create_loop = 0; create_loop < 3;
-				     create_loop++) {
-					int rw_loop;
-					for (rw_loop = 0; rw_loop < 4;
-					     rw_loop++)
-						test(rw_loop, truncate_loop,
-						     append_loop, create_loop);
-				}
-			}
-		}
-	}
-	write_profile("255-MAC_FOR_FILE=disabled\n");
-}
-
 int main(int argc, char *argv[])
 {
-	ccs_test_init();
+	tomoyo_test_init();
 
-	printf("***** Testing file access in enforce mode. *****\n");
+	printf("***** Testing file hooks in enforce mode. *****\n");
 	create_files();
+	should_fail = 1;
 	set_file_enforce(1);
-	stage_file_test(0);
+	stage_file_test();
 	set_file_enforce(0);
 	clear_status();
 	creanup_files();
 
-	printf("***** Testing file access in permissive mode. *****\n");
+	printf("***** Testing file hooks in permissive mode. *****\n");
+	should_fail = 0;
 	create_files();
 	set_file_enforce(0);
-	stage_file_test(1);
+	stage_file_test();
 	creanup_files();
 
-	printf("***** Testing file access for rewrite operations. *****\n");
-	stage_rewrite_test();
-	stage_old_rewrite_test();
-
-	fprintf(fp_domain, "%s /bin/true\n", self_domain);
-	fprintf(fp_domain, "%s\nuse_profile 255\n", self_domain);
-	fflush(fp_domain);
-
-	printf("***** Testing file access with policy. *****\n");
-	stage_file_test2();
-
-	fprintf(fp_domain, "%s\nuse_profile 0\n", self_domain);
-	fflush(fp_domain);
-
 	clear_status();
 	return 0;
 }
diff --git a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c b/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
index e69de29..3d8806d 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_filesystem_test.c
@@ -0,0 +1,632 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_filesystem_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#define _GNU_SOURCE
+#include "include.h"
+
+static void show_prompt(const char *str, const int should_fail)
+{
+	printf("Testing %60s: (%s) ", str,
+	       should_fail ? "must fail" : "should success");
+	errno = 0;
+}
+
+#ifndef MS_MOVE
+#define MS_MOVE         8192
+#endif
+
+static const char *pivot_root_dir = "/sys/kernel/security/";
+
+static int child(void *arg)
+{
+	errno = 0;
+	pivot_root(pivot_root_dir, proc_policy_dir);
+	return errno;
+}
+
+static void mount2(const char *source, const char *target,
+		   const char *filesystemtype)
+{
+	if (mount(source, target, filesystemtype, 0, NULL)) {
+		printf("BUG: mount() failed\n");
+		fflush(stdout);
+	}
+}
+
+static const unsigned char compressed_ext2_image_sample[1350] = {
+	0x1F, 0x8B, 0x08, 0x00, 0xA8, 0xF2, 0x96, 0x4B, 0x02, 0x03, 0xED, 0xDC,
+	0x3D, 0x4B, 0x5B, 0x51, 0x18, 0x07, 0xF0, 0xE7, 0xDE, 0xAB, 0x14, 0x8C,
+	0xAB, 0xD5, 0x9A, 0xF8, 0x36, 0x0B, 0xA1, 0xE0, 0xE0, 0xDC, 0xD0, 0xAD,
+	0xD0, 0xC5, 0xAF, 0x50, 0x9C, 0x42, 0x1D, 0x6A, 0xE6, 0xA6, 0x9B, 0x9B,
+	0x8B, 0xD8, 0xA5, 0x5B, 0x97, 0x2E, 0xF9, 0x0E, 0x85, 0x4C, 0xF6, 0x23,
+	0x74, 0x70, 0x55, 0x28, 0x52, 0xA8, 0xDD, 0xED, 0xB9, 0xB9, 0xB1, 0xA6,
+	0xEA, 0x24, 0xA5, 0x81, 0xDE, 0xDF, 0x0F, 0x9E, 0xDC, 0xB7, 0x13, 0x2E,
+	0xF7, 0xC0, 0xFF, 0x70, 0xCE, 0x85, 0x24, 0x02, 0xA8, 0xAB, 0x7E, 0xF9,
+	0x31, 0x13, 0xB1, 0x95, 0x36, 0xA7, 0x45, 0x44, 0x2F, 0x6D, 0xB3, 0xC9,
+	0x06, 0xEB, 0x55, 0xF5, 0xC7, 0x87, 0x9F, 0x7E, 0x1C, 0xBF, 0x88, 0x68,
+	0xC5, 0xCE, 0xF7, 0x6C, 0xD4, 0x6E, 0x74, 0xFC, 0xF2, 0x62, 0x74, 0xED,
+	0xFA, 0x7B, 0x8D, 0xB8, 0x69, 0x9F, 0x8F, 0xCF, 0x9F, 0x1D, 0x7E, 0x78,
+	0xF7, 0x6D, 0xD8, 0x79, 0xFF, 0x71, 0xD0, 0xED, 0xBC, 0xCD, 0x9A, 0xBD,
+	0x69, 0x3C, 0xEB, 0xE0, 0xCB, 0xF0, 0xA4, 0xF9, 0xF5, 0xF9, 0xCA, 0xE0,
+	0xE0, 0x72, 0xBB, 0x7B, 0xD4, 0x1A, 0xE6, 0x13, 0xD7, 0xAA, 0xE7, 0x82,
+	0x7A, 0x29, 0xAA, 0xF8, 0xC7, 0xEC, 0x28, 0xFF, 0xBD, 0xC8, 0x75, 0x09,
+	0xD4, 0xC6, 0x55, 0x92, 0x4D, 0x71, 0xFA, 0x71, 0x05, 0x4C, 0xCF, 0xA3,
+	0xBB, 0xE3, 0x01, 0x50, 0x0F, 0x93, 0xEB, 0xDF, 0xEB, 0xFA, 0x97, 0x13,
+	0x80, 0x8B, 0x67, 0xD5, 0x02, 0xE4, 0xEE, 0xFD, 0x8B, 0x3F, 0xD6, 0x22,
+	0x0B, 0xA6, 0x6A, 0xC0, 0x5F, 0xF6, 0xB9, 0x1C, 0x7F, 0x9E, 0xDE, 0x37,
+	0xFE, 0xE4, 0xB1, 0x34, 0xD1, 0xEE, 0x71, 0xAA, 0xC5, 0x54, 0xE5, 0xB9,
+	0x27, 0xA9, 0x96, 0x53, 0x35, 0xA3, 0x7C, 0x13, 0x1A, 0xB1, 0x92, 0x6A,
+	0x35, 0xD5, 0xDA, 0xF8, 0x75, 0xE9, 0x86, 0x6E, 0x05, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE0, 0x81,
+	0xCA, 0xDF, 0xD8, 0xCF, 0x47, 0x96, 0xB7, 0x7F, 0xEF, 0xE7, 0x79, 0xBB,
+	0x5D, 0xFD, 0x87, 0xDF, 0x79, 0x31, 0x97, 0x77, 0xF7, 0xDE, 0xEC, 0x6F,
+	0xEE, 0xEE, 0xF5, 0x5E, 0xBF, 0xD2, 0x57, 0xF0, 0xBF, 0x69, 0xDC, 0xCA,
+	0xFF, 0xCF, 0xA2, 0xCA, 0x3F, 0x50, 0x13, 0x33, 0xBA, 0x00, 0xE4, 0x1F,
+	0x90, 0x7F, 0x40, 0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x40,
+	0xFE, 0x01, 0xF9, 0x07, 0xE4, 0x1F, 0x90, 0x7F, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xFA, 0xF9, 0x05, 0x34, 0xF2,
+	0x14, 0x08, 0x00, 0x00, 0x10, 0x00
+};
+
+int main(int argc, char *argv[])
+{
+	char c = 0;
+	tomoyo_test_init();
+
+	/* Test mount(). */
+	{
+		set_profile(3, "file::mount");
+		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
+		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
+		    errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else if (errno == ENODEV)
+			printf("OK: No such device.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		set_profile(1, "file::mount");
+		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
+		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
+		    errno == ENOMEM)
+			printf("OK: Out of memory.\n");
+		else if (errno == ENODEV)
+			printf("OK: No such device.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		set_profile(3, "file::mount");
+		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 0);
+		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
+		    errno == ENOMEM)
+			printf("OK: Out of memory.\n");
+		else if (errno == ENODEV)
+			printf("OK: No such device.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		fprintf(domain_fp, "delete allow_mount dev\\011name / "
+			"fs\\011name 0\n");
+		show_prompt("mount('dev\\011name', '/', 'fs\\011name') ", 1);
+		if (mount("dev\tname", "/", "fs\tname", 0, NULL) == EOF &&
+		    errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else if (errno == ENODEV)
+			printf("OK: No such device.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		set_profile(1, "file::mount");
+		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
+		if (mount(NULL, "/", "tmpfs", 0, NULL))
+			printf("BUG: %s\n", strerror(errno));
+		else
+			printf("OK: Success\n");
+		set_profile(3, "file::mount");
+		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
+		if (mount(NULL, "/", "tmpfs", 0, NULL))
+			printf("BUG: %s\n", strerror(errno));
+		else
+			printf("OK: Success\n");
+		show_prompt("mount('anydev', '/', 'tmpfs') ", 0);
+		if (mount("anydev", "/", "tmpfs", 0, NULL))
+			printf("BUG: %s\n", strerror(errno));
+		else
+			printf("OK: Success\n");
+		fprintf(domain_fp, "delete allow_mount <NULL> / tmpfs 0\n");
+		fprintf(domain_fp, "allow_mount anydev / tmpfs 0\n");
+		show_prompt("mount(NULL, '/', 'tmpfs') ", 0);
+		if (mount(NULL, "/", "tmpfs", 0, NULL))
+			printf("BUG: %s\n", strerror(errno));
+		else
+			printf("OK: Success\n");
+		fprintf(domain_fp, "delete allow_mount anydev / tmpfs 0\n");
+		set_profile(2, "file::mount");
+		show_prompt("mount(NULL, NULL, 'tmpfs') ", 1);
+		if (mount(NULL, NULL, "tmpfs", 0, NULL))
+			printf("OK: %s\n", strerror(errno));
+		else
+			printf("BUG: Did not fail.\n");
+		show_prompt("mount(NULL, NULL, NULL) ", 1);
+		if (mount(NULL, NULL, NULL, 0, NULL))
+			printf("OK: %s\n", strerror(errno));
+		else
+			printf("BUG: Did not fail.\n");
+		show_prompt("mount('/', NULL, NULL) ", 1);
+		if (mount("/", NULL, NULL, 0, NULL))
+			printf("OK: %s\n", strerror(errno));
+		else
+			printf("BUG: Did not fail.\n");
+		show_prompt("mount('/', NULL, 'tmpfs') ", 1);
+		if (mount("/", NULL, "tmpfs", 0, NULL))
+			printf("OK: %s\n", strerror(errno));
+		else
+			printf("BUG: Did not fail.\n");
+		show_prompt("mount('/', '/', 'nonexistentfs') ", 1);
+		if (mount("/", "/", "nonexistentfs", 0, NULL))
+			printf("OK: %s\n", strerror(errno));
+		else
+			printf("BUG: Did not fail.\n");
+		set_profile(0, "file::mount");
+	}
+
+	mkdir("/tmp/mount/", 0755);
+	mkdir("/tmp/mount_bind/", 0755);
+	mkdir("/tmp/mount_move/", 0755);
+
+	/* Test mount(). */
+	{
+		static char buf[4096];
+		char *dev_ram_path = canonicalize_file_name("/dev/ram0");
+		if (!dev_ram_path)
+			dev_ram_path = canonicalize_file_name("/dev/ram");
+		if (!dev_ram_path) {
+			dev_ram_path = "/dev/ram0";
+			mknod(dev_ram_path, S_IFBLK, MKDEV(1, 0));
+		}
+		memset(buf, 0, sizeof(buf));
+		{
+			struct stat sbuf;
+			FILE *fp = NULL;
+			snprintf(buf, sizeof(buf) - 1, "zcat - > %s",
+				 dev_ram_path);
+			if (lstat(dev_ram_path, &sbuf) == 0 &&
+			    S_ISBLK(sbuf.st_mode) && MAJOR(sbuf.st_rdev) == 1)
+				fp = popen(buf, "w");
+			if (fp) {
+				fwrite(compressed_ext2_image_sample, 1,
+				       sizeof(compressed_ext2_image_sample),
+				       fp);
+				pclose(fp);
+			} else
+				fprintf(stderr, "Can't write to %s .\n",
+					dev_ram_path);
+		}
+		set_profile(3, "file::mount");
+
+		/* Test standard case */
+		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
+			    "'/tmp/mount/'", 1);
+		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
+		    errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		/* Test device_name with pattern */
+		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
+			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
+		show_prompt(buf, 1);
+		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
+		    == EOF && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		/* Test dir_name with pattern */
+		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
+			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
+		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == EOF &&
+		    errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		/* Test standard case */
+		fprintf(domain_fp, "allow_mount none /tmp/mount/ tmpfs 0\n");
+		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
+			    "'/tmp/mount/'", 0);
+		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		fprintf(domain_fp,
+			"delete allow_mount none /tmp/mount/ tmpfs 0\n");
+
+		/* Test device_name with pattern */
+		fprintf(domain_fp, "allow_mount %s\\* /tmp/mount/ ext2 1\n",
+			dev_ram_path);
+		snprintf(buf, sizeof(buf) - 1, "mount('%s', '/tmp/mount/', "
+			 "'ext2') for '%s\\*'", dev_ram_path, dev_ram_path);
+		show_prompt(buf, 0);
+		if (mount(dev_ram_path, "/tmp/mount/", "ext2", MS_RDONLY, NULL)
+		    == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		fprintf(domain_fp, "delete allow_mount %s\\* "
+			"/tmp/mount/ ext2 1\n", dev_ram_path);
+
+		/* Test dir_name with pattern */
+		fprintf(domain_fp,
+			"allow_mount none /tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
+		show_prompt("mount('none', '/tmp/mount/', 'tmpfs') for "
+			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
+		if (mount("none", "/tmp/mount/", "tmpfs", 0, NULL) == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		fprintf(domain_fp, "delete allow_mount none "
+			"/tmp/\\?\\?\\?\\?\\?/ tmpfs 0\n");
+
+		set_profile(0, "file::mount");
+		while (umount("/tmp/mount/") == 0)
+			c++; /* Dummy. */
+	}
+
+	/* Test mount(). */
+	{
+		mount2("none", "/tmp/mount/", "tmpfs");
+		set_profile(3, "file::mount");
+
+		/* Test remount case */
+		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
+		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
+		    == EOF && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 1);
+		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL) == EOF
+		    && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		fprintf(domain_fp, "allow_mount something /tmp/mount/ "
+			"--remount 0\n");
+		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
+		if (mount(NULL, "/tmp/mount/", NULL, MS_REMOUNT, NULL))
+			printf("BUG: %s\n", strerror(errno));
+		else
+			printf("OK: Success.\n");
+		fprintf(domain_fp, "delete allow_mount something /tmp/mount/ "
+			"--remount 0\n");
+
+		/* Test bind case */
+		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind/', "
+			    "MS_BIND)", 1);
+		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
+			  NULL) == EOF && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		/* Test move case */
+		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
+			    "MS_MOVE)", 1);
+		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
+			  NULL) == EOF && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		/* Test remount case */
+		fprintf(domain_fp,
+			"allow_mount any /tmp/mount/ --remount 0\n");
+		show_prompt("mount('/tmp/mount/', MS_REMOUNT)", 0);
+		if (mount("none", "/tmp/mount/", "tmpfs", MS_REMOUNT, NULL)
+		    == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		fprintf(domain_fp, "delete allow_mount any /tmp/mount/ "
+			"--remount 0\n");
+
+		/* Test bind case */
+		fprintf(domain_fp,
+			"allow_mount /tmp/mount/ /tmp/mount_bind/ --bind 0\n");
+		show_prompt("mount('/tmp/mount/', '/tmp/mount_bind', MS_BIND)",
+			    0);
+		if (mount("/tmp/mount/", "/tmp/mount_bind/", NULL, MS_BIND,
+			  NULL) == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		set_profile(0, "file::mount");
+		umount("/tmp/mount_bind/");
+		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
+			"/tmp/mount_bind/ --bind 0\n");
+
+		/* Test move case */
+		set_profile(3, "file::mount");
+		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
+		fprintf(domain_fp, "allow_mount /tmp/mount/ /tmp/mount_move/ "
+			"--move 0\n");
+		show_prompt("mount('/tmp/mount/', '/tmp/mount_move/', "
+			    "MS_MOVE)", 0);
+		if (mount("/tmp/mount/", "/tmp/mount_move/", NULL, MS_MOVE,
+			  NULL) == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+		set_profile(0, "file::mount");
+		umount("/tmp/mount_move/");
+		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
+		fprintf(domain_fp, "delete allow_mount /tmp/mount/ "
+			"/tmp/mount_move/ --move 0\n");
+
+		while (umount("/tmp/mount/") == 0)
+			c++; /* Dummy. */
+	}
+
+	/* Test umount(). */
+	{
+		/* Test standard case */
+		fprintf(domain_fp, "allow_unmount /tmp/mount/\n");
+
+		set_profile(0, "file::umount");
+		mount2("none", "/tmp/mount/", "tmpfs");
+		set_profile(3, "file::umount");
+		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 0);
+		if (umount("/tmp/mount/") == 0)
+			printf("OK\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		fprintf(domain_fp, "delete allow_unmount /tmp/mount/\n");
+
+		set_profile(0, "file::umount");
+
+		mount2("none", "/tmp/mount/", "tmpfs");
+		set_profile(3, "file::umount");
+		show_prompt("umount('/tmp/mount/') for '/tmp/mount/'", 1);
+		if (umount("/tmp/mount/") == EOF && errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+
+		/* Test pattern */
+		fprintf(domain_fp, "allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
+		set_profile(0, "file::umount");
+		mount2("none", "/tmp/mount/", "tmpfs");
+		set_profile(3, "file::umount");
+		show_prompt("umount('/tmp/mount/') for "
+			    "'/tmp/\\?\\?\\?\\?\\?/'", 1);
+		if (umount("/tmp/mount/") == 0)
+			printf("OK\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+		fprintf(domain_fp,
+			"delete allow_unmount /tmp/\\?\\?\\?\\?\\?/\n");
+
+		set_profile(0, "file::umount");
+		while (umount("/tmp/mount/") == 0)
+			c++; /* Dummy. */
+	}
+
+	/* Test chroot(). */
+	{
+		set_profile(3, "file::chroot");
+
+		/* Test standard case */
+		fprintf(domain_fp, "allow_chroot /tmp/mount/\n");
+		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 0);
+		fflush(stdout);
+		if (fork() == 0) {
+			if (chroot("/tmp/mount/") == 0)
+				printf("OK\n");
+			else
+				printf("FAILED: %s\n", strerror(errno));
+			fflush(stdout);
+			_exit(0);
+		}
+		wait(NULL);
+		fprintf(domain_fp, "delete allow_chroot /tmp/mount/\n");
+
+		show_prompt("chroot('/tmp/mount/') for '/tmp/mount/'", 1);
+		fflush(stdout);
+		if (fork() == 0) {
+			if (chroot("/tmp/mount/") == EOF && errno == EPERM)
+				printf("OK: Permission denied.\n");
+			else
+				printf("BUG: %s\n", strerror(errno));
+			fflush(stdout);
+			_exit(0);
+		}
+		wait(NULL);
+
+		/* Test pattern */
+		fprintf(domain_fp, "allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
+		show_prompt("chroot('/tmp/mount/') for "
+			    "'/tmp/\\?\\?\\?\\?\\?/'", 0);
+		fflush(stdout);
+		if (fork() == 0) {
+			if (chroot("/tmp/mount/") == 0)
+				printf("OK\n");
+			else
+				printf("FAILED: %s\n", strerror(errno));
+			fflush(stdout);
+			_exit(0);
+		}
+		wait(NULL);
+		fprintf(domain_fp,
+			"delete allow_chroot /tmp/\\?\\?\\?\\?\\?/\n");
+
+		set_profile(0, "file::chroot");
+	}
+
+	/* Test pivot_root(). */
+	{
+		int error;
+		static char stack[8192];
+		set_profile(3, "file::pivot_root");
+		fprintf(domain_fp, "allow_pivot_root %s %s\n",
+			 pivot_root_dir, proc_policy_dir);
+		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
+			 proc_policy_dir);
+		show_prompt(stack, 0);
+		{
+			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
+							  NULL);
+			while (waitpid(pid, &error, __WALL) == EOF &&
+			       errno == EINTR)
+				c++; /* Dummy. */
+		}
+		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
+		if (errno == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+
+		fprintf(domain_fp, "delete allow_pivot_root %s %s\n",
+			pivot_root_dir, proc_policy_dir);
+		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
+			 proc_policy_dir);
+		show_prompt(stack, 1);
+		{
+			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
+							  NULL);
+			while (waitpid(pid, &error, __WALL) == EOF &&
+			       errno == EINTR)
+				c++; /* Dummy. */
+		}
+		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
+		if (errno == EPERM)
+			printf("OK: Permission denied.\n");
+		else
+			printf("BUG: %s\n", strerror(errno));
+
+		set_profile(2, "file::pivot_root");
+		snprintf(stack, 8191, "pivot_root('%s', '%s')", pivot_root_dir,
+			 proc_policy_dir);
+		show_prompt(stack, 0);
+		{
+			const pid_t pid = ltp_clone_quick(CLONE_NEWNS, child,
+							  NULL);
+			while (waitpid(pid, &error, __WALL) == EOF &&
+			       errno == EINTR)
+				c++; /* Dummy. */
+		}
+		errno = WIFEXITED(error) ? WEXITSTATUS(error) : -1;
+		if (errno == 0)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(errno));
+
+		set_profile(0, "file::pivot_root");
+
+	}
+
+	rmdir("/tmp/mount_move/");
+	rmdir("/tmp/mount_bind/");
+	rmdir("/tmp/mount/");
+
+	clear_status();
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
index e69de29..876f351 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_new_file_test.c
@@ -0,0 +1,631 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_new_file_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#include "include.h"
+
+static const char *policy = "";
+
+static void show_result(int result, char should_success)
+{
+	int err = errno;
+	printf("%s : ", policy);
+	if (should_success) {
+		if (result != EOF)
+			printf("OK\n");
+		else
+			printf("FAILED: %s\n", strerror(err));
+	} else {
+		if (result == EOF) {
+			if (err == EPERM)
+				printf("OK: Permission denied.\n");
+			else
+				printf("FAILED: %s\n", strerror(err));
+		} else {
+			printf("BUG: didn't fail.\n");
+		}
+	}
+}
+
+static void create2(const char *pathname)
+{
+	set_profile(0, "file::create");
+	set_profile(0, "file::open");
+	close(creat(pathname, 0600));
+	set_profile(3, "file::create");
+	set_profile(3, "file::open");
+	errno = 0;
+}
+
+static void mkdir2(const char *pathname)
+{
+	set_profile(0, "file::mkdir");
+	mkdir(pathname, 0600);
+	set_profile(3, "file::mkdir");
+	errno = 0;
+}
+
+static void unlink2(const char *pathname)
+{
+	set_profile(0, "file::unlink");
+	unlink(pathname);
+	set_profile(3, "file::unlink");
+	errno = 0;
+}
+
+static void rmdir2(const char *pathname)
+{
+	set_profile(0, "file::rmdir");
+	rmdir(pathname);
+	set_profile(3, "file::rmdir");
+	errno = 0;
+}
+
+static void mkfifo2(const char *pathname)
+{
+	set_profile(0, "file::mkfifo");
+	mkfifo(pathname, 0600);
+	set_profile(3, "file::mkfifo");
+	errno = 0;
+}
+
+static void stage_file_test(void)
+{
+	static int name[] = { CTL_NET, NET_IPV4, NET_IPV4_LOCAL_PORT_RANGE };
+	int buffer[2] = { 32768, 61000 };
+	size_t size = sizeof(buffer);
+	int pipe_fd[2] = { EOF, EOF };
+	int err = 0;
+	int fd;
+	char pbuffer[1024];
+	struct stat sbuf;
+	struct sockaddr_un addr;
+	struct ifreq ifreq;
+	char *filename = "";
+	set_profile(3, "file::execute");
+	set_profile(3, "file::open");
+	set_profile(3, "file::create");
+	set_profile(3, "file::unlink");
+	set_profile(3, "file::mkdir");
+	set_profile(3, "file::rmdir");
+	set_profile(3, "file::mkfifo");
+	set_profile(3, "file::mksock");
+	set_profile(3, "file::truncate");
+	set_profile(3, "file::symlink");
+	set_profile(3, "file::rewrite");
+	set_profile(3, "file::mkblock");
+	set_profile(3, "file::mkchar");
+	set_profile(3, "file::link");
+	set_profile(3, "file::rename");
+	set_profile(3, "file::chmod");
+	set_profile(3, "file::chown");
+	set_profile(3, "file::chgrp");
+	set_profile(3, "file::ioctl");
+	set_profile(3, "file::chroot");
+	set_profile(3, "file::mount");
+	set_profile(3, "file::umount");
+	set_profile(3, "file::pivot_root");
+
+	policy = "allow_read /proc/sys/net/ipv4/ip_local_port_range";
+	write_domain_policy(policy, 0);
+	show_result(sysctl(name, 3, buffer, &size, 0, 0), 1);
+	write_domain_policy(policy, 1);
+	show_result(sysctl(name, 3, buffer, &size, 0, 0), 0);
+
+	policy = "allow_write /proc/sys/net/ipv4/ip_local_port_range";
+	write_domain_policy(policy, 0);
+	show_result(sysctl(name, 3, 0, 0, buffer, size), 1);
+	write_domain_policy(policy, 1);
+	show_result(sysctl(name, 3, 0, 0, buffer, size), 0);
+
+	policy = "allow_read/write /proc/sys/net/ipv4/ip_local_port_range";
+	write_domain_policy(policy, 0);
+	show_result(sysctl(name, 3, buffer, &size, buffer, size), 1);
+	write_domain_policy(policy, 1);
+	show_result(sysctl(name, 3, buffer, &size, buffer, size), 0);
+
+	policy = "allow_read /bin/true";
+	write_domain_policy(policy, 0);
+	show_result(uselib("/bin/true"), 1);
+	write_domain_policy(policy, 1);
+	show_result(uselib("/bin/true"), 0);
+
+	policy = "allow_execute /bin/true";
+	write_domain_policy(policy, 0);
+	fflush(stdout);
+	fflush(stderr);
+	pipe(pipe_fd);
+	if (fork() == 0) {
+		execl("/bin/true", "/bin/true", NULL);
+		err = errno;
+		write(pipe_fd[1], &err, sizeof(err));
+		_exit(0);
+	}
+	close(pipe_fd[1]);
+	read(pipe_fd[0], &err, sizeof(err));
+	close(pipe_fd[0]);
+	wait(NULL);
+	errno = err;
+	show_result(err ? EOF : 0, 1);
+	write_domain_policy(policy, 1);
+	fflush(stdout);
+	fflush(stderr);
+	pipe(pipe_fd);
+	if (fork() == 0) {
+		execl("/bin/true", "/bin/true", NULL);
+		err = errno;
+		write(pipe_fd[1], &err, sizeof(err));
+		_exit(0);
+	}
+	close(pipe_fd[1]);
+	read(pipe_fd[0], &err, sizeof(err));
+	close(pipe_fd[0]);
+	wait(NULL);
+	errno = err;
+	show_result(err ? EOF : 0, 0);
+
+	policy = "allow_read /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	set_profile(3, "file::mkfifo");
+	policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_fifo_test";
+	show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
+
+	memset(pbuffer, 0, sizeof(pbuffer));
+	memset(&sbuf, 0, sizeof(sbuf));
+	filename = "/dev/null";
+	stat(filename, &sbuf);
+	snprintf(pbuffer, sizeof(pbuffer) - 1,
+		 "allow_write %s", filename);
+	policy = pbuffer;
+	write_domain_policy(policy, 0);
+	fd = open(filename, O_WRONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open(filename, O_WRONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read/write /tmp/fifo";
+	mkfifo2("/tmp/fifo");
+	write_domain_policy(policy, 0);
+	fd = open("/tmp/fifo", O_RDWR);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/tmp/fifo", O_RDWR);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_write /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_WRONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_WRONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_read/write /dev/null";
+	write_domain_policy(policy, 0);
+	fd = open("/dev/null", O_RDWR);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open("/dev/null", O_RDWR);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	policy = "allow_create /tmp/open_test 0644";
+	write_domain_policy(policy, 0);
+	policy = "allow_write /tmp/open_test";
+	write_domain_policy(policy, 0);
+	fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	unlink2("/tmp/open_test");
+	write_domain_policy(policy, 1);
+	fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+	unlink2("/tmp/open_test");
+
+	policy = "allow_create /tmp/open_test 0644";
+	write_domain_policy(policy, 1);
+
+	policy = "allow_write /tmp/open_test";
+	write_domain_policy(policy, 0);
+	policy = "allow_create /tmp/open_test 0644";
+	write_domain_policy(policy, 0);
+	fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	unlink2("/tmp/open_test");
+	write_domain_policy(policy, 1);
+	fd = open("/tmp/open_test", O_WRONLY | O_CREAT | O_EXCL, 0644);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+	unlink2("/tmp/open_test");
+	policy = "allow_write /tmp/open_test";
+	write_domain_policy(policy, 1);
+
+	filename = "/tmp/truncate_test";
+	create2(filename);
+
+	policy = "allow_truncate /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	policy = "allow_write /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	fd = open(filename, O_WRONLY | O_TRUNC);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open(filename, O_WRONLY | O_TRUNC);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+	policy = "allow_truncate /tmp/truncate_test";
+	write_domain_policy(policy, 1);
+
+	policy = "allow_write /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	policy = "allow_truncate /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	fd = open(filename, O_WRONLY | O_TRUNC);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	fd = open(filename, O_WRONLY | O_TRUNC);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+	policy = "allow_write /tmp/truncate_test";
+	write_domain_policy(policy, 1);
+
+	policy = "allow_truncate /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	show_result(truncate(filename, 0), 1);
+	write_domain_policy(policy, 1);
+	show_result(truncate(filename, 0), 0);
+
+	policy = "allow_truncate /tmp/truncate_test";
+	write_domain_policy(policy, 0);
+	set_profile(0, "file::open");
+	fd = open(filename, O_WRONLY);
+	set_profile(3, "file::open");
+	show_result(ftruncate(fd, 0), 1);
+	write_domain_policy(policy, 1);
+	show_result(ftruncate(fd, 0), 0);
+	if (fd != EOF)
+		close(fd);
+
+	unlink2(filename);
+
+	policy = "allow_create /tmp/mknod_reg_test 0644";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_reg_test";
+	show_result(mknod(filename, S_IFREG | 0644, 0), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFREG | 0644, 0), 0);
+
+	policy = "allow_mkchar /tmp/mknod_chr_test 0644 1 3";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_chr_test";
+	show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFCHR | 0644, MKDEV(1, 3)), 0);
+
+	policy = "allow_mkblock /tmp/mknod_blk_test 0644 1 0";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_blk_test";
+	show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFBLK | 0644, MKDEV(1, 0)), 0);
+
+	policy = "allow_mkfifo /tmp/mknod_fifo_test 0644";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_fifo_test";
+	show_result(mknod(filename, S_IFIFO | 0644, 0), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFIFO | 0644, 0), 0);
+
+	policy = "allow_mksock /tmp/mknod_sock_test 0644";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mknod_sock_test";
+	show_result(mknod(filename, S_IFSOCK | 0644, 0), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(mknod(filename, S_IFSOCK | 0644, 0), 0);
+
+	policy = "allow_mkdir /tmp/mkdir_test/ 0600";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/mkdir_test";
+	show_result(mkdir(filename, 0600), 1);
+	write_domain_policy(policy, 1);
+	rmdir2(filename);
+	show_result(mkdir(filename, 0600), 0);
+
+	policy = "allow_rmdir /tmp/rmdir_test/";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/rmdir_test";
+	mkdir2(filename);
+	show_result(rmdir(filename), 1);
+	write_domain_policy(policy, 1);
+	mkdir2(filename);
+	show_result(rmdir(filename), 0);
+	rmdir2(filename);
+
+	policy = "allow_unlink /tmp/unlink_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/unlink_test";
+	create2(filename);
+	show_result(unlink(filename), 1);
+	write_domain_policy(policy, 1);
+	create2(filename);
+	show_result(unlink(filename), 0);
+	unlink2(filename);
+
+	policy = "allow_symlink /tmp/symlink_source_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/symlink_source_test";
+	show_result(symlink("/tmp/symlink_dest_test", filename), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(symlink("/tmp/symlink_dest_test", filename), 0);
+
+	policy = "allow_symlink /tmp/symlink_source_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/symlink_source_test";
+	show_result(symlink("/tmp/symlink_dest_test", filename), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(symlink("/tmp/symlink_dest_test", filename), 0);
+
+	policy = "allow_symlink /tmp/symlink_source_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/symlink_source_test";
+	show_result(symlink("/tmp/symlink_dest_test", filename), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(symlink("/tmp/symlink_dest_test", filename), 0);
+
+	policy = "allow_symlink /tmp/symlink_source_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/symlink_source_test";
+	show_result(symlink("/tmp/symlink_dest_test", filename), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(symlink("/tmp/symlink_dest_test", filename), 0);
+
+	policy = "allow_symlink /tmp/symlink_source_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/symlink_source_test";
+	show_result(symlink("/tmp/symlink_dest_test", filename), 1);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	show_result(symlink("/tmp/symlink_dest_test", filename), 0);
+
+	policy = "allow_link /tmp/link_source_test /tmp/link_dest_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/link_source_test";
+	create2(filename);
+	show_result(link(filename, "/tmp/link_dest_test"), 1);
+	write_domain_policy(policy, 1);
+	unlink2("/tmp/link_dest_test");
+	show_result(link(filename, "/tmp/link_dest_test"), 0);
+	unlink2(filename);
+
+	policy = "allow_rename /tmp/rename_source_test /tmp/rename_dest_test";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/rename_source_test";
+	create2(filename);
+	show_result(rename(filename, "/tmp/rename_dest_test"), 1);
+	write_domain_policy(policy, 1);
+	unlink2("/tmp/rename_dest_test");
+	create2(filename);
+	show_result(rename(filename, "/tmp/rename_dest_test"), 0);
+	unlink2(filename);
+
+	policy = "allow_mksock /tmp/socket_test 0755";
+	write_domain_policy(policy, 0);
+	filename = "/tmp/socket_test";
+	memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	strncpy(addr.sun_path, filename, sizeof(addr.sun_path) - 1);
+	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
+		    1);
+	if (fd != EOF)
+		close(fd);
+	write_domain_policy(policy, 1);
+	unlink2(filename);
+	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	show_result(bind(fd, (struct sockaddr *) &addr, sizeof(addr)),
+		    0);
+	if (fd != EOF)
+		close(fd);
+
+	filename = "/tmp/rewrite_test";
+	create2(filename);
+	policy = "allow_read/write /tmp/rewrite_test";
+	write_domain_policy(policy, 0);
+	write_exception_policy("deny_rewrite /tmp/rewrite_test", 0);
+	policy = "allow_truncate /tmp/rewrite_test";
+	write_domain_policy(policy, 0);
+
+	fd = open(filename, O_RDONLY);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+
+	fd = open(filename, O_WRONLY | O_APPEND);
+	show_result(fd, 1);
+	if (fd != EOF)
+		close(fd);
+
+	fd = open(filename, O_WRONLY);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	fd = open(filename, O_WRONLY | O_TRUNC);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	fd = open(filename, O_WRONLY | O_TRUNC | O_APPEND);
+	show_result(fd, 0);
+	if (fd != EOF)
+		close(fd);
+
+	show_result(truncate(filename, 0), 0);
+
+	set_profile(0, "file::open");
+	fd = open(filename, O_WRONLY | O_APPEND);
+	set_profile(3, "file::open");
+	show_result(ftruncate(fd, 0), 0);
+
+	show_result(fcntl(fd, F_SETFL,
+			  fcntl(fd, F_GETFL) & ~O_APPEND), 0);
+	if (fd != EOF)
+		close(fd);
+
+	write_domain_policy(policy, 1);
+
+	policy = "allow_read/write /tmp/rewrite_test";
+	write_domain_policy(policy, 1);
+	write_exception_policy("deny_rewrite /tmp/rewrite_test", 1);
+
+	unlink2(filename);
+
+	policy = "allow_ioctl socket:[family=2:type=2:protocol=17] "
+		"35122-35124";
+	write_domain_policy(policy, 0);
+	fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+	memset(&ifreq, 0, sizeof(ifreq));
+	snprintf(ifreq.ifr_name, sizeof(ifreq.ifr_name) - 1,
+		 "lo");
+	show_result(ioctl(fd, 35123, &ifreq), 1);
+	write_domain_policy(policy, 1);
+	policy = "allow_ioctl "
+		"socket:[family=2:type=2:protocol=17] 0-35122";
+	write_domain_policy(policy, 0);
+	show_result(ioctl(fd, 35123, &ifreq), 0);
+	write_domain_policy(policy, 1);
+	if (fd != EOF)
+		close(fd);
+}
+
+int main(int argc, char *argv[])
+{
+	tomoyo_test_init();
+	fprintf(domain_fp, "%s /bin/true\n", self_domain);
+	fprintf(domain_fp, "use_profile 255\n");
+	fprintf(domain_fp, "select pid=%u\n", pid);
+	fprintf(profile_fp, "255-PREFERENCE::audit={ max_reject_log=1024 }\n");
+	stage_file_test();
+	fprintf(domain_fp, "use_profile 0\n");
+	clear_status();
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_new_test.c b/testcases/kernel/security/tomoyo/tomoyo_new_test.c
index e69de29..5054ccf 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_new_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_new_test.c
@@ -0,0 +1,682 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_new_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#include "include.h"
+
+static int result = 0;
+static int err = 0;
+
+static void show_result(const char *test, int should_success)
+{
+	err = errno;
+	printf("%s : ", test);
+	if (should_success) {
+		if (err == 0)
+			printf("OK (%d)\n", result);
+		else
+			printf("FAILED: %s\n", strerror(err));
+	} else {
+		if (err == 0)
+			printf("BUG: Didn't fail (%d)\n", result);
+		else if (err == EPERM)
+			printf("OK: permission denied\n");
+		else
+			printf("FAILED: %s\n", strerror(err));
+	}
+}
+
+static void test_read_etc_fstab(void)
+{
+	result = open("/etc/fstab", O_RDONLY);
+}
+
+static void test_write_dev_null(void)
+{
+	result = open("/dev/null", O_WRONLY);
+}
+
+static void cleanup_file_open(void)
+{
+	if (result != EOF)
+		close(result);
+}
+
+static void test_mkdir_testdir(void)
+{
+	result = mkdir("/tmp/testdir", 0755);
+}
+
+static void cleanup_mkdir_testdir(void)
+{
+	rmdir("/tmp/testdir");
+}
+
+static void setup_mkdir_testdir(void)
+{
+	mkdir("/tmp/testdir", 0755);
+}
+
+static void test_rmdir_testdir(void)
+{
+	result = rmdir("/tmp/testdir");
+}
+
+static void setup_execute_bin_true(void)
+{
+	fprintf(domain_fp, "%s /bin/true\n", self_domain);
+	fprintf(domain_fp, "use_profile 0\n");
+	fprintf(domain_fp, "select pid=%u\n", pid);
+}
+
+static void cleanup_execute_bin_true(void)
+{
+	wait(NULL);
+	fprintf(domain_fp, "delete %s /bin/true\n", self_domain);
+	fprintf(domain_fp, "select pid=%u\n", pid);
+}
+
+static void test_execute_bin_true(void)
+{
+	char *argv[] = { "/bin/true", NULL };
+	char *envp[] = { "HOME=/", NULL };
+	int pipe_fd[2] = { EOF, EOF };
+	int err = 0;
+	pipe(pipe_fd);
+	switch (fork()) {
+	case 0:
+		execve("/bin/true", argv, envp);
+		err = errno;
+		write(pipe_fd[1], &err, sizeof(err));
+		_exit(0);
+		break;
+	case -1:
+		err = -ENOMEM;
+		break;
+	}
+	close(pipe_fd[1]);
+	read(pipe_fd[0], &err, sizeof(err));
+	close(pipe_fd[0]);
+	result = err ? EOF : 0;
+	errno = err;
+}
+
+static void test_chmod_dev_null(void)
+{
+	result = chmod("/dev/null", 0666);
+}
+
+static void test_chown_dev_null(void)
+{
+	result = chown("/dev/null", 0, -1);
+}
+
+static void test_chgrp_dev_null(void)
+{
+	result = chown("/dev/null", -1, 0);
+}
+
+static void test_ioctl_dev_null(void)
+{
+	int fd = open("/dev/null", O_RDWR);
+	errno = 0;
+	result = ioctl(fd, 0x5451, NULL);
+	err = errno;
+	close(fd);
+	errno = err;
+}
+
+static void setup_chmod_group(void)
+{
+	write_exception_policy("path_group CHMOD_TARGET /dev/null", 0);
+	write_exception_policy("number_group CHMOD_MODES 0666", 0);
+}
+
+static void cleanup_chmod_group(void)
+{
+	write_exception_policy("path_group CHMOD_TARGET /dev/null", 1);
+	write_exception_policy("number_group CHMOD_MODES 0666", 1);
+}
+
+static void setup_chown_group(void)
+{
+	write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 0);
+	write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 0);
+}
+
+static void cleanup_chown_group(void)
+{
+	write_exception_policy("path_group CHOWN_TARGET /dev/\\*", 1);
+	write_exception_policy("number_group CHOWN_IDS 0x0-0xFFFE", 1);
+}
+
+static void setup_ioctl_group(void)
+{
+	write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 0);
+	write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 0);
+}
+
+static void cleanup_ioctl_group(void)
+{
+	write_exception_policy("path_group IOCTL_TARGET /dev/\\*", 1);
+	write_exception_policy("number_group IOCTL_NUMBERS 0x5450-0x5452", 1);
+}
+
+static void setup_open_group(void)
+{
+	write_exception_policy("path_group READABLE /etc/\\*", 0);
+	write_exception_policy("number_group READABLE_IDS 0-0xFFF", 0);
+}
+
+static void cleanup_open_group(void)
+{
+	cleanup_file_open();
+	write_exception_policy("path_group READABLE /etc/\\*", 1);
+	write_exception_policy("number_group READABLE_IDS 0-0xFFF", 1);
+}
+
+static void test_file_open_0(void)
+{
+	result = open("/tmp/testfile0", O_RDONLY, 0600);
+}
+
+static void test_file_open_1(void)
+{
+	result = open("/tmp/testfile1", O_CREAT | O_RDONLY, 0600);
+}
+
+static void test_file_open_2(void)
+{
+	result = open("/tmp/testfile2", O_TRUNC | O_RDONLY, 0600);
+}
+
+static void test_file_open_3(void)
+{
+	result = open("/tmp/testfile3", O_TRUNC | O_CREAT | O_RDONLY, 0600);
+}
+
+static void test_file_open_4(void)
+{
+	result = open("/tmp/testfile4", O_APPEND | O_RDONLY, 0600);
+}
+
+static void test_file_open_5(void)
+{
+	result = open("/tmp/testfile5", O_APPEND | O_CREAT | O_RDONLY, 0600);
+}
+
+static void test_file_open_6(void)
+{
+	result = open("/tmp/testfile6", O_APPEND | O_TRUNC | O_RDONLY, 0600);
+}
+
+static void test_file_open_7(void)
+{
+	result = open("/tmp/testfile7",
+		      O_APPEND | O_TRUNC | O_CREAT | O_RDONLY, 0600);
+}
+
+static void test_file_open_8(void)
+{
+	result = open("/tmp/testfile8", O_WRONLY, 0600);
+}
+
+static void test_file_open_9(void)
+{
+	result = open("/tmp/testfile9", O_CREAT | O_WRONLY, 0600);
+}
+
+static void test_file_open_10(void)
+{
+	result = open("/tmp/testfile10", O_TRUNC | O_WRONLY, 0600);
+}
+
+static void test_file_open_11(void)
+{
+	result = open("/tmp/testfile11", O_TRUNC | O_CREAT | O_WRONLY, 0600);
+}
+
+static void test_file_open_12(void)
+{
+	result = open("/tmp/testfile12", O_APPEND | O_WRONLY, 0600);
+}
+
+static void test_file_open_13(void)
+{
+	result = open("/tmp/testfile13", O_APPEND | O_CREAT | O_WRONLY, 0600);
+}
+
+static void test_file_open_14(void)
+{
+	result = open("/tmp/testfile14", O_APPEND | O_TRUNC | O_WRONLY, 0600);
+}
+
+static void test_file_open_15(void)
+{
+	result = open("/tmp/testfile15",
+		      O_APPEND | O_TRUNC | O_CREAT | O_WRONLY, 0600);
+}
+
+static void test_file_open_16(void)
+{
+	result = open("/tmp/testfile16", O_RDWR, 0600);
+}
+
+static void test_file_open_17(void)
+{
+	result = open("/tmp/testfile17", O_CREAT | O_RDWR, 0600);
+}
+
+static void test_file_open_18(void)
+{
+	result = open("/tmp/testfile18", O_TRUNC | O_RDWR, 0600);
+}
+
+static void test_file_open_19(void)
+{
+	result = open("/tmp/testfile19", O_TRUNC | O_CREAT | O_RDWR, 0600);
+}
+
+static void test_file_open_20(void)
+{
+	result = open("/tmp/testfile20", O_APPEND | O_RDWR, 0600);
+}
+
+static void test_file_open_21(void)
+{
+	result = open("/tmp/testfile21", O_APPEND | O_CREAT | O_RDWR, 0600);
+}
+
+static void test_file_open_22(void)
+{
+	result = open("/tmp/testfile22", O_APPEND | O_TRUNC | O_RDWR, 0600);
+}
+
+static void test_file_open_23(void)
+{
+	result = open("/tmp/testfile23", O_APPEND | O_TRUNC | O_CREAT | O_RDWR,
+		      0600);
+}
+
+static void setup_test_file(void)
+{
+	int i;
+	char buffer[32];
+	buffer[31] = '\0';
+	for (i = 0; i < 24; i += 2) {
+		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
+		close(open(buffer, O_WRONLY | O_CREAT, 0600));
+	}
+	write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
+}
+
+static void setup_test_file_truncate(void)
+{
+	setup_test_file();
+	write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
+	set_profile(3, "file::truncate");
+}
+
+static void setup_all_test_file(void)
+{
+	int i;
+	char buffer[32];
+	buffer[31] = '\0';
+	for (i = 0; i < 24; i++) {
+		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
+		close(open(buffer, O_WRONLY | O_CREAT, 0600));
+	}
+	write_exception_policy("deny_rewrite /tmp/testfile\\$", 0);
+}
+
+static void setup_all_test_file_truncate(void)
+{
+	setup_all_test_file();
+	write_domain_policy("allow_truncate /tmp/testfile\\$", 0);
+	set_profile(3, "file::truncate");
+}
+
+static void cleanup_test_file(void)
+{
+	int i;
+	char buffer[32];
+	buffer[31] = '\0';
+	for (i = 0; i < 24; i++) {
+		snprintf(buffer, sizeof(buffer) - 1, "/tmp/testfile%u", i);
+		unlink(buffer);
+	}
+	write_exception_policy("deny_rewrite /tmp/testfile\\$", 1);
+	cleanup_file_open();
+}
+
+static void cleanup_test_file_truncate(void)
+{
+	cleanup_test_file();
+	write_domain_policy("allow_truncate /tmp/testfile\\$", 1);
+	set_profile(0, "file::truncate");
+}
+
+static struct test_struct {
+	void (*do_setup) (void);
+	void (*do_test) (void);
+	void (*do_cleanup) (void);
+	const char *name;
+	const char *policy;
+} tests[] = {
+	{ NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
+	  "allow_read /etc/fstab" },
+	{ NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
+	  "allow_read /etc/fstab" },
+	{ NULL, test_read_etc_fstab, cleanup_file_open, "file::open",
+	  "allow_read /etc/fstab" },
+	{ setup_open_group, test_read_etc_fstab, cleanup_open_group,
+	  "file::open", "allow_read @READABLE" },
+	{ NULL, test_write_dev_null, cleanup_file_open, "file::open",
+	  "allow_write /dev/null" },
+	{ NULL, test_write_dev_null, cleanup_file_open, "file::open",
+	  "allow_write /dev/null" },
+	{ NULL, test_write_dev_null, cleanup_file_open, "file::open",
+	  "allow_write /dev/null" },
+	{ cleanup_mkdir_testdir, test_mkdir_testdir, cleanup_mkdir_testdir,
+	  "file::mkdir", "allow_mkdir /tmp/testdir/ 0755" },
+	{ cleanup_mkdir_testdir, test_mkdir_testdir, cleanup_mkdir_testdir,
+	  "file::mkdir", "allow_mkdir /tmp/testdir/ 0755" },
+	{ cleanup_mkdir_testdir, test_mkdir_testdir, cleanup_mkdir_testdir,
+	  "file::mkdir", "allow_mkdir /tmp/testdir/ 0755" },
+	{ setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
+	  "file::rmdir", "allow_rmdir /tmp/testdir/" },
+	{ setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
+	  "file::rmdir", "allow_rmdir /tmp/testdir/" },
+	{ setup_mkdir_testdir, test_rmdir_testdir, cleanup_mkdir_testdir,
+	  "file::rmdir", "allow_rmdir /tmp/testdir/" },
+	{ setup_execute_bin_true, test_execute_bin_true,
+	  cleanup_execute_bin_true, "file::execute",
+	  "allow_execute /bin/true" },
+	{ setup_execute_bin_true, test_execute_bin_true,
+	  cleanup_execute_bin_true, "file::execute", "allow_execute /bin/true" },
+	{ setup_execute_bin_true, test_execute_bin_true,
+	  cleanup_execute_bin_true, "file::execute", "allow_execute /bin/true"
+	},
+	{ NULL, test_chmod_dev_null, NULL, "file::chmod",
+	  "allow_chmod /dev/null 0666"
+	},
+	{ NULL, test_chown_dev_null, NULL, "file::chown",
+	  "allow_chown /dev/null 0" },
+	{ NULL, test_chgrp_dev_null, NULL, "file::chgrp",
+	  "allow_chgrp /dev/null 0" },
+	{ NULL, test_ioctl_dev_null, NULL, "file::ioctl",
+	  "allow_ioctl /dev/null 0x5451" },
+	{ setup_chmod_group, test_chmod_dev_null, cleanup_chmod_group,
+	  "file::chmod", "allow_chmod @CHMOD_TARGET @CHMOD_MODES" },
+	{ setup_chown_group, test_chown_dev_null, cleanup_chown_group,
+	  "file::chown", "allow_chown @CHOWN_TARGET @CHOWN_IDS" },
+	{ setup_chown_group, test_chgrp_dev_null, cleanup_chown_group,
+	  "file::chgrp", "allow_chgrp @CHOWN_TARGET @CHOWN_IDS" },
+	{ setup_ioctl_group, test_ioctl_dev_null, cleanup_ioctl_group,
+	  "file::ioctl", "allow_ioctl @IOCTL_TARGET @IOCTL_NUMBERS" },
+	{ setup_test_file, test_file_open_0, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile0" },
+	{ setup_test_file, test_file_open_1, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile1" },
+	{ setup_test_file, test_file_open_1, cleanup_test_file, "file::create",
+	  "allow_create /tmp/testfile1 0600" },
+	{ setup_test_file, test_file_open_2, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile2" },
+	{ setup_test_file, test_file_open_2, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile2"
+	},
+	{ setup_test_file_truncate, test_file_open_2,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile2" },
+	{ setup_test_file, test_file_open_3, cleanup_test_file,
+	  "file::open", "allow_read /tmp/testfile3" },
+	{ setup_test_file, test_file_open_3, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile3 0600"
+	},
+	{ setup_test_file, test_file_open_4, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile4" },
+	{ setup_test_file, test_file_open_5, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile5" },
+	{ setup_test_file, test_file_open_5, cleanup_test_file, "file::create",
+	  "allow_create /tmp/testfile5 0600" },
+	{ setup_test_file, test_file_open_6, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile6" },
+	{ setup_test_file, test_file_open_6, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile6"
+	},
+	{ setup_test_file_truncate, test_file_open_6,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile6" },
+	{ setup_test_file, test_file_open_7, cleanup_test_file, "file::open",
+	  "allow_read /tmp/testfile7" },
+	{ setup_test_file, test_file_open_7, cleanup_test_file, "file::create",
+	  "allow_create /tmp/testfile7 0600" },
+	{ setup_test_file, test_file_open_8, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile8" },
+	{ setup_test_file, test_file_open_8, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile8"
+	},
+	{ setup_test_file, test_file_open_9, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile9" },
+	{ setup_test_file, test_file_open_9, cleanup_test_file, "file::create",
+	  "allow_create /tmp/testfile9 0600" },
+	{ setup_test_file, test_file_open_9, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile9"
+	},
+	{ setup_test_file, test_file_open_10, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile10" },
+	{ setup_test_file, test_file_open_10, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile10"
+	},
+	{ setup_test_file, test_file_open_10, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile10"
+	},
+	{ setup_test_file, test_file_open_11, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile11" },
+	{ setup_test_file, test_file_open_11, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile11 0600"
+	},
+	{ setup_test_file, test_file_open_11, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile11"
+	},
+	{ setup_test_file, test_file_open_12, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile12" },
+	{ setup_test_file, test_file_open_13, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile13" },
+	{ setup_test_file, test_file_open_13, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile13 0600"
+	},
+	{ setup_test_file, test_file_open_14, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile14" },
+	{ setup_test_file, test_file_open_14, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile14"
+	},
+	{ setup_test_file_truncate, test_file_open_14,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile14" },
+	{ setup_test_file, test_file_open_15, cleanup_test_file, "file::open",
+	  "allow_write /tmp/testfile15" },
+	{ setup_test_file, test_file_open_15, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile15 0600"
+	},
+	{ setup_test_file, test_file_open_16, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile16" },
+	{ setup_test_file, test_file_open_16, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile16"
+	},
+	{ setup_test_file, test_file_open_17, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile17" },
+	{ setup_test_file, test_file_open_17, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile17 0600"
+	},
+	{ setup_test_file, test_file_open_17, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile17"
+	},
+	{ setup_test_file, test_file_open_18, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile18" },
+	{ setup_test_file, test_file_open_18, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile18"
+	},
+	{ setup_test_file, test_file_open_18, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile18"
+	},
+	{ setup_test_file, test_file_open_19, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile19" },
+	{ setup_test_file, test_file_open_19, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile19 0600"
+	},
+	{ setup_test_file, test_file_open_19, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile19"
+	},
+	{ setup_test_file, test_file_open_20, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile20" },
+	{ setup_test_file, test_file_open_21, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile21" },
+	{ setup_test_file, test_file_open_21, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile21 0600"
+	},
+	{ setup_test_file, test_file_open_22, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile22" },
+	{ setup_test_file, test_file_open_22, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile22"
+	},
+	{ setup_test_file_truncate, test_file_open_22,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile22" },
+	{ setup_test_file, test_file_open_23, cleanup_test_file, "file::open",
+	  "allow_read/write /tmp/testfile23" },
+	{ setup_test_file, test_file_open_23, cleanup_test_file,
+	  "file::create", "allow_create /tmp/testfile23 0600"
+	},
+	{ setup_all_test_file, test_file_open_0, cleanup_test_file,
+	  "file::open", "allow_read /tmp/testfile0" },
+	{ setup_all_test_file, test_file_open_2, cleanup_test_file,
+	  "file::open", "allow_read /tmp/testfile2" },
+	{ setup_all_test_file, test_file_open_2, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile2"
+	},
+	{ setup_all_test_file_truncate, test_file_open_2,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile2" },
+	{ setup_all_test_file, test_file_open_4, cleanup_test_file,
+	  "file::open", "allow_read /tmp/testfile4" },
+	{ setup_all_test_file, test_file_open_6, cleanup_test_file,
+	  "file::open", "allow_read /tmp/testfile6" },
+	{ setup_all_test_file, test_file_open_6, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile6"
+	},
+	{ setup_all_test_file_truncate, test_file_open_6,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile6" },
+	{ setup_all_test_file, test_file_open_8, cleanup_test_file,
+	  "file::open", "allow_write /tmp/testfile8" },
+	{ setup_all_test_file, test_file_open_8, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile8"
+	},
+	{ setup_all_test_file, test_file_open_10, cleanup_test_file,
+	  "file::open", "allow_write /tmp/testfile10" },
+	{ setup_all_test_file, test_file_open_10, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile10"
+	},
+	{ setup_all_test_file, test_file_open_10, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile10"
+	},
+	{ setup_all_test_file, test_file_open_12, cleanup_test_file,
+	  "file::open", "allow_write /tmp/testfile12" },
+	{ setup_all_test_file, test_file_open_14, cleanup_test_file,
+	  "file::open", "allow_write /tmp/testfile14" },
+	{ setup_all_test_file, test_file_open_14, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile14"
+	},
+	{ setup_all_test_file_truncate, test_file_open_14,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile14" },
+	{ setup_all_test_file, test_file_open_16, cleanup_test_file,
+	  "file::open", "allow_read/write /tmp/testfile16"
+	},
+	{ setup_all_test_file, test_file_open_16, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile16"
+	},
+	{ setup_all_test_file, test_file_open_18, cleanup_test_file,
+	  "file::open", "allow_read/write /tmp/testfile18"
+	},
+	{ setup_all_test_file, test_file_open_18, cleanup_test_file,
+	  "file::truncate", "allow_truncate /tmp/testfile18"
+	},
+	{ setup_all_test_file, test_file_open_18, cleanup_test_file,
+	  "file::rewrite", "allow_rewrite /tmp/testfile18"
+	},
+	{ setup_all_test_file, test_file_open_20, cleanup_test_file,
+	  "file::open",
+	  "allow_read/write /tmp/testfile20" },
+	{ setup_all_test_file, test_file_open_22, cleanup_test_file,
+	  "file::open",
+	  "allow_read/write /tmp/testfile22" },
+	{ setup_all_test_file, test_file_open_22, cleanup_test_file,
+	  "file::truncate",
+	  "allow_truncate /tmp/testfile22" },
+	{ setup_all_test_file_truncate, test_file_open_22,
+	  cleanup_test_file_truncate, "file::rewrite",
+	  "allow_rewrite /tmp/testfile22" },
+	{ NULL }
+};
+
+int main(int argc, char *argv[])
+{
+	int i;
+	tomoyo_test_init();
+	for (i = 0; tests[i].do_test; i++) {
+		int trial;
+		for (trial = 0; trial < 2; trial++) {
+			int should_fail;
+			for (should_fail = 0; should_fail < 2; should_fail++) {
+				if (tests[i].do_setup)
+					tests[i].do_setup();
+				if (!should_fail)
+					write_domain_policy(tests[i].policy, 0);
+				set_profile(3, tests[i].name);
+				tests[i].do_test();
+				show_result(tests[i].policy, !should_fail);
+				set_profile(0, tests[i].name);
+				if (tests[i].do_cleanup)
+					tests[i].do_cleanup();
+				if (!should_fail)
+					write_domain_policy(tests[i].policy, 1);
+			}
+		}
+	}
+	for (i = 0; tests[i].do_test; i++) {
+		int mode;
+		for (mode = 0; mode < 4; mode++) {
+			if (tests[i].do_setup)
+				tests[i].do_setup();
+			set_profile(mode, tests[i].name);
+			tests[i].do_test();
+			show_result(tests[i].name, 1);
+			set_profile(0, tests[i].name);
+			if (tests[i].do_cleanup)
+				tests[i].do_cleanup();
+		}
+	}
+	fprintf(domain_fp, "delete %s\n", self_domain);
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
index e69de29..ee8f294 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_policy_io_test.c
@@ -0,0 +1,195 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_policy_io_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#include "include.h"
+
+static FILE *policy_fp = NULL;
+static const char *policy_file = "";
+
+static void try_io(const char *policy, const char should_success)
+{
+	FILE *fp = fopen(policy_file, "r");
+	char buffer[8192];
+	int policy_found = 0;
+	memset(buffer, 0, sizeof(buffer));
+	printf("%s: ", policy);
+	fprintf(policy_fp, "%s\n", policy);
+	if (!fp) {
+		printf("BUG: policy read failed\n");
+		return;
+	}
+	while (fgets(buffer, sizeof(buffer) - 1, fp)) {
+		char *cp = strchr(buffer, '\n');
+		if (cp)
+			*cp = '\0';
+		if (!strcmp(buffer, policy)) {
+			policy_found = 1;
+			break;
+		}
+	}
+	fclose(fp);
+	if (should_success) {
+		if (policy_found)
+			printf("OK\n");
+		else
+			printf("BUG: policy write failed\n");
+	} else {
+		if (!policy_found)
+			printf("OK : write rejected.\n");
+		else
+			printf("BUG: policy write not rejected.\n");
+	}
+	fprintf(policy_fp, "delete %s\n", policy);
+}
+
+static void stage_policy_io_test(void)
+{
+	int i;
+	policy_file = proc_policy_domain_policy;
+	policy_fp = domain_fp;
+	for (i = 0; i < 3; i++) {
+		try_io("allow_chroot /", 1);
+		try_io("allow_chroot ", 0);
+		try_io("allow_chroot /mnt0/", 1);
+		try_io("allow_chroot /var1/chroot2/", 1);
+		try_io("allow_chroot /mnt0/", 1);
+		try_io("allow_chroot /mnt0/", 1);
+		try_io("allow_chroot /mnt0/", 1);
+		try_io("allow_chroot /mnt\\?\\*/", 1);
+		try_io("allow_chroot /mnt\\?\\*/", 1);
+		try_io("allow_unmount /", 1);
+		try_io("allow_unmount /sys1/", 1);
+		try_io("allow_unmount /initrd2/", 1);
+		try_io("allow_unmount /initrd/dev3/", 1);
+		try_io("allow_unmount /initrd/\\*\\+/", 1);
+		try_io("allow_unmount /initrd/\\@\\*/", 1);
+		try_io("allow_unmount /initrd2/", 1);
+		try_io("allow_pivot_root / /proc3/", 1);
+		try_io("allow_pivot_root /sys5/ /proc3/", 1);
+		try_io("allow_pivot_root /sys/", 0);
+		try_io("allow_pivot_root *", 0);
+		try_io("allow_pivot_root /sys5/ /proc3/", 1);
+		try_io("allow_mount / / --bind 0xD", 1);
+		try_io("allow_mount / / --move 0xF", 1);
+		try_io("allow_mount / --remount", 0);
+		try_io("allow_mount /", 0);
+		try_io("allow_mount none /tmp/ tmpfs 0x1", 1);
+		try_io("allow_mount none /tmp/ tmpfs", 0);
+		try_io("allow_mount none /tmp/ nonexistent 0x0", 1);
+		try_io("allow_mount none /proc/ proc 0x0", 1);
+		try_io("allow_mount none /selinux/ selinuxfs 0x0", 1);
+		try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
+		try_io("allow_mount none /dev/pts/ devpts 0x0", 1);
+		try_io("allow_mount any / --remount 0xC00", 1);
+		try_io("allow_mount /dev/sda1 /boot/ ext3 0xC00", 1);
+		try_io("allow_mount none /dev/shm/ tmpfs 0x0", 1);
+		try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
+		       "0x0", 1);
+		try_io("allow_mount none /proc/sys/fs/binfmt_misc/ binfmt_misc "
+		       "0x0 0x1", 0);
+		try_io("allow_mount none /proc/sys/fs/binfmt_misc/ tmpfs "
+		       "binfmt_misc 0x0", 0);
+		try_io("allow_mount /proc/bus/usb /proc/bus/usb/ usbfs 0x0", 1);
+	}
+	policy_file = proc_policy_exception_policy;
+	policy_fp = exception_fp;
+	for (i = 0; i < 3; i++) {
+		try_io("allow_read /tmp/abc", 1);
+		try_io("allow_read /tmp/abc\\*", 1);
+		try_io("allow_read abc", 1);
+		try_io("allow_read /tmp/abc/", 1);
+		try_io("allow_read", 0);
+		try_io("allow_read *", 1);
+		try_io("file_pattern /\\*\\*\\*", 1);
+		try_io("file_pattern /abc", 1);
+		try_io("file_pattern /abc /def", 0);
+		try_io("file_pattern abcdef", 1);
+		try_io("path_group TEST /", 1);
+		try_io("path_group TEST /boo", 1);
+		try_io("path_group TEST /bar", 1);
+		try_io("path_group TEST /\\*", 1);
+		try_io("path_group TEST / /", 0);
+		try_io("path_group TEST /boo", 1);
+		try_io("path_group TEST /bar", 1);
+		try_io("path_group TEST boo", 1);
+		try_io("path_group TEST boo/", 1);
+		try_io("path_group TEST /bar", 1);
+		try_io("path_group TEST3 /\\*", 1);
+		try_io("path_group TEST3 / /", 0);
+		try_io("path_group TEST3 /boo", 1);
+		try_io("path_group TEST3 /bar", 1);
+		try_io("path_group TEST3 boo", 1);
+		try_io("path_group TEST3 boo/", 1);
+		try_io("deny_rewrite /", 1);
+		try_io("deny_rewrite /foo", 1);
+		try_io("deny_rewrite /\\*", 1);
+		try_io("deny_rewrite /\\:", 0);
+		try_io("deny_rewrite / /", 0);
+		try_io("deny_rewrite @/TEST", 1);
+		try_io("aggregator /boo/\\* /BOO", 1);
+		try_io("aggregator /boo/\\* /BOO\\*", 0);
+		try_io("aggregator /boo/\\*/ /BOO", 1);
+		try_io("aggregator /boo/\\* /BOO/", 1);
+		try_io("keep_domain <kernel>", 1);
+		try_io("keep_domain <kernel> /sbin/init", 1);
+		try_io("keep_domain <kernel> foo", 0);
+		try_io("keep_domain <kernel> \\*", 0);
+		try_io("keep_domain /ssh", 1);
+		try_io("keep_domain /ssh /foo", 0);
+		try_io("keep_domain /foo from <kernel>", 1);
+		try_io("keep_domain /foo from <kernel> /sbin/init", 1);
+		try_io("keep_domain from <kernel> /sbin/init", 0);
+		try_io("keep_domain \\* from <kernel> /sbin/init", 0);
+		try_io("no_keep_domain <kernel>", 1);
+		try_io("no_keep_domain <kernel> /sbin/init", 1);
+		try_io("no_keep_domain <kernel> foo", 0);
+		try_io("no_keep_domain <kernel> \\*", 0);
+		try_io("no_keep_domain /ssh", 1);
+		try_io("no_keep_domain /ssh /foo", 0);
+		try_io("no_keep_domain /foo from <kernel>", 1);
+		try_io("no_keep_domain /foo from <kernel> /sbin/init", 1);
+		try_io("no_keep_domain from <kernel> /sbin/init", 0);
+		try_io("no_keep_domain \\* from <kernel> /sbin/init", 0);
+		try_io("initialize_domain /foo", 1);
+		try_io("initialize_domain /\\*", 1);
+		try_io("initialize_domain /foo /bar", 0);
+		try_io("initialize_domain /foo from /bar", 1);
+		try_io("initialize_domain /foo from <kernel> /bar", 1);
+		try_io("initialize_domain /\\* from <kernel>", 1);
+		try_io("initialize_domain /foo from <kernel> \\*", 0);
+		try_io("no_initialize_domain /foo", 1);
+		try_io("no_initialize_domain /\\*", 1);
+		try_io("no_initialize_domain /foo /bar", 0);
+		try_io("no_initialize_domain /foo from /bar", 1);
+		try_io("no_initialize_domain /foo from <kernel> /bar", 1);
+		try_io("no_initialize_domain /\\* from <kernel>", 1);
+		try_io("no_initialize_domain /foo from <kernel> \\*", 0);
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	tomoyo_test_init();
+	stage_policy_io_test();
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c b/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
index e69de29..a94900e 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_policy_memory_test.c
@@ -0,0 +1,358 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_policy_memory_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+/*
+ * Usage: Run this program using init= boot option.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mount.h>
+
+static void BUG(const char *msg)
+{
+	printf("%s", msg);
+	fflush(stdout);
+	while (1)
+		sleep(100);
+}
+
+static const char *policy_file = NULL;
+static const char *policy = NULL;
+
+static void get_meminfo(unsigned int *policy_memory)
+{
+	FILE *fp = fopen("/sys/kernel/security/tomoyo/meminfo", "r");
+	if (!fp || fscanf(fp, "Policy: %u", policy_memory) != 1 || fclose(fp))
+		BUG("BUG: Policy read error\n");
+}
+
+static void check_policy_common(const int found_expected, const int id)
+{
+	FILE *fp = fopen(policy_file, "r");
+	char buffer[8192];
+	int policy_found = 0;
+	memset(buffer, 0, sizeof(buffer));
+	if (!fp)
+		BUG("BUG: Policy read error\n");
+	while (fgets(buffer, sizeof(buffer) - 1, fp)) {
+		char *cp = strchr(buffer, '\n');
+		if (cp)
+			*cp = '\0';
+		if (strcmp(buffer, policy))
+			continue;
+		policy_found = 1;
+		break;
+	}
+	fclose(fp);
+	if (policy_found != found_expected) {
+		printf("BUG: Policy write error: %s %s at %d\n", policy,
+		       found_expected ? "not added" : "not deleted", id);
+		BUG("");
+	}
+}
+
+static inline void check_policy_written(FILE *fp, const int id)
+{
+	fflush(fp);
+	check_policy_common(1, id);
+}
+
+static inline void check_policy_deleted(FILE *fp, const int id)
+{
+	fflush(fp);
+	check_policy_common(0, id);
+}
+
+static const char *domain_testcases[] = {
+	"allow_create /tmp/mknod_reg_test 0600",
+	"allow_create /tmp/open_test 0600",
+	"allow_create /tmp/open_test 0600",
+	"allow_create /tmp/open_test 0600",
+	"allow_execute /bin/true",
+	"allow_execute /bin/true",
+	"allow_execute /bin/true0",
+	"allow_execute /bin/true1",
+	"allow_execute /bin/true2",
+	"allow_execute /bin/true3",
+	"allow_execute /bin/true4",
+	"allow_execute /bin/true5",
+	"allow_execute /bin/true6",
+	"allow_execute /bin/true7",
+	"allow_execute /bin/true7",
+	"allow_execute /bin/true7",
+	"allow_execute /bin/true8",
+	"allow_ioctl socket:[family=2:type=2:protocol=17] 0-35122",
+	"allow_ioctl socket:[family=2:type=2:protocol=17] 35122-35124",
+	"allow_link /tmp/link_source_test /tmp/link_dest_test",
+	"allow_mkblock /tmp/mknod_blk_test 0600 1 0",
+	"allow_mkchar /tmp/mknod_chr_test 0600 1 3",
+	"allow_mkdir /tmp/mkdir_test/ 0755",
+	"allow_mkfifo /tmp/mknod_fifo_test 0600",
+	"allow_mkfifo /tmp/mknod_fifo_test 0600",
+	"allow_mksock /tmp/mknod_sock_test 0600",
+	"allow_mksock /tmp/socket_test 0600",
+	"allow_read /bin/true",
+	"allow_read /bin/true",
+	"allow_read /dev/null",
+	"allow_read /dev/null",
+	"allow_read /dev/null",
+	"allow_read /dev/null",
+	"allow_read /dev/null",
+	"allow_read /dev/null",
+	"allow_read /foo",
+	"allow_read /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_read /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_read/write /bar",
+	"allow_read/write /dev/null",
+	"allow_read/write /dev/null",
+	"allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_read/write /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_read/write /tmp/fifo",
+	"allow_read/write /tmp/fifo",
+	"allow_read/write /tmp/rewrite_test",
+	"allow_rename /tmp/rename_source_test /tmp/rename_dest_test",
+	"allow_rmdir /tmp/rmdir_test/",
+	"allow_symlink /symlink",
+	"allow_symlink /symlink",
+	"allow_symlink /symlink",
+	"allow_symlink /symlink",
+	"allow_symlink /tmp/symlink_source_test",
+	"allow_symlink /tmp/symlink_source_test",
+	"allow_symlink /tmp/symlink_source_test",
+	"allow_symlink /tmp/symlink_source_test",
+	"allow_symlink /tmp/symlink_source_test",
+	"allow_truncate /tmp/rewrite_test",
+	"allow_truncate /tmp/truncate_test",
+	"allow_truncate /tmp/truncate_test",
+	"allow_unlink /tmp/unlink_test",
+	"allow_write /123",
+	"allow_write /dev/null",
+	"allow_write /dev/null",
+	"allow_write /devfile",
+	"allow_write /devfile",
+	"allow_write /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_write /proc/sys/net/ipv4/ip_local_port_range",
+	"allow_write /tmp/open_test",
+	"allow_write /tmp/open_test",
+	"allow_write /tmp/open_test",
+	"allow_write /tmp/truncate_test",
+	"allow_write /tmp/truncate_test",
+	"allow_rewrite /tmp/rewrite_test",
+	"allow_rewrite /tmp/rewrite_test",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 0x123",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 123",
+	"allow_mount /dev/sda1 /mnt/sda1/ ext3 0123",
+	"allow_chroot /",
+	"allow_chroot /",
+	"allow_chroot /mnt/",
+	"allow_pivot_root / /proc/",
+	"allow_pivot_root /mnt/ /proc/mnt/",
+	"allow_unmount /",
+	"allow_unmount /proc/",
+	NULL
+};
+
+static void domain_policy_test(const unsigned int before)
+{
+	unsigned int after;
+	int j;
+	policy_file = "/sys/kernel/security/tomoyo/domain_policy";
+	for (j = 0; domain_testcases[j]; j++) {
+		int i;
+		FILE *fp = fopen(policy_file, "w");
+		if (!fp)
+			BUG("BUG: Policy write error\n");
+		fprintf(fp, "<kernel>\n");
+		policy = domain_testcases[j];
+		printf("Processing: %s\n", policy);
+		for (i = 0; i < 100; i++) {
+			fprintf(fp, "%s\n", policy);
+			if (!i)
+				check_policy_written(fp, 1);
+			fprintf(fp, "delete %s\n", policy);
+		}
+		check_policy_deleted(fp, 1);
+		for (i = 0; i < 100; i++)
+			fprintf(fp, "%s\n", policy);
+		check_policy_written(fp, 2);
+		fprintf(fp, "delete %s\n", policy);
+		check_policy_deleted(fp, 2);
+		fclose(fp);
+		for (i = 0; i < 30; i++) {
+			usleep(100000);
+			get_meminfo(&after);
+			if (before == after)
+				break;
+		}
+		if (before != after) {
+			printf("Policy: %d\n", after - before);
+			BUG("Policy read/write test: Fail\n");
+		}
+	}
+	for (j = 0; j < 10; j++) {
+		int i;
+		FILE *fp = fopen(policy_file, "w");
+		if (!fp)
+			BUG("BUG: Policy write error\n");
+		fprintf(fp, "<kernel> /sbin/init\n");
+		for (i = 0; domain_testcases[i]; i++)
+			fprintf(fp, "%s\n", domain_testcases[i]);
+		fprintf(fp, "delete <kernel> /sbin/init\n");
+		fclose(fp);
+		for (i = 0; i < 50; i++) {
+			usleep(100000);
+			get_meminfo(&after);
+			if (before == after)
+				break;
+		}
+		if (before != after) {
+			printf("Policy: %d\n", after - before);
+			BUG("Policy read/write test: Fail\n");
+		}
+	}
+}
+
+static const char *exception_testcases[] = {
+	"allow_read /tmp/mknod_reg_test",
+	"allow_env HOME",
+	"path_group PG1 /",
+	"path_group PG2 /",
+	"address_group AG3 0.0.0.0",
+	"address_group AG3 1.2.3.4-5.6.7.8",
+	"address_group AG3 f:ee:ddd:cccc:b:aa:999:8888",
+	"address_group AG4 0:1:2:3:4:5:6:7-8:90:a00:b000:c00:d0:e:f000",
+	"number_group NG1 1000",
+	"number_group NG2 10-0x100000",
+	"number_group NG3 01234567-0xABCDEF89",
+	"deny_autobind 1024",
+	"deny_autobind 32668-65535",
+	"deny_autobind 0-1023",
+	"initialize_domain /usr/sbin/sshd",
+	"no_initialize_domain /usr/sbin/sshd",
+	"initialize_domain /usr/sbin/sshd from /bin/bash",
+	"no_initialize_domain /usr/sbin/sshd from /bin/bash",
+	"initialize_domain /usr/sbin/sshd from "
+	"<kernel> /bin/mingetty/bin/bash",
+	"no_initialize_domain /usr/sbin/sshd from "
+	"<kernel> /bin/mingetty/bin/bash",
+	"keep_domain <kernel> /usr/sbin/sshd /bin/bash",
+	"no_keep_domain <kernel> /usr/sbin/sshd /bin/bash",
+	"keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
+	"no_keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash",
+	"keep_domain /bin/pwd from /bin/bash",
+	"no_keep_domain /bin/pwd from /bin/bash",
+	"file_pattern /proc/\\$/task/\\$/environ",
+	"file_pattern /proc/\\$/task/\\$/auxv",
+	"allow_read /etc/ld.so.cache",
+	"allow_read /proc/meminfo",
+	"allow_read /proc/sys/kernel/version",
+	"allow_read /etc/localtime",
+	"allow_read /proc/self/task/\\$/attr/current",
+	"allow_read /proc/self/task/\\$/oom_score",
+	"allow_read /proc/self/wchan",
+	"allow_read /lib/ld-2.5.so",
+	"file_pattern pipe:[\\$]",
+	"file_pattern socket:[\\$]",
+	"file_pattern /var/cache/logwatch/logwatch.\\*/",
+	"file_pattern /var/cache/logwatch/logwatch.\\*/\\*",
+	"deny_rewrite /var/log/\\*",
+	"deny_rewrite /var/log/\\*/\\*",
+	"aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+smb /etc/rc.d/init.d/smb",
+	"aggregator /etc/rc.d/rc\\?.d/\\?\\+\\+crond /etc/rc.d/init.d/crond",
+	NULL
+};
+
+static void exception_policy_test(const unsigned int before)
+{
+	unsigned int after;
+	int j;
+	policy_file = "/sys/kernel/security/tomoyo/exception_policy";
+	for (j = 0; exception_testcases[j]; j++) {
+		int i;
+		FILE *fp = fopen(policy_file, "w");
+		if (!fp)
+			BUG("BUG: Policy write error\n");
+		policy = exception_testcases[j];
+		printf("Processing: %s\n", policy);
+		for (i = 0; i < 100; i++) {
+			fprintf(fp, "%s\n", policy);
+			if (!i)
+				check_policy_written(fp, 1);
+			fprintf(fp, "delete %s\n", policy);
+		}
+		check_policy_deleted(fp, 1);
+		for (i = 0; i < 100; i++)
+			fprintf(fp, "%s\n", policy);
+		check_policy_written(fp, 2);
+		fprintf(fp, "delete %s\n", policy);
+		check_policy_deleted(fp, 2);
+		fclose(fp);
+		for (i = 0; i < 30; i++) {
+			usleep(100000);
+			get_meminfo(&after);
+			if (before == after)
+				break;
+		}
+		if (before != after) {
+			printf("Policy: %d\n", after - before);
+			BUG("Policy read/write test: Fail\n");
+		}
+	}
+	for (j = 0; j < 10; j++) {
+		int i;
+		FILE *fp = fopen(policy_file, "w");
+		if (!fp)
+			BUG("BUG: Policy write error\n");
+		for (i = 0; exception_testcases[i]; i++)
+			fprintf(fp, "%s\n", exception_testcases[i]);
+		for (i = 0; exception_testcases[i]; i++)
+			fprintf(fp, "delete %s\n", exception_testcases[i]);
+		fclose(fp);
+		for (i = 0; i < 50; i++) {
+			usleep(100000);
+			get_meminfo(&after);
+			if (before == after)
+				break;
+		}
+		if (before != after) {
+			printf("Policy: %d\n", after - before);
+			BUG("Policy read/write test: Fail\n");
+		}
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	unsigned int before;
+	mount("/proc", "/proc/", "proc", 0, NULL);
+	get_meminfo(&before);
+	domain_policy_test(before);
+	exception_policy_test(before);
+	BUG("Policy read/write test: Success\n");
+	return 0;
+}
diff --git a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c b/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
index e69de29..3bc1a0d 100644
--- a/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
+++ b/testcases/kernel/security/tomoyo/tomoyo_rewrite_test.c
@@ -0,0 +1,169 @@
+/******************************************************************************/
+/* This program is free software;  you can redistribute it and/or modify      */
+/* it under the terms of the GNU General Public License as published by       */
+/* the Free Software Foundation; either version 2 of the License, or          */
+/* (at your option) any later version.                                        */
+/*                                                                            */
+/* This program is distributed in the hope that it will be useful,            */
+/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
+/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
+/* the GNU General Public License for more details.                           */
+/*                                                                            */
+/* You should have received a copy of the GNU General Public License          */
+/* along with this program;  if not, write to the Free Software               */
+/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA    */
+/*                                                                            */
+/******************************************************************************/
+/*
+ * tomoyo_rewrite_test.c
+ *
+ * Testing program for security/tomoyo/
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+#include "include.h"
+
+static int should_fail = 0;
+
+static void show_prompt(const char *str)
+{
+	printf("Testing %35s: (%s) ", str,
+	       should_fail ? "must fail" : "must success");
+	errno = 0;
+}
+
+static void show_result(int result)
+{
+	if (should_fail) {
+		if (result == EOF) {
+			if (errno == EPERM)
+				printf("OK: Permission denied.\n");
+			else
+				printf("BUG!\n");
+		} else {
+			printf("BUG!\n");
+		}
+	} else {
+		if (result != EOF)
+			printf("OK\n");
+		else
+			printf("BUG!\n");
+	}
+}
+
+#define REWRITE_PATH "/tmp/rewrite_test"
+
+static void stage_rewrite_test(void)
+{
+	int fd;
+
+	/* Start up */
+	write_domain_policy("allow_read/write " REWRITE_PATH, 0);
+	write_domain_policy("allow_truncate " REWRITE_PATH, 0);
+	write_domain_policy("allow_create " REWRITE_PATH " 0600", 0);
+	write_domain_policy("allow_unlink " REWRITE_PATH, 0);
+	write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
+	set_profile(3, "file::open");
+	set_profile(3, "file::create");
+	set_profile(3, "file::truncate");
+	set_profile(3, "file::rewrite");
+	set_profile(3, "file::unlink");
+	close(open(REWRITE_PATH, O_WRONLY | O_APPEND | O_CREAT, 0600));
+
+	/* Enforce mode */
+	should_fail = 0;
+
+	show_prompt("open(O_RDONLY)");
+	fd = open(REWRITE_PATH, O_RDONLY);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_APPEND)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
+	show_result(fd);
+	close(fd);
+
+	should_fail = 1;
+	show_prompt("open(O_WRONLY)");
+	fd = open(REWRITE_PATH, O_WRONLY);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_TRUNC)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("truncate()");
+	show_result(truncate(REWRITE_PATH, 0));
+
+	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
+	show_prompt("ftruncate()");
+	show_result(ftruncate(fd, 0));
+
+	show_prompt("fcntl(F_SETFL, ~O_APPEND)");
+	show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
+	close(fd);
+
+	/* Permissive mode */
+	set_profile(2, "file::open");
+	set_profile(2, "file::create");
+	set_profile(2, "file::truncate");
+	set_profile(2, "file::rewrite");
+	set_profile(2, "file::unlink");
+	should_fail = 0;
+
+	show_prompt("open(O_RDONLY)");
+	fd = open(REWRITE_PATH, O_RDONLY);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_APPEND)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY)");
+	fd = open(REWRITE_PATH, O_WRONLY);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_TRUNC)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("open(O_WRONLY | O_TRUNC | O_APPEND)");
+	fd = open(REWRITE_PATH, O_WRONLY | O_TRUNC | O_APPEND);
+	show_result(fd);
+	close(fd);
+
+	show_prompt("truncate()");
+	show_result(truncate(REWRITE_PATH, 0));
+
+	fd = open(REWRITE_PATH, O_WRONLY | O_APPEND);
+	show_prompt("ftruncate()");
+	show_result(ftruncate(fd, 0));
+
+	show_prompt("fcntl(F_SETFL, ~O_APPEND)");
+	show_result(fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_APPEND));
+	close(fd);
+
+	/* Clean up */
+	unlink(REWRITE_PATH);
+	write_exception_policy("deny_rewrite " REWRITE_PATH, 0);
+	printf("\n\n");
+}
+
+int main(int argc, char *argv[])
+{
+	tomoyo_test_init();
+	stage_rewrite_test();
+	clear_status();
+	return 0;
+}

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] Container tests failing on x86_64

[Vinayak Aravind-A20738]

 
Hi, 
Anyone facing this issue with Container tests ? 

pidns06     0  TINFO  :  Parent: Passing the pid of the process 11537
pidns30     0  TINFO  :  parent: successfully created posix mqueue
pidns30     1  TBROK  :  cinit: mq_open() failed (Bad address)
pidns30     0  TINFO  :  parent: successfully created posix mqueue
pidns30     1  TBROK  :  parent: container did not respond!
pidns31     1  TBROK  :  parent: mq_open() failed (Permission denied)
-------------
-------------
/opt/ltp/testcases/bin/childipv6.sh: line 72: tst_resm: command not
found
paripv6.sh    0  TINFO  :  IPv6: Pinging child from parent: PASS
par_chld_ipv6: PASS

parentns.sh    0  TINFO  :  Pinging ChildNS from ParentNS
sshd re-exec requires execution with an absolute path^M
Error: Can't login to 192.168.0.181:
ch_ftp.sh: line 40: tst_resm: command not found
Error while running the script
two_children_ns: return code is 1 ; par_chld_ftp: FAIL 1 ;

incrementing stop
<<<execution_status>>>
initiation_status="ok"
duration=46 termination_type=exited termination_id=1 corefile=no
cutime=18 cstime=45
<<<test_end>>>
initialize.sh: line 83:    44 Terminated              ( ip link delete
$netdev ) 2> /dev/null


Thanks,
Arvind

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-2.6.36] TOMOYO Linux update

[Subrata Modak]

On Tue, 2010-06-08 at 20:57 +0900, Tetsuo Handa wrote: 
> Garrett Cooper wrote:
> > On Jun 7, 2010, at 2:28 PM, Tetsuo Handa wrote:
> > 
> > > Garrett Cooper wrote:
> > >> 2. You might be trying to pull the from the wrong git branch. Try
> > >> something like: git clone
> > >> git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git next .
> > > 
> > > Is it possible to use http:// since I can't use git:// due to firewall.
> > 
> > Try and see whether or not it's possible :)...
> 
> I couldn't use http:// .
> Also http://sourceforge.net/apps/trac/sourceforge/wiki/Git says that
> anonymous (read-only) access supports only git:// .
> 
> 
> 
> Subrata Modak wrote:
> > Please create it properly and send me.
> Here is the updated patch against git://ltp.git.sourceforge.net/gitroot/ltp/ltp-dev.git#next .
> 
> Posting large patches (like below) OK in this ML?
> 
> Regards.
> ----------
> [PATCH] Update test programs for TOMOYO LSM module.
> 
> This patch updates test programs for TOMOYO 2.3 which will be included into
> Linux kernel 2.6.36.
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

This applied fine. Thanks.

Regards--
Subrata

> 
>  README                      |   23 -
>  include.h                   |  326 +++++++++++---
>  newns.c                     |    2
>  testall.sh                  |   19
>  tomoyo_accept_test.c        |  145 ++++++
>  tomoyo_file_test.c          |  970 ++++----------------------------------------
>  tomoyo_filesystem_test.c    |  632 ++++++++++++++++++++++++++++
>  tomoyo_new_file_test.c      |  631 ++++++++++++++++++++++++++++
>  tomoyo_new_test.c           |  682 ++++++++++++++++++++++++++++++
>  tomoyo_policy_io_test.c     |  195 ++++++++
>  tomoyo_policy_memory_test.c |  358 ++++++++++++++++
>  tomoyo_rewrite_test.c       |  169 +++++++
>  12 files changed, 3181 insertions(+), 971 deletions(-)



------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

[LTP] [linux-3.1] TOMOYO Linux update

[Tetsuo Handa]

Hello.

I updated TOMOYO testcases for Linux 3.1.
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=5388&root=tomoyo
4378 lines, 162,176 bytes.
MD5: 4b1ce1f661a9b102b44ae59e495ee3d6

Regards.

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-3.1] TOMOYO Linux update

[Cyril Hrubis]

Hi!
> I updated TOMOYO testcases for Linux 3.1.
> http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.4.x/tomoyo-tools/kernel_test/tomoyo-ltp.diff?revision=5388&root=tomoyo
> 4378 lines, 162,176 bytes.
> MD5: 4b1ce1f661a9b102b44ae59e495ee3d6

I'm glad to see the patch, however there are a few things that needs to
be settled before applying to LTP.

* Please next time send the patch attached to the mail, ideally inlined
  as well as attachement. It's much easier for me to review it that way.
  Or even better If you had a git repository on sf.net I could pull
  changes directly from there.

* Including <linux/sched.h> instead of <sched.h> may introduce problems
  in future.

  Look here how to fix the problem with sched.h:

  http://ltp.git.sourceforge.net/git/gitweb.cgi?p=ltp/ltp.git;a=commit;h=019ed6c71369217ac02c399abb12abb93bd527f3

  The clone flags are GNU extensions and Ulrich 'fixed' these, so they
  aren't defined unless you say they should.

There are some minor coding style violations and useless statements. But
I don't think there is a reason to force you to fix them. Just let me
know if you wan't to know ;).

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-3.1] TOMOYO Linux update

[Cyril Hrubis]

Hi!
> > * Please next time send the patch attached to the mail, ideally inlined
> >   as well as attachement. It's much easier for me to review it that way.
> >   Or even better If you had a git repository on sf.net I could pull
> >   changes directly from there.
> 
> I think this patch was too large. Does this ML accept such a large patch?
> Or, should I split into smaller patches for this ML?

Not sure about the ML settings, but it should work, the worse that could
happen is being hold for moderator to approve the mail.

Yes ideally I would like to see the patches being split into reasonable
bits. Its easier to keep track what has changed and why this way.

> > * Including <linux/sched.h> instead of <sched.h> may introduce problems
> >   in future.
> > 
> >   Look here how to fix the problem with sched.h:
> 
> Two weeks ago I received a report from Clemens Fischer that tomoyo-tools does
> not build on Arch-Linux system with rolling releases
> ('uname -rms' -> Linux 3.0.1-spott i686) because CLONE_NEWNS is not defined by
> including <sched.h> . Thus, I added including <linux/sched.h> if CLONE_NEWNS is
> not defined by including <sched.h> (as shown below).
> I'll contact Clemens to try _GNU_SOURCE instead of including <linux/sched.h> .

Defining _GNU_SOURCE should do the trick, just keep in mind that this
must be defined before you include any libc headers.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] [linux-3.1] TOMOYO Linux update

[Cyril Hrubis]

Hi!
> > > * Please next time send the patch attached to the mail, ideally inlined
> > >   as well as attachement. It's much easier for me to review it that way.
> > >   Or even better If you had a git repository on sf.net I could pull
> > >   changes directly from there.
> > 
> > I think this patch was too large. Does this ML accept such a large patch?
> > Or, should I split into smaller patches for this ML?
> 
> Not sure about the ML settings, but it should work, the worse that could
> happen is being hold for moderator to approve the mail.
> 
> Yes ideally I would like to see the patches being split into reasonable
> bits. Its easier to keep track what has changed and why this way.

Ping, any update on updating TOMOYO in LTP?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list