[Pal/regression] Add regression test for sgx.allow_file_creation

Pal/regression/File.c

@@ -123,6 +123,15 @@ int main(int argc, char** argv, char** envp) {
         DkObjectClose(file6);
     }
 
+    file6 =
+        DkStreamOpen("file:file_nonexist_disallowed.tmp", PAL_ACCESS_RDWR,
+                     PAL_SHARE_OWNER_R | PAL_SHARE_OWNER_W, PAL_CREATE_TRY | PAL_CREATE_ALWAYS, 0);
+    if (!file6) {
+        pal_printf("File Creation Test 4 OK\n");
+    } else {
+        DkObjectClose(file6);
+    }
+
     if (file4) {
         /* test file writing */
 

Pal/regression/File.manifest.template

@@ -14,6 +14,7 @@ net.allow_bind.1 = 127.0.0.1:8000
 # allow to connect to port 8000
 net.allow_peer.1 = 127.0.0.1:8000
 
+sgx.allow_file_creation = 0
 sgx.trusted_files.tmp1 = file:File
 sgx.trusted_files.tmp2 = file:../regression/File
 sgx.allowed_files.tmp3 = file:file_nonexist.tmp

Pal/regression/test_pal.py

@@ -300,6 +300,19 @@ class TC_20_SingleProcess(RegressionTestCase):
         # File Deletion
         self.assertFalse(pathlib.Path('file_delete.tmp').exists())
 
+    @unittest.skipUnless(HAS_SGX, 'this test requires SGX')
+    def test_101_nonexist_file(self):
+        # Explicitly remove the file file_nonexist_disallowed.tmp before
+        # running binary. Otherwise this test will fail if these tests are
+        # run repeatedly.
+        os.remove('file_nonexist_disallowed.tmp')
+
+        stdout, stderr = self.run_binary(['File'])
+
+        # Run file creation for non-existing file. This behavior is
+        # disallowed unless sgx.allow_file_creation is explicitly set to 1.
+        self.assertIn('File Creation Test 4 OK', stderr)
+
     def test_110_directory(self):
         for path in ['dir_exist.tmp', 'dir_nonexist.tmp', 'dir_delete.tmp']:
             try: