[LibOS] Add regression test for sgx.allow_file_creation

LibOS/shim/test/regression/fopen_cornercases.c

@@ -1,7 +1,11 @@
 #include <errno.h>
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #define FILENAME_MAX_LENGTH 255
 #define PATH                "tmp/"
@@ -28,12 +32,24 @@ int main(int argc, char** argv) {
     }
 
     /* sanity check: try fopening dir in write mode (must fail) */
-    fp    = fopen(PATH, "w");
+    fp = fopen(PATH, "w");
     if (fp != NULL || errno != EISDIR) {
         perror("(sanity check) fopen of dir with write access did not fail");
         return 1;
     }
 
+    /* creating file within Graphene (requires sgx.allow_file_creation = 1) */
+    int fd = openat(AT_FDCWD, "tmp/filecreatedbygraphene", O_WRONLY | O_CREAT | O_TRUNC, 0666);
+    if (fd < 0) {
+        perror("failed to create file from within Graphene");
+        return 1;
+    }
+    reti = close(fd);
+    if (reti < 0) {
+        perror("fclose failed");
+        return 1;
+    }
+
     /* write to file */
     fp = fopen(filepath, "w");
     if (fp == NULL) {

LibOS/shim/test/regression/manifest.template

@@ -35,4 +35,6 @@ sgx.trusted_files.libstdcxx = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6
 sgx.trusted_files.victim = file:exec_victim
 sgx.trusted_children.victim = file:exec_victim.sig
 
+sgx.allow_file_creation = 1
+
 sgx.allowed_files.tmp_dir = file:tmp/

LibOS/shim/test/regression/test_libos.py

@@ -204,6 +204,8 @@ class TC_30_Syscall(RegressionTestCase):
         self.assertIn('Success!', stdout)
 
     def test_030_fopen(self):
+        if os.path.exists("tmp/filecreatedbygraphene"):
+            os.remove("tmp/filecreatedbygraphene")
         stdout, stderr = self.run_binary(['fopen_cornercases'])
 
         # fopen corner cases