tests: add more test cases

test-e2e/filesystem/read/cat/with-network-client-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-client \
+cat run.sh
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/cat/with-network-server-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-server \
+cat run.sh
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/go/before.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+dir=$(dirname "$0")  # Get directory of the script (possibly a symlink)
+
+go build -o .tmp/read $dir/read.go

test-e2e/filesystem/read/go/no-explicit-permissions.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run .tmp/read
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/go/read.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+func readResolvConf() (string, error) {
+	// Open the file.
+	f, err := os.Open("/etc/resolv.conf")
+	if err != nil {
+		if os.IsNotExist(err) { // Check specifically for file not found
+			return "", fmt.Errorf("Error: /etc/resolv.conf not found")
+		}
+		return "", fmt.Errorf("Error opening /etc/resolv.conf: %w", err) // Wrap the error
+	}
+	defer f.Close() // Ensure the file is closed even if an error occurs later
+
+	// Read the file contents.
+	contents, err := io.ReadAll(f)
+	if err != nil {
+		return "", fmt.Errorf("Error reading /etc/resolv.conf: %w", err) // Wrap the error
+	}
+	return string(contents), nil
+}
+
+func main() {
+	contents, err := readResolvConf()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err) // Print errors to stderr
+		os.Exit(1)
+	}
+
+	if strings.Contains(contents, "nameserver") {
+		os.Exit(0)
+	} else {
+		os.Exit(1)
+	}
+}

test-e2e/filesystem/read/go/with-network-client-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-client \
+.tmp/read
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/go/with-network-server-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-server \
+.tmp/read
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/go/with-permissions-no-implicits.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run --allow-file-system-read --no-implicit-allow .tmp/read
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/go/with-permissions.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run --allow-file-system-read .tmp/read

test-e2e/filesystem/read/go/without-permissions.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-process-management \
+--allow-memory-management \
+--allow-process-synchronization \
+--allow-misc \
+.tmp/read
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/python/no-explicit-permissions.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run python3 $script_path/read.py
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/python/read.py

@@ -0,0 +1,24 @@
+def read_run_sh():
+    """Reads the contents of of /etc/resolve.conf and returns them as a string.
+       Returns None if the file doesn't exist or if an error occurs.
+       Prints an error message to stderr if the file can't be read.
+    """
+
+    try:
+        with open("/etc/resolv.conf", "r") as f:
+            return f.read()
+    except FileNotFoundError:
+        print("Error: not found.", file=sys.stderr) # sys needed
+        return None
+    except Exception as e: # Broad except to catch all other file errors
+        print(f"Error reading: {e}", file=sys.stderr)
+        return None
+
+if __name__ == "__main__":
+    import sys # Added import statement for sys module
+
+    contents = read_run_sh()
+    if contents and "nameserver" in contents:
+        sys.exit(0)  # Exit with 0 if "nameserver" is found
+    else:
+        sys.exit(1)  # Exit with 1 if "nameserver" is not found or an error occurred

test-e2e/filesystem/read/python/with-network-client-permissions.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run \
+--allow-network-client \
+python3 $script_path/read.py
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/python/with-network-server-permissions.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run \
+--allow-network-server \
+python3 $script_path/read.py
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/python/with-permissions-no-implicits.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run --allow-file-system-read --no-implicit-allow python3 $script_path/read.py
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/read/python/with-permissions.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run --allow-file-system-read python3 $script_path/read.py

test-e2e/filesystem/read/python/without-permissions.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+declare -r script_path="$( dirname -- "${BASH_SOURCE[0]}"; )";   # Get the directory name
+
+$main_path run \
+--allow-process-management \
+--allow-memory-management \
+--allow-process-synchronization \
+--allow-misc \
+python3 $script_path/read.py
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/write/cp/with-network-client-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-client \
+cp run.sh .tmp/run.sh
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1

test-e2e/filesystem/write/cp/with-network-server-permissions.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -uo pipefail
+
+declare -r main_path="$1"
+
+$main_path run \
+--allow-network-server \
+cp run.sh .tmp/run.sh
+
+if [[ $? -ne 0 ]]; then
+    exit 0
+fi
+
+exit 1