PERFORCE change 125205 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Wed Aug 15 23:01:29 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=125205
Change 125205 by zhouzhouyi at zhouzhouyi_mactest on 2007/08/16 06:01:07
Test mandatory access control hooks for ifnet transmit
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/01.t#1 add
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 (text+ko) ====
@@ -91,7 +91,7 @@
char *hostname;
long sntransmitted; /* # of packets we sent in this sweep */
volatile sig_atomic_t finish_up = 0;
-
+int logfd;
static void
usage(void)
@@ -180,6 +180,8 @@
if (i < 0 || i != cc) {
if (i < 0) {
warn("sendto");
+ close(logfd);
+ exit(1);
} else {
warn("%s: partial write: %d of %d bytes",
hostname, i, cc);
@@ -208,7 +210,6 @@
const char *label_string = NULL;
char *target = NULL;
const char *macconf_file = NULL;
- int logfd;
int pid;
char buf[10];
int flags;
@@ -270,6 +271,10 @@
mac_free(label);
}
+
+ logfd = open("/dev/mactest", O_RDWR);
+ ioctl(logfd, BEGINLOG, NULL);
+
s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
outpack = outpackhdr + sizeof(struct ip);
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 (text+ko) ====
@@ -104,6 +104,8 @@
int sd_args[MAX_ARGS];
};
+int logfd;
+
static struct syscall_desc syscalls[] = {
{ "kill", ACTION_KILL, { TYPE_NUMBER, TYPE_NUMBER, TYPE_NONE } },
{ "system", ACTION_SYSTEM, { TYPE_NONE }},
@@ -251,6 +253,7 @@
}
if (tflags[i].f_str == NULL) {
fprintf(stderr, "unknown flag '%s'\n", f);
+ close(logfd);
exit(1);
}
flags |= tflags[i].f_flag;
@@ -400,12 +403,14 @@
if (argv[i] == NULL || strcmp(argv[i], ":") == 0)
break;
fprintf(stderr, "too many arguments [%s]\n", argv[i]);
+ close(logfd);
exit(1);
} else {
if (argv[i] == NULL || strcmp(argv[i], ":") == 0) {
if (scall->sd_args[i] & TYPE_OPTIONAL)
break;
fprintf(stderr, "too few arguments\n");
+ close(logfd);
exit(1);
}
if (scall->sd_args[i] & TYPE_STRING) {
@@ -419,6 +424,7 @@
args[i].num = strtoll(argv[i], &endp, 0);
if (*endp != '\0' && !isspace((unsigned char)*endp)) {
fprintf(stderr, "invalid argument %u, number expected [%s]\n", i, endp);
+ close(logfd);
exit(1);
}
}
@@ -444,12 +450,14 @@
if (flags & O_CREAT) {
if (i == 2) {
fprintf(stderr, "too few arguments\n");
+ close(logfd);
exit(1);
}
rval = open(STR(0), flags, (mode_t)NUM(2));
} else {
if (i == 3) {
fprintf(stderr, "too many arguments\n");
+ close(logfd);
exit(1);
}
rval = open(STR(0), flags);
@@ -524,6 +532,7 @@
break;
default:
fprintf(stderr, "unsupported syscall\n");
+ close(logfd);
exit(1);
}
#undef STR
@@ -551,7 +560,7 @@
const char *macconf_file = NULL;
int pid,pid1;
int error;
- int mactestpipefd, logfd;
+ int mactestpipefd;
char buf[2048];
int ch;
@@ -609,6 +618,7 @@
scall = find_syscall(argv[0]);
if (scall == NULL) {
fprintf(stderr, "syscall '%s' not supported\n", argv[0]);
+ close(logfd);
exit(1);
}
argc++;
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 (text+ko) ====
@@ -46,6 +46,7 @@
#include "mactest.h"
#define BEGINLOG _IO('m',1)
+int logfd;
static void
usage(void)
@@ -79,6 +80,7 @@
if (i < 0) {
if (errno != EAGAIN)
perror("write");
+ close(fd);
exit(1);
}
buf += i;
@@ -96,7 +98,6 @@
const char *label_string_writer = NULL;
const char *label_string_pipe = NULL;
const char *macconf_file = NULL;
- int logfd;
int pid , pid1;
int fdreader , fdwriter;
char buf [10];
@@ -134,11 +135,13 @@
if (pipe(fd) < 0) {
perror("pipe");
+ close(logfd);
exit(1);
}
flags = fcntl(fd[1], F_GETFL);
if (flags == -1 || fcntl(fd[1], F_SETFL, flags | O_NONBLOCK) == -1) {
perror("fcntl");
+ close(logfd);
exit(1);
}
if (label_string_pipe) {
@@ -151,19 +154,23 @@
error = errno;
else
error = 0;
- if (error)
+ if (error){
+ close(logfd);
exit(1);
+ }
mac_free(label);
}
switch (fork()) {
case -1:
perror("fork");
+ close(logfd);
exit(1);
case 0:
{
mac_t label;
if (mac_from_text(&label, label_string_reader) == -1) {
+ close(logfd);
exit(-1);
}
if (mac_set_proc(label) == -1)
@@ -173,6 +180,7 @@
mac_free(label);
if (error != 0) {
+ close(logfd);
exit(-1);
}
close(fd[1]);
@@ -183,6 +191,7 @@
break;
if (i < 0) {
perror("read");
+ close(logfd);
exit(1);
}
}
@@ -196,6 +205,7 @@
mac_t label;
if (mac_from_text(&label, label_string_writer) == -1) {
+ close(logfd);
exit(-1);
}
if (mac_set_proc(label) == -1)
@@ -205,6 +215,7 @@
mac_free(label);
if (error != 0) {
+ close(logfd);
exit(-1);
}
}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 (text+ko) ====
@@ -20,6 +20,7 @@
mdconfigopenrdonly="${maindir}/mdconfigopenrdonly"
fifo_io="${maindir}/fifo_io"
pipe_io="${maindir}/pipe_io"
+macping="${maindir}/macping"
. ${maindir}/tests/conf
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 (text+ko) ====
@@ -1,5 +1,5 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/pipe/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD: src/tools/regression/mactest/tests/netinet/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
desc="manipulate fifo files"
@@ -38,7 +38,7 @@
echo "enabling revoking"
t=`sysctl security.mac.test.pseudoinit=1`
t=`ifconfig mac_test0 192.167.0.33`
- t=`ifconfig mac_test1 192.167.0.34`
+ t=`ifconfig mac_test1 192.167.1.34`
echo "enabling mactest pseudo interface"
#case 1,2,3: set the maclabel of the interface, effective, range or both is allowed, while
# the subject should be priviledeged.
More information about the p4-projects
mailing list