PERFORCE change 131859 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Thu Dec 27 22:37:30 PST 2007
http://perforce.freebsd.org/chv.cgi?CH=131859
Change 131859 by zhouzhouyi at zhouzhouyi_mactest on 2007/12/28 06:37:17
style modification
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/02.t#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/03.t#2 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/02.t#2 (text+ko) ====
@@ -1,82 +1,76 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/netinet/02.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
-desc="test of inpcb deliver"
+desc="test mandatory access control for inpcb deliver"
-
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..4"
+case "${os}" in
+FreeBSD)
+
+ mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+ mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+ [ "${mac_test_support}" != "" ]; then
#turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"|
- sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+ for i in `sysctl security.mac | grep "\.enabled"|
+ sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+ sysctl ${i}=0 >/dev/null
+ done
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
-mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ -f ${mactest_conf} ]; then
+ rm ${mactest_conf}
+ fi
+ touch ${mactest_conf}
+ setfmac "mls/equal,biba/equal" ${mactest_conf}
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
- [ "${mac_test_support}" != "" ]; then
- dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-
-
- if [ -f ${mactest_conf} ]; then
- rm ${mactest_conf}
- fi
- touch ${mactest_conf}
+ sysctl security.mac.test.pseudoinit=1 > /dev/null
+ ifconfig mac_test0 192.167.0.33 > /dev/null
+ ifconfig mac_test1 192.167.1.34 > /dev/null
- t=`sysctl security.mac.test.pseudoinit=1`
- t=`ifconfig mac_test0 192.167.0.33`
- t=`ifconfig mac_test1 192.167.1.34`
- echo "enabling mactest pseudo interface"
-
#ensuring there is no firewall thing
- notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
- if [ "${#notreceived}" -eq 0 ]; then
+ notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
+
+ if [ "${#notreceived}" -eq 0 ]; then
+ echo "1..4"
-
-
-
-#############################################################
- t=`sysctl security.mac.mls.enabled=1`
- echo "enforcing mac/mls!"
- t=`sysctl security.mac.biba.enabled=1`
- echo "enforcing mac/biba!"
-
+ sysctl security.mac.mls.enabled=1 > /dev/null
+ sysctl security.mac.biba.enabled=1 > /dev/null
#case 1: set the maclabel of the interface
# the subject should be priviledeged.
- mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
- -f ${mactest_conf} system ifconfig mac_test0 maclabel \
- "mls/5\(4-7\),biba/5\(4-7\)"
+ mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
+ -f ${mactest_conf} system ifconfig mac_test0 maclabel \
+ "mls/5\(4-7\),biba/5\(4-7\)"
#case 2: the packet's level must equal that of inpcb's
- bizarretestexpect ${macping} "" \
- "" -m "biba/5(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+ bizarretestexpect ${macping} "" \
+ "" -m "biba/5(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
#case 3: the packet's level must equal that of inpcb's
- bizarretestexpect ${macping} "" \
- "not.received!" -m "biba/4(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+ bizarretestexpect ${macping} "" \
+ "not.received!" -m "biba/4(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
#case 4: the packet's level must equal that of inpcb's
- echo -n "pid = -2 mac_test_check_inpcb_deliver:" > ${mactest_conf}
- echo "biba/5,mls/4 biba/5,mls/5" >> ${mactest_conf}
- bizarretestexpect ${macping} "" \
- "not.received!" -m "biba/5(4-6),mls/4(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+ echo -n "pid = -2 inpcb_check_deliver:" > ${mactest_conf}
+ echo "biba/5,mls/4 biba/5,mls/5" >> ${mactest_conf}
+ bizarretestexpect ${macping} "" \
+ "not.received!" -m "biba/5(4-6),mls/4(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+
#cleanup:
- t=`sysctl security.mac.mls.enabled=0`
- echo "disabling mac/mls!"
- t=`sysctl security.mac.biba.enabled=0`
- echo "disabling mac/biba!"
-
-
- rm ${mactest_conf}
- fi
-
-fi
-
+ sysctl security.mac.mls.enabled=0 >/dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
+ rm ${mactest_conf}
+#ping received, no firewall
+ fi
+#mac_mls mac_biba and mac_test support
+ fi
+ ;;
+*)
+ quick_exit
+ ;;
+esac
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/03.t#2 (text+ko) ====
@@ -1,84 +1,77 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/netinet/03.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
-desc="test of socket relabel"
+desc="test mandatory access control for socket relabel"
-
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..4"
+case "${os}" in
+FreeBSD)
+
+ mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+ mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+ [ "${mac_test_support}" != "" ]; then
#turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"|
- sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+ for i in `sysctl security.mac | grep "\.enabled"|
+ sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+ sysctl ${i}=0 >/dev/null
+ done
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
-mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ -f ${mactest_conf} ]; then
+ rm ${mactest_conf}
+ fi
+ touch ${mactest_conf}
+ setfmac "mls/equal,biba/equal" ${mactest_conf}
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
- [ "${mac_test_support}" != "" ]; then
- dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-
+ sysctl security.mac.test.pseudoinit=1 > /dev/null
+ ifconfig mac_test0 192.167.0.33 > /dev/null
+ ifconfig mac_test1 192.167.1.34 > /dev/null
- if [ -f ${mactest_conf} ]; then
- rm ${mactest_conf}
- fi
- touch ${mactest_conf}
-
- t=`sysctl security.mac.test.pseudoinit=1`
- t=`ifconfig mac_test0 192.167.0.33`
- t=`ifconfig mac_test1 192.167.1.34`
- echo "enabling mactest pseudo interface"
-
#ensuring there is no firewall thing
- notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
- if [ "${#notreceived}" -eq 0 ]; then
+ notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
+
+ if [ "${#notreceived}" -eq 0 ]; then
+ echo "1..4"
-
-
+ sysctl security.mac.mls.enabled=1 > /dev/null
+ sysctl security.mac.biba.enabled=1 > /dev/null
-#############################################################
- t=`sysctl security.mac.mls.enabled=1`
- echo "enforcing mac/mls!"
- t=`sysctl security.mac.biba.enabled=1`
- echo "enforcing mac/biba!"
-
-
#case 1: set the maclabel of the interface
# the subject should be priviledeged.
- mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
- -f ${mactest_conf} system ifconfig mac_test0 maclabel \
- "mls/5\(4-7\),biba/5\(4-7\)"
+ mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
+ -f ${mactest_conf} system ifconfig mac_test0 maclabel \
+ "mls/5\(4-7\),biba/5\(4-7\)"
#case 2: relabel the socket, at most effective, within subject's range
- bizarretestexpect ${macping} "" "error.relabelling.socket!" \
- -m "biba/5(4-6),mls/7(low-high)" \
- -s "mls/low(low-high)" -f ${mactest_conf} -t 1 192.167.0.34
+ bizarretestexpect ${macping} "" "error.relabelling.socket!" \
+ -m "biba/5(4-6),mls/7(low-high)" \
+ -s "mls/low(low-high)" -f ${mactest_conf} -t 1 192.167.0.34
#case 3: relabel the socket, at most effective, within subject's range
- echo -n "pid = -2 mac_test_check_socket_relabel:" > ${mactest_conf}
- echo "biba/5(4-6),mls/7(low-high) biba/5,mls/7 biba/equal,mls/" >> ${mactest_conf}
- bizarretestexpect ${macping} "" "error.relabelling.socket!" \
- -m "biba/5(4-6),mls/7(low-high)" \
- -s "biba/equal" -f ${mactest_conf} -t 1 192.167.0.34
+ echo -n "pid = -2 socket_check_relabel:" > ${mactest_conf}
+ echo "biba/5(4-6),mls/7(low-high) biba/5,mls/7 biba/equal,mls/" >> ${mactest_conf}
+ bizarretestexpect ${macping} "" "error.relabelling.socket!" \
+ -m "biba/5(4-6),mls/7(low-high)" \
+ -s "biba/equal" -f ${mactest_conf} -t 1 192.167.0.34
#case 4: relabel the socket, at most effective, ok this time
- bizarretestexpect ${macping} "" "" \
- -m "biba/3(4-6),mls/3(4-6)" \
- -s "biba/5,mls/5" -f ${mactest_conf} -t 1 192.167.0.34
+ bizarretestexpect ${macping} "" "" \
+ -m "biba/3(4-6),mls/3(4-6)" \
+ -s "biba/5,mls/5" -f ${mactest_conf} -t 1 192.167.0.34
#cleanup:
- t=`sysctl security.mac.mls.enabled=0`
- echo "disabling mac/mls!"
- t=`sysctl security.mac.biba.enabled=0`
- echo "disabling mac/biba!"
-
-
- rm ${mactest_conf}
- fi
-
-fi
-
+ sysctl security.mac.mls.enabled=0 >/dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
+ rm ${mactest_conf}
+#ping received, no firewall
+ fi
+#mac_mls mac_biba and mac_test support
+ fi
+ ;;
+*)
+ quick_exit
+ ;;
+esac
More information about the p4-projects
mailing list