PERFORCE change 131953 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Sat Dec 29 00:03:56 PST 2007
http://perforce.freebsd.org/chv.cgi?CH=131953
Change 131953 by zhouzhouyi at zhouzhouyi_mactest on 2007/12/29 08:03:24
style modification
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/bpf/00.t#5 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#6 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/bpf/00.t#5 (text+ko) ====
@@ -28,13 +28,14 @@
t=`ifconfig mac_test0 192.167.0.33`
t=`ifconfig mac_test1 192.167.1.34`
-#ensuring there is no firewall thing
+
if [ -f ${mactest_conf} ]; then
rm ${mactest_conf}
fi
touch ${mactest_conf}
setfmac "mls/equal,biba/equal" ${mactest_conf}
+#ensuring there is no firewall thing, and no timewait
notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
timewait=`netstat -p tcp|grep 111|grep TIME_WAIT`
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#6 (text+ko) ====
@@ -1,122 +1,135 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/open/00.t,v 1.2 2007/01/25 20:50:02 pjd Exp $
-# test of open related system calls
-desc="open opens (and eventually creates) a file"
+# $FreeBSD$
+
+desc="test of mandatory access control of file operations"
+
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..7"
+case "${os}" in
+FreeBSD)
-n0=`namegen`
-n1=`namegen`
+ mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+ mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+ [ "${mac_test_support}" != "" ]; then
#turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"|
- sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+ for i in `sysctl security.mac | grep "\.enabled"|
+ sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+ sysctl ${i}=0 >/dev/null
+ done
+
+
+ if [ -f ${mactest_conf} ]; then
+ rm ${mactest_conf}
+ fi
+ touch ${mactest_conf}
+ setfmac "mls/equal,biba/equal" ${mactest_conf}
+
+ echo "1..7"
+
+ n0=`namegen`
+ n1=`namegen`
+
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
- dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-#############################################################
-#case mkdir:
+#case 1 mkdir:
#examine the label of its parent directory
- echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
#check the label of its parent directory
- echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
#init the label of currently created vnode
- echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf}
+ echo "pid = -1 vnode_init_label" >> ${mactest_conf}
#associate the extattr of newly created vnode
- echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) * ${dvplabel} biba/high,mls/8" >> ${mactest_conf}
- mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755
+ echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel} biba/high,mls/low" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755
+#case 2 creative open:
+ cd ${n1}
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
-#############################################################
-#case creative open:
- cd ${n1}
- echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo "pid = -1 vnode_init_label" >> ${mactest_conf}
- echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_open#VWRITE :" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_check_vnode_open#VWRITE :" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755
- mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755
-
-
-#############################################################
-#case lstat:
+#case 3 lstat:
#dvplabel is mls/8
- echo -n "pid = -1 mac_test_check_vnode_lookup with cr_label and dvplabel:" > ${mactest_conf}
- echo "biba/high(low-high),mls/high(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/high(low-high) biba/high,mls/8" >> ${mactest_conf}
#no file label
- echo -n "pid = -1 mac_test_check_vnode_stat with cred label, file label and vplabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/high(low-high) NULL biba/high,mls/9" >> ${mactest_conf}
- mactestexpect "" regular,0755 -m "mls/high" -f ${mactest_conf} lstat ${n0} type,mode
+ echo -n "pid = -1 vnode_check_stat:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/high(low-high) biba/high,mls/9" >> ${mactest_conf}
+ mactestexpect "" regular,0755 -m "mls/high" -f ${mactest_conf} lstat ${n0} type,mode
+#case 4,5 setflags:
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/low(low-high) biba/high,mls/8" >> ${mactest_conf}
-#############################################################
-#case setflags:
- echo -n "pid = -1 mac_test_check_vnode_lookup with cr_label and dvplabel:" > ${mactest_conf}
- echo "biba/high(low-high),mls/low(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_setflags:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/low(low-high) biba/high,mls/9" >> ${mactest_conf}
+ mactestexpect "" 0 -f ${mactest_conf} chflags ${n0} SF_IMMUTABLE
+ mactestexpect "" 0 -f ${mactest_conf} chflags ${n0} none
- echo -n "pid = -1 mac_test_check_vnode_setflags with cr_label and vplabel:" > ${mactest_conf}
- echo "biba/high(low-high),mls/low(low-high) biba/high,mls/9" >> ${mactest_conf}
- mactestexpect "" 0 -f ${mactest_conf} chflags ${n0} SF_IMMUTABLE
- mactestexpect "" 0 -f ${mactest_conf} chflags ${n0} none
-
-
-#############################################################
-#case unlink:
+#case 6 unlink:
#This case will show complex of access control for mls directory structure
#dvplabel is mls/8
- echo -n "pid = -1 mac_test_check_vnode_lookup with cr_label and dvplabel:" > ${mactest_conf}
- echo "biba/high(low-high),mls/6(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/6(low-high) biba/high,mls/8" >> ${mactest_conf}
#the hook for delete
- echo -n "pid = -1 mac_test_check_vnode_delete with cr_label dvplabel and vplabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/6(low-high) biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_unlink:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/6(low-high) biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf}
- echo "pid = -1 mac_test_destroy_vnode_label" >> ${mactest_conf}
- mactestexpect "" 0 -m "mls/6" -f ${mactest_conf} unlink ${n0}
+ echo "pid = -1 vnode_destroy_label" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/6" -f ${mactest_conf} unlink ${n0}
-#############################################################
-#case chown:
- echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
+#case 7 chown:
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_check_vnode_setowner with cr_label and vplabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_setowner:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/5" -f ${mactest_conf} chown . 65535 65535
- mactestexpect "" 0 -m "mls/5" -f ${mactest_conf} chown . 65535 65535
#cleanup:
- cd ..
- rm -fr ${n1}
-fi
-
+ sysctl security.mac.mls.enabled=0 >/dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
+ cd ..
+ rm -fr ${n1}
+ rm ${mactest_conf}
+#mac_mls mac_biba and mac_test support
+ fi
+ ;;
+*)
+ quick_exit
+ ;;
+esac
More information about the p4-projects
mailing list