PERFORCE change 129759 for review

Wed Nov 28 23:01:25 PST 2007

http://perforce.freebsd.org/chv.cgi?CH=129759

Change 129759 by zhouzhouyi at zhouzhouyi_mactest on 2007/11/29 07:00:33

	Mandatory access control test for proc schedule

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sched/00.t#2 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sched/00.t#2 (text+ko) ====

@@ -1,60 +1,65 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/sched/00.t,v 1.1 2007/06/04 01:42:08 zhouzhouyi Exp $
+# $FreeBSD$
+
+desc="test of proc schedule"
 
-desc="checking the Mandatory Access Control Hooks for proc sched"
 
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..3"
+case "${os}" in
+FreeBSD)
+
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
-mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
- [ "${mac_test_support}" != "" ] ; then
-    setpmac "mls/3,biba/4" ${macproc} -w 10 -f "${pid_file}"
-    getmacprocpid
+		if [ -f ${mactest_conf} ]; then
+			rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
+		
+		echo "1..3"
 
+		setpmac "mls/3,biba/4" ${macproc} -w 10 -f "${pid_file}"
+		getmacprocpid
 
-    if [ -f ${mactest_conf} ]; then
-	rm ${mactest_conf}
-    fi
-    touch ${mactest_conf}
+		sysctl security.mac.mls.enabled=1 >/dev/null
+		sysctl security.mac.biba.enabled=1 > /dev/null
 
-#############################################################
-    t=`sysctl security.mac.mls.enabled=1`
-    t=`sysctl security.mac.biba.enabled=1`
-    echo "enabling mac/mls!"
-    echo "enabling mac/biba!"
-
 #case 1: can sched the proc when two labels are equal
-    mactestexpect "" ""  -m "biba/4,mls/3" -f ${mactest_conf} system rtprio -t  -${pid}  
+		mactestexpect "" ""  -m "biba/4,mls/3" -f ${mactest_conf} system rtprio -t  -${pid}  
 
 #case 2: if biba label is not equal, sched should not happen
-    mactestexpect "*rtprio:.Permission.denied" ""  -m "biba/3,mls/3" -f ${mactest_conf} system rtprio -t  -${pid}  
+		mactestexpect "*rtprio:.Permission.denied" ""  -m "biba/3,mls/3" -f ${mactest_conf} system rtprio -t  -${pid}  
 
 #case 3: if mls label is not equal, sched should not happen
-    echo -n "pid = -2 mac_test_check_proc_sched:" > ${mactest_conf}
-    echo "biba/4(low-high),mls/5(low-high) biba/4(low-high),mls/3(low-high)" >> ${mactest_conf}
-    mactestexpect "*rtprio:.Permission.denied" ""  -m "biba/4,mls/5" -f ${mactest_conf} system rtprio -t  -${pid}  
+		echo -n "pid = -2 proc_check_sched:" > ${mactest_conf}
+		echo "biba/4(low-high),mls/5(low-high) biba/4(low-high),mls/3(low-high)" >> ${mactest_conf}
+		mactestexpect "*rtprio:.Permission.denied" ""  -m "biba/4,mls/5" -f ${mactest_conf} system rtprio -t  -${pid}  
 
-    t=`sysctl security.mac.mls.enabled=0`
-    t=`sysctl security.mac.biba.enabled=0`
-    echo "disabling mac/mls!"
-    echo "disabling mac/biba!"
-    
-    rm ${mactest_conf}
-    rm ${pid_file}
-
-fi
-
+#cleanup:
+		sysctl security.mac.mls.enabled=0 >/dev/null
+		sysctl security.mac.biba.enabled=0 > /dev/null
+		rm ${mactest_conf}
+		rm ${pid_file}
+#mac_mls mac_biba and mac_test support
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac
 
 
