PERFORCE change 128384 for review

Zhouyi ZHOU zhouzhouyi at FreeBSD.org
Tue Oct 30 19:53:47 PDT 2007 

http://perforce.freebsd.org/chv.cgi?CH=128384

Change 128384 by zhouzhouyi at zhouzhouyi_mactest on 2007/10/31 02:53:18

	Code stylize for mandatory access control tests for link	

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#6 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#6 add

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#6 (text+ko) ====

@@ -12,62 +12,80 @@
 n2=`namegen`
 n3=`namegen`
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+case "${os}:${fs}" in
+FreeBSD:UFS)
+
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
 
-	echo "1..10"
+		echo "1..10"
 #turn off all the switches first
-	for i in `sysctl security.mac | grep "\.enabled"| 
-		sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-		sysctl ${i}=0 >/dev/null
-	done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
+
+		dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
 
-	dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
+		if [ -f ${mactest_conf} ]; then
+			rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
 
-#first make working dir, the hook checks are already done in open: 
-	if [ -f ${mactest_conf} ]; then
-		rm ${mactest_conf}
-	fi
-	touch ${mactest_conf}
-	sysctl security.mac.mls.enabled=1 >/dev/null
+		sysctl security.mac.mls.enabled=1 >/dev/null
 
 #case 1: mkdir
-	mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3}  0755
+		mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3} \
+		0755
 #case 2: setfmac
-	mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac  "mls/6" ${n3}
+		mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac \
+		"mls/6" ${n3}
 #case 3: create
-	mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644
+		mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2}\
+		0644
 #case 4: setfmac
-	mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2}
+		mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac \
+		"mls/5" ${n3}/${n2}
 #case 5: link
-	echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf}
-	echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
-	mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1}
-	sysctl security.mac.mls.enabled=0 >/dev/null
+		echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} 
+		sysctl security.mac.mls.enabled=0 >/dev/null
 #case 6: link success
-	truncate -s 0 ${mactest_conf}
-	mactestexpect "" 0 -m "mls/5(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1}
-	sysctl security.mac.mls.enabled=1 >/dev/null
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" 0 -m "mls/5(low-high)" -f ${mactest_conf} link ${n3}/${n2} \
+		${n3}/${n1}
+		sysctl security.mac.mls.enabled=1 >/dev/null
 #case 7: unlink
-	truncate -s 0 ${mactest_conf}
-	mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1}
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1}
 #case 8: setfmac fail, old vnode not in range
-	echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
-	echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf}
-	mactestexpect "setfmac:.mac_set_link.${n3}.${n1},.biba.,mls.6.:.Operation.not.permitted" "" -m "mls/6(6-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1}
+		echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> \
+		${mactest_conf}
+		mactestexpect \
+		"setfmac:.mac_set_link.${n3}.${n1},.biba.,mls.6.:.Operation.not.permitted" ""\
+		 -m "mls/6(6-6)" -f ${mactest_conf} \
+		system setfmac "biba/,mls/6" ${n3}/${n1}
 #case 9: setfmac success
-	echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
-	echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf}
-	mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1}
+		echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf}
+		mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} \
+		system setfmac "biba/,mls/6" ${n3}/${n1}
 #case 10: unlink
-	rm ${mactest_conf}
-	touch ${mactest_conf}
-	mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1}
+		rm ${mactest_conf}
+		touch ${mactest_conf}
+		mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1}
 #cleanup:
-	sysctl security.mac.mls.enabled=0 >/dev/null
-	rm -fr ${n3}
-	rm ${mactest_conf}
+		sysctl security.mac.mls.enabled=0 >/dev/null
+		rm -fr ${n3}
+		rm ${mactest_conf}
 fi
 
+	;;
+*)
+        quick_exit
+        ;;
+esac

More information about the p4-projects mailing list