PERFORCE change 133532 for review

Thu Jan 17 22:40:43 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=133532

Change 133532 by zhouzhouyi at zhouzhouyi_mactest on 2008/01/18 06:39:46

	Style Modification

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/symlink/00.t#3 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/symlink/00.t#3 (text+ko) ====

@@ -1,109 +1,108 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/symlink/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
 
-desc="symlink creates symbolic links"
+desc="check MAC Framework hooks for symbolic link"
 
 
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..12"
+case "${os}" in
+FreeBSD)
 
-n0=`namegen`
-n1=`namegen`
-n2=`namegen`
-n3=`namegen`
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
+
+
+		if [ -f ${mactest_conf} ]; then
+			rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
+
+		echo "1..12"		
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+		n0=`namegen`
+		n1=`namegen`
+		n2=`namegen`
+		n3=`namegen`
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
-    dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
+		dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
 
-#############################################################
-#first make working dir, the hook checks are already done in open: 
-    if [ -f ${mactest_conf} ]; then
-	rm ${mactest_conf}
-    fi
-    touch ${mactest_conf}
+		sysctl security.mac.mls.enabled=1 > /dev/null
+		sysctl security.mac.biba.enabled=1 > /dev/null
+		sysctl security.mac.mls.revocation_enabled=1 > /dev/null
 
-#############################################################
-    t=`sysctl security.mac.mls.enabled=1`
-    echo "enforcing mac/mls!"
-    t=`sysctl security.mac.mls.revocation_enabled=1`
-    echo "enabling revoking"
 #case 1: mkdir
-    mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3}  0755
+		mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3}  0755
 
-#############################################################
 #case 2: setfmac
-    mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac  "mls/6" ${n3}
+		mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac  "mls/6" ${n3}
 
-#############################################################
 #case 3: create
-    mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644
+		mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644
 
-#############################################################
 #case 4: setfmac
-    mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2}
+		mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2}
 
-#############################################################
 #case 5: symlink fail because no write down
-    echo -n "pid = -1 mac_test_check_vnode_create:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/low" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1}
+		echo -n "pid = -1 vnode_check_create:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/low" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1}
 
-#############################################################
 #case 6: symbolic link do not check the blp rule of source file
-    rm ${mactest_conf}
-    touch ${mactest_conf}
-    mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1}
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1}
 
-#############################################################
 #case 7: lookup the symbolic file, blp no read up
-    mactestexpect "*Permission.denied" "" -m "mls/low(low-high)" -f ${mactest_conf} system cat ${n1}
+		mactestexpect "*Permission.denied" "" -m "mls/low(low-high)" -f ${mactest_conf} system cat ${n1}
 
-#############################################################
 #case 8: truncate the symbolic file, stopped by vnode lookup 
-    echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} truncate ${n1} 1234567
+		echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} truncate ${n1} 1234567
 
-#############################################################
 #case 9: truncate the symbolic file, stopped by check vnode write
-    echo -n "pid = -1 mac_test_check_vnode_write:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) NULL biba/high,mls/5" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} truncate ${n1} 1234567
+		echo -n "pid = -1 vnode_check_write:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/5" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} truncate ${n1} 1234567
 
-#############################################################
 #case 10: unlink
-    truncate -s 0 ${mactest_conf}
-    mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} unlink ${n1}
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} unlink ${n1}
+
 
-#############################################################
 #case 11: symbolic link a directory
-    echo -n "pid = -1 mac_test_check_vnode_create:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
-    mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3} ${n1}
+		echo -n "pid = -1 vnode_check_create:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
+		mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3} ${n1}
+
 
-#############################################################
 #case 12: rm symbolic link
-    echo -n "pid = -2 mac_test_check_vnode_delete:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low biba/high,mls/low" >> ${mactest_conf}
-    mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system rm ${n1}
+		echo -n "pid = -2 vnode_check_unlink:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low biba/high,mls/low" >>${mactest_conf}
+		mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system rm ${n1}
 
 #cleanup:
-    t=`sysctl security.mac.mls.enabled=0`
-    echo "disabling mac/mls!"
-    rm -fr ${n3}
-
-    rm ${mactest_conf}
-fi
+		sysctl security.mac.mls.enabled=0 >/dev/null
+		sysctl security.mac.biba.enabled=0 > /dev/null
+		rm -fr ${n3}
+		rm ${mactest_conf}
+#mac_mls mac_biba and mac_test support
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac
 
