PERFORCE change 133918 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Wed Jan 23 00:55:56 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=133918
Change 133918 by zhouzhouyi at zhouzhouyi_mactest on 2008/01/23 08:55:33
Style Modification
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 (text+ko) ====
@@ -1,5 +1,5 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
desc="mdconfig"
@@ -13,7 +13,7 @@
#turn off all the switches
for i in `sysctl security.mac | grep "\.enabled"|
sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
- sysctl ${i}=0
+ sysctl ${i}=0 > /dev/null
done
echo "1..1"
@@ -35,20 +35,16 @@
touch ${mactest_conf}
#############################################################
- t=`sysctl security.mac.mls.enabled=1`
- echo "enforcing mac/mls!"
- t=`sysctl security.mac.biba.enabled=1`
- echo "enforcing mac/biba!"
+ sysctl security.mac.mls.enabled=1 > /dev/null
+ sysctl security.mac.biba.enabled=1 > /dev/null
#case 1: mdconfig, couldn't open /dev/mdctl, BLP prevents write down
mactestexpect "" "*" -m "mls/7(low-high),biba/low(low-high)" -f ${mactest_conf} system ${mdconfigopenrdonly} -a -n -t malloc -s 1m
mdnum=${ret}
#cleanup:
- t=`sysctl security.mac.mls.enabled=0`
- echo "disabling mac/mls!"
- t=`sysctl security.mac.biba.enabled=0`
- echo "disabling mac/biba!"
+ sysctl security.mac.mls.enabled=0 > /dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
rm -fr ${n0}
rm -fr ${n2}
rm ${mactest_conf}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 (text+ko) ====
@@ -1,5 +1,5 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/01.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
desc="Testing mount and umount of md devices"
@@ -13,13 +13,9 @@
#turn off all the switches
for i in `sysctl security.mac | grep "\.enabled"|
sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
- sysctl ${i}=0
+ sysctl ${i}=0 > /dev/null
done
- echo "1..12"
- n0=`namegenshort`
- n1=`namegen`
- n2=`namegenshort`
mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
@@ -27,37 +23,42 @@
if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-#############################################################
+
#first make working dir, the hook checks are already done in open:
if [ -f ${mactest_conf} ]; then
rm ${mactest_conf}
fi
touch ${mactest_conf}
-#############################################################
- t=`sysctl security.mac.mls.enabled=1`
- echo "enforcing mac/mls!"
+ echo "1..12"
+ n0=`namegenshort`
+ n1=`namegen`
+ n2=`namegenshort`
+
+
+
+ sysctl security.mac.mls.enabled=1 > /dev/null
#case 1: mkdir
mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n0} 0755
#case 2: mdconfig, couldn't open /dev/mdctl, BLP prevents write down
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "*Permission.denied" "" -m "mls/7(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m
#case 3: mdconfig, successfully open /dev/mdctl
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m
mdnum=${ret}
#case 4: newfs, fail for writing, BLP prevents write down
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "*failed.to.open.disk.for.writing" "*" -m "mls/7(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum}
#case 5: newfs, success
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum}
@@ -87,8 +88,7 @@
#case 12: detach
mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -d -u ${mdnum}
#cleanup:
- t=`sysctl security.mac.mls.enabled=0`
- echo "disabling mac/mls!"
+ sysctl security.mac.mls.enabled=0 > /dev/null
rm -fr ${n0}
rm -fr ${n2}
rm ${mactest_conf}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 (text+ko) ====
@@ -1,5 +1,5 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/mmap/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
desc="test the Mac hooks's enforcement on mmap"
@@ -7,15 +7,11 @@
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..4"
-n0=`namegen`
-n1=`namegen`
-
#turn off all the switches
for i in `sysctl security.mac | grep "\.enabled"|
sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
+ sysctl ${i}=0 > /dev/null
done
mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
@@ -33,15 +29,14 @@
fi
touch ${mactest_conf}
-#############################################################
- t=`sysctl security.mac.mls.enabled=1`
- echo "enforcing mac/mls!"
- t=`sysctl security.mac.biba.enabled=1`
- echo "enforcing mac/biba!"
- t=`sysctl security.mac.mls.revocation_enabled=1`
- t=`sysctl security.mac.biba.revocation_enabled=1`
- echo "enabling revoking"
+ echo "1..4"
+ n0=`namegen`
+ n1=`namegen`
+ sysctl security.mac.mls.enabled=1 > /dev/null
+ sysctl security.mac.biba.enabled=1 > /dev/null
+ sysctl security.mac.mls.revocation_enabled=1 > /dev/null
+ sysctl security.mac.biba.revocation_enabled=1 > /dev/null
#setting up the file, and set the maclabel of it
touch ${n0}
@@ -50,31 +45,29 @@
setfmac biba/5 ${n1}
#case 1: mls can't read mmap high
- echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf}
echo "biba/high(low-high),mls/4(low-high) biba/high,mls/5" >> ${mactest_conf}
bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "mls/5(low-high)" -s 1 \
-f ${n0} -r "mls/4" -w "mls/5" -c ${mactest_conf}
#case 2: mls can't write mmap low
- echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf}
echo "biba/high(low-high),mls/6(low-high) biba/high,mls/5" >> ${mactest_conf}
bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "mls/5(low-high)" -s 1 \
-f ${n0} -r "mls/5" -w "mls/6" -c ${mactest_conf}
#case 3: biba can't read mmap low
- echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf}
echo "mls/low(low-high),biba/6(low-high) biba/5,mls/low" >> ${mactest_conf}
bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "biba/5(low-high)" -s 1 \
-f ${n1} -r "biba/6" -w "biba/5" -c ${mactest_conf}
#case 4: biba can't write mmap high
- echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf}
echo "mls/low(low-high),biba/4(low-high) biba/5,mls/low" >> ${mactest_conf}
bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "biba/5(low-high)" -s 1 \
-f ${n1} -r "biba/5" -w "biba/4" -c ${mactest_conf}
#cleanup:
- t=`sysctl security.mac.mls.enabled=0`
- echo "disabling mac/mls!"
- t=`sysctl security.mac.biba.enabled=0`
- echo "disabling mac/biba!"
+ sysctl security.mac.mls.enabled=0 > /dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
rm ${n0}
rm ${n1}
rm ${mactest_conf}
More information about the p4-projects
mailing list