Date: Fri, 18 Jan 2008 06:40:42 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 133532 for review Message-ID: <200801180640.m0I6egmB058573@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133532 Change 133532 by zhouzhouyi@zhouzhouyi_mactest on 2008/01/18 06:39:46 Style Modification Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/symlink/00.t#3 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/symlink/00.t#3 (text+ko) ==== @@ -1,109 +1,108 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/symlink/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ -desc="symlink creates symbolic links" +desc="check MAC Framework hooks for symbolic link" dir=`dirname $0` . ${dir}/../misc.sh -echo "1..12" +case "${os}" in +FreeBSD) -n0=`namegen` -n1=`namegen` -n2=`namegen` -n3=`namegen` + mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` + mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` + mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null` + if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] && + [ "${mac_test_support}" != "" ]; then #turn off all the switches -for i in `sysctl security.mac | grep "\.enabled"| - sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 -done + for i in `sysctl security.mac | grep "\.enabled"| + sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do + sysctl ${i}=0 >/dev/null + done + + + if [ -f ${mactest_conf} ]; then + rm ${mactest_conf} + fi + touch ${mactest_conf} + setfmac "mls/equal,biba/equal" ${mactest_conf} + + echo "1..12" -mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` -mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` + n0=`namegen` + n1=`namegen` + n2=`namegen` + n3=`namegen` -if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then - dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; + dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; -############################################################# -#first make working dir, the hook checks are already done in open: - if [ -f ${mactest_conf} ]; then - rm ${mactest_conf} - fi - touch ${mactest_conf} + sysctl security.mac.mls.enabled=1 > /dev/null + sysctl security.mac.biba.enabled=1 > /dev/null + sysctl security.mac.mls.revocation_enabled=1 > /dev/null -############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" - t=`sysctl security.mac.mls.revocation_enabled=1` - echo "enabling revoking" #case 1: mkdir - mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n3} 0755 + mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n3} 0755 -############################################################# #case 2: setfmac - mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac "mls/6" ${n3} + mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac "mls/6" ${n3} -############################################################# #case 3: create - mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644 + mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644 -############################################################# #case 4: setfmac - mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2} + mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2} -############################################################# #case 5: symlink fail because no write down - echo -n "pid = -1 mac_test_check_vnode_create:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(low-high) biba/high,mls/low" >> ${mactest_conf} - mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1} + echo -n "pid = -1 vnode_check_create:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(low-high) biba/high,mls/low" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1} -############################################################# #case 6: symbolic link do not check the blp rule of source file - rm ${mactest_conf} - touch ${mactest_conf} - mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1} + truncate -s 0 ${mactest_conf} + mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3}/${n2} ${n1} -############################################################# #case 7: lookup the symbolic file, blp no read up - mactestexpect "*Permission.denied" "" -m "mls/low(low-high)" -f ${mactest_conf} system cat ${n1} + mactestexpect "*Permission.denied" "" -m "mls/low(low-high)" -f ${mactest_conf} system cat ${n1} -############################################################# #case 8: truncate the symbolic file, stopped by vnode lookup - echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf} - echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf} - mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} truncate ${n1} 1234567 + echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} truncate ${n1} 1234567 -############################################################# #case 9: truncate the symbolic file, stopped by check vnode write - echo -n "pid = -1 mac_test_check_vnode_write:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(low-high) NULL biba/high,mls/5" >> ${mactest_conf} - mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} truncate ${n1} 1234567 + echo -n "pid = -1 vnode_check_write:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(low-high) biba/high,mls/5" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} truncate ${n1} 1234567 -############################################################# #case 10: unlink - truncate -s 0 ${mactest_conf} - mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} unlink ${n1} + truncate -s 0 ${mactest_conf} + mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} unlink ${n1} + -############################################################# #case 11: symbolic link a directory - echo -n "pid = -1 mac_test_check_vnode_create:" > ${mactest_conf} - echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} - mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3} ${n1} + echo -n "pid = -1 vnode_check_create:" > ${mactest_conf} + echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} + mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} symlink ${n3} ${n1} + -############################################################# #case 12: rm symbolic link - echo -n "pid = -2 mac_test_check_vnode_delete:" > ${mactest_conf} - echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low biba/high,mls/low" >> ${mactest_conf} - mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system rm ${n1} + echo -n "pid = -2 vnode_check_unlink:" > ${mactest_conf} + echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low biba/high,mls/low" >>${mactest_conf} + mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system rm ${n1} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" - rm -fr ${n3} - - rm ${mactest_conf} -fi + sysctl security.mac.mls.enabled=0 >/dev/null + sysctl security.mac.biba.enabled=0 > /dev/null + rm -fr ${n3} + rm ${mactest_conf} +#mac_mls mac_biba and mac_test support + fi + ;; +*) + quick_exit + ;; +esac
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801180640.m0I6egmB058573>