Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Jul 2007 05:34:23 GMT
From:      Zhouyi ZHOU <zhouzhouyi@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 123713 for review
Message-ID:  <200707190534.l6J5YN2v037147@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=123713

Change 123713 by zhouzhouyi@zhouzhouyi_mactest on 2007/07/19 05:34:04

	Test for Mandatory Access Control for rename operation

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#10 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/02.t#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#1 add

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#10 (text+ko) ====

@@ -62,8 +62,9 @@
 	touch ${tmp_file1}
 
 #set equal label to above files
-	label=`getfmac "."| sed 's/\(\.:\ \)\([a-z\,\/]*\)/\2/` 
-	label1=`echo ${label}|sed 's/\/[a-z:0-9\+]*/\/equal/g`
+#	label=`getfmac "."| sed 's/\(\.:\ \)\([a-z\,\/]*\)/\2/` 
+#	label1=`echo ${label}|sed 's/\/[a-z:0-9\+]*/\/equal/g`
+	label1="mls/equal,biba/equal"
 	setfmac ${label1} ${tmp_file} ${tmp_file1} /var/log/mactest
 
 	${mactest} $* 2>${tmp_file1} 1>>${tmp_file}

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/02.t#4 (text+ko) ====

@@ -9,7 +9,7 @@
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..5"
+echo "1..7"
 
 n0=`namegen`
 n1=`namegen`
@@ -59,12 +59,19 @@
     echo -n "pid = -2 mac_test_check_vnode_stat:" > ${mactest_conf}
     echo "biba/high(low-high),mls/low(low-high) NULL biba/high,mls/10" >> ${mactest_conf}
     mactestexpect "setfmac:.traversing.${n1}:.Permission.denied" "" -m ${dvplabel} -f ${mactest_conf} system setfmac "mls/low" ${n1}
-    
+
+#relabel the vnode to mls/low
+    rm ${mactest_conf}
+    touch ${mactest_conf}
+    mactestexpect "" "" -m mls/10 -f ${mactest_conf} system setfmac "mls/low" ${n1}
+
+#BLP: ok read low
+    mactestexpect "" 0 -m mls/10 -f ${mactest_conf} open ${n1} O_RDONLY
+
+
     t=`sysctl security.mac.mls.enabled=0`
     echo "disabling mac/mls!"
 
-  
-#BLP: ok read low
 #cleanup:
 #   cd ..
     rm -fr ${n1}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707190534.l6J5YN2v037147>