Date: Wed, 31 Oct 2007 02:53:46 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 128384 for review Message-ID: <200710310253.l9V2rkgs084107@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=128384 Change 128384 by zhouzhouyi@zhouzhouyi_mactest on 2007/10/31 02:53:18 Code stylize for mandatory access control tests for link Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#6 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#6 add Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#6 (text+ko) ==== @@ -12,62 +12,80 @@ n2=`namegen` n3=`namegen` -mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` -mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` +case "${os}:${fs}" in +FreeBSD:UFS) + + mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` + mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` -if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then + if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then - echo "1..10" + echo "1..10" #turn off all the switches first - for i in `sysctl security.mac | grep "\.enabled"| - sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do - sysctl ${i}=0 >/dev/null - done + for i in `sysctl security.mac | grep "\.enabled"| + sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do + sysctl ${i}=0 >/dev/null + done + + dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; - dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; + if [ -f ${mactest_conf} ]; then + rm ${mactest_conf} + fi + touch ${mactest_conf} -#first make working dir, the hook checks are already done in open: - if [ -f ${mactest_conf} ]; then - rm ${mactest_conf} - fi - touch ${mactest_conf} - sysctl security.mac.mls.enabled=1 >/dev/null + sysctl security.mac.mls.enabled=1 >/dev/null #case 1: mkdir - mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n3} 0755 + mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n3} \ + 0755 #case 2: setfmac - mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac "mls/6" ${n3} + mactestexpect "" "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac \ + "mls/6" ${n3} #case 3: create - mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2} 0644 + mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} create ${n3}/${n2}\ + 0644 #case 4: setfmac - mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n3}/${n2} + mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac \ + "mls/5" ${n3}/${n2} #case 5: link - echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf} - mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} - sysctl security.mac.mls.enabled=0 >/dev/null + echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} + sysctl security.mac.mls.enabled=0 >/dev/null #case 6: link success - truncate -s 0 ${mactest_conf} - mactestexpect "" 0 -m "mls/5(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} - sysctl security.mac.mls.enabled=1 >/dev/null + truncate -s 0 ${mactest_conf} + mactestexpect "" 0 -m "mls/5(low-high)" -f ${mactest_conf} link ${n3}/${n2} \ + ${n3}/${n1} + sysctl security.mac.mls.enabled=1 >/dev/null #case 7: unlink - truncate -s 0 ${mactest_conf} - mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} + truncate -s 0 ${mactest_conf} + mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} #case 8: setfmac fail, old vnode not in range - echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} - mactestexpect "setfmac:.mac_set_link.${n3}.${n1},.biba.,mls.6.:.Operation.not.permitted" "" -m "mls/6(6-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1} + echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> \ + ${mactest_conf} + mactestexpect \ + "setfmac:.mac_set_link.${n3}.${n1},.biba.,mls.6.:.Operation.not.permitted" ""\ + -m "mls/6(6-6)" -f ${mactest_conf} \ + system setfmac "biba/,mls/6" ${n3}/${n1} #case 9: setfmac success - echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} - mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1} + echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} + mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} \ + system setfmac "biba/,mls/6" ${n3}/${n1} #case 10: unlink - rm ${mactest_conf} - touch ${mactest_conf} - mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} + rm ${mactest_conf} + touch ${mactest_conf} + mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} #cleanup: - sysctl security.mac.mls.enabled=0 >/dev/null - rm -fr ${n3} - rm ${mactest_conf} + sysctl security.mac.mls.enabled=0 >/dev/null + rm -fr ${n3} + rm ${mactest_conf} fi + ;; +*) + quick_exit + ;; +esac
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710310253.l9V2rkgs084107>