From owner-p4-projects@FreeBSD.ORG Thu Aug 16 06:01:29 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id ECF5D16A419; Thu, 16 Aug 2007 06:01:28 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B22B416A417 for ; Thu, 16 Aug 2007 06:01:28 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id A47C513C45B for ; Thu, 16 Aug 2007 06:01:28 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l7G61SuL011088 for ; Thu, 16 Aug 2007 06:01:28 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l7G61S6d011085 for perforce@freebsd.org; Thu, 16 Aug 2007 06:01:28 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Thu, 16 Aug 2007 06:01:28 GMT Message-Id: <200708160601.l7G61S6d011085@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 125205 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 06:01:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=125205 Change 125205 by zhouzhouyi@zhouzhouyi_mactest on 2007/08/16 06:01:07 Test mandatory access control hooks for ifnet transmit Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/01.t#1 add Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 (text+ko) ==== @@ -91,7 +91,7 @@ char *hostname; long sntransmitted; /* # of packets we sent in this sweep */ volatile sig_atomic_t finish_up = 0; - +int logfd; static void usage(void) @@ -180,6 +180,8 @@ if (i < 0 || i != cc) { if (i < 0) { warn("sendto"); + close(logfd); + exit(1); } else { warn("%s: partial write: %d of %d bytes", hostname, i, cc); @@ -208,7 +210,6 @@ const char *label_string = NULL; char *target = NULL; const char *macconf_file = NULL; - int logfd; int pid; char buf[10]; int flags; @@ -270,6 +271,10 @@ mac_free(label); } + + logfd = open("/dev/mactest", O_RDWR); + ioctl(logfd, BEGINLOG, NULL); + s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); outpack = outpackhdr + sizeof(struct ip); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 (text+ko) ==== @@ -104,6 +104,8 @@ int sd_args[MAX_ARGS]; }; +int logfd; + static struct syscall_desc syscalls[] = { { "kill", ACTION_KILL, { TYPE_NUMBER, TYPE_NUMBER, TYPE_NONE } }, { "system", ACTION_SYSTEM, { TYPE_NONE }}, @@ -251,6 +253,7 @@ } if (tflags[i].f_str == NULL) { fprintf(stderr, "unknown flag '%s'\n", f); + close(logfd); exit(1); } flags |= tflags[i].f_flag; @@ -400,12 +403,14 @@ if (argv[i] == NULL || strcmp(argv[i], ":") == 0) break; fprintf(stderr, "too many arguments [%s]\n", argv[i]); + close(logfd); exit(1); } else { if (argv[i] == NULL || strcmp(argv[i], ":") == 0) { if (scall->sd_args[i] & TYPE_OPTIONAL) break; fprintf(stderr, "too few arguments\n"); + close(logfd); exit(1); } if (scall->sd_args[i] & TYPE_STRING) { @@ -419,6 +424,7 @@ args[i].num = strtoll(argv[i], &endp, 0); if (*endp != '\0' && !isspace((unsigned char)*endp)) { fprintf(stderr, "invalid argument %u, number expected [%s]\n", i, endp); + close(logfd); exit(1); } } @@ -444,12 +450,14 @@ if (flags & O_CREAT) { if (i == 2) { fprintf(stderr, "too few arguments\n"); + close(logfd); exit(1); } rval = open(STR(0), flags, (mode_t)NUM(2)); } else { if (i == 3) { fprintf(stderr, "too many arguments\n"); + close(logfd); exit(1); } rval = open(STR(0), flags); @@ -524,6 +532,7 @@ break; default: fprintf(stderr, "unsupported syscall\n"); + close(logfd); exit(1); } #undef STR @@ -551,7 +560,7 @@ const char *macconf_file = NULL; int pid,pid1; int error; - int mactestpipefd, logfd; + int mactestpipefd; char buf[2048]; int ch; @@ -609,6 +618,7 @@ scall = find_syscall(argv[0]); if (scall == NULL) { fprintf(stderr, "syscall '%s' not supported\n", argv[0]); + close(logfd); exit(1); } argc++; ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 (text+ko) ==== @@ -46,6 +46,7 @@ #include "mactest.h" #define BEGINLOG _IO('m',1) +int logfd; static void usage(void) @@ -79,6 +80,7 @@ if (i < 0) { if (errno != EAGAIN) perror("write"); + close(fd); exit(1); } buf += i; @@ -96,7 +98,6 @@ const char *label_string_writer = NULL; const char *label_string_pipe = NULL; const char *macconf_file = NULL; - int logfd; int pid , pid1; int fdreader , fdwriter; char buf [10]; @@ -134,11 +135,13 @@ if (pipe(fd) < 0) { perror("pipe"); + close(logfd); exit(1); } flags = fcntl(fd[1], F_GETFL); if (flags == -1 || fcntl(fd[1], F_SETFL, flags | O_NONBLOCK) == -1) { perror("fcntl"); + close(logfd); exit(1); } if (label_string_pipe) { @@ -151,19 +154,23 @@ error = errno; else error = 0; - if (error) + if (error){ + close(logfd); exit(1); + } mac_free(label); } switch (fork()) { case -1: perror("fork"); + close(logfd); exit(1); case 0: { mac_t label; if (mac_from_text(&label, label_string_reader) == -1) { + close(logfd); exit(-1); } if (mac_set_proc(label) == -1) @@ -173,6 +180,7 @@ mac_free(label); if (error != 0) { + close(logfd); exit(-1); } close(fd[1]); @@ -183,6 +191,7 @@ break; if (i < 0) { perror("read"); + close(logfd); exit(1); } } @@ -196,6 +205,7 @@ mac_t label; if (mac_from_text(&label, label_string_writer) == -1) { + close(logfd); exit(-1); } if (mac_set_proc(label) == -1) @@ -205,6 +215,7 @@ mac_free(label); if (error != 0) { + close(logfd); exit(-1); } } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 (text+ko) ==== @@ -20,6 +20,7 @@ mdconfigopenrdonly="${maindir}/mdconfigopenrdonly" fifo_io="${maindir}/fifo_io" pipe_io="${maindir}/pipe_io" +macping="${maindir}/macping" . ${maindir}/tests/conf ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/pipe/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD: src/tools/regression/mactest/tests/netinet/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ desc="manipulate fifo files" @@ -38,7 +38,7 @@ echo "enabling revoking" t=`sysctl security.mac.test.pseudoinit=1` t=`ifconfig mac_test0 192.167.0.33` - t=`ifconfig mac_test1 192.167.0.34` + t=`ifconfig mac_test1 192.167.1.34` echo "enabling mactest pseudo interface" #case 1,2,3: set the maclabel of the interface, effective, range or both is allowed, while # the subject should be priviledeged.