Date: Thu, 29 Nov 2007 07:01:24 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 129759 for review Message-ID: <200711290701.lAT71OCE005516@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=129759 Change 129759 by zhouzhouyi@zhouzhouyi_mactest on 2007/11/29 07:00:33 Mandatory access control test for proc schedule Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sched/00.t#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sched/00.t#2 (text+ko) ==== @@ -1,60 +1,65 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/sched/00.t,v 1.1 2007/06/04 01:42:08 zhouzhouyi Exp $ +# $FreeBSD$ + +desc="test of proc schedule" -desc="checking the Mandatory Access Control Hooks for proc sched" dir=`dirname $0` . ${dir}/../misc.sh -echo "1..3" +case "${os}" in +FreeBSD) + + mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` + mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` + mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null` + + if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] && + [ "${mac_test_support}" != "" ]; then #turn off all the switches -for i in `sysctl security.mac | grep "\.enabled"| - sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 -done + for i in `sysctl security.mac | grep "\.enabled"| + sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do + sysctl ${i}=0 >/dev/null + done -mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` -mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` -mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null` -if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] && - [ "${mac_test_support}" != "" ] ; then - setpmac "mls/3,biba/4" ${macproc} -w 10 -f "${pid_file}" - getmacprocpid + if [ -f ${mactest_conf} ]; then + rm ${mactest_conf} + fi + touch ${mactest_conf} + setfmac "mls/equal,biba/equal" ${mactest_conf} + + echo "1..3" + setpmac "mls/3,biba/4" ${macproc} -w 10 -f "${pid_file}" + getmacprocpid - if [ -f ${mactest_conf} ]; then - rm ${mactest_conf} - fi - touch ${mactest_conf} + sysctl security.mac.mls.enabled=1 >/dev/null + sysctl security.mac.biba.enabled=1 > /dev/null -############################################################# - t=`sysctl security.mac.mls.enabled=1` - t=`sysctl security.mac.biba.enabled=1` - echo "enabling mac/mls!" - echo "enabling mac/biba!" - #case 1: can sched the proc when two labels are equal - mactestexpect "" "" -m "biba/4,mls/3" -f ${mactest_conf} system rtprio -t -${pid} + mactestexpect "" "" -m "biba/4,mls/3" -f ${mactest_conf} system rtprio -t -${pid} #case 2: if biba label is not equal, sched should not happen - mactestexpect "*rtprio:.Permission.denied" "" -m "biba/3,mls/3" -f ${mactest_conf} system rtprio -t -${pid} + mactestexpect "*rtprio:.Permission.denied" "" -m "biba/3,mls/3" -f ${mactest_conf} system rtprio -t -${pid} #case 3: if mls label is not equal, sched should not happen - echo -n "pid = -2 mac_test_check_proc_sched:" > ${mactest_conf} - echo "biba/4(low-high),mls/5(low-high) biba/4(low-high),mls/3(low-high)" >> ${mactest_conf} - mactestexpect "*rtprio:.Permission.denied" "" -m "biba/4,mls/5" -f ${mactest_conf} system rtprio -t -${pid} + echo -n "pid = -2 proc_check_sched:" > ${mactest_conf} + echo "biba/4(low-high),mls/5(low-high) biba/4(low-high),mls/3(low-high)" >> ${mactest_conf} + mactestexpect "*rtprio:.Permission.denied" "" -m "biba/4,mls/5" -f ${mactest_conf} system rtprio -t -${pid} - t=`sysctl security.mac.mls.enabled=0` - t=`sysctl security.mac.biba.enabled=0` - echo "disabling mac/mls!" - echo "disabling mac/biba!" - - rm ${mactest_conf} - rm ${pid_file} - -fi - +#cleanup: + sysctl security.mac.mls.enabled=0 >/dev/null + sysctl security.mac.biba.enabled=0 > /dev/null + rm ${mactest_conf} + rm ${pid_file} +#mac_mls mac_biba and mac_test support + fi + ;; +*) + quick_exit + ;; +esac
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711290701.lAT71OCE005516>