Date: Wed, 6 Jun 2007 09:05:27 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 121047 for review Message-ID: <200706060905.l5695RMB026549@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=121047 Change 121047 by zhouzhouyi@zhouzhouyi_mactest on 2007/06/06 09:05:04 Because mac/mls itself forbid the redirection of stderr, I use a tmp file to store the result of stderr and stdout Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 (text+ko) ==== @@ -59,10 +59,11 @@ fprintf(stderr, "Usage: <option(s)> \n"); fprintf(stderr, "\ - -w seconds Wait for n seconds before exits\n"); + -w seconds Wait for n seconds before exits\n\ + -f pidfile The pid file should be written to\n"); exit(1); } -const char *pid_file="pidfile"; +char *pid_file = NULL; struct pidfh *pfh = NULL; @@ -75,7 +76,7 @@ struct timeval begin,loop; pid_t otherpid; - while ((ch = getopt(argc, argv, "w:")) != -1) { + while ((ch = getopt(argc, argv, "w:f:")) != -1) { switch(ch) { case 'w': seconds = (long)strtol(optarg, &endp, 0); @@ -85,6 +86,9 @@ exit(1); } break; + case 'f': + pid_file = optarg; + break; default: usage(); } @@ -97,6 +101,11 @@ usage(); } + if (pid_file == NULL){ + fprintf(stderr, "must supply pid file\n"); + usage(); + } + gettimeofday(&begin, (struct timezone *)NULL); pfh = pidfile_open(pid_file, 0600, &otherpid); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 (text+ko) ==== @@ -3,6 +3,8 @@ ntest=1 pid=0 pid_file="`pwd`/pidfile" +tmp_file="`pwd`/tmp" + echo ${dir} | egrep '^/' >/dev/null 2>&1 if [ $? -eq 0 ]; then @@ -14,21 +16,21 @@ macproc="${maindir}/macproc" . ${maindir}/tests/conf -maccmdnotexpect() +maccmdnotexpectanyerror() { - e="${1}" - shift m="${1}" shift c="${1}" shift - r=`setpmac ${m} ${c} $* 2>&1` - echo ${r}|egrep ${e} >/dev/null 2>&1 - if [ $? -eq 0 ]; then +# r=`setpmac ${m} ${c} $* 2>&1` + setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file} + r=`cat ${tmp_file}` + if [ ${#r} -eq 0 ]; then + echo "ok ${ntest}" + else echo ${r} echo "not ok ${ntest}" - else - echo "ok ${ntest}" + exit fi ntest=`expr $ntest + 1` } @@ -41,12 +43,16 @@ shift c="${1}" shift - r=`setpmac ${m} ${c} $* 2>&1` - echo ${r}|egrep ${e} >/dev/null 2>&1 +# r=`setpmac ${m} ${c} $* 2>&1` + setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file} + setfmac mls/equal ${tmp_file} + r=`cat ${tmp_file}` + echo ${r}|egrep "${e}" >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "ok ${ntest}" else echo "not ok ${ntest}" + exit fi ntest=`expr $ntest + 1` } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 (text+ko) ==== @@ -6,17 +6,29 @@ dir=`dirname $0` . ${dir}/../misc.sh +#following test case is to show, when subject's effective mls level does not dominate +#object's effective mls level, a ESRCH is returned when signaling +t=`sysctl security.mac.mls.enabled=0` +maccmdnotexpectanyerror "mls/3(2-7)" ${macproc} -w 20 -f "${pid_file}" +getmacprocpid +t=`sysctl security.mac.mls.enabled=1` +maccmdexpect "No such process" "mls/low" kill ${pid} +maccmdnotexpectanyerror "mls/3(2-7)" kill ${pid} +t=`sysctl security.mac.mls.enabled=0` +rm ${pid_file} +rm ${tmp_file} - -maccmdnotexpect "Invalid" "mls/3(2-7)" ${macproc} -w 20 -#not expect Invalide argument +#following test case is to show, when object's effective mls level does not dominate +#subject's effective mls level, a EACCES is returned when signaling t=`sysctl security.mac.mls.enabled=0` +maccmdnotexpectanyerror "mls/low(low-high)" ${macproc} -w 20 -f "${pid_file}" getmacprocpid t=`sysctl security.mac.mls.enabled=1` -maccmdexpect "No" "mls/low" kill ${pid} -#expect No such process -maccmdnotexpect "No" "mls/3(2-7)" kill ${pid} -#not expect No such process +maccmdexpect "Permission denied" "mls/3(2-7)" kill ${pid} +maccmdnotexpectanyerror "mls/low(low-high)" kill ${pid} +t=`sysctl security.mac.mls.enabled=0` +rm ${pid_file} +rm ${tmp_file}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706060905.l5695RMB026549>