From owner-p4-projects@FreeBSD.ORG  Wed Jun  6 09:05:28 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 8A25E16A46B; Wed,  6 Jun 2007 09:05:28 +0000 (UTC)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4337916A41F
	for <perforce@FreeBSD.org>; Wed,  6 Jun 2007 09:05:28 +0000 (UTC)
	(envelope-from zhouzhouyi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 341DD13C4B0
	for <perforce@FreeBSD.org>; Wed,  6 Jun 2007 09:05:28 +0000 (UTC)
	(envelope-from zhouzhouyi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l5695Sao026558
	for <perforce@FreeBSD.org>; Wed, 6 Jun 2007 09:05:28 GMT
	(envelope-from zhouzhouyi@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l5695RMB026549
	for perforce@freebsd.org; Wed, 6 Jun 2007 09:05:27 GMT
	(envelope-from zhouzhouyi@FreeBSD.org)
Date: Wed, 6 Jun 2007 09:05:27 GMT
Message-Id: <200706060905.l5695RMB026549@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	zhouzhouyi@FreeBSD.org using -f
From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 121047 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2007 09:05:28 -0000

http://perforce.freebsd.org/chv.cgi?CH=121047

Change 121047 by zhouzhouyi@zhouzhouyi_mactest on 2007/06/06 09:05:04

	Because mac/mls itself forbid the redirection of stderr, I use a tmp file to store the  
	result of stderr and stdout

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 (text+ko) ====

@@ -59,10 +59,11 @@
 
 	fprintf(stderr, "Usage:  <option(s)> \n");
 	fprintf(stderr, "\
-	-w seconds	Wait for n seconds before exits\n");
+	-w seconds	Wait for n seconds before exits\n\
+	-f pidfile	The pid file should be written to\n");
 	exit(1);
 }
-const char *pid_file="pidfile";
+char *pid_file	= NULL;
 struct pidfh    *pfh = NULL;
 
 
@@ -75,7 +76,7 @@
 	struct timeval begin,loop;
 	pid_t otherpid;
 	
-	while ((ch = getopt(argc, argv, "w:")) != -1) {
+	while ((ch = getopt(argc, argv, "w:f:")) != -1) {
 		switch(ch) {
 		case 'w':
 			seconds = (long)strtol(optarg, &endp, 0);
@@ -85,6 +86,9 @@
 				exit(1);
 			}
 			break;
+		case 'f':
+			pid_file = optarg;
+			break;
 		default:
 			usage();
 		}
@@ -97,6 +101,11 @@
 		usage();
 	}
 
+	if (pid_file == NULL){
+		fprintf(stderr, "must supply pid file\n");
+		usage();
+	}
+
 	gettimeofday(&begin, (struct timezone *)NULL);
 
 	pfh = pidfile_open(pid_file, 0600, &otherpid);

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 (text+ko) ====

@@ -3,6 +3,8 @@
 ntest=1
 pid=0
 pid_file="`pwd`/pidfile"
+tmp_file="`pwd`/tmp"
+
 
 echo ${dir} | egrep '^/' >/dev/null 2>&1
 if [ $? -eq 0 ]; then
@@ -14,21 +16,21 @@
 macproc="${maindir}/macproc"
 . ${maindir}/tests/conf
 
-maccmdnotexpect()
+maccmdnotexpectanyerror()
 {
-	e="${1}"
-	shift
 	m="${1}"
 	shift
 	c="${1}"
 	shift
-	r=`setpmac ${m} ${c} $* 2>&1`
-	echo ${r}|egrep ${e} >/dev/null 2>&1
-	if [ $? -eq 0 ]; then
+#	r=`setpmac ${m} ${c} $* 2>&1`
+	setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file}
+	r=`cat ${tmp_file}`
+	if [ ${#r} -eq 0 ]; then
+		echo "ok ${ntest}"
+	else
 		echo ${r}
 		echo "not ok ${ntest}"
-	else
-		echo "ok ${ntest}"
+		exit
 	fi
 	ntest=`expr $ntest + 1`
 }
@@ -41,12 +43,16 @@
 	shift
 	c="${1}"
 	shift
-	r=`setpmac ${m} ${c} $* 2>&1`
-	echo ${r}|egrep ${e} >/dev/null 2>&1
+#	r=`setpmac ${m} ${c} $* 2>&1`
+	setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file}
+	setfmac mls/equal ${tmp_file}
+	r=`cat ${tmp_file}`
+	echo ${r}|egrep "${e}" >/dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		echo "ok ${ntest}"
 	else
 		echo "not ok ${ntest}"
+		exit
 	fi
 	ntest=`expr $ntest + 1`
 }

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 (text+ko) ====

@@ -6,17 +6,29 @@
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
+#following test case is to show, when subject's effective mls level does not dominate 
+#object's effective mls level, a ESRCH is returned when signaling
+t=`sysctl security.mac.mls.enabled=0`
+maccmdnotexpectanyerror "mls/3(2-7)" ${macproc} -w 20 -f "${pid_file}"
+getmacprocpid
+t=`sysctl security.mac.mls.enabled=1`
+maccmdexpect "No such process" "mls/low" kill ${pid}
+maccmdnotexpectanyerror "mls/3(2-7)" kill ${pid}
+t=`sysctl security.mac.mls.enabled=0`
+rm ${pid_file}
+rm ${tmp_file}
 
-
-maccmdnotexpect "Invalid" "mls/3(2-7)" ${macproc} -w 20
-#not expect Invalide argument
+#following test case is to show, when object's effective mls level does not dominate 
+#subject's effective mls level, a EACCES is returned when signaling
 t=`sysctl security.mac.mls.enabled=0`
+maccmdnotexpectanyerror "mls/low(low-high)" ${macproc} -w 20 -f "${pid_file}"
 getmacprocpid
 t=`sysctl security.mac.mls.enabled=1`
-maccmdexpect "No" "mls/low" kill ${pid}
-#expect No such process
-maccmdnotexpect "No" "mls/3(2-7)" kill ${pid}
-#not expect No such process
+maccmdexpect "Permission denied" "mls/3(2-7)" kill ${pid}
+maccmdnotexpectanyerror "mls/low(low-high)" kill ${pid}
+t=`sysctl security.mac.mls.enabled=0`
+rm ${pid_file}
+rm ${tmp_file}