Date: Fri, 16 Nov 2007 08:17:39 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 129115 for review Message-ID: <200711160817.lAG8HdLw092709@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=129115 Change 129115 by zhouzhouyi@zhouzhouyi_mactest on 2007/11/16 08:17:20 sys/security/mac_test/ and regression/mactest/tests/link are now mature and up to date Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.tab.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.y#5 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#7 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#7 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#13 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.tab.c#4 (text+ko) ==== @@ -232,16 +232,16 @@ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 7 -#define YYLAST 18 +#define YYLAST 29 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 9 +#define YYNTOKENS 10 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 8 +#define YYNNTS 10 /* YYNRULES -- Number of rules. */ -#define YYNRULES 15 +#define YYNRULES 20 /* YYNRULES -- Number of states. */ -#define YYNSTATES 22 +#define YYNSTATES 31 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -256,7 +256,7 @@ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 7, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 9, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 8, 2, 2, 6, 2, 2, 2, 2, 2, 2, 2, 2, @@ -288,16 +288,19 @@ static const unsigned char yyprhs[] = { 0, 0, 3, 4, 6, 8, 11, 14, 20, 21, - 30, 32, 34, 37, 40, 42 + 30, 31, 42, 44, 46, 49, 52, 54, 57, 60, + 62 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yysigned_char yyrhs[] = { - 10, 0, -1, -1, 11, -1, 12, -1, 11, 12, - -1, 11, 1, -1, 3, 6, 16, 15, 7, -1, - -1, 3, 6, 16, 15, 13, 8, 14, 7, -1, - 7, -1, 15, -1, 14, 15, -1, 14, 1, -1, + 11, 0, -1, -1, 12, -1, 13, -1, 12, 13, + -1, 12, 1, -1, 3, 6, 19, 18, 7, -1, + -1, 3, 6, 19, 18, 14, 8, 16, 7, -1, + -1, 3, 6, 19, 18, 15, 9, 17, 8, 16, + 7, -1, 7, -1, 18, -1, 16, 18, -1, 16, + 1, -1, 18, -1, 17, 18, -1, 17, 1, -1, 4, -1, 5, -1 }; @@ -305,7 +308,8 @@ static const unsigned char yyrline[] = { 0, 48, 48, 50, 54, 56, 57, 60, 62, 62, - 64, 67, 69, 70, 75, 78 + 64, 64, 66, 69, 71, 72, 76, 78, 79, 83, + 86 }; #endif @@ -315,8 +319,9 @@ static const char *const yytname[] = { "$end", "error", "$undefined", "PID", "IDENTIFIER", "NUM", "'='", "'\\n'", - "':'", "$accept", "program", "mactestlog_records", "mactestlog_record", - "@1", "label_elements", "identifier", "pid", 0 + "':'", "'#'", "$accept", "program", "mactestlog_records", + "mactestlog_record", "@1", "@2", "label_elements", "modflag_elements", + "identifier", "pid", 0 }; #endif @@ -325,22 +330,24 @@ token YYLEX-NUM. */ static const unsigned short yytoknum[] = { - 0, 256, 257, 258, 259, 260, 61, 10, 58 + 0, 256, 257, 258, 259, 260, 61, 10, 58, 35 }; # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const unsigned char yyr1[] = { - 0, 9, 10, 10, 11, 11, 11, 12, 13, 12, - 12, 14, 14, 14, 15, 16 + 0, 10, 11, 11, 12, 12, 12, 13, 14, 13, + 15, 13, 13, 16, 16, 16, 17, 17, 17, 18, + 19 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const unsigned char yyr2[] = { 0, 2, 0, 1, 1, 2, 2, 5, 0, 8, - 1, 1, 2, 2, 1, 1 + 0, 10, 1, 1, 2, 2, 1, 2, 2, 1, + 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state @@ -348,57 +355,62 @@ means the default is an error. */ static const unsigned char yydefact[] = { - 2, 0, 10, 0, 0, 4, 0, 1, 6, 5, - 15, 0, 14, 8, 7, 0, 0, 0, 11, 13, - 9, 12 + 2, 0, 12, 0, 0, 4, 0, 1, 6, 5, + 20, 0, 19, 8, 7, 0, 0, 0, 0, 0, + 13, 0, 16, 15, 9, 14, 18, 0, 17, 0, + 11 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yysigned_char yydefgoto[] = { - -1, 3, 4, 5, 15, 17, 13, 11 + -1, 3, 4, 5, 15, 16, 19, 21, 20, 11 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -6 +#define YYPACT_NINF -12 static const yysigned_char yypact[] = { - 3, -2, -6, 9, 0, -6, 8, -6, -6, -6, - -6, 10, -6, 11, -6, 7, 10, 1, -6, -6, - -6, -6 + 18, -5, -12, 13, 2, -12, 17, -12, -12, -12, + -12, 12, -12, -3, -12, 16, 20, 12, 12, 10, + -12, 11, -12, -12, -12, -12, -12, 12, -12, 19, + -12 }; /* YYPGOTO[NTERM-NUM]. */ static const yysigned_char yypgoto[] = { - -6, -6, -6, 12, -6, -6, -5, -6 + -12, -12, -12, 23, -12, -12, 1, -12, -11, -12 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, parse error. */ -#define YYTABLE_NINF -4 +#define YYTABLE_NINF -11 static const yysigned_char yytable[] = { - -3, 8, 19, 1, 6, 12, 1, 2, 20, 7, - 2, 18, 21, 10, 12, 16, 9, 0, 14 + 13, 6, -3, 8, 14, 1, -10, 22, 25, 2, + 28, 23, 26, 7, 12, 12, 12, 24, 25, 27, + 23, 1, 10, 12, 17, 2, 30, 9, 29, 18 }; -static const yysigned_char yycheck[] = +static const unsigned char yycheck[] = { - 0, 1, 1, 3, 6, 4, 3, 7, 7, 0, - 7, 16, 17, 5, 4, 8, 4, -1, 7 + 11, 6, 0, 1, 7, 3, 9, 18, 19, 7, + 21, 1, 1, 0, 4, 4, 4, 7, 29, 8, + 1, 3, 5, 4, 8, 7, 7, 4, 27, 9 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const unsigned char yystos[] = { - 0, 3, 7, 10, 11, 12, 6, 0, 1, 12, - 5, 16, 4, 15, 7, 13, 8, 14, 15, 1, - 7, 15 + 0, 3, 7, 11, 12, 13, 6, 0, 1, 13, + 5, 19, 4, 18, 7, 14, 15, 8, 9, 16, + 18, 17, 18, 1, 7, 18, 1, 8, 18, 16, + 7 }; #if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) @@ -976,26 +988,47 @@ case 10: #line 64 "mactestparser.y" - {yyval.mtpipetype = 0;} + {stringsave = strdup(yyvsp[0].namestring);} break; case 11: -#line 68 "mactestparser.y" - { new_labelstrings(strdup(yyvsp[0].namestring));} +#line 64 "mactestparser.y" + { + yyval.mtpipetype = new_mactestlog_record(stringsave, yyvsp[-7].itype);stringsave = 0;} break; case 12: -#line 69 "mactestparser.y" +#line 66 "mactestparser.y" + {yyval.mtpipetype = 0;} + break; + + case 13: +#line 70 "mactestparser.y" { new_labelstrings(strdup(yyvsp[0].namestring));} break; case 14: -#line 76 "mactestparser.y" +#line 71 "mactestparser.y" + { new_labelstrings(strdup(yyvsp[0].namestring));} + break; + + case 16: +#line 77 "mactestparser.y" + { new_modes_or_flags(strdup(yyvsp[0].namestring));} + break; + + case 17: +#line 78 "mactestparser.y" + { new_modes_or_flags(strdup(yyvsp[0].namestring));} + break; + + case 19: +#line 84 "mactestparser.y" {} break; - case 15: -#line 79 "mactestparser.y" + case 20: +#line 87 "mactestparser.y" {} break; @@ -1003,7 +1036,7 @@ } /* Line 1016 of /usr/local/share/bison/yacc.c. */ -#line 1007 "mactestparser.tab.c" +#line 1040 "mactestparser.tab.c" yyvsp -= yylen; yyssp -= yylen; @@ -1222,7 +1255,7 @@ } -#line 84 "mactestparser.y" +#line 92 "mactestparser.y" int ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.y#5 (text+ko) ==== @@ -61,6 +61,8 @@ PID '=' pid identifier '\n' {$$ = new_mactestlog_record(strdup($4), $3);} |PID '=' pid identifier {stringsave = strdup($4);} ':' label_elements '\n' { $$ = new_mactestlog_record(stringsave, $3);stringsave = 0;} + |PID '=' pid identifier {stringsave = strdup($4);} '#' modflag_elements ':' label_elements '\n' { + $$ = new_mactestlog_record(stringsave, $3);stringsave = 0;} |'\n' {$$ = 0;} ; @@ -71,6 +73,12 @@ ; +modflag_elements: + identifier { new_modes_or_flags(strdup($1));} + |modflag_elements identifier { new_modes_or_flags(strdup($2));} + |modflag_elements error + ; + identifier: IDENTIFIER {} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#7 (text+ko) ==== @@ -49,7 +49,7 @@ mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac \ "mls/5" ${n3}/${n2} #case 5: link - echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf} + echo -n "pid = -1 vnode_check_link:" > ${mactest_conf} echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf} mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} sysctl security.mac.mls.enabled=0 >/dev/null @@ -62,7 +62,7 @@ truncate -s 0 ${mactest_conf} mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} #case 8: setfmac fail, old vnode not in range - echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_relabel:" > ${mactest_conf} echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> \ ${mactest_conf} mactestexpect \ @@ -70,7 +70,7 @@ -m "mls/6(6-6)" -f ${mactest_conf} \ system setfmac "biba/,mls/6" ${n3}/${n1} #case 9: setfmac success - echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_relabel:" > ${mactest_conf} echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} \ system setfmac "biba/,mls/6" ${n3}/${n1} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#7 (text+ko) ==== @@ -40,23 +40,23 @@ #case 1: mkdir mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n0} 0755 #case 2: mdconfig, couldn't open /dev/mdctl, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*Permission.denied" "" -m "mls/7(low-high)" -f ${mactest_conf}\ system mdconfig -a -n -t malloc -s 1m #case 3: mdconfig, successfully open /dev/mdctl - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} \ system mdconfig -a -n -t malloc -s 1m mdnum=${ret} #case 4: newfs, fail for writing, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*failed.to.open.disk.for.writing" "*" -m "mls/7(low-high)" \ -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum} #case 5: newfs, success - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf}\ system newfs -i 1 /dev/md${mdnum} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#13 (text+ko) ==== @@ -119,22 +119,27 @@ #define LOG_DECL \ char *buffer; \ char *currentchar; \ + char *currentchar1; \ char *element1; \ - char *buffer1; \ - char *submitbuffer; \ + char *buffer1; /*buffer used to store labels*/ \ + char *submitbuffer; /*the buffer sent to log*/ \ + char *flagbuffer; /*buffer used to store various of flags*/ \ int havelabel = 0; \ + int haveflag = 0; \ int error; \ struct thread *td1 = curthread; \ volatile int badmem = 0; \ error = 0; \ - buffer = malloc(2048, M_MAC_TEST_LOG, M_NOWAIT); \ + buffer = malloc(2560, M_MAC_TEST_LOG, M_NOWAIT); \ if (!buffer) \ badmem = 1; \ bzero(buffer, 2048); \ element1 = buffer + 512; buffer1 = element1 + 256; \ - submitbuffer = buffer + 1024; \ + flagbuffer = buffer + 1024; \ + submitbuffer = buffer + 1536; \ /*element1 and buffer1 will not be used if badmem == 1*/ \ - currentchar = buffer; + currentchar = buffer; \ + currentchar1 = flagbuffer; #define COUNTER_DECL(variable) \ static int counter_##variable; \ @@ -144,12 +149,19 @@ #define COUNTER_INC(variable) do { \ atomic_add_int(&counter_##variable, 1); \ if (!badmem) { \ - if (havelabel) \ + if ((!havelabel)&&(!haveflag)) \ + sprintf(submitbuffer,"pid = %d %s\n", \ + td1->td_proc->p_pid, #variable); \ + else if (!haveflag) \ sprintf(submitbuffer,"pid = %d %s:%s\n", \ td1->td_proc->p_pid, #variable, buffer);\ - else \ - sprintf(submitbuffer,"pid = %d %s\n", \ - td1->td_proc->p_pid, #variable); \ + else if (havelabel) { \ + /*get rid of last blank: "VREAD VWRITE "*/ \ + *(flagbuffer + strlen(flagbuffer) -1) = 0; \ + sprintf(submitbuffer,"pid = %d %s#%s:%s\n", \ + td1->td_proc->p_pid, #variable, \ + flagbuffer, buffer); \ + } \ mac_test_log_submit(submitbuffer, strlen(submitbuffer));\ free(buffer, M_MAC_TEST_LOG); \ } \ @@ -163,6 +175,14 @@ #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) #endif +#define APPEND_FLAG(flag) do { \ + if (!badmem) { \ + sprintf(currentchar1, "%s ", flag); \ + currentchar1 += strlen(currentchar1); \ + haveflag = 1; \ + } \ +} while (0) + #define LABEL_CHECK(label, magic) do { \ if (label != NULL) { \ KASSERT(SLOT(label) == magic || SLOT(label) == 0 || \ @@ -2580,6 +2600,18 @@ LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(vplabel, MAGIC_VNODE); + if (acc_mode & VREAD) + APPEND_FLAG("VREAD"); + if (acc_mode & VEXEC) + APPEND_FLAG("VEXEC"); + if (acc_mode & VSTAT) + APPEND_FLAG("VSTAT"); + if (acc_mode & VWRITE) + APPEND_FLAG("VWRITE"); + if (acc_mode & VAPPEND) + APPEND_FLAG("VAPPEND"); + if (acc_mode & VADMIN) + APPEND_FLAG("VADMIN"); COUNTER_INC(vnode_check_open); return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711160817.lAG8HdLw092709>