Date: Wed, 23 Jan 2008 08:55:55 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 133918 for review Message-ID: <200801230855.m0N8tt2n057641@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133918 Change 133918 by zhouzhouyi@zhouzhouyi_mactest on 2008/01/23 08:55:33 Style Modification Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="mdconfig" @@ -13,7 +13,7 @@ #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do - sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done echo "1..1" @@ -35,20 +35,16 @@ touch ${mactest_conf} ############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" - t=`sysctl security.mac.biba.enabled=1` - echo "enforcing mac/biba!" + sysctl security.mac.mls.enabled=1 > /dev/null + sysctl security.mac.biba.enabled=1 > /dev/null #case 1: mdconfig, couldn't open /dev/mdctl, BLP prevents write down mactestexpect "" "*" -m "mls/7(low-high),biba/low(low-high)" -f ${mactest_conf} system ${mdconfigopenrdonly} -a -n -t malloc -s 1m mdnum=${ret} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" - t=`sysctl security.mac.biba.enabled=0` - echo "disabling mac/biba!" + sysctl security.mac.mls.enabled=0 > /dev/null + sysctl security.mac.biba.enabled=0 > /dev/null rm -fr ${n0} rm -fr ${n2} rm ${mactest_conf} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/01.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="Testing mount and umount of md devices" @@ -13,13 +13,9 @@ #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do - sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done - echo "1..12" - n0=`namegenshort` - n1=`namegen` - n2=`namegenshort` mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` @@ -27,37 +23,42 @@ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; -############################################################# + #first make working dir, the hook checks are already done in open: if [ -f ${mactest_conf} ]; then rm ${mactest_conf} fi touch ${mactest_conf} -############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" + echo "1..12" + n0=`namegenshort` + n1=`namegen` + n2=`namegenshort` + + + + sysctl security.mac.mls.enabled=1 > /dev/null #case 1: mkdir mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n0} 0755 #case 2: mdconfig, couldn't open /dev/mdctl, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*Permission.denied" "" -m "mls/7(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m #case 3: mdconfig, successfully open /dev/mdctl - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m mdnum=${ret} #case 4: newfs, fail for writing, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*failed.to.open.disk.for.writing" "*" -m "mls/7(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum} #case 5: newfs, success - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum} @@ -87,8 +88,7 @@ #case 12: detach mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -d -u ${mdnum} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" + sysctl security.mac.mls.enabled=0 > /dev/null rm -fr ${n0} rm -fr ${n2} rm ${mactest_conf} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mmap/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="test the Mac hooks's enforcement on mmap" @@ -7,15 +7,11 @@ dir=`dirname $0` . ${dir}/../misc.sh -echo "1..4" -n0=`namegen` -n1=`namegen` - #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` @@ -33,15 +29,14 @@ fi touch ${mactest_conf} -############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" - t=`sysctl security.mac.biba.enabled=1` - echo "enforcing mac/biba!" - t=`sysctl security.mac.mls.revocation_enabled=1` - t=`sysctl security.mac.biba.revocation_enabled=1` - echo "enabling revoking" + echo "1..4" + n0=`namegen` + n1=`namegen` + sysctl security.mac.mls.enabled=1 > /dev/null + sysctl security.mac.biba.enabled=1 > /dev/null + sysctl security.mac.mls.revocation_enabled=1 > /dev/null + sysctl security.mac.biba.revocation_enabled=1 > /dev/null #setting up the file, and set the maclabel of it touch ${n0} @@ -50,31 +45,29 @@ setfmac biba/5 ${n1} #case 1: mls can't read mmap high - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "biba/high(low-high),mls/4(low-high) biba/high,mls/5" >> ${mactest_conf} bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "mls/5(low-high)" -s 1 \ -f ${n0} -r "mls/4" -w "mls/5" -c ${mactest_conf} #case 2: mls can't write mmap low - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "biba/high(low-high),mls/6(low-high) biba/high,mls/5" >> ${mactest_conf} bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "mls/5(low-high)" -s 1 \ -f ${n0} -r "mls/5" -w "mls/6" -c ${mactest_conf} #case 3: biba can't read mmap low - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "mls/low(low-high),biba/6(low-high) biba/5,mls/low" >> ${mactest_conf} bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "biba/5(low-high)" -s 1 \ -f ${n1} -r "biba/6" -w "biba/5" -c ${mactest_conf} #case 4: biba can't write mmap high - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "mls/low(low-high),biba/4(low-high) biba/5,mls/low" >> ${mactest_conf} bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "biba/5(low-high)" -s 1 \ -f ${n1} -r "biba/5" -w "biba/4" -c ${mactest_conf} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" - t=`sysctl security.mac.biba.enabled=0` - echo "disabling mac/biba!" + sysctl security.mac.mls.enabled=0 > /dev/null + sysctl security.mac.biba.enabled=0 > /dev/null rm ${n0} rm ${n1} rm ${mactest_conf}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801230855.m0N8tt2n057641>