From owner-p4-projects@FreeBSD.ORG Wed Jan 23 08:55:56 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3759F16A46B; Wed, 23 Jan 2008 08:55:56 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF7FE16A475 for ; Wed, 23 Jan 2008 08:55:55 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id D638113C47E for ; Wed, 23 Jan 2008 08:55:55 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0N8ttu0057645 for ; Wed, 23 Jan 2008 08:55:55 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0N8tt2n057641 for perforce@freebsd.org; Wed, 23 Jan 2008 08:55:55 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Wed, 23 Jan 2008 08:55:55 GMT Message-Id: <200801230855.m0N8tt2n057641@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 133918 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2008 08:55:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=133918 Change 133918 by zhouzhouyi@zhouzhouyi_mactest on 2008/01/23 08:55:33 Style Modification Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="mdconfig" @@ -13,7 +13,7 @@ #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do - sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done echo "1..1" @@ -35,20 +35,16 @@ touch ${mactest_conf} ############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" - t=`sysctl security.mac.biba.enabled=1` - echo "enforcing mac/biba!" + sysctl security.mac.mls.enabled=1 > /dev/null + sysctl security.mac.biba.enabled=1 > /dev/null #case 1: mdconfig, couldn't open /dev/mdctl, BLP prevents write down mactestexpect "" "*" -m "mls/7(low-high),biba/low(low-high)" -f ${mactest_conf} system ${mdconfigopenrdonly} -a -n -t malloc -s 1m mdnum=${ret} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" - t=`sysctl security.mac.biba.enabled=0` - echo "disabling mac/biba!" + sysctl security.mac.mls.enabled=0 > /dev/null + sysctl security.mac.biba.enabled=0 > /dev/null rm -fr ${n0} rm -fr ${n2} rm ${mactest_conf} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mdconfig/01.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mdconfig/01.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="Testing mount and umount of md devices" @@ -13,13 +13,9 @@ #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do - sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done - echo "1..12" - n0=`namegenshort` - n1=`namegen` - n2=`namegenshort` mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` @@ -27,37 +23,42 @@ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; -############################################################# + #first make working dir, the hook checks are already done in open: if [ -f ${mactest_conf} ]; then rm ${mactest_conf} fi touch ${mactest_conf} -############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" + echo "1..12" + n0=`namegenshort` + n1=`namegen` + n2=`namegenshort` + + + + sysctl security.mac.mls.enabled=1 > /dev/null #case 1: mkdir mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n0} 0755 #case 2: mdconfig, couldn't open /dev/mdctl, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*Permission.denied" "" -m "mls/7(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m #case 3: mdconfig, successfully open /dev/mdctl - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -a -n -t malloc -s 1m mdnum=${ret} #case 4: newfs, fail for writing, BLP prevents write down - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "*failed.to.open.disk.for.writing" "*" -m "mls/7(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum} #case 5: newfs, success - echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf} echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf} mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system newfs -i 1 /dev/md${mdnum} @@ -87,8 +88,7 @@ #case 12: detach mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} system mdconfig -d -u ${mdnum} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" + sysctl security.mac.mls.enabled=0 > /dev/null rm -fr ${n0} rm -fr ${n2} rm ${mactest_conf} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/mmap/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/mmap/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD$ desc="test the Mac hooks's enforcement on mmap" @@ -7,15 +7,11 @@ dir=`dirname $0` . ${dir}/../misc.sh -echo "1..4" -n0=`namegen` -n1=`namegen` - #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 + sysctl ${i}=0 > /dev/null done mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` @@ -33,15 +29,14 @@ fi touch ${mactest_conf} -############################################################# - t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" - t=`sysctl security.mac.biba.enabled=1` - echo "enforcing mac/biba!" - t=`sysctl security.mac.mls.revocation_enabled=1` - t=`sysctl security.mac.biba.revocation_enabled=1` - echo "enabling revoking" + echo "1..4" + n0=`namegen` + n1=`namegen` + sysctl security.mac.mls.enabled=1 > /dev/null + sysctl security.mac.biba.enabled=1 > /dev/null + sysctl security.mac.mls.revocation_enabled=1 > /dev/null + sysctl security.mac.biba.revocation_enabled=1 > /dev/null #setting up the file, and set the maclabel of it touch ${n0} @@ -50,31 +45,29 @@ setfmac biba/5 ${n1} #case 1: mls can't read mmap high - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "biba/high(low-high),mls/4(low-high) biba/high,mls/5" >> ${mactest_conf} bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "mls/5(low-high)" -s 1 \ -f ${n0} -r "mls/4" -w "mls/5" -c ${mactest_conf} #case 2: mls can't write mmap low - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "biba/high(low-high),mls/6(low-high) biba/high,mls/5" >> ${mactest_conf} bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "mls/5(low-high)" -s 1 \ -f ${n0} -r "mls/5" -w "mls/6" -c ${mactest_conf} #case 3: biba can't read mmap low - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "mls/low(low-high),biba/6(low-high) biba/5,mls/low" >> ${mactest_conf} bizarretestexpect ${mmaptest} "read.mmap.failed" "" -o "biba/5(low-high)" -s 1 \ -f ${n1} -r "biba/6" -w "biba/5" -c ${mactest_conf} #case 4: biba can't write mmap high - echo -n "pid = -2 mac_test_check_vnode_mmap:" > ${mactest_conf} + echo -n "pid = -2 vnode_check_mmap:" > ${mactest_conf} echo "mls/low(low-high),biba/4(low-high) biba/5,mls/low" >> ${mactest_conf} bizarretestexpect ${mmaptest} "write.mmap.failed" "" -o "biba/5(low-high)" -s 1 \ -f ${n1} -r "biba/5" -w "biba/4" -c ${mactest_conf} #cleanup: - t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" - t=`sysctl security.mac.biba.enabled=0` - echo "disabling mac/biba!" + sysctl security.mac.mls.enabled=0 > /dev/null + sysctl security.mac.biba.enabled=0 > /dev/null rm ${n0} rm ${n1} rm ${mactest_conf}