From owner-p4-projects@FreeBSD.ORG Fri Aug 24 06:24:15 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AE5AC16A418; Fri, 24 Aug 2007 06:24:15 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6136A16A468 for ; Fri, 24 Aug 2007 06:24:15 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 4F2C513C465 for ; Fri, 24 Aug 2007 06:24:15 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l7O6OFl7037794 for ; Fri, 24 Aug 2007 06:24:15 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l7O6OETU037791 for perforce@freebsd.org; Fri, 24 Aug 2007 06:24:14 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Fri, 24 Aug 2007 06:24:14 GMT Message-Id: <200708240624.l7O6OETU037791@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 125607 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Aug 2007 06:24:16 -0000 http://perforce.freebsd.org/chv.cgi?CH=125607 Change 125607 by zhouzhouyi@zhouzhouyi_mactest on 2007/08/24 06:23:15 add test cases for shmctl for IPC_STAT and IPC_SET respectively Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/shmtest.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sysvshm/00.t#3 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/shmtest.c#4 (text+ko) ==== @@ -80,6 +80,7 @@ char *shm_buf; int logfd; const char *macconf_file = NULL; +const char *creator_label = NULL; int main(argc, argv) @@ -87,16 +88,17 @@ char *argv[]; { int ch; - const char *creator_label = NULL; const char *sender_label = NULL; const char *receiver_label = NULL; + const char *ipcstat_label = NULL; + const char *ipcset_label = NULL; struct sigaction sa; struct shmid_ds s_ds; sigset_t sigmask; int error; - while ((ch = getopt(argc, argv, "c:f:r:s:")) != -1) { + while ((ch = getopt(argc, argv, "c:f:r:s:t:e:")) != -1) { switch (ch) { case 'c': creator_label = optarg; @@ -110,6 +112,12 @@ case 'r': receiver_label = optarg; break; + case 't': + ipcstat_label = optarg; + break; + case 'e': + ipcset_label = optarg; + break; default: usage(); } @@ -182,34 +190,8 @@ if (waitpid(child_pid, 0, 0) == -1) err(1, "error create"); - /* - * Install and SIGCHLD handler to deal with all possible exit - * conditions of the receiver. - */ - sa.sa_handler = sigchld_handler; - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - if (sigaction(SIGCHLD, &sa, NULL) == -1) - err(1, "sigaction SIGCHLD"); - if (sender_label) { - mac_t label; - - if (mac_from_text(&label, sender_label) == -1) { - exit(-1); - } - if (mac_set_proc(label) == -1) - error = errno; - else - error = 0; - if (error){ - printf("error relabelling proc!\n"); - close(logfd); - exit(1); - } - mac_free(label); - } - +/* if ((sender_shmid = shmget(shmkey, pgsize, SHM_W)) == -1){ close(logfd); err(1, "shmget"); @@ -243,10 +225,154 @@ if ((shm_buf = shmat(sender_shmid, NULL, 0)) == (void *) -1) err(1, "sender: shmat"); +*/ + /* * Write the test pattern into the shared memory buffer. */ - strcpy(shm_buf, m_str); + switch ((child_pid = fork())) { + case -1: + err(1, "fork"); + /* NOTREACHED */ + + case 0: + if (sender_label) { + mac_t label; + + if (mac_from_text(&label, sender_label) == -1) { + exit(-1); + } + if (mac_set_proc(label) == -1) + error = errno; + else + error = 0; + if (error){ + printf("error relabelling proc!\n"); + close(logfd); + exit(1); + } + mac_free(label); + } + if ((sender_shmid = shmget(shmkey, pgsize, SHM_W)) == -1){ + close(logfd); + err(1, "shmget"); + exit(1); + } + if ((shm_buf = shmat(sender_shmid, NULL, 0)) == (void *) -1) + err(1, "sender: shmat"); + + strcpy(shm_buf, m_str); + + exit(0); + default: + break; + } + + + if (waitpid(child_pid, 0, 0) == -1) + err(1, "error send"); + + + + /*check for ipcstat */ + switch ((child_pid = fork())) { + case -1: + err(1, "fork"); + /* NOTREACHED */ + + case 0: + if (ipcstat_label) { + mac_t label; + + if (mac_from_text(&label, ipcstat_label) == -1) { + exit(-1); + } + if (mac_set_proc(label) == -1) + error = errno; + else + error = 0; + if (error){ + printf("error relabelling proc!\n"); + close(logfd); + exit(1); + } + mac_free(label); + } + if ((sender_shmid = shmget(shmkey, pgsize, SHM_R)) == -1){ + err(1, "shmget"); + exit(1); + } + + if (shmctl(sender_shmid, IPC_STAT, &s_ds) == -1) { + err(1, "shmctl IPC_STAT"); + exit(1); + } + print_shmid_ds(&s_ds, 0640); + exit(0); + default: + break; + } + + + if (waitpid(child_pid, 0, 0) == -1) + err(1, "error send"); + +/*check for ipc_set */ + switch ((child_pid = fork())) { + case -1: + err(1, "fork"); + /* NOTREACHED */ + + case 0: + if (ipcset_label) { + mac_t label; + + if (mac_from_text(&label, ipcset_label) == -1) { + exit(-1); + } + if (mac_set_proc(label) == -1) + error = errno; + else + error = 0; + if (error){ + printf("error relabelling proc!\n"); + close(logfd); + exit(1); + } + mac_free(label); + } + if ((sender_shmid = shmget(shmkey, pgsize, SHM_R)) == -1){ + err(1, "shmget"); + exit(1); + } + + memset(&s_ds, 0, sizeof(s_ds)); + + if (shmctl(sender_shmid, IPC_SET, &s_ds) == -1) { + err(1, "shmctl IPC_SET"); + exit(1); + } + exit(0); + default: + break; + } + + + if (waitpid(child_pid, 0, 0) == -1) + err(1, "error send"); + + + /* + * Install and SIGCHLD handler to deal with all possible exit + * conditions of the receiver. + */ + sa.sa_handler = sigchld_handler; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + if (sigaction(SIGCHLD, &sa, NULL) == -1) + err(1, "sigaction SIGCHLD"); + + switch ((child_pid = fork())) { case -1: @@ -266,7 +392,6 @@ error = 0; if (error){ printf("error relabelling proc!\n"); - close(logfd); exit(1); } mac_free(label); @@ -324,11 +449,12 @@ * the final stats for the message queue. */ - +/* if (shmctl(sender_shmid, IPC_STAT, &s_ds) == -1) err(1, "shmctl IPC_STAT"); print_shmid_ds(&s_ds, 0600); +*/ exit(0); } @@ -339,7 +465,28 @@ /* * If we're the sender, and it exists, remove the shared memory area. */ - if (child_pid != 0 && sender_shmid != -1) { + int error; + + if (child_pid != 0 /*&& sender_shmid != -1*/) { + if (creator_label) { + mac_t label; + + if (mac_from_text(&label, creator_label) == -1) { + exit(-1); + } + if (mac_set_proc(label) == -1) + error = errno; + else + error = 0; + if (error){ + printf("error relabelling proc!\n"); + close(logfd); + exit(1); + } + mac_free(label); + } + if ((sender_shmid = shmget(shmkey, pgsize, 0)) == -1) + err(1, "shmget"); if (shmctl(sender_shmid, IPC_RMID, NULL) == -1) warn("shmctl IPC_RMID"); close(logfd); @@ -361,7 +508,7 @@ { fprintf(stderr, "usage: -s sender_label -r receiver_label" - " -f macconf_file -c creator_label\n"); + " -f macconf_file -c creator_label -t IPC_STAT label -e IPC_SET label\n"); exit(1); } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sysvshm/00.t#3 (text+ko) ==== @@ -7,7 +7,7 @@ dir=`dirname $0` . ${dir}/../misc.sh -echo "1..2" +echo "1..4" #turn off all the switches @@ -39,14 +39,29 @@ t=`sysctl security.mac.mls.revocation_enabled=1` t=`sysctl security.mac.biba.revocation_enabled=1` echo "enabling revoking" +#option -c creator's label, option -s sender's label +#option -r receiver's label, option -t ipc stat label +#options -e ipc set label #case 1: check mls no read high + echo -n "pid = -2 mac_test_check_sysv_shmget:" > ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/5" >> ${mactest_conf} bizarretestexpect ${shmtest} "" "" -c "mls/5" -s "mls/5" \ - -r "mls/9" -f ${mactest_conf} + -r "mls/9" -t "mls/5" -e "mls/5" -f ${mactest_conf} #case 2: check biba no read low + echo -n "pid = -2 mac_test_check_sysv_shmat#SHM_RDONLY:" > ${mactest_conf} + echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf} bizarretestexpect ${shmtest} "" "" -c "biba/5" -s "biba/5" \ - -r "biba/3" -f ${mactest_conf} - - + -r "biba/3" -t "biba/5" -e "biba/5" -f ${mactest_conf} +#case 3: ipc stat biba no stat low + echo -n "pid = -2 mac_test_check_sysv_shmctl#IPC_STAT:" > ${mactest_conf} + echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf} + bizarretestexpect ${shmtest} "" "" -c "biba/5" -s "biba/5" \ + -r "biba/5" -t "biba/3" -e "biba/5" -f ${mactest_conf} +#case 4: ipc set biba no set high + echo -n "pid = -2 mac_test_check_sysv_shmctl#IPC_SET:" > ${mactest_conf} + echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf} + bizarretestexpect ${shmtest} "*shmctl.IPC_SET:.Permission.denied" "" -c "biba/5" -s "biba/5" \ + -r "biba/5" -t "biba/5" -e "biba/3" -f ${mactest_conf} #cleanup: t=`sysctl security.mac.mls.enabled=0` echo "disabling mac/mls!"