Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Dec 2007 06:37:29 GMT
From:      Zhouyi ZHOU <zhouzhouyi@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 131859 for review
Message-ID:  <200712280637.lBS6bTtl083232@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=131859

Change 131859 by zhouzhouyi@zhouzhouyi_mactest on 2007/12/28 06:37:17

	style modification

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/02.t#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/03.t#2 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/02.t#2 (text+ko) ====

@@ -1,82 +1,76 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/netinet/02.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
 
-desc="test of inpcb deliver"
+desc="test mandatory access control for inpcb deliver"
 
-
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..4"
+case "${os}" in
+FreeBSD)
+
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
-mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+		if [ -f ${mactest_conf} ]; then
+		    rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
 
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
-    [ "${mac_test_support}" != "" ]; then
-    dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
-
-
-    if [ -f ${mactest_conf} ]; then
-	rm ${mactest_conf}
-    fi
-    touch ${mactest_conf}
+		sysctl security.mac.test.pseudoinit=1 > /dev/null
+		ifconfig mac_test0 192.167.0.33 > /dev/null
+		ifconfig mac_test1 192.167.1.34 > /dev/null
 
-    t=`sysctl security.mac.test.pseudoinit=1`
-    t=`ifconfig mac_test0 192.167.0.33`
-    t=`ifconfig mac_test1 192.167.1.34`
-    echo "enabling mactest pseudo interface"
-
 #ensuring there is no firewall thing
-    notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
-    if [ "${#notreceived}" -eq 0 ]; then
+		notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
+		
+		if [ "${#notreceived}" -eq 0 ]; then
+		    echo "1..4"
 
-    
-
-
-#############################################################
-	t=`sysctl security.mac.mls.enabled=1`
-	echo "enforcing mac/mls!"
-	t=`sysctl security.mac.biba.enabled=1`
-	echo "enforcing mac/biba!"
-
+		    sysctl security.mac.mls.enabled=1 > /dev/null
+		    sysctl security.mac.biba.enabled=1 > /dev/null
 
 #case 1: set the maclabel of the interface
 #    the subject should be priviledeged.
-	mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
-	    -f ${mactest_conf} system ifconfig mac_test0 maclabel \
-	    "mls/5\(4-7\),biba/5\(4-7\)"
+		    mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
+			-f ${mactest_conf} system ifconfig mac_test0 maclabel \
+			"mls/5\(4-7\),biba/5\(4-7\)"
 #case 2: the packet's level must equal that of inpcb's
-	bizarretestexpect ${macping} "" \
-	    "" -m "biba/5(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+		    bizarretestexpect ${macping} "" \
+			"" -m "biba/5(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
 #case 3: the packet's level must equal that of inpcb's
-	bizarretestexpect ${macping} "" \
-	    "not.received!" -m "biba/4(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+		    bizarretestexpect ${macping} "" \
+			"not.received!" -m "biba/4(4-6),mls/5(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
 #case 4: the packet's level must equal that of inpcb's
-	echo -n "pid = -2  mac_test_check_inpcb_deliver:" > ${mactest_conf}
-	echo "biba/5,mls/4 biba/5,mls/5" >> ${mactest_conf}
-	bizarretestexpect ${macping} "" \
-	    "not.received!" -m "biba/5(4-6),mls/4(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+		    echo -n "pid = -2  inpcb_check_deliver:" > ${mactest_conf}
+		    echo "biba/5,mls/4 biba/5,mls/5" >> ${mactest_conf}
+		    bizarretestexpect ${macping} "" \
+			"not.received!" -m "biba/5(4-6),mls/4(4-6)" -f ${mactest_conf} -t 1 192.167.0.34
+
 
 
 #cleanup:
-	t=`sysctl security.mac.mls.enabled=0`
-	echo "disabling mac/mls!"
-	t=`sysctl security.mac.biba.enabled=0`
-	echo "disabling mac/biba!"
-
-
-	rm ${mactest_conf}
-    fi
-
-fi
-
+		    sysctl security.mac.mls.enabled=0 >/dev/null
+		    sysctl security.mac.biba.enabled=0 > /dev/null
+		    rm ${mactest_conf}
+#ping received, no firewall
+		fi
+#mac_mls mac_biba and mac_test support
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/03.t#2 (text+ko) ====

@@ -1,84 +1,77 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/netinet/03.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
 
-desc="test of socket relabel"
+desc="test mandatory access control for socket relabel"
 
-
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..4"
+case "${os}" in
+FreeBSD)
+
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
-mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+		if [ -f ${mactest_conf} ]; then
+		    rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
 
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
-    [ "${mac_test_support}" != "" ]; then
-    dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
-
+		sysctl security.mac.test.pseudoinit=1 > /dev/null
+		ifconfig mac_test0 192.167.0.33 > /dev/null
+		ifconfig mac_test1 192.167.1.34 > /dev/null
 
-    if [ -f ${mactest_conf} ]; then
-	rm ${mactest_conf}
-    fi
-    touch ${mactest_conf}
-
-    t=`sysctl security.mac.test.pseudoinit=1`
-    t=`ifconfig mac_test0 192.167.0.33`
-    t=`ifconfig mac_test1 192.167.1.34`
-    echo "enabling mactest pseudo interface"
-
 #ensuring there is no firewall thing
-    notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
-    if [ "${#notreceived}" -eq 0 ]; then
+		notreceived=`${macping} -f ${mactest_conf} -t 2 192.167.0.34`
+		
+		if [ "${#notreceived}" -eq 0 ]; then
+		    echo "1..4"
 
-    
-
+		    sysctl security.mac.mls.enabled=1 > /dev/null
+		    sysctl security.mac.biba.enabled=1 > /dev/null
 
-#############################################################
-	t=`sysctl security.mac.mls.enabled=1`
-	echo "enforcing mac/mls!"
-	t=`sysctl security.mac.biba.enabled=1`
-	echo "enforcing mac/biba!"
-
-
 #case 1: set the maclabel of the interface
 #    the subject should be priviledeged.
-	mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
-	    -f ${mactest_conf} system ifconfig mac_test0 maclabel \
-	    "mls/5\(4-7\),biba/5\(4-7\)"
+		    mactestexpect "" "" -m "biba/high(low-high),mls/low(low-high)" \
+			-f ${mactest_conf} system ifconfig mac_test0 maclabel \
+			"mls/5\(4-7\),biba/5\(4-7\)"
 #case 2: relabel the socket, at most effective, within subject's range
-	bizarretestexpect ${macping} "" "error.relabelling.socket!" \
-	    -m "biba/5(4-6),mls/7(low-high)" \
-	    -s "mls/low(low-high)" -f ${mactest_conf} -t 1 192.167.0.34
+		    bizarretestexpect ${macping} "" "error.relabelling.socket!" \
+			-m "biba/5(4-6),mls/7(low-high)" \
+			-s "mls/low(low-high)" -f ${mactest_conf} -t 1 192.167.0.34
 #case 3: relabel the socket, at most effective, within subject's range
-	echo -n "pid = -2 mac_test_check_socket_relabel:" > ${mactest_conf}
-	echo "biba/5(4-6),mls/7(low-high) biba/5,mls/7 biba/equal,mls/" >> ${mactest_conf}
-	bizarretestexpect ${macping} "" "error.relabelling.socket!" \
-	    -m "biba/5(4-6),mls/7(low-high)" \
-	    -s "biba/equal" -f ${mactest_conf} -t 1 192.167.0.34
+		    echo -n "pid = -2 socket_check_relabel:" > ${mactest_conf}
+		    echo "biba/5(4-6),mls/7(low-high) biba/5,mls/7 biba/equal,mls/" >> ${mactest_conf}
+		    bizarretestexpect ${macping} "" "error.relabelling.socket!" \
+			-m "biba/5(4-6),mls/7(low-high)" \
+			-s "biba/equal" -f ${mactest_conf} -t 1 192.167.0.34
 #case 4: relabel the socket, at most effective, ok this time
-	bizarretestexpect ${macping} "" "" \
-	    -m "biba/3(4-6),mls/3(4-6)" \
-	    -s "biba/5,mls/5" -f ${mactest_conf} -t 1 192.167.0.34
+		    bizarretestexpect ${macping} "" "" \
+			-m "biba/3(4-6),mls/3(4-6)" \
+			-s "biba/5,mls/5" -f ${mactest_conf} -t 1 192.167.0.34
 
 #cleanup:
-	t=`sysctl security.mac.mls.enabled=0`
-	echo "disabling mac/mls!"
-	t=`sysctl security.mac.biba.enabled=0`
-	echo "disabling mac/biba!"
-
-
-	rm ${mactest_conf}
-    fi
-
-fi
-
+		    sysctl security.mac.mls.enabled=0 >/dev/null
+		    sysctl security.mac.biba.enabled=0 > /dev/null
+		    rm ${mactest_conf}
+#ping received, no firewall
+		fi
+#mac_mls mac_biba and mac_test support
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712280637.lBS6bTtl083232>