Date: Wed, 2 Jan 2008 08:12:45 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 132294 for review Message-ID: <200801020812.m028Cjj6005616@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=132294 Change 132294 by zhouzhouyi@zhouzhouyi_mactest on 2008/01/02 08:12:18 Style Modification Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#7 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/01.t#7 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#16 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#7 (text+ko) ==== @@ -53,7 +53,7 @@ #associate the extattr of newly created vnode echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf} - echo "biba/high(low-high),mls/8(low-high) ${dvplabel} biba/high,mls/low" >> ${mactest_conf} + echo "biba/high(low-high),mls/8(low-high) ${dvplabel} biba/high,mls/low biba/high,mls/8" >> ${mactest_conf} mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755 @@ -68,7 +68,7 @@ echo "pid = -1 vnode_init_label" >> ${mactest_conf} echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf} - echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8" >> ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf} echo -n "pid = -1 vnode_check_open#VWRITE :" >> ${mactest_conf} echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf} ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/01.t#7 (text+ko) ==== @@ -1,114 +1,127 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/open/01.t,v 1.2 2007/01/25 20:50:02 pjd Exp $ -# test of setfmac getfmac commands +# $FreeBSD$ + desc="open opens (and eventually creates) a file" + dir=`dirname $0` . ${dir}/../misc.sh -echo "1..5" +case "${os}" in +FreeBSD) -n0=`namegen` -n1=`namegen` + mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` + mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` + mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null` + if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] && + [ "${mac_test_support}" != "" ]; then #turn off all the switches -for i in `sysctl security.mac | grep "\.enabled"| - sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 -done + for i in `sysctl security.mac | grep "\.enabled"| + sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do + sysctl ${i}=0 >/dev/null + done + + + if [ -f ${mactest_conf} ]; then + rm ${mactest_conf} + fi + touch ${mactest_conf} + setfmac "mls/equal,biba/equal" ${mactest_conf} + + echo "1..5" + + n0=`namegen` + n1=`namegen` + -mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` -mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null` + dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; -if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then - dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; -############################################################# -#case mkdir: +#case 1 mkdir: #examine the label of its parent directory - echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf} - echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf} - + echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf} + echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf} #check the label of its parent directory - echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf} - echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf} - + echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf} + echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf} #init the label of currently created vnode - echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf} - + echo "pid = -1 vnode_init_label" >> ${mactest_conf} #associate the extattr of newly created vnode - echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf} - echo "biba/high(low-high),mls/8(low-high) * ${dvplabel} biba/high,mls/8" >> ${mactest_conf} - mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755 + echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf} + echo "biba/high(low-high),mls/8(low-high) * ${dvplabel} biba/high,mls/8" >> ${mactest_conf} + mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755 +#case 2 creative open: + cd ${n1} + echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf} -############################################################# -#case creative open: - cd ${n1} - echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf} - echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf} + echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf} - echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf} - echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf} + echo "pid = -1 vnode_init_label" >> ${mactest_conf} - echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf} + echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >>${mactest_conf} - echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf} - echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf} + echo -n "pid = -1 vnode_check_open#VWRITE:" >> ${mactest_conf} + echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf} - echo -n "pid = -1 mac_test_check_vnode_open#VWRITE:" >> ${mactest_conf} - echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf} + mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755 - mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755 - - - -############################################################# -#caes setfmac command: -#pid = -2 means matching any pid, because we use shell function system +#case 3 setfmac command: +#pid = -2 means matching any pid, because we use shell function system #init the vnode label - echo "pid = -2 mac_test_init_vnode_label" > ${mactest_conf} + echo "pid = -2 vnode_init_label" > ${mactest_conf} #lookup checking - echo -n "pid = -2 mac_test_check_vnode_lookup with cr_label and dvplabel:" >> ${mactest_conf} - echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf} + echo -n "pid = -2 vnode_check_lookup:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf} #vnode relabel checking - echo -n "pid = -2 mac_test_check_vnode_relabel with cr_label" >> ${mactest_conf} - echo -n " vplabel and newlabel:" >> ${mactest_conf} - echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf} + echo -n "pid = -2 vnode_check_relabel:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf} #associate extattr with the vnode - echo -n "pid = -2 mac_test_setlabel_vnode_extattr with cr_label vplabel and intlabel:" >> ${mactest_conf} - echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf} + echo -n "pid = -2 vnode_setlabel_extattr:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf} #relabel vnode - echo -n "pid = -2 mac_test_relabel_vnode with cr_label vplabel and label:" >> ${mactest_conf} - echo "biba/high(low-high),mls/5(low-high) biba/high,mls/7 biba/,mls/7" >> ${mactest_conf} + echo -n "pid = -2 vnode_relabel:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/7 biba/,mls/7" >> ${mactest_conf} #destroy old label - echo "pid = -2 mac_test_destroy_vnode_label" >> ${mactest_conf} - mactestexpect "" "" -m "mls/5(low-high)" -f ${mactest_conf} system setfmac "mls/7" ${n0} - -############################################################# -#case getfmac command: + echo "pid = -2 vnode_destroy_label" >> ${mactest_conf} + mactestexpect "" "" -m "mls/5(low-high)" -f ${mactest_conf} system setfmac "mls/7" ${n0} + + +#case 4 getfmac command: #It is strange that there are no mac_check respect to get the vnode label - echo -n "pid = -2 mac_test_copy_vnode_label with src label:" > ${mactest_conf} - echo "biba/high,mls/7" >> ${mactest_conf} - maclabelexpect "mls/7,biba/high" -f ${mactest_conf} system getfmac ${n0} + echo -n "pid = -2 vnode_copy_label:" > ${mactest_conf} + echo "biba/high,mls/7" >> ${mactest_conf} + maclabelexpect "mls/7,biba/high" -f ${mactest_conf} system getfmac ${n0} ############################################################# -#case ls -l -Z command: +#case 5 ls -l -Z command: #Why ls need -l to work with -Z, this is not correspond to the manual page of ls - echo -n "pid = -2 mac_test_copy_vnode_label with src label:" > ${mactest_conf} - echo "biba/high,mls/7" >> ${mactest_conf} - maclabelexpect "biba/high,mls/7" -f ${mactest_conf} system ls -l -Z ${n0} + echo -n "pid = -2 vnode_copy_label with src label:" > ${mactest_conf} + echo "biba/high,mls/7" >> ${mactest_conf} + maclabelexpect "biba/high,mls/7" -f ${mactest_conf} system ls -l -Z ${n0} + #cleanup: - cd .. - rm -fr ${n1} - rm ${mactest_conf} -fi - + sysctl security.mac.mls.enabled=0 >/dev/null + sysctl security.mac.biba.enabled=0 > /dev/null + cd .. + rm -fr ${n1} + rm ${mactest_conf} +#mac_mls mac_biba and mac_test support + fi + ;; +*) + quick_exit + ;; +esac ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#16 (text+ko) ==== @@ -2908,6 +2908,7 @@ LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(dvplabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(vnode_create_extattr); return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801020812.m028Cjj6005616>