Date: Wed, 27 Jun 2007 10:24:20 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 122388 for review Message-ID: <200706271024.l5RAOK0Y013941@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=122388 Change 122388 by zhouzhouyi@zhouzhouyi_mactest on 2007/06/27 10:24:02 write test case in regression/mactest/tests/signal/01.t using the log mechanism Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#3 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/signal/00.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/signal/01.t#1 add Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#3 (text+ko) ==== @@ -585,58 +585,48 @@ } - if ((pid = fork()) == 0){ - signal(SIGUSER1, sig_usr); - while(waitforsig); - if (mac_is_present(NULL) == 1) { - mac_t label; + if (mac_is_present(NULL) == 1) { + mac_t label; - if (label_string != NULL) { - if (mac_from_text(&label, label_string) == -1) { - exit(-1); - } + if (label_string != NULL) { + if (mac_from_text(&label, label_string) == -1) { + exit(-1); + } - if (mac_set_proc(label) == -1) + if (mac_set_proc(label) == -1) error = errno; else error = 0; - mac_free(label); + mac_free(label); - if (error != 0){ - exit(-1); - } + if (error != 0){ + exit(-1); } } + } - for (;;) { - scall = find_syscall(argv[0]); - if (scall == NULL) { - fprintf(stderr, "syscall '%s' not supported\n", argv[0]); - exit(1); - } - argc++; - argv++; - n = call_syscall(scall, argv); - argc += n; - argv += n; - if (argv[0] == NULL) - break; - argc++; - argv++; + logfd = open("/dev/mactest",O_RDWR); + ioctl(logfd, BEGINLOG, NULL); + + for (;;) { + scall = find_syscall(argv[0]); + if (scall == NULL) { + fprintf(stderr, "syscall '%s' not supported\n", argv[0]); + exit(1); } - exit(1); - + argc++; + argv++; + n = call_syscall(scall, argv); + argc += n; + argv += n; + if (argv[0] == NULL) + break; + argc++; + argv++; } - else { - - logfd = open("/dev/mactest",O_RDWR); - ioctl(logfd, BEGINLOG, NULL); - kill(pid, SIGUSER1); - waitpid(pid, NULL, 0); - close(logfd); - - } + + close(logfd); /* compare the configuration file and parse result */ { @@ -662,6 +652,7 @@ /* See if record_from_conf is contained in record_from_log */ /* pid == -1 means matching the running pid */ + pid = getpid(); while (record_from_conf) { struct mactestlog_record * iterator = record_from_log; while (iterator) { ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#2 (text+ko) ==== @@ -14,8 +14,11 @@ fi macproc="${maindir}/macproc" +mactest="${maindir}/mactest" + . ${maindir}/tests/conf + maccmdnotexpectanyerror() { m="${1}" @@ -35,6 +38,23 @@ ntest=`expr $ntest + 1` } + +mactestnotexpectanyerror() +{ + + ${mactest} $* 2>${tmp_file} 1>>${tmp_file} + r=`cat ${tmp_file}` + echo "${r}" | egrep '^''0''$' >/dev/null 2>&1 + if [ $? -eq 0 ] && [ ${#r} -eq 1 ] ; then + echo "ok ${ntest}" + else + echo ${r} + echo "not ok ${ntest}" + fi + ntest=`expr $ntest + 1` +} + + maccmdexpect() { e="${1}" @@ -52,7 +72,6 @@ echo "ok ${ntest}" else echo "not ok ${ntest}" - exit fi ntest=`expr $ntest + 1` } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/signal/00.t#2 (text+ko) ==== @@ -6,29 +6,37 @@ dir=`dirname $0` . ${dir}/../misc.sh +#turn off all the switches +for i in `sysctl security.mac | grep "\.enabled"| + sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do +sysctl ${i}=0 +done + +mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` #following test case is to show, when subject's effective mls level does not dominate #object's effective mls level, a ESRCH is returned when signaling -t=`sysctl security.mac.mls.enabled=0` -maccmdnotexpectanyerror "mls/3(2-7)" ${macproc} -w 20 -f "${pid_file}" -getmacprocpid -t=`sysctl security.mac.mls.enabled=1` -maccmdexpect "No such process" "mls/low" kill ${pid} -maccmdnotexpectanyerror "mls/3(2-7)" kill ${pid} -t=`sysctl security.mac.mls.enabled=0` -rm ${pid_file} -rm ${tmp_file} +if [ "${mac_mls_support}" != "" ] ; then + maccmdnotexpectanyerror "mls/3(2-7)" ${macproc} -w 20 -f "${pid_file}" + getmacprocpid + t=`sysctl security.mac.mls.enabled=1` + maccmdexpect "No such process" "mls/low" kill ${pid} + maccmdnotexpectanyerror "mls/3(2-7)" kill ${pid} + t=`sysctl security.mac.mls.enabled=0` + rm ${pid_file} + rm ${tmp_file} #following test case is to show, when object's effective mls level does not dominate #subject's effective mls level, a EACCES is returned when signaling -t=`sysctl security.mac.mls.enabled=0` -maccmdnotexpectanyerror "mls/low(low-high)" ${macproc} -w 20 -f "${pid_file}" -getmacprocpid -t=`sysctl security.mac.mls.enabled=1` -maccmdexpect "Permission denied" "mls/3(2-7)" kill ${pid} -maccmdnotexpectanyerror "mls/low(low-high)" kill ${pid} -t=`sysctl security.mac.mls.enabled=0` -rm ${pid_file} -rm ${tmp_file} + t=`sysctl security.mac.mls.enabled=0` + maccmdnotexpectanyerror "mls/low(low-high)" ${macproc} -w 20 -f "${pid_file}" + getmacprocpid + t=`sysctl security.mac.mls.enabled=1` + maccmdexpect "Permission denied" "mls/3(2-7)" kill ${pid} + maccmdnotexpectanyerror "mls/low(low-high)" kill ${pid} + t=`sysctl security.mac.mls.enabled=0` + rm ${pid_file} + rm ${tmp_file} +fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706271024.l5RAOK0Y013941>