Date: Thu, 16 Aug 2007 06:01:28 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 125205 for review Message-ID: <200708160601.l7G61S6d011085@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=125205 Change 125205 by zhouzhouyi@zhouzhouyi_mactest on 2007/08/16 06:01:07 Test mandatory access control hooks for ifnet transmit Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/01.t#1 add Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/macping.c#2 (text+ko) ==== @@ -91,7 +91,7 @@ char *hostname; long sntransmitted; /* # of packets we sent in this sweep */ volatile sig_atomic_t finish_up = 0; - +int logfd; static void usage(void) @@ -180,6 +180,8 @@ if (i < 0 || i != cc) { if (i < 0) { warn("sendto"); + close(logfd); + exit(1); } else { warn("%s: partial write: %d of %d bytes", hostname, i, cc); @@ -208,7 +210,6 @@ const char *label_string = NULL; char *target = NULL; const char *macconf_file = NULL; - int logfd; int pid; char buf[10]; int flags; @@ -270,6 +271,10 @@ mac_free(label); } + + logfd = open("/dev/mactest", O_RDWR); + ioctl(logfd, BEGINLOG, NULL); + s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); outpack = outpackhdr + sizeof(struct ip); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#12 (text+ko) ==== @@ -104,6 +104,8 @@ int sd_args[MAX_ARGS]; }; +int logfd; + static struct syscall_desc syscalls[] = { { "kill", ACTION_KILL, { TYPE_NUMBER, TYPE_NUMBER, TYPE_NONE } }, { "system", ACTION_SYSTEM, { TYPE_NONE }}, @@ -251,6 +253,7 @@ } if (tflags[i].f_str == NULL) { fprintf(stderr, "unknown flag '%s'\n", f); + close(logfd); exit(1); } flags |= tflags[i].f_flag; @@ -400,12 +403,14 @@ if (argv[i] == NULL || strcmp(argv[i], ":") == 0) break; fprintf(stderr, "too many arguments [%s]\n", argv[i]); + close(logfd); exit(1); } else { if (argv[i] == NULL || strcmp(argv[i], ":") == 0) { if (scall->sd_args[i] & TYPE_OPTIONAL) break; fprintf(stderr, "too few arguments\n"); + close(logfd); exit(1); } if (scall->sd_args[i] & TYPE_STRING) { @@ -419,6 +424,7 @@ args[i].num = strtoll(argv[i], &endp, 0); if (*endp != '\0' && !isspace((unsigned char)*endp)) { fprintf(stderr, "invalid argument %u, number expected [%s]\n", i, endp); + close(logfd); exit(1); } } @@ -444,12 +450,14 @@ if (flags & O_CREAT) { if (i == 2) { fprintf(stderr, "too few arguments\n"); + close(logfd); exit(1); } rval = open(STR(0), flags, (mode_t)NUM(2)); } else { if (i == 3) { fprintf(stderr, "too many arguments\n"); + close(logfd); exit(1); } rval = open(STR(0), flags); @@ -524,6 +532,7 @@ break; default: fprintf(stderr, "unsupported syscall\n"); + close(logfd); exit(1); } #undef STR @@ -551,7 +560,7 @@ const char *macconf_file = NULL; int pid,pid1; int error; - int mactestpipefd, logfd; + int mactestpipefd; char buf[2048]; int ch; @@ -609,6 +618,7 @@ scall = find_syscall(argv[0]); if (scall == NULL) { fprintf(stderr, "syscall '%s' not supported\n", argv[0]); + close(logfd); exit(1); } argc++; ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/pipe_io.c#2 (text+ko) ==== @@ -46,6 +46,7 @@ #include "mactest.h" #define BEGINLOG _IO('m',1) +int logfd; static void usage(void) @@ -79,6 +80,7 @@ if (i < 0) { if (errno != EAGAIN) perror("write"); + close(fd); exit(1); } buf += i; @@ -96,7 +98,6 @@ const char *label_string_writer = NULL; const char *label_string_pipe = NULL; const char *macconf_file = NULL; - int logfd; int pid , pid1; int fdreader , fdwriter; char buf [10]; @@ -134,11 +135,13 @@ if (pipe(fd) < 0) { perror("pipe"); + close(logfd); exit(1); } flags = fcntl(fd[1], F_GETFL); if (flags == -1 || fcntl(fd[1], F_SETFL, flags | O_NONBLOCK) == -1) { perror("fcntl"); + close(logfd); exit(1); } if (label_string_pipe) { @@ -151,19 +154,23 @@ error = errno; else error = 0; - if (error) + if (error){ + close(logfd); exit(1); + } mac_free(label); } switch (fork()) { case -1: perror("fork"); + close(logfd); exit(1); case 0: { mac_t label; if (mac_from_text(&label, label_string_reader) == -1) { + close(logfd); exit(-1); } if (mac_set_proc(label) == -1) @@ -173,6 +180,7 @@ mac_free(label); if (error != 0) { + close(logfd); exit(-1); } close(fd[1]); @@ -183,6 +191,7 @@ break; if (i < 0) { perror("read"); + close(logfd); exit(1); } } @@ -196,6 +205,7 @@ mac_t label; if (mac_from_text(&label, label_string_writer) == -1) { + close(logfd); exit(-1); } if (mac_set_proc(label) == -1) @@ -205,6 +215,7 @@ mac_free(label); if (error != 0) { + close(logfd); exit(-1); } } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/misc.sh#16 (text+ko) ==== @@ -20,6 +20,7 @@ mdconfigopenrdonly="${maindir}/mdconfigopenrdonly" fifo_io="${maindir}/fifo_io" pipe_io="${maindir}/pipe_io" +macping="${maindir}/macping" . ${maindir}/tests/conf ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/netinet/00.t#2 (text+ko) ==== @@ -1,5 +1,5 @@ #!/bin/sh -# $FreeBSD: src/tools/regression/mactest/tests/pipe/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ +# $FreeBSD: src/tools/regression/mactest/tests/netinet/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $ desc="manipulate fifo files" @@ -38,7 +38,7 @@ echo "enabling revoking" t=`sysctl security.mac.test.pseudoinit=1` t=`ifconfig mac_test0 192.167.0.33` - t=`ifconfig mac_test1 192.167.0.34` + t=`ifconfig mac_test1 192.167.1.34` echo "enabling mactest pseudo interface" #case 1,2,3: set the maclabel of the interface, effective, range or both is allowed, while # the subject should be priviledeged.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708160601.l7G61S6d011085>