PERFORCE change 125607 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Thu Aug 23 23:24:16 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=125607
Change 125607 by zhouzhouyi at zhouzhouyi_mactest on 2007/08/24 06:23:15
add test cases for shmctl for IPC_STAT and IPC_SET respectively
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/shmtest.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sysvshm/00.t#3 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/shmtest.c#4 (text+ko) ====
@@ -80,6 +80,7 @@
char *shm_buf;
int logfd;
const char *macconf_file = NULL;
+const char *creator_label = NULL;
int
main(argc, argv)
@@ -87,16 +88,17 @@
char *argv[];
{
int ch;
- const char *creator_label = NULL;
const char *sender_label = NULL;
const char *receiver_label = NULL;
+ const char *ipcstat_label = NULL;
+ const char *ipcset_label = NULL;
struct sigaction sa;
struct shmid_ds s_ds;
sigset_t sigmask;
int error;
- while ((ch = getopt(argc, argv, "c:f:r:s:")) != -1) {
+ while ((ch = getopt(argc, argv, "c:f:r:s:t:e:")) != -1) {
switch (ch) {
case 'c':
creator_label = optarg;
@@ -110,6 +112,12 @@
case 'r':
receiver_label = optarg;
break;
+ case 't':
+ ipcstat_label = optarg;
+ break;
+ case 'e':
+ ipcset_label = optarg;
+ break;
default:
usage();
}
@@ -182,34 +190,8 @@
if (waitpid(child_pid, 0, 0) == -1)
err(1, "error create");
- /*
- * Install and SIGCHLD handler to deal with all possible exit
- * conditions of the receiver.
- */
- sa.sa_handler = sigchld_handler;
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = 0;
- if (sigaction(SIGCHLD, &sa, NULL) == -1)
- err(1, "sigaction SIGCHLD");
- if (sender_label) {
- mac_t label;
-
- if (mac_from_text(&label, sender_label) == -1) {
- exit(-1);
- }
- if (mac_set_proc(label) == -1)
- error = errno;
- else
- error = 0;
- if (error){
- printf("error relabelling proc!\n");
- close(logfd);
- exit(1);
- }
- mac_free(label);
- }
-
+/*
if ((sender_shmid = shmget(shmkey, pgsize, SHM_W)) == -1){
close(logfd);
err(1, "shmget");
@@ -243,10 +225,154 @@
if ((shm_buf = shmat(sender_shmid, NULL, 0)) == (void *) -1)
err(1, "sender: shmat");
+*/
+
/*
* Write the test pattern into the shared memory buffer.
*/
- strcpy(shm_buf, m_str);
+ switch ((child_pid = fork())) {
+ case -1:
+ err(1, "fork");
+ /* NOTREACHED */
+
+ case 0:
+ if (sender_label) {
+ mac_t label;
+
+ if (mac_from_text(&label, sender_label) == -1) {
+ exit(-1);
+ }
+ if (mac_set_proc(label) == -1)
+ error = errno;
+ else
+ error = 0;
+ if (error){
+ printf("error relabelling proc!\n");
+ close(logfd);
+ exit(1);
+ }
+ mac_free(label);
+ }
+ if ((sender_shmid = shmget(shmkey, pgsize, SHM_W)) == -1){
+ close(logfd);
+ err(1, "shmget");
+ exit(1);
+ }
+ if ((shm_buf = shmat(sender_shmid, NULL, 0)) == (void *) -1)
+ err(1, "sender: shmat");
+
+ strcpy(shm_buf, m_str);
+
+ exit(0);
+ default:
+ break;
+ }
+
+
+ if (waitpid(child_pid, 0, 0) == -1)
+ err(1, "error send");
+
+
+
+ /*check for ipcstat */
+ switch ((child_pid = fork())) {
+ case -1:
+ err(1, "fork");
+ /* NOTREACHED */
+
+ case 0:
+ if (ipcstat_label) {
+ mac_t label;
+
+ if (mac_from_text(&label, ipcstat_label) == -1) {
+ exit(-1);
+ }
+ if (mac_set_proc(label) == -1)
+ error = errno;
+ else
+ error = 0;
+ if (error){
+ printf("error relabelling proc!\n");
+ close(logfd);
+ exit(1);
+ }
+ mac_free(label);
+ }
+ if ((sender_shmid = shmget(shmkey, pgsize, SHM_R)) == -1){
+ err(1, "shmget");
+ exit(1);
+ }
+
+ if (shmctl(sender_shmid, IPC_STAT, &s_ds) == -1) {
+ err(1, "shmctl IPC_STAT");
+ exit(1);
+ }
+ print_shmid_ds(&s_ds, 0640);
+ exit(0);
+ default:
+ break;
+ }
+
+
+ if (waitpid(child_pid, 0, 0) == -1)
+ err(1, "error send");
+
+/*check for ipc_set */
+ switch ((child_pid = fork())) {
+ case -1:
+ err(1, "fork");
+ /* NOTREACHED */
+
+ case 0:
+ if (ipcset_label) {
+ mac_t label;
+
+ if (mac_from_text(&label, ipcset_label) == -1) {
+ exit(-1);
+ }
+ if (mac_set_proc(label) == -1)
+ error = errno;
+ else
+ error = 0;
+ if (error){
+ printf("error relabelling proc!\n");
+ close(logfd);
+ exit(1);
+ }
+ mac_free(label);
+ }
+ if ((sender_shmid = shmget(shmkey, pgsize, SHM_R)) == -1){
+ err(1, "shmget");
+ exit(1);
+ }
+
+ memset(&s_ds, 0, sizeof(s_ds));
+
+ if (shmctl(sender_shmid, IPC_SET, &s_ds) == -1) {
+ err(1, "shmctl IPC_SET");
+ exit(1);
+ }
+ exit(0);
+ default:
+ break;
+ }
+
+
+ if (waitpid(child_pid, 0, 0) == -1)
+ err(1, "error send");
+
+
+ /*
+ * Install and SIGCHLD handler to deal with all possible exit
+ * conditions of the receiver.
+ */
+ sa.sa_handler = sigchld_handler;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0;
+ if (sigaction(SIGCHLD, &sa, NULL) == -1)
+ err(1, "sigaction SIGCHLD");
+
+
switch ((child_pid = fork())) {
case -1:
@@ -266,7 +392,6 @@
error = 0;
if (error){
printf("error relabelling proc!\n");
- close(logfd);
exit(1);
}
mac_free(label);
@@ -324,11 +449,12 @@
* the final stats for the message queue.
*/
-
+/*
if (shmctl(sender_shmid, IPC_STAT, &s_ds) == -1)
err(1, "shmctl IPC_STAT");
print_shmid_ds(&s_ds, 0600);
+*/
exit(0);
}
@@ -339,7 +465,28 @@
/*
* If we're the sender, and it exists, remove the shared memory area.
*/
- if (child_pid != 0 && sender_shmid != -1) {
+ int error;
+
+ if (child_pid != 0 /*&& sender_shmid != -1*/) {
+ if (creator_label) {
+ mac_t label;
+
+ if (mac_from_text(&label, creator_label) == -1) {
+ exit(-1);
+ }
+ if (mac_set_proc(label) == -1)
+ error = errno;
+ else
+ error = 0;
+ if (error){
+ printf("error relabelling proc!\n");
+ close(logfd);
+ exit(1);
+ }
+ mac_free(label);
+ }
+ if ((sender_shmid = shmget(shmkey, pgsize, 0)) == -1)
+ err(1, "shmget");
if (shmctl(sender_shmid, IPC_RMID, NULL) == -1)
warn("shmctl IPC_RMID");
close(logfd);
@@ -361,7 +508,7 @@
{
fprintf(stderr, "usage: -s sender_label -r receiver_label"
- " -f macconf_file -c creator_label\n");
+ " -f macconf_file -c creator_label -t IPC_STAT label -e IPC_SET label\n");
exit(1);
}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/sysvshm/00.t#3 (text+ko) ====
@@ -7,7 +7,7 @@
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..2"
+echo "1..4"
#turn off all the switches
@@ -39,14 +39,29 @@
t=`sysctl security.mac.mls.revocation_enabled=1`
t=`sysctl security.mac.biba.revocation_enabled=1`
echo "enabling revoking"
+#option -c creator's label, option -s sender's label
+#option -r receiver's label, option -t ipc stat label
+#options -e ipc set label
#case 1: check mls no read high
+ echo -n "pid = -2 mac_test_check_sysv_shmget:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/5" >> ${mactest_conf}
bizarretestexpect ${shmtest} "" "" -c "mls/5" -s "mls/5" \
- -r "mls/9" -f ${mactest_conf}
+ -r "mls/9" -t "mls/5" -e "mls/5" -f ${mactest_conf}
#case 2: check biba no read low
+ echo -n "pid = -2 mac_test_check_sysv_shmat#SHM_RDONLY:" > ${mactest_conf}
+ echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf}
bizarretestexpect ${shmtest} "" "" -c "biba/5" -s "biba/5" \
- -r "biba/3" -f ${mactest_conf}
-
-
+ -r "biba/3" -t "biba/5" -e "biba/5" -f ${mactest_conf}
+#case 3: ipc stat biba no stat low
+ echo -n "pid = -2 mac_test_check_sysv_shmctl#IPC_STAT:" > ${mactest_conf}
+ echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf}
+ bizarretestexpect ${shmtest} "" "" -c "biba/5" -s "biba/5" \
+ -r "biba/5" -t "biba/3" -e "biba/5" -f ${mactest_conf}
+#case 4: ipc set biba no set high
+ echo -n "pid = -2 mac_test_check_sysv_shmctl#IPC_SET:" > ${mactest_conf}
+ echo "biba/3(low-high),mls/low(low-high) biba/5,mls/low" >> ${mactest_conf}
+ bizarretestexpect ${shmtest} "*shmctl.IPC_SET:.Permission.denied" "" -c "biba/5" -s "biba/5" \
+ -r "biba/5" -t "biba/5" -e "biba/3" -f ${mactest_conf}
#cleanup:
t=`sysctl security.mac.mls.enabled=0`
echo "disabling mac/mls!"
More information about the p4-projects
mailing list