PERFORCE change 123768 for review

Zhouyi ZHOU zhouzhouyi at FreeBSD.org
Fri Jul 20 08:27:25 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=123768

Change 123768 by zhouzhouyi at zhouzhouyi_mactest on 2007/07/20 08:27:03

	requirement for doing a rename is quite strict :-)

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#2 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#2 (text+ko) ====

@@ -7,7 +7,7 @@
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..5"
+echo "1..8"
 
 n0=`namegen`
 n1=`namegen`
@@ -50,7 +50,7 @@
     echo "biba/high(low-high),mls/7(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
     mactestexpect "" EACCES -m "mls/7(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
 
-
+#############################################################
 #case the mls label of the process is equal the parent dir but dominated by the file
     echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf}
     echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
@@ -62,10 +62,28 @@
     echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 NULL" >> ${mactest_conf}
     mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
 
+#############################################################
+#setfmac, the hooks already got checked
+    rm ${mactest_conf}
+    touch ${mactest_conf}
+    mactestexpect "" "" -m "mls/7(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n1}
+
+#############################################################
+#the mls requirement for rename is very strict :-)
+#the process mls label must dominate parent dir's label for lookup
+    echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
+    echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf}
+    mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
+
+
+#both parent dir's label and object's label must dominate 
+#process's label
+    echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf}
+    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
+    mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
+#cleanup:
     t=`sysctl security.mac.mls.enabled=0`
     echo "disabling mac/mls!"
-
-#cleanup:
     cd ..
     rm -fr ${n3}
     rm ${mactest_conf}

More information about the p4-projects mailing list