PERFORCE change 129115 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Fri Nov 16 00:17:40 PST 2007
http://perforce.freebsd.org/chv.cgi?CH=129115
Change 129115 by zhouzhouyi at zhouzhouyi_mactest on 2007/11/16 08:17:20
sys/security/mac_test/ and regression/mactest/tests/link are now mature and up to date
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.tab.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.y#5 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#7 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#7 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#13 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.tab.c#4 (text+ko) ====
@@ -232,16 +232,16 @@
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 7
-#define YYLAST 18
+#define YYLAST 29
/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS 9
+#define YYNTOKENS 10
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 8
+#define YYNNTS 10
/* YYNRULES -- Number of rules. */
-#define YYNRULES 15
+#define YYNRULES 20
/* YYNRULES -- Number of states. */
-#define YYNSTATES 22
+#define YYNSTATES 31
/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
#define YYUNDEFTOK 2
@@ -256,7 +256,7 @@
0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
7, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 9, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 8, 2,
2, 6, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -288,16 +288,19 @@
static const unsigned char yyprhs[] =
{
0, 0, 3, 4, 6, 8, 11, 14, 20, 21,
- 30, 32, 34, 37, 40, 42
+ 30, 31, 42, 44, 46, 49, 52, 54, 57, 60,
+ 62
};
/* YYRHS -- A `-1'-separated list of the rules' RHS. */
static const yysigned_char yyrhs[] =
{
- 10, 0, -1, -1, 11, -1, 12, -1, 11, 12,
- -1, 11, 1, -1, 3, 6, 16, 15, 7, -1,
- -1, 3, 6, 16, 15, 13, 8, 14, 7, -1,
- 7, -1, 15, -1, 14, 15, -1, 14, 1, -1,
+ 11, 0, -1, -1, 12, -1, 13, -1, 12, 13,
+ -1, 12, 1, -1, 3, 6, 19, 18, 7, -1,
+ -1, 3, 6, 19, 18, 14, 8, 16, 7, -1,
+ -1, 3, 6, 19, 18, 15, 9, 17, 8, 16,
+ 7, -1, 7, -1, 18, -1, 16, 18, -1, 16,
+ 1, -1, 18, -1, 17, 18, -1, 17, 1, -1,
4, -1, 5, -1
};
@@ -305,7 +308,8 @@
static const unsigned char yyrline[] =
{
0, 48, 48, 50, 54, 56, 57, 60, 62, 62,
- 64, 67, 69, 70, 75, 78
+ 64, 64, 66, 69, 71, 72, 76, 78, 79, 83,
+ 86
};
#endif
@@ -315,8 +319,9 @@
static const char *const yytname[] =
{
"$end", "error", "$undefined", "PID", "IDENTIFIER", "NUM", "'='", "'\\n'",
- "':'", "$accept", "program", "mactestlog_records", "mactestlog_record",
- "@1", "label_elements", "identifier", "pid", 0
+ "':'", "'#'", "$accept", "program", "mactestlog_records",
+ "mactestlog_record", "@1", "@2", "label_elements", "modflag_elements",
+ "identifier", "pid", 0
};
#endif
@@ -325,22 +330,24 @@
token YYLEX-NUM. */
static const unsigned short yytoknum[] =
{
- 0, 256, 257, 258, 259, 260, 61, 10, 58
+ 0, 256, 257, 258, 259, 260, 61, 10, 58, 35
};
# endif
/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
static const unsigned char yyr1[] =
{
- 0, 9, 10, 10, 11, 11, 11, 12, 13, 12,
- 12, 14, 14, 14, 15, 16
+ 0, 10, 11, 11, 12, 12, 12, 13, 14, 13,
+ 15, 13, 13, 16, 16, 16, 17, 17, 17, 18,
+ 19
};
/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
static const unsigned char yyr2[] =
{
0, 2, 0, 1, 1, 2, 2, 5, 0, 8,
- 1, 1, 2, 2, 1, 1
+ 0, 10, 1, 1, 2, 2, 1, 2, 2, 1,
+ 1
};
/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
@@ -348,57 +355,62 @@
means the default is an error. */
static const unsigned char yydefact[] =
{
- 2, 0, 10, 0, 0, 4, 0, 1, 6, 5,
- 15, 0, 14, 8, 7, 0, 0, 0, 11, 13,
- 9, 12
+ 2, 0, 12, 0, 0, 4, 0, 1, 6, 5,
+ 20, 0, 19, 8, 7, 0, 0, 0, 0, 0,
+ 13, 0, 16, 15, 9, 14, 18, 0, 17, 0,
+ 11
};
/* YYDEFGOTO[NTERM-NUM]. */
static const yysigned_char yydefgoto[] =
{
- -1, 3, 4, 5, 15, 17, 13, 11
+ -1, 3, 4, 5, 15, 16, 19, 21, 20, 11
};
/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
STATE-NUM. */
-#define YYPACT_NINF -6
+#define YYPACT_NINF -12
static const yysigned_char yypact[] =
{
- 3, -2, -6, 9, 0, -6, 8, -6, -6, -6,
- -6, 10, -6, 11, -6, 7, 10, 1, -6, -6,
- -6, -6
+ 18, -5, -12, 13, 2, -12, 17, -12, -12, -12,
+ -12, 12, -12, -3, -12, 16, 20, 12, 12, 10,
+ -12, 11, -12, -12, -12, -12, -12, 12, -12, 19,
+ -12
};
/* YYPGOTO[NTERM-NUM]. */
static const yysigned_char yypgoto[] =
{
- -6, -6, -6, 12, -6, -6, -5, -6
+ -12, -12, -12, 23, -12, -12, 1, -12, -11, -12
};
/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
positive, shift that token. If negative, reduce the rule which
number is the opposite. If zero, do what YYDEFACT says.
If YYTABLE_NINF, parse error. */
-#define YYTABLE_NINF -4
+#define YYTABLE_NINF -11
static const yysigned_char yytable[] =
{
- -3, 8, 19, 1, 6, 12, 1, 2, 20, 7,
- 2, 18, 21, 10, 12, 16, 9, 0, 14
+ 13, 6, -3, 8, 14, 1, -10, 22, 25, 2,
+ 28, 23, 26, 7, 12, 12, 12, 24, 25, 27,
+ 23, 1, 10, 12, 17, 2, 30, 9, 29, 18
};
-static const yysigned_char yycheck[] =
+static const unsigned char yycheck[] =
{
- 0, 1, 1, 3, 6, 4, 3, 7, 7, 0,
- 7, 16, 17, 5, 4, 8, 4, -1, 7
+ 11, 6, 0, 1, 7, 3, 9, 18, 19, 7,
+ 21, 1, 1, 0, 4, 4, 4, 7, 29, 8,
+ 1, 3, 5, 4, 8, 7, 7, 4, 27, 9
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
symbol of state STATE-NUM. */
static const unsigned char yystos[] =
{
- 0, 3, 7, 10, 11, 12, 6, 0, 1, 12,
- 5, 16, 4, 15, 7, 13, 8, 14, 15, 1,
- 7, 15
+ 0, 3, 7, 11, 12, 13, 6, 0, 1, 13,
+ 5, 19, 4, 18, 7, 14, 15, 8, 9, 16,
+ 18, 17, 18, 1, 7, 18, 1, 8, 18, 16,
+ 7
};
#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
@@ -976,26 +988,47 @@
case 10:
#line 64 "mactestparser.y"
- {yyval.mtpipetype = 0;}
+ {stringsave = strdup(yyvsp[0].namestring);}
break;
case 11:
-#line 68 "mactestparser.y"
- { new_labelstrings(strdup(yyvsp[0].namestring));}
+#line 64 "mactestparser.y"
+ {
+ yyval.mtpipetype = new_mactestlog_record(stringsave, yyvsp[-7].itype);stringsave = 0;}
break;
case 12:
-#line 69 "mactestparser.y"
+#line 66 "mactestparser.y"
+ {yyval.mtpipetype = 0;}
+ break;
+
+ case 13:
+#line 70 "mactestparser.y"
{ new_labelstrings(strdup(yyvsp[0].namestring));}
break;
case 14:
-#line 76 "mactestparser.y"
+#line 71 "mactestparser.y"
+ { new_labelstrings(strdup(yyvsp[0].namestring));}
+ break;
+
+ case 16:
+#line 77 "mactestparser.y"
+ { new_modes_or_flags(strdup(yyvsp[0].namestring));}
+ break;
+
+ case 17:
+#line 78 "mactestparser.y"
+ { new_modes_or_flags(strdup(yyvsp[0].namestring));}
+ break;
+
+ case 19:
+#line 84 "mactestparser.y"
{}
break;
- case 15:
-#line 79 "mactestparser.y"
+ case 20:
+#line 87 "mactestparser.y"
{}
break;
@@ -1003,7 +1036,7 @@
}
/* Line 1016 of /usr/local/share/bison/yacc.c. */
-#line 1007 "mactestparser.tab.c"
+#line 1040 "mactestparser.tab.c"
yyvsp -= yylen;
yyssp -= yylen;
@@ -1222,7 +1255,7 @@
}
-#line 84 "mactestparser.y"
+#line 92 "mactestparser.y"
int
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactestparser.y#5 (text+ko) ====
@@ -61,6 +61,8 @@
PID '=' pid identifier '\n' {$$ = new_mactestlog_record(strdup($4), $3);}
|PID '=' pid identifier {stringsave = strdup($4);} ':' label_elements '\n' {
$$ = new_mactestlog_record(stringsave, $3);stringsave = 0;}
+ |PID '=' pid identifier {stringsave = strdup($4);} '#' modflag_elements ':' label_elements '\n' {
+ $$ = new_mactestlog_record(stringsave, $3);stringsave = 0;}
|'\n' {$$ = 0;}
;
@@ -71,6 +73,12 @@
;
+modflag_elements:
+ identifier { new_modes_or_flags(strdup($1));}
+ |modflag_elements identifier { new_modes_or_flags(strdup($2));}
+ |modflag_elements error
+ ;
+
identifier:
IDENTIFIER {}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#7 (text+ko) ====
@@ -49,7 +49,7 @@
mactestexpect "" "" -m "mls/6(low-high)" -f ${mactest_conf} system setfmac \
"mls/5" ${n3}/${n2}
#case 5: link
- echo -n "pid = -1 mac_test_check_vnode_link:" > ${mactest_conf}
+ echo -n "pid = -1 vnode_check_link:" > ${mactest_conf}
echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1}
sysctl security.mac.mls.enabled=0 >/dev/null
@@ -62,7 +62,7 @@
truncate -s 0 ${mactest_conf}
mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1}
#case 8: setfmac fail, old vnode not in range
- echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_relabel:" > ${mactest_conf}
echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> \
${mactest_conf}
mactestexpect \
@@ -70,7 +70,7 @@
-m "mls/6(6-6)" -f ${mactest_conf} \
system setfmac "biba/,mls/6" ${n3}/${n1}
#case 9: setfmac success
- echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_relabel:" > ${mactest_conf}
echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf}
mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} \
system setfmac "biba/,mls/6" ${n3}/${n1}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/01.t#7 (text+ko) ====
@@ -40,23 +40,23 @@
#case 1: mkdir
mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n0} 0755
#case 2: mdconfig, couldn't open /dev/mdctl, BLP prevents write down
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "*Permission.denied" "" -m "mls/7(low-high)" -f ${mactest_conf}\
system mdconfig -a -n -t malloc -s 1m
#case 3: mdconfig, successfully open /dev/mdctl
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf} \
system mdconfig -a -n -t malloc -s 1m
mdnum=${ret}
#case 4: newfs, fail for writing, BLP prevents write down
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/7(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "*failed.to.open.disk.for.writing" "*" -m "mls/7(low-high)" \
-f ${mactest_conf} system newfs -i 1 /dev/md${mdnum}
#case 5: newfs, success
- echo -n "pid = -2 mac_test_check_vnode_open#VREAD VWRITE:" > ${mactest_conf}
+ echo -n "pid = -2 vnode_check_open#VREAD VWRITE:" > ${mactest_conf}
echo "biba/high(low-high),mls/low(low-high) biba/high,mls/low" >> ${mactest_conf}
mactestexpect "" "*" -m "mls/low(low-high)" -f ${mactest_conf}\
system newfs -i 1 /dev/md${mdnum}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#13 (text+ko) ====
@@ -119,22 +119,27 @@
#define LOG_DECL \
char *buffer; \
char *currentchar; \
+ char *currentchar1; \
char *element1; \
- char *buffer1; \
- char *submitbuffer; \
+ char *buffer1; /*buffer used to store labels*/ \
+ char *submitbuffer; /*the buffer sent to log*/ \
+ char *flagbuffer; /*buffer used to store various of flags*/ \
int havelabel = 0; \
+ int haveflag = 0; \
int error; \
struct thread *td1 = curthread; \
volatile int badmem = 0; \
error = 0; \
- buffer = malloc(2048, M_MAC_TEST_LOG, M_NOWAIT); \
+ buffer = malloc(2560, M_MAC_TEST_LOG, M_NOWAIT); \
if (!buffer) \
badmem = 1; \
bzero(buffer, 2048); \
element1 = buffer + 512; buffer1 = element1 + 256; \
- submitbuffer = buffer + 1024; \
+ flagbuffer = buffer + 1024; \
+ submitbuffer = buffer + 1536; \
/*element1 and buffer1 will not be used if badmem == 1*/ \
- currentchar = buffer;
+ currentchar = buffer; \
+ currentchar1 = flagbuffer;
#define COUNTER_DECL(variable) \
static int counter_##variable; \
@@ -144,12 +149,19 @@
#define COUNTER_INC(variable) do { \
atomic_add_int(&counter_##variable, 1); \
if (!badmem) { \
- if (havelabel) \
+ if ((!havelabel)&&(!haveflag)) \
+ sprintf(submitbuffer,"pid = %d %s\n", \
+ td1->td_proc->p_pid, #variable); \
+ else if (!haveflag) \
sprintf(submitbuffer,"pid = %d %s:%s\n", \
td1->td_proc->p_pid, #variable, buffer);\
- else \
- sprintf(submitbuffer,"pid = %d %s\n", \
- td1->td_proc->p_pid, #variable); \
+ else if (havelabel) { \
+ /*get rid of last blank: "VREAD VWRITE "*/ \
+ *(flagbuffer + strlen(flagbuffer) -1) = 0; \
+ sprintf(submitbuffer,"pid = %d %s#%s:%s\n", \
+ td1->td_proc->p_pid, #variable, \
+ flagbuffer, buffer); \
+ } \
mac_test_log_submit(submitbuffer, strlen(submitbuffer));\
free(buffer, M_MAC_TEST_LOG); \
} \
@@ -163,6 +175,14 @@
#define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string))
#endif
+#define APPEND_FLAG(flag) do { \
+ if (!badmem) { \
+ sprintf(currentchar1, "%s ", flag); \
+ currentchar1 += strlen(currentchar1); \
+ haveflag = 1; \
+ } \
+} while (0)
+
#define LABEL_CHECK(label, magic) do { \
if (label != NULL) { \
KASSERT(SLOT(label) == magic || SLOT(label) == 0 || \
@@ -2580,6 +2600,18 @@
LOG_DECL
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
LABEL_CHECK(vplabel, MAGIC_VNODE);
+ if (acc_mode & VREAD)
+ APPEND_FLAG("VREAD");
+ if (acc_mode & VEXEC)
+ APPEND_FLAG("VEXEC");
+ if (acc_mode & VSTAT)
+ APPEND_FLAG("VSTAT");
+ if (acc_mode & VWRITE)
+ APPEND_FLAG("VWRITE");
+ if (acc_mode & VAPPEND)
+ APPEND_FLAG("VAPPEND");
+ if (acc_mode & VADMIN)
+ APPEND_FLAG("VADMIN");
COUNTER_INC(vnode_check_open);
return (0);
More information about the p4-projects
mailing list