PERFORCE change 132294 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Wed Jan 2 00:12:46 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=132294
Change 132294 by zhouzhouyi at zhouzhouyi_mactest on 2008/01/02 08:12:18
Style Modification
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#7 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/01.t#7 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#16 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#7 (text+ko) ====
@@ -53,7 +53,7 @@
#associate the extattr of newly created vnode
echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) ${dvplabel} biba/high,mls/low" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel} biba/high,mls/low biba/high,mls/8" >> ${mactest_conf}
mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755
@@ -68,7 +68,7 @@
echo "pid = -1 vnode_init_label" >> ${mactest_conf}
echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf}
echo -n "pid = -1 vnode_check_open#VWRITE :" >> ${mactest_conf}
echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/01.t#7 (text+ko) ====
@@ -1,114 +1,127 @@
#!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/open/01.t,v 1.2 2007/01/25 20:50:02 pjd Exp $
-# test of setfmac getfmac commands
+# $FreeBSD$
+
desc="open opens (and eventually creates) a file"
+
dir=`dirname $0`
. ${dir}/../misc.sh
-echo "1..5"
+case "${os}" in
+FreeBSD)
-n0=`namegen`
-n1=`namegen`
+ mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+ mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
+ if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+ [ "${mac_test_support}" != "" ]; then
#turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"|
- sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+ for i in `sysctl security.mac | grep "\.enabled"|
+ sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+ sysctl ${i}=0 >/dev/null
+ done
+
+
+ if [ -f ${mactest_conf} ]; then
+ rm ${mactest_conf}
+ fi
+ touch ${mactest_conf}
+ setfmac "mls/equal,biba/equal" ${mactest_conf}
+
+ echo "1..5"
+
+ n0=`namegen`
+ n1=`namegen`
+
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+ dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
- dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`;
-#############################################################
-#case mkdir:
+#case 1 mkdir:
#examine the label of its parent directory
- echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
-
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
#check the label of its parent directory
- echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
-
+ echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) ${dvplabel}" >> ${mactest_conf}
#init the label of currently created vnode
- echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf}
-
+ echo "pid = -1 vnode_init_label" >> ${mactest_conf}
#associate the extattr of newly created vnode
- echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/8(low-high) * ${dvplabel} biba/high,mls/8" >> ${mactest_conf}
- mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755
+ echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/8(low-high) * ${dvplabel} biba/high,mls/8" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/8(low-high)" -f ${mactest_conf} mkdir ${n1} 0755
+#case 2 creative open:
+ cd ${n1}
+ echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
-#############################################################
-#case creative open:
- cd ${n1}
- echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo "pid = -1 vnode_init_label" >> ${mactest_conf}
- echo "pid = -1 mac_test_init_vnode_label" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_create_extattr:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >>${mactest_conf}
- echo -n "pid = -1 mac_test_create_vnode_extattr:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/low biba/high,mls/8 biba/high,mls/9" >> ${mactest_conf}
+ echo -n "pid = -1 vnode_check_open#VWRITE:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf}
- echo -n "pid = -1 mac_test_check_vnode_open#VWRITE:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/9(low-high) biba/high,mls/9" >> ${mactest_conf}
+ mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755
- mactestexpect "" 0 -m "mls/9(low-high)" -f ${mactest_conf} open ${n0} O_CREAT,O_WRONLY 0755
-
-
-
-#############################################################
-#caes setfmac command:
-#pid = -2 means matching any pid, because we use shell function system
+#case 3 setfmac command:
+#pid = -2 means matching any pid, because we use shell function system
#init the vnode label
- echo "pid = -2 mac_test_init_vnode_label" > ${mactest_conf}
+ echo "pid = -2 vnode_init_label" > ${mactest_conf}
#lookup checking
- echo -n "pid = -2 mac_test_check_vnode_lookup with cr_label and dvplabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
+ echo -n "pid = -2 vnode_check_lookup:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf}
#vnode relabel checking
- echo -n "pid = -2 mac_test_check_vnode_relabel with cr_label" >> ${mactest_conf}
- echo -n " vplabel and newlabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf}
+ echo -n "pid = -2 vnode_check_relabel:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf}
#associate extattr with the vnode
- echo -n "pid = -2 mac_test_setlabel_vnode_extattr with cr_label vplabel and intlabel:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf}
+ echo -n "pid = -2 vnode_setlabel_extattr:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/9 biba/,mls/7" >> ${mactest_conf}
#relabel vnode
- echo -n "pid = -2 mac_test_relabel_vnode with cr_label vplabel and label:" >> ${mactest_conf}
- echo "biba/high(low-high),mls/5(low-high) biba/high,mls/7 biba/,mls/7" >> ${mactest_conf}
+ echo -n "pid = -2 vnode_relabel:" >> ${mactest_conf}
+ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/7 biba/,mls/7" >> ${mactest_conf}
#destroy old label
- echo "pid = -2 mac_test_destroy_vnode_label" >> ${mactest_conf}
- mactestexpect "" "" -m "mls/5(low-high)" -f ${mactest_conf} system setfmac "mls/7" ${n0}
-
-#############################################################
-#case getfmac command:
+ echo "pid = -2 vnode_destroy_label" >> ${mactest_conf}
+ mactestexpect "" "" -m "mls/5(low-high)" -f ${mactest_conf} system setfmac "mls/7" ${n0}
+
+
+#case 4 getfmac command:
#It is strange that there are no mac_check respect to get the vnode label
- echo -n "pid = -2 mac_test_copy_vnode_label with src label:" > ${mactest_conf}
- echo "biba/high,mls/7" >> ${mactest_conf}
- maclabelexpect "mls/7,biba/high" -f ${mactest_conf} system getfmac ${n0}
+ echo -n "pid = -2 vnode_copy_label:" > ${mactest_conf}
+ echo "biba/high,mls/7" >> ${mactest_conf}
+ maclabelexpect "mls/7,biba/high" -f ${mactest_conf} system getfmac ${n0}
#############################################################
-#case ls -l -Z command:
+#case 5 ls -l -Z command:
#Why ls need -l to work with -Z, this is not correspond to the manual page of ls
- echo -n "pid = -2 mac_test_copy_vnode_label with src label:" > ${mactest_conf}
- echo "biba/high,mls/7" >> ${mactest_conf}
- maclabelexpect "biba/high,mls/7" -f ${mactest_conf} system ls -l -Z ${n0}
+ echo -n "pid = -2 vnode_copy_label with src label:" > ${mactest_conf}
+ echo "biba/high,mls/7" >> ${mactest_conf}
+ maclabelexpect "biba/high,mls/7" -f ${mactest_conf} system ls -l -Z ${n0}
+
#cleanup:
- cd ..
- rm -fr ${n1}
- rm ${mactest_conf}
-fi
-
+ sysctl security.mac.mls.enabled=0 >/dev/null
+ sysctl security.mac.biba.enabled=0 > /dev/null
+ cd ..
+ rm -fr ${n1}
+ rm ${mactest_conf}
+#mac_mls mac_biba and mac_test support
+ fi
+ ;;
+*)
+ quick_exit
+ ;;
+esac
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#16 (text+ko) ====
@@ -2908,6 +2908,7 @@
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
LABEL_CHECK(mplabel, MAGIC_MOUNT);
LABEL_CHECK(dvplabel, MAGIC_VNODE);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
COUNTER_INC(vnode_create_extattr);
return (0);
More information about the p4-projects
mailing list