PERFORCE change 132373 for review

Wed Jan 2 22:37:39 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=132373

Change 132373 by zhouzhouyi at zhouzhouyi_mactest on 2008/01/03 06:36:44

	style modification

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/02.t#5 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/02.t#5 (text+ko) ====

@@ -1,80 +1,91 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/open/02.t,v 1.1 2007/06/04 01:42:08 zhouzhouyi Exp $
+# $FreeBSD$
 
-desc="open opens (and eventually creates) a file, checking the effects of MAC enforcement"
+desc="open opens (and eventually creates) a file"
 
 
-
-
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..7"
+case "${os}" in
+FreeBSD)
+
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
-n0=`namegen`
-n1=`namegen`
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
+
+
+		if [ -f ${mactest_conf} ]; then
+			rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
+		
+		echo "1..7"
+
+		n0=`namegen`
+		n1=`namegen`
+
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-#following test case is to show, when subject's effective mls level does not dominate 
-#object's effective mls level, a ESRCH is returned when signaling
-if [ "${mac_mls_support}" != "" ] ; then
+		dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
 
-    dvplabel=`getfmac "."| sed 's/\(\.:\ \)\([a-z\,\/]*\)/\2/`
- 
+		sysctl security.mac.mls.enabled=1 > /dev/null
+#case 1 unsucessful create
 #examine the label of its parent directory
-    echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/10(low-high) ${dvplabel}" >> ${mactest_conf}
+		echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/10(low-high) ${dvplabel}" >> ${mactest_conf}
 
 #check the label of its parent directory
-    echo -n "pid = -1 mac_test_check_vnode_create:" >> ${mactest_conf}
-    echo "biba/high(low-high),mls/10(low-high) ${dvplabel}" >> ${mactest_conf}
+		echo -n "pid = -1 vnode_check_create:" >> ${mactest_conf}
+		echo "biba/high(low-high),mls/10(low-high) ${dvplabel}" >> ${mactest_conf}
 
 #since the mac_mls forbid the vnode create, there are no vnode label initialization
-#and vnode extattr creating.
+#BLP: no write down
+		mactestexpect "" EACCES  -m "mls/10(low-high)"  -f ${mactest_conf} mkdir ${n1}  0755
+		truncate -s 0 ${mactest_conf}
 
-    t=`sysctl security.mac.mls.enabled=1`
-    echo "enforcing mac/mls!"
-
-#BLP: no write down
-    mactestexpect "" EACCES  -m "mls/10(low-high)"  -f ${mactest_conf} mkdir ${n1}  0755
-  
-    rm ${mactest_conf}
-    touch ${mactest_conf}
 #the mac hook checking is already done in previous test cases!
-    mactestexpect "" 0 -m ${dvplabel} -f ${mactest_conf} mkdir ${n1} 0755
-    mactestexpect "" "" -m ${dvplabel} -f ${mactest_conf} system setfmac "mls/10" ${n1}
+#case 2 create the directory
+		mactestexpect "" 0 -m ${dvplabel} -f ${mactest_conf} mkdir ${n1} 0755
+#case 3 label the directory
+		mactestexpect "" "" -m ${dvplabel} -f ${mactest_conf} system setfmac "mls/10" ${n1}
 
-#BLP: no read high
-    echo -n "pid = -1 mac_test_check_vnode_open#VREAD:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/low(low-high) biba/high,mls/10" >> ${mactest_conf}
-    mactestexpect ""  EACCES -m ${dvplabel} -f ${mactest_conf} open ${n1} O_RDONLY
+#case 4 BLP: no read high
+		echo -n "pid = -1 vnode_check_open#VREAD:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/low(low-high) biba/high,mls/10" >> ${mactest_conf}
+		mactestexpect ""  EACCES -m ${dvplabel} -f ${mactest_conf} open ${n1} O_RDONLY
 
+#case 5
 #there will be mac_check_vnode_stat in setfmac
-    echo -n "pid = -2 mac_test_check_vnode_stat:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/low(low-high) NULL biba/high,mls/10" >> ${mactest_conf}
-    mactestexpect "setfmac:.traversing.${n1}:.Permission.denied" "" -m ${dvplabel} -f ${mactest_conf} system setfmac "mls/low" ${n1}
+		echo -n "pid = -2 vnode_check_stat:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/low(low-high) biba/high,mls/10" >> ${mactest_conf}
+		mactestexpect "setfmac:.traversing.${n1}:.Permission.denied" "" -m ${dvplabel} -f ${mactest_conf} system setfmac "mls/low" ${n1}
 
-#relabel the vnode to mls/low
-    rm ${mactest_conf}
-    touch ${mactest_conf}
-    mactestexpect "" "" -m mls/10 -f ${mactest_conf} system setfmac "mls/low" ${n1}
+#case 6 relabel the vnode to mls/low
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" "" -m mls/10 -f ${mactest_conf} system setfmac "mls/low" ${n1}
+#case 7 BLP: ok read low
+		mactestexpect "" 0 -m mls/10 -f ${mactest_conf} open ${n1} O_RDONLY
 
-#BLP: ok read low
-    mactestexpect "" 0 -m mls/10 -f ${mactest_conf} open ${n1} O_RDONLY
-
-
-    t=`sysctl security.mac.mls.enabled=0`
-    echo "disabling mac/mls!"
-
 #cleanup:
-#   cd ..
-    rm -fr ${n1}
-    rm ${mactest_conf}
-
-fi+		sysctl security.mac.mls.enabled=0 >/dev/null
+		sysctl security.mac.biba.enabled=0 > /dev/null
+		cd ..
+		rm -fr ${n1}
+		rm ${mactest_conf}
+#mac_mls mac_biba and mac_test support
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac
