PERFORCE change 133242 for review

Zhouyi ZHOU zhouzhouyi at FreeBSD.org
Sun Jan 13 23:07:14 PST 2008 

http://perforce.freebsd.org/chv.cgi?CH=133242

Change 133242 by zhouzhouyi at zhouzhouyi_mactest on 2008/01/14 07:07:07

	Style Modification

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#3 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#3 (text+ko) ====

@@ -1,91 +1,98 @@
 #!/bin/sh
-# $FreeBSD: src/tools/regression/mactest/tests/rename/00.t,v 1.2 2007/01/25 20:50:02 zhouzhouyi Exp $
+# $FreeBSD$
 
-desc="rename changes file name"
+desc="test MAC Framework check of rename operation"
 
 
 dir=`dirname $0`
 . ${dir}/../misc.sh
 
-echo "1..8"
+case "${os}" in
+FreeBSD)
 
-n0=`namegen`
-n1=`namegen`
-n2=`namegen`
-n3=`namegen`
+	mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
+	mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
+	mac_test_support=`sysctl -n security.mac.test.pseudoinit 2>/dev/null`
 
+	if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] &&
+	    [ "${mac_test_support}" != "" ]; then
 
 #turn off all the switches
-for i in `sysctl security.mac | grep "\.enabled"| 
-     sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
-sysctl ${i}=0
-done
+		for i in `sysctl security.mac | grep "\.enabled"| 
+			sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do
+			sysctl ${i}=0 >/dev/null
+		done
+
+
+		if [ -f ${mactest_conf} ]; then
+			rm ${mactest_conf}
+		fi
+		touch ${mactest_conf}
+		setfmac "mls/equal,biba/equal" ${mactest_conf}
+		
+		echo "1..8"
+
+		n0=`namegen`
+		n1=`namegen`
+		n2=`namegen`
+		n3=`namegen`
+
+
+		dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
 
-mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null`
-mac_biba_support=`sysctl -n security.mac.biba.enabled 2>/dev/null`
 
-if [ "${mac_mls_support}" != "" ] && [ "${mac_biba_support}" != "" ] ; then
-    dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; 
+#case 1,2,3: setup the directory structures
+		mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3}  0755
+		mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac  "mls/6" ${n3}
+		cd ${n3}
+		mactestexpect "" 0 -m "mls/7(low-high)" -f ${mactest_conf} create ${n2} 0644
 
-#############################################################
-#first make working dir, the hook checks are already done in open: 
-    if [ -f ${mactest_conf} ]; then
-	rm ${mactest_conf}
-    fi
-    touch ${mactest_conf}
+		sysctl security.mac.mls.enabled=1 > /dev/null
 
 
-    mactestexpect ""  0  -m "mls/low(low-high)"  -f ${mactest_conf} mkdir ${n3}  0755
-    mactestexpect ""  "" -m "mls/low(low-high)" -f ${mactest_conf} system setfmac  "mls/6" ${n3}
-    cd ${n3}
-    mactestexpect "" 0 -m "mls/7(low-high)" -f ${mactest_conf} create ${n2} 0644
+#case 4: the mls label of the process is equal the file to be renamed but dominate parent dir:
+		echo -n "pid = -1 vnode_check_rename_from:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/7(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/7(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
 
-#############################################################
-    t=`sysctl security.mac.mls.enabled=1`
-    echo "enforcing mac/mls!"
+#case 5: the mls label of the process is equal the parent dir but dominated by the file
+		echo -n "pid = -1 vnode_check_rename_from:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
 
-#############################################################
-#case the mls label of the process is equal the file to be renamed but dominate parent dir:
-    echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/7(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/7(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
+		echo -n "pid = -1 vnode_check_lookup:" >> ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6" >> ${mactest_conf}
 
-#############################################################
-#case the mls label of the process is equal the parent dir but dominated by the file
-    echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf}
+		echo -n "pid = -1 vnode_check_rename_to:" >> ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 NULL" >> ${mactest_conf}
+		mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
 
-    echo -n "pid = -1 mac_test_check_vnode_lookup:" >> ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6" >> ${mactest_conf}
 
-    echo -n "pid = -1 mac_test_check_vnode_rename_to:" >> ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 NULL" >> ${mactest_conf}
-    mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} rename ${n2} ${n1}
+#setfmac 6: set the mac label
+		truncate -s 0 ${mactest_conf}
+		mactestexpect "" "" -m "mls/7(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n1}
 
-#############################################################
-#setfmac, the hooks already got checked
-    rm ${mactest_conf}
-    touch ${mactest_conf}
-    mactestexpect "" "" -m "mls/7(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n1}
 
-#############################################################
-#the mls requirement for rename is very strict :-)
+#case 7: the mls requirement for rename is very strict :-)
 #the process mls label must dominate parent dir's label for lookup
-    echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
+		echo -n "pid = -1 vnode_check_lookup:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
 
 
-#both parent dir's label and object's label must dominate 
+#case 8: both parent dir's label and object's label must dominate 
 #process's label
-    echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf}
-    echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
-    mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
+		echo -n "pid = -1 vnode_check_rename_from:" > ${mactest_conf}
+		echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf}
+		mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} rename ${n1} ${n0}
+
 #cleanup:
-    t=`sysctl security.mac.mls.enabled=0`
-    echo "disabling mac/mls!"
-    cd ..
-    rm -fr ${n3}
-    rm ${mactest_conf}
-fi
-
+		sysctl security.mac.mls.enabled=0 >/dev/null
+		sysctl security.mac.biba.enabled=0 > /dev/null
+		rm -fr ${n3}
+		rm ${mactest_conf}
+	fi
+	;;
+*)
+        quick_exit
+        ;;
+esac

More information about the p4-projects mailing list